CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Edit Log with JSONB blocks

Browse Source 
all action data goes into a JSON block and the old action columns will be deprecated
Same for ip, new ip address block with all possible ip addeses
Additional HTTP_ data goes into the http_data block
new request_schema column to get if the request was done to http or https
This commit is contained in:
Clemens Schwaighofer
2024-12-10 10:06:49 +09:00
parent 10c320f60c
commit e8299a123b
6 changed files with 74 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
4dev/database/table/edit_log.sql
View File

@@ -11,34 +11,41 @@ CREATE TABLE edit_log (
euid INT, -- this is a foreign key, but I don't nedd to reference to it euid INT, -- this is a foreign key, but I don't nedd to reference to it
FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL, FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
ecuid VARCHAR, ecuid VARCHAR,
ecuuid UUID, ecuuid UUID, -- this is the one we want to use, full UUIDv4 from the edit user table
username VARCHAR, username VARCHAR,
password VARCHAR, password VARCHAR,
event_date TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP, event_date TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
ip VARCHAR, ip VARCHAR, -- just the REMOTE_IP, full set see ip_address
ip_address JSONB, -- REMOTE_IP and all other IPs (X_FORWARD, etc) as JSON block
error TEXT, error TEXT,
event TEXT, event TEXT,
data_binary BYTEA, data_binary BYTEA,
data TEXT, data TEXT,
page VARCHAR, page VARCHAR,
action VARCHAR, -- various info data sets
action_id VARCHAR,
action_sub_id VARCHAR,
action_yes VARCHAR,
action_flag VARCHAR,
action_menu VARCHAR,
action_loaded VARCHAR,
action_value VARCHAR,
action_type VARCHAR,
action_error VARCHAR,
user_agent VARCHAR, user_agent VARCHAR,
referer VARCHAR, referer VARCHAR,
script_name VARCHAR, script_name VARCHAR,
query_string VARCHAR, query_string VARCHAR,
request_scheme VARCHAR, -- http or https
server_name VARCHAR, server_name VARCHAR,
http_host VARCHAR, http_host VARCHAR,
http_accept VARCHAR, http_data JSONB,
http_accept_charset VARCHAR, http_accept VARCHAR, -- in http_data
http_accept_encoding VARCHAR, http_accept_charset VARCHAR, -- in http_data
session_id VARCHAR http_accept_encoding VARCHAR, -- in http_data
-- session ID if set
session_id VARCHAR.
-- any action var, -> same set in action_data as JSON
action_data JSONB,
action VARCHAR, -- in action_data
action_id VARCHAR, -- in action_data
action_sub_id VARCHAR, -- in action_data
action_yes VARCHAR, -- in action_data
action_flag VARCHAR, -- in action_data
action_menu VARCHAR, -- in action_data
action_loaded VARCHAR, -- in action_data
action_value VARCHAR, -- in action_data
action_type VARCHAR, -- in action_data
action_error VARCHAR -- in action_data
) INHERITS (edit_generic) WITHOUT OIDS; ) INHERITS (edit_generic) WITHOUT OIDS;

