Add user login event to audit log (#21415)

Add common event handler Register login event Update previous audit log event redirect to auditlogext table Signed-off-by: stonezdj <[email protected]>
goharbor · Jan 23, 2025 · f808f33 · f808f33
1 parent 39b2898
commit f808f33
Show file tree

Hide file tree

Showing 16 changed files with 524 additions and 102 deletions.
diff --git a/src/controller/event/handler/auditlog/auditlog.go b/src/controller/event/handler/auditlog/auditlog.go
@@ -16,12 +16,14 @@ package auditlog
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/goharbor/harbor/src/controller/event"
+	evtModel "github.com/goharbor/harbor/src/controller/event/model"
 	"github.com/goharbor/harbor/src/lib/config"
 	"github.com/goharbor/harbor/src/lib/log"
-	"github.com/goharbor/harbor/src/pkg/audit"
-	am "github.com/goharbor/harbor/src/pkg/audit/model"
+	"github.com/goharbor/harbor/src/pkg/auditext"
+	am "github.com/goharbor/harbor/src/pkg/auditext/model"
 )
 
 // Handler - audit log handler
@@ -30,7 +32,7 @@ type Handler struct {
 
 // AuditResolver - interface to resolve to AuditLog
 type AuditResolver interface {
-	ResolveToAuditLog() (*am.AuditLog, error)
+	ResolveToAuditLog() (*am.AuditLogExt, error)
 }
 
 // Name ...
@@ -40,13 +42,12 @@ func (h *Handler) Name() string {
 
 // Handle ...
 func (h *Handler) Handle(ctx context.Context, value interface{}) error {
-	var auditLog *am.AuditLog
 	var addAuditLog bool
 	switch v := value.(type) {
 	case *event.PushArtifactEvent, *event.DeleteArtifactEvent,
 		*event.DeleteRepositoryEvent, *event.CreateProjectEvent, *event.DeleteProjectEvent,
 		*event.DeleteTagEvent, *event.CreateTagEvent,
-		*event.CreateRobotEvent, *event.DeleteRobotEvent:
+		*event.CreateRobotEvent, *event.DeleteRobotEvent, *evtModel.CommonEvent:
 		addAuditLog = true
 	case *event.PullArtifactEvent:
 		addAuditLog = !config.PullAuditLogDisable(ctx)
@@ -56,14 +57,13 @@ func (h *Handler) Handle(ctx context.Context, value interface{}) error {
 
 	if addAuditLog {
 		resolver := value.(AuditResolver)
-		al, err := resolver.ResolveToAuditLog()
+		auditLog, err := resolver.ResolveToAuditLog()
 		if err != nil {
 			log.Errorf("failed to handler event %v", err)
 			return err
 		}
-		auditLog = al
-		if auditLog != nil {
-			_, err := audit.Mgr.Create(ctx, auditLog)
+		if auditLog != nil && config.AuditLogEventEnabled(ctx, fmt.Sprintf("%v_%v", auditLog.Operation, auditLog.ResourceType)) {
+			_, err := auditext.Mgr.Create(ctx, auditLog)
 			if err != nil {
 				log.Debugf("add audit log err: %v", err)
 			}

diff --git a/src/controller/event/handler/init.go b/src/controller/event/handler/init.go
@@ -67,6 +67,7 @@ func init() {
 	_ = notifier.Subscribe(event.TopicDeleteTag, &auditlog.Handler{})
 	_ = notifier.Subscribe(event.TopicCreateRobot, &auditlog.Handler{})
 	_ = notifier.Subscribe(event.TopicDeleteRobot, &auditlog.Handler{})
+	_ = notifier.Subscribe(event.TopicCommonEvent, &auditlog.Handler{})
 
 	// internal
 	_ = notifier.Subscribe(event.TopicPullArtifact, &internal.ArtifactEventHandler{})

diff --git a/src/controller/event/metadata/commonevent/model.go b/src/controller/event/metadata/commonevent/model.go
@@ -62,8 +62,10 @@ type Metadata struct {
 	IPAddress string
 	// ResponseLocation response location
 	ResponseLocation string
-	// ResourceName
+	// ResourceName resource name
 	ResourceName string
+	// Payload request payload
+	Payload string
 }
 
 // Resolve parse the audit information from CommonEventMetadata

diff --git a/src/controller/event/model/event.go b/src/controller/event/model/event.go
@@ -14,7 +14,12 @@
 
 package model
 
-import "github.com/goharbor/harbor/src/pkg/retention/policy/rule"
+import (
+	"time"
+
+	"github.com/goharbor/harbor/src/pkg/auditext/model"
+	"github.com/goharbor/harbor/src/pkg/retention/policy/rule"
+)
 
 // Replication describes replication infos
 type Replication struct {
@@ -80,3 +85,32 @@ type Scan struct {
 	// ScanType the scan type
 	ScanType string `json:"scan_type,omitempty"`
 }
+
+// CommonEvent ...
+type CommonEvent struct {
+	Operator             string
+	ProjectID            int64
+	OcurrAt              time.Time
+	Operation            string
+	Payload              string
+	SourceIP             string
+	ResourceType         string
+	ResourceName         string
+	OperationDescription string
+	IsSuccessful         bool
+}
+
+// ResolveToAuditLog ...
+func (c *CommonEvent) ResolveToAuditLog() (*model.AuditLogExt, error) {
+	auditLog := &model.AuditLogExt{
+		ProjectID:            c.ProjectID,
+		OpTime:               c.OcurrAt,
+		Operation:            c.Operation,
+		Username:             c.Operator,
+		ResourceType:         c.ResourceType,
+		Resource:             c.ResourceName,
+		OperationDescription: c.OperationDescription,
+		IsSuccessful:         c.IsSuccessful,
+	}
+	return auditLog, nil
+}