Complete backend

2025-04-18 16:39:05 +02:00
parent 83551ffb4a
commit ec90fb7680
11 changed files with 561 additions and 121 deletions
--- a/packages/sshecret-backend/src/sshecret_backend/audit.py
+++ b/packages/sshecret-backend/src/sshecret_backend/audit.py
@ -3,7 +3,7 @@
 from collections.abc import Sequence
 from fastapi import Request
 from sqlmodel import Session, select
-from .models import AuditLog, Client, ClientSecret
+from .models import AuditLog, Client, ClientSecret, ClientAccessPolicy


 def _get_origin(request: Request) -> str | None:
@ -39,6 +39,19 @@ def audit_create_client(
    _write_audit_log(session, request, entry, commit)


+def audit_delete_client(
+    session: Session, request: Request, client: Client, commit: bool = True
+) -> None:
+    """Log the creation of a client."""
+    entry = AuditLog(
+        operation="CREATE",
+        client_id=client.id,
+        client_name=client.name,
+        message="Client deleted",
+    )
+    _write_audit_log(session, request, entry, commit)
+
+
 def audit_create_secret(
    session: Session,
    request: Request,
@ -58,6 +71,44 @@ def audit_create_secret(
    _write_audit_log(session, request, entry, commit)


+def audit_remove_policy(
+    session: Session,
+    request: Request,
+    client: Client,
+    policy: ClientAccessPolicy,
+    commit: bool = True,
+) -> None:
+    """Audit removal of policy."""
+    entry = AuditLog(
+        operation="DELETE",
+        object="ClientAccessPolicy",
+        object_id=str(policy.id),
+        client_id=client.id,
+        client_name=client.name,
+        message="Deleted client policy",
+    )
+    _write_audit_log(session, request, entry, commit)
+
+
+def audit_update_policy(
+    session: Session,
+    request: Request,
+    client: Client,
+    policy: ClientAccessPolicy,
+    commit: bool = True,
+) -> None:
+    """Audit update of policy."""
+    entry = AuditLog(
+        operation="CREATE",
+        object="ClientAccessPolicy",
+        object_id=str(policy.id),
+        client_id=client.id,
+        client_name=client.name,
+        message="Updated client policy",
+    )
+    _write_audit_log(session, request, entry, commit)
+
+
 def audit_update_secret(
    session: Session,
    request: Request,
@ -89,7 +140,26 @@ def audit_invalidate_secrets(
        object="ClientSecret",
        client_name=client.name,
        client_id=client.id,
-        message="Client fingerprint updated. All secrets invalidated.",
+        message="Client public-key changed. All secrets invalidated.",
+    )
+    _write_audit_log(session, request, entry, commit)
+
+
+def audit_delete_secret(
+    session: Session,
+    request: Request,
+    client: Client,
+    secret: ClientSecret,
+    commit: bool = True,
+) -> None:
+    """Audit Delete client secrets."""
+    entry = AuditLog(
+        operation="DELETE",
+        object="ClientSecret",
+        object_id=str(secret.id),
+        client_name=client.name,
+        client_id=client.id,
+        message="Deleted secret.",
    )
    _write_audit_log(session, request, entry, commit)