Add audit things.

2025-09-04 03:43:07 +00:00 · 2023-12-29 12:06:23 +01:00
parent 5b8f67e992
commit 47147066d2
13 changed files with 32 additions and 14 deletions
--- a/app/Api/V1/Controllers/Webhook/AttemptController.php
+++ b/app/Api/V1/Controllers/Webhook/AttemptController.php
@@ -71,6 +71,7 @@ class AttemptController extends Controller
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User lists webhook attempts of webhook #%d and message #%d, but webhooks are DISABLED.', $webhook->id, $message->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }
        Log::channel('audit')->info(sprintf('User lists webhook attempts of webhook #%d and message #%d.', $webhook->id, $message->id));
@@ -113,6 +114,7 @@ class AttemptController extends Controller
        }

        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User views single webhook attempt #%d of webhook #%d and message #%d, but webhooks are DISABLED', $attempt->id, $webhook->id, $message->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

--- a/app/Api/V1/Controllers/Webhook/DestroyController.php
+++ b/app/Api/V1/Controllers/Webhook/DestroyController.php
@@ -63,6 +63,7 @@ class DestroyController extends Controller
    public function destroy(Webhook $webhook): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to destroy webhook #%d. but webhooks are DISABLED.', $webhook->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

@@ -91,6 +92,7 @@ class DestroyController extends Controller
        }

        if (false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to destroy webhook #%d, message #%d, attempt #%d, but webhooks are DISABLED.', $webhook->id, $message->id, $attempt->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

@@ -112,14 +114,15 @@ class DestroyController extends Controller
     */
    public function destroyMessage(Webhook $webhook, WebhookMessage $message): JsonResponse
    {
-        Log::channel('audit')->info(sprintf('User destroys webhook #%d, message #%d.', $webhook->id, $message->id));
        if ($message->webhook_id !== $webhook->id) {
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }

        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to destroy webhook #%d, message #%d, but webhooks are DISABLED.', $webhook->id, $message->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }
+        Log::channel('audit')->info(sprintf('User destroys webhook #%d, message #%d.', $webhook->id, $message->id));

        $this->repository->destroyMessage($message);
        app('preferences')->mark();
--- a/app/Api/V1/Controllers/Webhook/MessageController.php
+++ b/app/Api/V1/Controllers/Webhook/MessageController.php
@@ -67,6 +67,7 @@ class MessageController extends Controller
    public function index(Webhook $webhook): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to view messages of webhook #%d, but webhooks are DISABLED.', $webhook->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }
        Log::channel('audit')->info(sprintf('User views messages of webhook #%d.', $webhook->id));
@@ -105,6 +106,7 @@ class MessageController extends Controller
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to view message #%d of webhook #%d, but webhooks are DISABLED.', $message->id, $webhook->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

--- a/app/Api/V1/Controllers/Webhook/ShowController.php
+++ b/app/Api/V1/Controllers/Webhook/ShowController.php
@@ -72,6 +72,7 @@ class ShowController extends Controller
    public function index(): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info('User tries to view all webhooks, but webhooks are DISABLED.');
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

@@ -105,6 +106,7 @@ class ShowController extends Controller
    public function show(Webhook $webhook): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to view webhook #%d, but webhooks are DISABLED.', $webhook->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

@@ -128,6 +130,7 @@ class ShowController extends Controller
    public function triggerTransaction(Webhook $webhook, TransactionGroup $group): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to trigger webhook #%d on transaction group #%d, but webhooks are DISABLED.', $webhook->id, $group->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

--- a/app/Api/V1/Controllers/Webhook/StoreController.php
+++ b/app/Api/V1/Controllers/Webhook/StoreController.php
@@ -59,11 +59,12 @@ class StoreController extends Controller
     */
    public function store(CreateRequest $request): JsonResponse
    {
+        $data    = $request->getData();
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info('User tries to store new webhook, but webhooks are DISABLED.', $data);
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

-        $data    = $request->getData();
        $webhook = $this->repository->store($data);
        $manager = $this->getManager();

--- a/app/Api/V1/Controllers/Webhook/SubmitController.php
+++ b/app/Api/V1/Controllers/Webhook/SubmitController.php
@@ -58,6 +58,7 @@ class SubmitController extends Controller
    public function submit(Webhook $webhook): JsonResponse
    {
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to submit webhook #%d, but webhooks are DISABLED.', $webhook->id));
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

--- a/app/Api/V1/Controllers/Webhook/UpdateController.php
+++ b/app/Api/V1/Controllers/Webhook/UpdateController.php
@@ -59,11 +59,12 @@ class UpdateController extends Controller
     */
    public function update(Webhook $webhook, UpdateRequest $request): JsonResponse
    {
+        $data    = $request->getData();
        if(false === config('firefly.allow_webhooks')) {
+            Log::channel('audit')->info(sprintf('User tries to update webhook #%d, but webhooks are DISABLED.', $webhook->id), $data);
            throw new NotFoundHttpException('Webhooks are not enabled.');
        }

-        $data    = $request->getData();
        $webhook = $this->repository->update($webhook, $data);
        $manager = $this->getManager();