7
4dev/tests/ACL/database/CoreLibsACLLogin_database_create_data.sql
View File

@@ -579,9 +579,6 @@ CREATE TABLE edit_user (
strict SMALLINT DEFAULT 0, strict SMALLINT DEFAULT 0,
locked SMALLINT DEFAULT 0, locked SMALLINT DEFAULT 0,
protected SMALLINT NOT NULL DEFAULT 0, protected SMALLINT NOT NULL DEFAULT 0,
-- legacy, debug flags
debug SMALLINT NOT NULL DEFAULT 0,
db_debug SMALLINT NOT NULL DEFAULT 0,
-- is admin user -- is admin user
admin SMALLINT NOT NULL DEFAULT 0, admin SMALLINT NOT NULL DEFAULT 0,
-- last login log -- last login log
@@ -620,8 +617,6 @@ COMMENT ON COLUMN edit_user.deleted IS 'Login is deleted (master switch), overri
COMMENT ON COLUMN edit_user.strict IS 'If too many failed logins user will be locked, default off'; COMMENT ON COLUMN edit_user.strict IS 'If too many failed logins user will be locked, default off';
COMMENT ON COLUMN edit_user.locked IS 'Locked from too many wrong password logins'; COMMENT ON COLUMN edit_user.locked IS 'Locked from too many wrong password logins';
COMMENT ON COLUMN edit_user.protected IS 'User can only be chnaged by admin user'; COMMENT ON COLUMN edit_user.protected IS 'User can only be chnaged by admin user';
COMMENT ON COLUMN edit_user.debug IS 'Turn debug flag on (legacy)';
COMMENT ON COLUMN edit_user.db_debug IS 'Turn DB debug flag on (legacy)';
COMMENT ON COLUMN edit_user.admin IS 'If set, this user is SUPER admin'; COMMENT ON COLUMN edit_user.admin IS 'If set, this user is SUPER admin';
COMMENT ON COLUMN edit_user.last_login IS 'Last succesfull login tiemstamp'; COMMENT ON COLUMN edit_user.last_login IS 'Last succesfull login tiemstamp';
COMMENT ON COLUMN edit_user.login_error_count IS 'Number of failed logins, reset on successful login'; COMMENT ON COLUMN edit_user.login_error_count IS 'Number of failed logins, reset on successful login';
@@ -1015,7 +1010,7 @@ INSERT INTO edit_page_access (enabled, edit_group_id, edit_page_id, edit_access_
-- edit user -- edit user
-- inserts admin user so basic users can be created -- inserts admin user so basic users can be created
DELETE FROM edit_user; DELETE FROM edit_user;
INSERT INTO edit_user (username, password, enabled, debug, db_debug, email, protected, admin, edit_language_id, edit_group_id, edit_scheme_id, edit_access_right_id) VALUES ('admin', 'admin', 1, 1, 1, '', 1, 1, INSERT INTO edit_user (username, password, enabled, email, protected, admin, edit_language_id, edit_group_id, edit_scheme_id, edit_access_right_id) VALUES ('admin', 'admin', 1, 'test@tequila.jp', 1, 1,
(SELECT edit_language_id FROM edit_language WHERE short_name = 'en_US'), (SELECT edit_language_id FROM edit_language WHERE short_name = 'en_US'),
(SELECT edit_group_id FROM edit_group WHERE name = 'Admin'), (SELECT edit_group_id FROM edit_group WHERE name = 'Admin'),
(SELECT edit_scheme_id FROM edit_scheme WHERE name = 'Admin'), (SELECT edit_scheme_id FROM edit_scheme WHERE name = 'Admin'),

4
4dev/update/20241203_update_edit_tables/edit_tables_cuid_cuuid_update_add.sql
View File

@@ -3,6 +3,10 @@ ALTER TABLE edit_generic ADD cuuid UUID DEFAULT gen_random_uuid();
ALTER TABLE edit_log ADD ecuid VARCHAR; ALTER TABLE edit_log ADD ecuid VARCHAR;
ALTER TABLE edit_log ADD ecuuid VARCHAR; ALTER TABLE edit_log ADD ecuuid VARCHAR;
ALTER TABLE edit_log ADD action_sub_id VARCHAR; ALTER TABLE edit_log ADD action_sub_id VARCHAR;
ALTER TABLE edit_log ADD http_data JSONB;
ALTER TABLE edit_log ADD ip_address JSONB;
ALTER TABLE edit_log ADD action_data JSONB;
ALTER TABLE edit_log ADD request_scheme VARCHAR;
-- update set_edit_gneric -- update set_edit_gneric
-- adds the created or updated date tags -- adds the created or updated date tags

6
www/admin/class_test.login.php
View File

@@ -118,6 +118,12 @@ if (isset($login->loginGetAcl()['unit'])) {
print "Something went wrong with the login<br>"; print "Something went wrong with the login<br>";
} }
echo "<hr>";
// IP check: 'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'CLIENT_IP' in _SERVER
// Agent check: 'HTTP_USER_AGENT'
echo "<hr>"; echo "<hr>";
print "SESSION: " . Support::printAr($_SESSION) . "<br>"; print "SESSION: " . Support::printAr($_SESSION) . "<br>";

3
www/admin/class_test.php
View File

@@ -194,6 +194,9 @@ print "HOST: " . HOST_NAME . " => DB HOST: " . DB_CONFIG_NAME . " => " . Support
print "DS is: " . DIRECTORY_SEPARATOR . "<br>"; print "DS is: " . DIRECTORY_SEPARATOR . "<br>";
print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>"; print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>";
print "<div>READ _SERVER ARRAY:</div>";
print Support::dumpVar(array_map('htmlentities', $_SERVER));
print "</body></html>"; print "</body></html>";
# __END__ # __END__

