feat: audit log (#1032)

Not great looking, but does the job. Planning to cleanup our admin
dashboards in a follow-up today

Author: crowlKats

api/.sqlx/query-26883e51e0ec672545a9196d6c06f0adfa268dcde1dae8e8d22871de2007b920.json

@@ -0,0 +1,7 @@
+CREATE TABLE audit_logs (
+    actor_id uuid references users(id) NOT NULL,
+    is_sudo bool NOT NULL,
+    action text NOT NULL,
+    meta jsonb NOT NULL,
+    created_at timestamptz NOT NULL DEFAULT now()
+);

api/.sqlx/query-373d500106acb925a37dcd921bfc08245d2395f43b0c9044d1dca9920a52d099.json

@@ -7,6 +7,7 @@ use hyper::Body;
 use hyper::Request;
 use routerify::prelude::RequestExt;
 use routerify::Router;
+use routerify_query::RequestQueryExt;
 use tracing::field;
 use tracing::instrument;
 use tracing::Instrument;
@@ -46,6 +47,7 @@ pub fn admin_router() -> Router<Body, ApiError> {
     )
     .get("/tickets", util::auth(util::json(list_tickets)))
     .patch("/tickets/:id", util::auth(util::json(patch_ticket)))
+    .get("/audit_logs", util::auth(util::json(list_audit_logs)))
     .build()
     .unwrap()
 }
@@ -112,9 +114,6 @@ pub async fn list_users(req: Request<Body>) -> ApiResult<ApiList<ApiFullUser>> {
   fields(user_id)
 )]
 pub async fn update_user(mut req: Request<Body>) -> ApiResult<ApiFullUser> {
-  let iam = req.iam();
-  iam.check_admin_access()?;
-
   let user_id = req.param_uuid("user_id")?;
   Span::current().record("user_id", field::display(&user_id));
   let ApiAdminUpdateUserRequest {
@@ -124,16 +123,23 @@ pub async fn update_user(mut req: Request<Body>) -> ApiResult<ApiFullUser> {
   } = decode_json(&mut req).await?;
   let db = req.data::<Database>().unwrap();
 
+  let iam = req.iam();
+  let staff = iam.check_admin_access()?;
+
   let mut updated_user = None;
 
   if let Some(is_staff) = is_staff {
-    updated_user = Some(db.user_set_staff(user_id, is_staff).await?);
+    updated_user = Some(db.user_set_staff(&staff.id, user_id, is_staff).await?);
   }
   if let Some(is_blocked) = is_blocked {
-    updated_user = Some(db.user_set_blocked(user_id, is_blocked).await?);
+    updated_user =
+      Some(db.user_set_blocked(&staff.id, user_id, is_blocked).await?);
   }
   if let Some(scope_limit) = scope_limit {
-    updated_user = Some(db.user_set_scope_limit(user_id, scope_limit).await?);
+    updated_user = Some(
+      db.user_set_scope_limit(&staff.id, user_id, scope_limit)
+        .await?,
+    );
   }
 
   if let Some(updated_user) = updated_user {
@@ -170,9 +176,6 @@ pub async fn list_scopes(
   fields(scope)
 )]
 pub async fn patch_scopes(mut req: Request<Body>) -> ApiResult<ApiFullScope> {
-  let iam = req.iam();
-  iam.check_admin_access()?;
-
   let scope = req.param_scope()?;
   Span::current().record("scope", field::display(&scope));
 
@@ -182,6 +185,9 @@ pub async fn patch_scopes(mut req: Request<Body>) -> ApiResult<ApiFullScope> {
     publish_attempts_per_week_limit,
   } = decode_json(&mut req).await?;
 
+  let iam = req.iam();
+  let staff = iam.check_admin_access()?;
+
   let db = req.data::<Database>().unwrap();
 
   if package_limit.is_none()
@@ -195,6 +201,7 @@ pub async fn patch_scopes(mut req: Request<Body>) -> ApiResult<ApiFullScope> {
 
   let scope = db
     .update_scope_limits(
+      &staff.id,
       &scope,
       package_limit,
       new_package_per_week_limit,
@@ -212,13 +219,13 @@ pub async fn patch_scopes(mut req: Request<Body>) -> ApiResult<ApiFullScope> {
   fields(scope, user_id)
 )]
 pub async fn assign_scope(mut req: Request<Body>) -> ApiResult<ApiScope> {
-  let iam = req.iam();
-  iam.check_admin_access()?;
-
   let ApiAssignScopeRequest { scope, user_id } = decode_json(&mut req).await?;
   Span::current().record("scope", field::display(&scope));
   Span::current().record("user_id", field::display(&user_id));
 
