You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.7 KiB
97 lines
2.7 KiB
/*
|
|
* Minio Cloud Storage, (C) 2018 Minio, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package logger
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// Represents the current version of audit log structure.
|
|
const auditLogVersion = "1"
|
|
|
|
// AuditEntry - audit entry logs.
|
|
type AuditEntry struct {
|
|
Version string `json:"version"`
|
|
DeploymentID string `json:"deploymentid,omitempty"`
|
|
Time string `json:"time"`
|
|
API *api `json:"api,omitempty"`
|
|
RemoteHost string `json:"remotehost,omitempty"`
|
|
RequestID string `json:"requestID,omitempty"`
|
|
UserAgent string `json:"userAgent,omitempty"`
|
|
ReqQuery map[string]string `json:"requestQuery,omitempty"`
|
|
ReqHeader map[string]string `json:"requestHeader,omitempty"`
|
|
RespHeader map[string]string `json:"responseHeader,omitempty"`
|
|
}
|
|
|
|
// AuditTargets is the list of enabled audit loggers
|
|
var AuditTargets = []LoggingTarget{}
|
|
|
|
// AddAuditTarget adds a new audit logger target to the
|
|
// list of enabled loggers
|
|
func AddAuditTarget(t LoggingTarget) {
|
|
AuditTargets = append(AuditTargets, t)
|
|
}
|
|
|
|
// AuditLog - logs audit logs to all targets.
|
|
func AuditLog(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
|
if Disable {
|
|
return
|
|
}
|
|
|
|
req := GetReqInfo(ctx)
|
|
if req == nil {
|
|
req = &ReqInfo{API: "SYSTEM"}
|
|
}
|
|
|
|
reqQuery := make(map[string]string)
|
|
for k, v := range r.URL.Query() {
|
|
reqQuery[k] = strings.Join(v, ",")
|
|
}
|
|
reqHeader := make(map[string]string)
|
|
for k, v := range r.Header {
|
|
reqHeader[k] = strings.Join(v, ",")
|
|
}
|
|
respHeader := make(map[string]string)
|
|
for k, v := range w.Header() {
|
|
respHeader[k] = strings.Join(v, ",")
|
|
}
|
|
|
|
// Send audit logs only to http targets.
|
|
for _, t := range AuditTargets {
|
|
t.send(AuditEntry{
|
|
Version: auditLogVersion,
|
|
DeploymentID: deploymentID,
|
|
RemoteHost: req.RemoteHost,
|
|
RequestID: req.RequestID,
|
|
UserAgent: req.UserAgent,
|
|
Time: time.Now().UTC().Format(time.RFC3339Nano),
|
|
API: &api{
|
|
Name: req.API,
|
|
Args: &args{
|
|
Bucket: req.BucketName,
|
|
Object: req.ObjectName,
|
|
},
|
|
},
|
|
ReqQuery: reqQuery,
|
|
ReqHeader: reqHeader,
|
|
RespHeader: respHeader,
|
|
})
|
|
}
|
|
}
|
|
|