Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

增加登录审计日志 #1251

Merged
merged 8 commits into from
Dec 13, 2021
Merged

增加登录审计日志 #1251

merged 8 commits into from
Dec 13, 2021

Conversation

ningyu1
Copy link
Contributor

@ningyu1 ningyu1 commented Nov 26, 2021
edited
Loading

Archery版本:1.8.1
功能:增加登入、登出、登入失败 审计日志

表结构:

DROP TABLE IF EXISTS `audit_log`;
CREATE TABLE `audit_log` (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'ID',
  `user_id` int(11) DEFAULT NULL COMMENT '用户id',
  `user_name` varchar(255) DEFAULT NULL COMMENT '用户名称',
  `ip` varchar(255) DEFAULT NULL COMMENT '登录ip',
  `action` varchar(255) DEFAULT NULL COMMENT '动作',
  `action_time` datetime(6) NOT NULL COMMENT '操作时间',
  PRIMARY KEY (`id`),
  KEY `idx_username` (`user_name`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COMMENT='登录审计日志表';

变更文件:

common/templates/base.html  增加菜单路由
sql/admin.py                增加对象引入
sql/audit_log.py            增加登录审计日志处理
sql/models.py               增加数据库模型
sql/templates/audit.html    增加操作页面
sql/tests.py                增加页面测试
sql/urls.py                 增加路由注册
sql/views.py                增加视图注册

界面截屏:
image

ningyu and others added 2 commits November 26, 2021 12:52
增加登录审计日志
138a48d
@ningyu1
Merge pull request #1 from ningyu1/master
12d9514 
同步官网更新到功能特性开发分支
@ningyu1
Copy link
Contributor Author

ningyu1 commented Nov 26, 2021

@hhyo review一下

@ningyu1
Copy link
Contributor Author

ningyu1 commented Nov 26, 2021

Travis CI build failed 是因为:MySQLdb._exceptions.ProgrammingError: (1146, "Table 'test_archery.audit_log' doesn't exist")
测试环境没有初始化表

@LeoQuote
Copy link
Collaborator

python manage.py migrate 执行一下, 会产生一些migration, 一起提上来

@LeoQuote
Copy link
Collaborator

@hhyo 咦, 现在已经不用 migration 了吗....我弄错了?

@codecov
Copy link

codecov bot commented Nov 29, 2021
edited
Loading

Codecov Report

Merging #1251 (fe46d81) into master (b607bb0) will decrease coverage by 0.06%.
The diff coverage is 68.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1251      +/-   ##
==========================================
- Coverage   77.96%   77.90%   -0.07%     
==========================================
  Files          76       77       +1     
  Lines       11970    12045      +75     
==========================================
+ Hits         9333     9384      +51     
- Misses       2637     2661      +24
Impacted Files Coverage Δ
sql/urls.py 100.00% <ø> (ø)
sql/audit_log.py 55.10% <55.10%> (ø)
sql/models.py 96.10% <86.66%> (-0.25%) ⬇️
sql/admin.py 92.53% <100.00%> (+0.22%) ⬆️
sql/tests.py 100.00% <100.00%> (ø)
sql/views.py 68.11% <100.00%> (+0.38%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b607bb0...fe46d81. Read the comment docs.

@ningyu1
Copy link
Contributor Author

ningyu1 commented Nov 29, 2021

@hhyo 咦, 现在已经不用 migration 了吗....我弄错了?

我把migrations提交了,ci成功了

hhyo
hhyo reviewed Dec 1, 2021
View reviewed changes
Copy link
Owner

@hhyo hhyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • 审计日志不错,不过是否可以扩充一些,不仅限于登录,可以额外记录一些敏感操作

  • 同时建议补充SQL文件,还是有很多是不依靠migrate升级的

@ningyu1
Copy link
Contributor Author

ningyu1 commented Dec 2, 2021
edited
Loading

  • 审计日志不错,不过是否可以扩充一些,不仅限于登录,可以额外记录一些敏感操作
  • 同时建议补充SQL文件,还是有很多是不依靠migrate升级的
  1. 我看过审计日志除了登录日志没有以外,其他的操作都有日志,比如说查询日志、sql升级日志、以及django自带的变更日志,关于其他的目前没有想到,或者说以后可以让社区的同学在这个基础上再扩展其他日志。
  2. 审计日志对于需要做等保的企业来说还是非常有用,我司就是做等保的时候自行拉分支添加了该功能。
  3. sql文件我稍后补充提交一下

ningyu and others added 2 commits December 2, 2021 09:45
hhyo
hhyo requested changes Dec 11, 2021
View reviewed changes
sql/migrations/0001_initial.py Outdated Show resolved Hide resolved
src/init_sql/audit_log.sql Outdated Show resolved Hide resolved
@ningyu1 ningyu1 requested a review from hhyo December 13, 2021 04:11
@hhyo hhyo merged commit f35e633 into hhyo:master Dec 13, 2021
@weideguo
Copy link
Collaborator

将审计功能全部抽到一个菜单栏是否是个好主意?
这样能方便审计人员集中在一个地方获取审计信息。
暂时考虑到要加以下的审计:
sql查询后的下载操作(暂时没有相关数据)
sql查询(有相关数据,只是在此提供另外一个查询界面)
sql上线(有相关数据,只是在此提供另外一个查询界面)
同时添加一个权限,用于查询这些审计信息

@hhyo
Copy link
Owner

hhyo commented Dec 25, 2021

管理端和用户端能够有不同的入口可能会比较好,不过当前都混一起了,单独做个审计页面的话,看怎么重新设计下,感谢你的贡献,方便的话辛苦加一下我的微信rtttte

将审计功能全部抽到一个菜单栏是否是个好主意? 这样能方便审计人员集中在一个地方获取审计信息。 暂时考虑到要加以下的审计: sql查询后的下载操作(暂时没有相关数据) sql查询(有相关数据,只是在此提供另外一个查询界面) sql上线(有相关数据,只是在此提供另外一个查询界面) 同时添加一个权限,用于查询这些审计信息

@weideguo weideguo mentioned this pull request Jan 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hhyo hhyo hhyo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ningyu1 @LeoQuote @weideguo @hhyo