+  let iam = req.iam();
+  let staff = iam.check_admin_access()?;
+
   let db = req.data::<Database>().unwrap();
 
   let scope_without_hyphens = scope.replace('-', "");
@@ -228,7 +235,7 @@ pub async fn assign_scope(mut req: Request<Body>) -> ApiResult<ApiScope> {
   }
 
   let scope = db
-    .create_scope(&scope, user_id)
+    .create_scope(&staff.id, true, &scope, user_id)
     .await
     .map_err(|e| map_unique_violation(e, ApiError::ScopeAlreadyExists))?;
 
@@ -266,7 +273,7 @@ pub async fn list_publishing_tasks(
 )]
 pub async fn requeue_publishing_tasks(req: Request<Body>) -> ApiResult<()> {
   let iam = req.iam();
-  iam.check_admin_access()?;
+  let staff = iam.check_admin_access()?;
 
   let publishing_task_id = req.param_uuid("publishing_task")?;
   Span::current()
@@ -280,6 +287,7 @@ pub async fn requeue_publishing_tasks(req: Request<Body>) -> ApiResult<()> {
 
   if task.status == PublishingTaskStatus::Processing {
     db.update_publishing_task_status(
+      Some(&staff.id),
       publishing_task_id,
       PublishingTaskStatus::Processing,
       PublishingTaskStatus::Pending,
@@ -292,7 +300,7 @@ pub async fn requeue_publishing_tasks(req: Request<Body>) -> ApiResult<()> {
   let orama_client = req.data::<Option<OramaClient>>().unwrap().clone();
 
   if let Some(queue) = publish_queue {
-    let body = serde_json::to_vec(&publishing_task_id).unwrap();
+    let body = serde_json::to_vec(&publishing_task_id)?;
     queue.task_buffer(None, Some(body.into())).await?;
   } else {
     let buckets = req.data::<Buckets>().unwrap().clone();
@@ -326,25 +334,25 @@ pub async fn list_tickets(req: Request<Body>) -> ApiResult<ApiList<ApiTicket>> {
 
   let (total, tickets) = db.list_tickets(start, limit, maybe_search).await?;
   Ok(ApiList {
-    items: tickets.into_iter().map(|scope| scope.into()).collect(),
+    items: tickets.into_iter().map(|ticket| ticket.into()).collect(),
     total,
   })
 }
 
 #[instrument(name = "PATCH /api/admin/tickets/:id", skip(req), err)]
 pub async fn patch_ticket(mut req: Request<Body>) -> ApiResult<ApiTicket> {
-  let iam = req.iam();
-  iam.check_admin_access()?;
-
   let id = req.param_uuid("id")?;
   Span::current().record("id", field::display(id));
 
   let ApiAdminUpdateTicketRequest { closed } = decode_json(&mut req).await?;
 
+  let iam = req.iam();
+  let staff = iam.check_admin_access()?;
+
   let db = req.data::<Database>().unwrap();
 
   let ticket = if let Some(closed) = closed {
-    db.update_ticket_closed(id, closed).await?
+    db.update_ticket_closed(&staff.id, id, closed).await?
   } else {
     return Err(ApiError::MalformedRequest {
       msg: "missing 'closed' parameter".into(),
@@ -354,6 +362,30 @@ pub async fn patch_ticket(mut req: Request<Body>) -> ApiResult<ApiTicket> {
   Ok(ticket.into())
 }
 
+#[instrument(name = "GET /api/admin/audit_logs", skip(req), err)]
+pub async fn list_audit_logs(
+  req: Request<Body>,
+) -> ApiResult<ApiList<ApiAuditLog>> {
+  let iam = req.iam();
+  iam.check_admin_access()?;
+
+  let db = req.data::<Database>().unwrap();
+  let (start, limit) = pagination(&req);
+  let maybe_search = search(&req);
+  let sudo_only = req.query("sudoOnly").is_some();
+
+  let (total, audit_logs) = db
+    .list_audit_logs(start, limit, maybe_search, sudo_only)
+    .await?;
+  Ok(ApiList {
+    items: audit_logs
+      .into_iter()
+      .map(|audit_log| audit_log.into())
+      .collect(),
+    total,
+  })
+}
+
 #[cfg(test)]
 mod tests {
   use crate::api::ApiFullScope;