mirror of
https://github.com/DrizzleTime/Foxel.git
synced 2026-07-10 06:51:28 +08:00
feat(audit): add audit logs for S3/WebDAV mapping APIs
This commit is contained in:
@@ -8,6 +8,7 @@ from typing import Dict, Iterable, List, Optional, Tuple
|
||||
from fastapi import APIRouter, Request, Response
|
||||
from fastapi import HTTPException
|
||||
|
||||
from domain.audit import AuditAction, audit
|
||||
from domain.config.service import ConfigService
|
||||
from domain.virtual_fs.service import VirtualFSService
|
||||
|
||||
@@ -314,6 +315,7 @@ def _resource_path(bucket: str, key: Optional[str] = None) -> str:
|
||||
|
||||
|
||||
@router.get("")
|
||||
@audit(action=AuditAction.READ, description="S3: 列出桶")
|
||||
async def list_buckets(request: Request):
|
||||
if (resp := await _ensure_enabled()) is not None:
|
||||
return resp
|
||||
@@ -336,6 +338,7 @@ async def list_buckets(request: Request):
|
||||
|
||||
|
||||
@router.get("/{bucket}")
|
||||
@audit(action=AuditAction.READ, description="S3: 列出对象")
|
||||
async def list_objects(request: Request, bucket: str):
|
||||
if (resp := await _ensure_enabled()) is not None:
|
||||
return resp
|
||||
@@ -476,6 +479,7 @@ async def _stat_object(settings: S3Settings, key: str) -> Tuple[Optional[Dict],
|
||||
|
||||
|
||||
@router.api_route("/{bucket}/{object_path:path}", methods=["GET", "HEAD"])
|
||||
@audit(action=AuditAction.DOWNLOAD, description="S3: 获取对象")
|
||||
async def object_get_head(request: Request, bucket: str, object_path: str):
|
||||
settings, error = await _ensure_bucket_and_auth(request, bucket)
|
||||
if error:
|
||||
@@ -500,6 +504,7 @@ async def object_get_head(request: Request, bucket: str, object_path: str):
|
||||
|
||||
|
||||
@router.put("/{bucket}/{object_path:path}")
|
||||
@audit(action=AuditAction.UPLOAD, description="S3: 上传对象")
|
||||
async def put_object(request: Request, bucket: str, object_path: str):
|
||||
settings, error = await _ensure_bucket_and_auth(request, bucket)
|
||||
if error:
|
||||
@@ -520,6 +525,7 @@ async def put_object(request: Request, bucket: str, object_path: str):
|
||||
|
||||
|
||||
@router.delete("/{bucket}/{object_path:path}")
|
||||
@audit(action=AuditAction.DELETE, description="S3: 删除对象")
|
||||
async def delete_object(request: Request, bucket: str, object_path: str):
|
||||
settings, error = await _ensure_bucket_and_auth(request, bucket)
|
||||
if error:
|
||||
|
||||
@@ -8,6 +8,7 @@ from typing import Optional
|
||||
from fastapi import APIRouter, Request, Response, HTTPException, Depends
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
from domain.audit import AuditAction, audit
|
||||
from domain.auth.service import AuthService
|
||||
from domain.auth.types import User, UserInDB
|
||||
from domain.virtual_fs.service import VirtualFSService
|
||||
@@ -141,11 +142,13 @@ def _normalize_fs_path(path: str) -> str:
|
||||
|
||||
|
||||
@router.options("/{path:path}")
|
||||
async def options_root(path: str = "", _enabled: None = Depends(_ensure_webdav_enabled)):
|
||||
@audit(action=AuditAction.READ, description="WebDAV: OPTIONS", user_kw="user")
|
||||
async def options_root(_request: Request, path: str = "", _enabled: None = Depends(_ensure_webdav_enabled)):
|
||||
return Response(status_code=200, headers=_dav_headers())
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["PROPFIND"])
|
||||
@audit(action=AuditAction.READ, description="WebDAV: PROPFIND", user_kw="user")
|
||||
async def propfind(
|
||||
request: Request,
|
||||
path: str,
|
||||
@@ -193,6 +196,7 @@ async def propfind(
|
||||
|
||||
|
||||
@router.get("/{path:path}")
|
||||
@audit(action=AuditAction.DOWNLOAD, description="WebDAV: GET", user_kw="user")
|
||||
async def dav_get(
|
||||
path: str,
|
||||
request: Request,
|
||||
@@ -205,8 +209,10 @@ async def dav_get(
|
||||
|
||||
|
||||
@router.head("/{path:path}")
|
||||
@audit(action=AuditAction.READ, description="WebDAV: HEAD", user_kw="user")
|
||||
async def dav_head(
|
||||
path: str,
|
||||
_request: Request,
|
||||
_enabled: None = Depends(_ensure_webdav_enabled),
|
||||
user: User = Depends(_get_basic_user),
|
||||
):
|
||||
@@ -231,6 +237,7 @@ async def dav_head(
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["PUT"])
|
||||
@audit(action=AuditAction.UPLOAD, description="WebDAV: PUT", user_kw="user")
|
||||
async def dav_put(
|
||||
path: str,
|
||||
request: Request,
|
||||
@@ -247,8 +254,10 @@ async def dav_put(
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["DELETE"])
|
||||
@audit(action=AuditAction.DELETE, description="WebDAV: DELETE", user_kw="user")
|
||||
async def dav_delete(
|
||||
path: str,
|
||||
_request: Request,
|
||||
_enabled: None = Depends(_ensure_webdav_enabled),
|
||||
user: User = Depends(_get_basic_user),
|
||||
):
|
||||
@@ -258,8 +267,10 @@ async def dav_delete(
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["MKCOL"])
|
||||
@audit(action=AuditAction.CREATE, description="WebDAV: MKCOL", user_kw="user")
|
||||
async def dav_mkcol(
|
||||
path: str,
|
||||
_request: Request,
|
||||
_enabled: None = Depends(_ensure_webdav_enabled),
|
||||
user: User = Depends(_get_basic_user),
|
||||
):
|
||||
@@ -281,7 +292,13 @@ def _parse_destination(dest: str) -> str:
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["MOVE"])
|
||||
async def dav_move(path: str, request: Request, user: User = Depends(_get_basic_user)):
|
||||
@audit(action=AuditAction.UPDATE, description="WebDAV: MOVE", user_kw="user")
|
||||
async def dav_move(
|
||||
path: str,
|
||||
request: Request,
|
||||
_enabled: None = Depends(_ensure_webdav_enabled),
|
||||
user: User = Depends(_get_basic_user),
|
||||
):
|
||||
full_src = _normalize_fs_path(path)
|
||||
dest_header = request.headers.get("Destination")
|
||||
dst = _parse_destination(dest_header or "")
|
||||
@@ -291,7 +308,13 @@ async def dav_move(path: str, request: Request, user: User = Depends(_get_basic_
|
||||
|
||||
|
||||
@router.api_route("/{path:path}", methods=["COPY"])
|
||||
async def dav_copy(path: str, request: Request, user: User = Depends(_get_basic_user)):
|
||||
@audit(action=AuditAction.CREATE, description="WebDAV: COPY", user_kw="user")
|
||||
async def dav_copy(
|
||||
path: str,
|
||||
request: Request,
|
||||
_enabled: None = Depends(_ensure_webdav_enabled),
|
||||
user: User = Depends(_get_basic_user),
|
||||
):
|
||||
full_src = _normalize_fs_path(path)
|
||||
dest_header = request.headers.get("Destination")
|
||||
dst = _parse_destination(dest_header or "")
|
||||
|
||||
Reference in New Issue
Block a user