Merge pull request #545 from crocs-muni/copilot/add-accounting-logs-page

Add accounting logs page to admin interface

Author: J08nY

sec_certs_page/admin/views.py

@@ -266,3 +266,58 @@ def edit_user(username):
     # prepopulate form
     form.roles.data = user_doc.get("roles", [])
     return render_template("admin/users/edit.html.jinja2", user=user_doc, form=form)
+
+
+@admin.route("/accounting")
+@login_required
+@admin_permission.require()
+@register_breadcrumb(admin, ".accounting", "Accounting")
+def accounting():
+    page = int(request.args.get("page", 1))
+    per_page = current_app.config.get("SEARCH_ITEMS_PER_PAGE", 25)
+    username_filter = request.args.get("username")
+    endpoint_filter = request.args.get("endpoint")
+
+    # Validate filters to prevent injection attacks
+    if username_filter is not None and not isinstance(username_filter, str):
+        username_filter = None
+    if endpoint_filter is not None and not isinstance(endpoint_filter, str):
+        endpoint_filter = None
+
+    # Build query based on filters
+    query = {}
+    if username_filter:
+        query["username"] = username_filter
+    if endpoint_filter:
+        query["endpoint"] = endpoint_filter
+
+    # Get accounting logs sorted by period (most recent first)
+    logs_cursor = mongo.db.accounting.find(query).sort([("period", pymongo.DESCENDING)])
+    total = mongo.db.accounting.count_documents(query)
+    logs_list = list(logs_cursor[(page - 1) * per_page : page * per_page])
+
+    # Get distinct usernames and endpoints for filter dropdowns
+    distinct_usernames = sorted(
+        [u for u in mongo.db.accounting.distinct("username") if u is not None], key=lambda x: x.lower()
+    )
+    distinct_endpoints = sorted(mongo.db.accounting.distinct("endpoint"))
+
+    pagination = Pagination(
+        page=page,
+        per_page=per_page,
+        search=False,
+        found=total,
+        total=total,
+        css_framework="bootstrap5",
+        alignment="center",
+    )
+
+    return render_template(
+        "admin/accounting.html.jinja2",
+        logs=logs_list,
+        pagination=pagination,
+        distinct_usernames=distinct_usernames,
+        distinct_endpoints=distinct_endpoints,
+        username_filter=username_filter,
+        endpoint_filter=endpoint_filter,
+    )

sec_certs_page/templates/admin/accounting.html.jinja2

@@ -0,0 +1,74 @@
+{% extends "common/base.html.jinja2" %}
+
+{% block content %}
+    <main>
+        <div class="col-10 mx-auto p-3 py-md-5">
+            <h1>Accounting Logs</h1>
+            
+            <!-- Filters -->
+            <form method="GET" class="mb-4">
+                <div class="row g-3">
+                    <div class="col-md-4">
+                        <label for="username" class="form-label">Username</label>
+                        <select class="form-select" id="username" name="username">
+                            <option value="">All Users</option>
+                            {% for username in distinct_usernames %}
+                                <option value="{{ username }}" {% if username_filter == username %}selected{% endif %}>
+                                    {{ username }}
+                                </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                    <div class="col-md-6">
+                        <label for="endpoint" class="form-label">Endpoint</label>
+                        <select class="form-select" id="endpoint" name="endpoint">
+                            <option value="">All Endpoints</option>
+                            {% for endpoint in distinct_endpoints %}
+                                <option value="{{ endpoint }}" {% if endpoint_filter == endpoint %}selected{% endif %}>
+                                    {{ endpoint }}
+                                </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                    <div class="col-md-2 d-flex align-items-end">
+                        <button type="submit" class="btn btn-primary w-100">Filter</button>
+                    </div>
+                </div>
+            </form>
+
+            <!-- Results Table -->
+            <table class="table table-striped">
+                <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>IP Address</th>
+                    <th>Endpoint</th>
+                    <th>Period</th>
+                    <th>Count</th>
+                </tr>
+                </thead>
+                <tbody>
+                {% for log in logs %}
+                    <tr>
+                        <td>{{ log.username or '-' }}</td>
+                        <td>{{ log.ip or '-' }}</td>
+                        <td>{{ log.endpoint }}</td>
+                        <td>{{ log.period.strftime('%Y-%m-%d %H:%M:%S') if log.period else '-' }}</td>
+                        <td>{{ log.count }}</td>
+                    </tr>
+                {% else %}
+                    <tr>
+                        <td colspan="5">No accounting logs found.</td>
+                    </tr>
+                {% endfor %}
+                </tbody>
+            </table>
+
+            {% if pagination %}
+                <div class="d-flex justify-content-center">
+                    {{ pagination.links }}
+                </div>
+            {% endif %}
+        </div>
+    </main>
+{% endblock %}