62
www/lib/CoreLibs/ACL/Login.php
View File

@@ -1904,7 +1904,7 @@ body {
margin: 2% 5%; margin: 2% 5%;
} }
.login-data { .login-data {
margin: 0 5% 5% 5%; margin: 2% 5% 5% 5%;
} }
.login-data-row { .login-data-row {
display: flex; display: flex;
@@ -1951,7 +1951,7 @@ button.login-button {
margin: 5% 0; margin: 5% 0;
} }
.login-data { .login-data {
margin: 0 5% 5% 5%; margin: 5%;
} }
.login-error { .login-error {
margin: 10% 5%; margin: 10% 5%;
@@ -2160,16 +2160,18 @@ HTML;
$q = <<<SQL $q = <<<SQL
INSERT INTO {DB_SCHEMA}.edit_log ( INSERT INTO {DB_SCHEMA}.edit_log (
username, euid, ecuid, ecuuid, event_date, event, error, data, data_binary, page, username, euid, ecuid, ecuuid, event_date, event, error, data, data_binary, page,
ip, user_agent, referer, script_name, query_string, server_name, http_host, ip, ip_address, user_agent, referer, script_name, query_string, request_scheme, server_name,
http_accept, http_accept_charset, http_accept_encoding, session_id, http_host, http_data, session_id,
action, action_id, action_sub_id, action_yes, action_flag, action_menu, action_loaded, action_data
action_value, action_type, action_error
) VALUES ( ) VALUES (
-- ROW 1
$1, $2, $3, $4, NOW(), $5, $6, $7, $8, $9, $1, $2, $3, $4, NOW(), $5, $6, $7, $8, $9,
$10, $11, $12, $13, $14, $15, $16, -- ROW 2
$17, $18, $19, $20, $10, $11, $12, $13, $14, $15, $16, $17,
$21, $22, $23, $24, $25, $26, $27, -- ROW 3
$28, $29, $30 $18, $19, $20,
-- ROW 4
$21
) )
SQL; SQL;
$this->db->dbExecParams( $this->db->dbExecParams(
@@ -2186,7 +2188,7 @@ HTML;
is_string($this->session->get('LOGIN_EUCUID')) ? is_string($this->session->get('LOGIN_EUCUID')) ?
$this->session->get('LOGIN_EUCUID') : null, $this->session->get('LOGIN_EUCUID') : null,
!empty($this->session->get('LOGIN_EUCUUID')) && !empty($this->session->get('LOGIN_EUCUUID')) &&
Uids::validateUuuidv4($this->session->get('LOGIN_EUCUUID')) ? Uids::validateUuuidv4($this->session->get('LOGIN_EUCUUID')) ?
$this->session->get('LOGIN_EUCUUID') : null, $this->session->get('LOGIN_EUCUUID') : null,
(string)$event, (string)$event,
(string)$error, (string)$error,
@@ -2195,29 +2197,39 @@ HTML;
(string)$this->page_name, (string)$this->page_name,
// row 2 // row 2
$_SERVER["REMOTE_ADDR"] ?? null, $_SERVER["REMOTE_ADDR"] ?? null,
[
'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"],
],
$_SERVER['HTTP_USER_AGENT'] ?? null, $_SERVER['HTTP_USER_AGENT'] ?? null,
$_SERVER['HTTP_REFERER'] ?? null, $_SERVER['HTTP_REFERER'] ?? null,
$_SERVER['SCRIPT_FILENAME'] ?? null, $_SERVER['SCRIPT_FILENAME'] ?? null,
$_SERVER['QUERY_STRING'] ?? null, $_SERVER['QUERY_STRING'] ?? null,
$_SERVER['REQUEST_SCHEME'] ?? null,
$_SERVER['SERVER_NAME'] ?? null, $_SERVER['SERVER_NAME'] ?? null,
$_SERVER['HTTP_HOST'] ?? null,
// row 3 // row 3
$_SERVER['HTTP_ACCEPT'] ?? null, $_SERVER['HTTP_HOST'] ?? null,
$_SERVER['HTTP_ACCEPT_CHARSET'] ?? null, [
$_SERVER['HTTP_ACCEPT_ENCODING'] ?? null, 'HTTP_ACCEPT' => $_SERVER['HTTP_ACCEPT'] ?? null,
'HTTP_ACCEPT_CHARSET' => $_SERVER['HTTP_ACCEPT_CHARSET'] ?? null,
'HTTP_ACCEPT_LANGUAGE' => $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? null,
'HTTP_ACCEPT_ENCODING' => $_SERVER['HTTP_ACCEPT_ENCODING'] ?? null,
],
$this->session->getSessionId() !== '' ? $this->session->getSessionId() !== '' ?
$this->session->getSessionId() : null, $this->session->getSessionId() : null,
// row 4 // row 4
$action_set['action'] ?? null, // action data as JSONB
$action_set['action_id'] ?? null, [
$action_set['action_sub_id'] ?? null, 'action' => $action_set['action'] ?? null,
$action_set['action_yes'] ?? null, 'action_id' => $action_set['action_id'] ?? null,
$action_set['action_flag'] ?? null, 'action_sub_id' => $action_set['action_sub_id'] ?? null,
$action_set['action_menu'] ?? null, 'action_yes' => $action_set['action_yes'] ?? null,
$action_set['action_loaded'] ?? null, 'action_flag' => $action_set['action_flag'] ?? null,
$action_set['action_value'] ?? null, 'action_menu' => $action_set['action_menu'] ?? null,
$action_set['action_type'] ?? null, 'action_loaded' => $action_set['action_loaded'] ?? null,
$action_set['action_error'] ?? null, 'action_value' => $action_set['action_value'] ?? null,
'action_type' => $action_set['action_type'] ?? null,
'action_error' => $action_set['action_error'] ?? null,
]
], ],
'NULL' 'NULL'
); );