johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

API: Improve audit logs in cluster_nodes_register.go

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2025-10-20 14:53:11 +02:00
parent c5b5feee47
commit ddc37e08ab
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/cluster_nodes_register.go
View File

@@ -154,7 +154,7 @@ func ClusterNodesRegister(router *gin.RouterGroup) {
// If caller attempts to change UUID by name without proving client secret, block with 409. // If caller attempts to change UUID by name without proving client secret, block with 409.
if RegisterRequireClientSecret { if RegisterRequireClientSecret {
if requestedUUID != "" && n.UUID != "" && requestedUUID != n.UUID && req.ClientID == "" { if requestedUUID != "" && n.UUID != "" && requestedUUID != n.UUID && req.ClientID == "" {
event.AuditWarn([]string{clientIp, string(acl.ResourceCluster), "node %s uuid change requires client secret", event.Denied}, clean.Log(name)) event.AuditWarn([]string{clientIp, string(acl.ResourceCluster), "node %s", "invalid client secret", event.Denied}, clean.Log(name))
c.JSON(http.StatusConflict, gin.H{"error": "client secret required to change node uuid"}) c.JSON(http.StatusConflict, gin.H{"error": "client secret required to change node uuid"})
return return
} }
@@ -206,7 +206,7 @@ func ClusterNodesRegister(router *gin.RouterGroup) {
return return
} }
respSecret = &cluster.RegisterSecrets{ClientSecret: n.ClientSecret, RotatedAt: n.RotatedAt} respSecret = &cluster.RegisterSecrets{ClientSecret: n.ClientSecret, RotatedAt: n.RotatedAt}
event.AuditInfo([]string{clientIp, string(acl.ResourceCluster), "node %s rotate secret", event.Succeeded}, clean.Log(name)) event.AuditInfo([]string{clientIp, string(acl.ResourceCluster), "node %s", "rotate secret", event.Succeeded}, clean.Log(name))
// Extra safety: ensure the updated secret is persisted even if subsequent steps fail. // Extra safety: ensure the updated secret is persisted even if subsequent steps fail.
if putErr := regy.Put(n); putErr != nil { if putErr := regy.Put(n); putErr != nil {
@@ -239,7 +239,7 @@ func ClusterNodesRegister(router *gin.RouterGroup) {
AbortUnexpectedError(c) AbortUnexpectedError(c)
return return
} }
event.AuditInfo([]string{clientIp, string(acl.ResourceCluster), "node %s rotate database", event.Succeeded}, clean.Log(name)) event.AuditInfo([]string{clientIp, string(acl.ResourceCluster), "node %s", "rotate database", event.Succeeded}, clean.Log(name))
} }
} }