sec_certs_page/templates/admin/index.html.jinja2

@@ -8,6 +8,7 @@
                 <a href="{{ url_for("admin.tasks") }}" class="btn btn-primary">Tasks</a>
                 <a href="{{ url_for("admin.config") }}" class="btn btn-primary">Config</a>
                 <a href="{{ url_for("admin.users") }}" class="btn btn-primary">Users</a>
+                <a href="{{ url_for("admin.accounting") }}" class="btn btn-primary">Accounting</a>
                 <a href="/munin/" class="btn btn-primary" target="_blank">Munin</a>
             </div>
         </div>

tests/functional/data/mongo/accounting.json

@@ -0,0 +1,37 @@
+[
+    {
+        "username": "testuser1",
+        "ip": null,
+        "endpoint": "cc.search",
+        "period": {"$date": "2024-01-01T00:00:00Z"},
+        "count": 42
+    },
+    {
+        "username": "testuser2",
+        "ip": null,
+        "endpoint": "fips.search",
+        "period": {"$date": "2024-01-01T00:00:00Z"},
+        "count": 15
+    },
+    {
+        "username": null,
+        "ip": "192.168.1.1",
+        "endpoint": "cc.detail",
+        "period": {"$date": "2024-01-02T00:00:00Z"},
+        "count": 5
+    },
+    {
+        "username": "testuser1",
+        "ip": null,
+        "endpoint": "chat.chat",
+        "period": {"$date": "2024-01-02T00:00:00Z"},
+        "count": 100
+    },
+    {
+        "username": null,
+        "ip": "10.0.0.1",
+        "endpoint": "fips.detail",
+        "period": {"$date": "2024-01-03T00:00:00Z"},
+        "count": 3
+    }
+]

tests/functional/test_admin.py

@@ -63,3 +63,28 @@ def test_update_diff(logged_in_client):
     id = list(mongo.db.fips_diff.find({}, {"_id": True}))[-1]["_id"]
     resp = logged_in_client.get(f"/admin/update/diff/{id}")
     assert resp.status_code == 200
+
+
+def test_accounting(logged_in_client):
+    resp = logged_in_client.get("/admin/accounting")
+    assert resp.status_code == 200
+    assert b"Accounting Logs" in resp.data
+
+
+def test_accounting_filter_by_username(logged_in_client):
+    resp = logged_in_client.get("/admin/accounting?username=testuser1")
+    assert resp.status_code == 200
+    assert b"testuser1" in resp.data
+
+
+def test_accounting_filter_by_endpoint(logged_in_client):
+    resp = logged_in_client.get("/admin/accounting?endpoint=cc.search")
+    assert resp.status_code == 200
+    assert b"cc.search" in resp.data
+
+
+def test_accounting_combined_filters(logged_in_client):
+    resp = logged_in_client.get("/admin/accounting?username=testuser1&endpoint=chat.chat")
+    assert resp.status_code == 200
+    assert b"testuser1" in resp.data
+    assert b"chat.chat" in resp.data