feat: 新增审计系统

.changeset/breezy-seals-tease.md

@@ -0,0 +1,5 @@
+---
+"@scow/grpc-api": minor
+---
+
+新增审计系统，增加 CreateOperationLog 和 GetOperationLogs 接口定义

.changeset/cool-tomatoes-turn.md

@@ -0,0 +1,5 @@
+---
+"@scow/config": minor
+---
+
+新增审计系统配置文件

.changeset/dirty-stingrays-unite.md

@@ -0,0 +1,12 @@
+---
+"@scow/lib-operation-log": minor
+"@scow/audit-server": minor
+"@scow/protos": minor
+"@scow/portal-web": minor
+"@scow/demo-vagrant": minor
+"@scow/mis-web": minor
+"@scow/cli": minor
+"@scow/docs": minor
+---
+
+新增审计系统服务，记录门户系统及管理系统操作日志及展示

.github/workflows/test-build-publish.yaml

@@ -72,7 +72,7 @@ jobs:
       - name: Upload test converage
         uses: codecov/codecov-action@v3
         with:
-          files: ./libs/auth/coverage/lcov.info,./libs/ssh/coverage/lcov.info,./libs/libconfig/coverage/lcov.info,./libs/decimal/coverage/lcov.info,./libs/server/coverage/lcov.info,./apps/cli/coverage/lcov.info,./apps/auth/coverage/lcov.info,./apps/mis-server/coverage/lcov.info,./apps/portal-server/coverage/lcov.info,./apps/gateway/coverage/lcov.info
+          files: ./libs/auth/coverage/lcov.info,./libs/ssh/coverage/lcov.info,./libs/libconfig/coverage/lcov.info,./libs/decimal/coverage/lcov.info,./libs/server/coverage/lcov.info,./apps/cli/coverage/lcov.info,./apps/auth/coverage/lcov.info,./apps/mis-server/coverage/lcov.info,./apps/portal-server/coverage/lcov.info,./apps/gateway/coverage/lcov.info,./apps/audit-server/coverage/lcov.info
 
       - name: Create Release Pull Request or Publish
         id: changesets

apps/audit-server/CHANGELOG.md

@@ -0,0 +1 @@
+# @scow/audit-server

apps/audit-server/README.md

@@ -0,0 +1 @@
+# 审计系统

apps/audit-server/config/audit.yaml

@@ -0,0 +1,8 @@
+db:
+  host: localhost
+  port: 3306
+  user: root
+  password: mysqlrootpassword
+  dbName: scow_audit
+
+

apps/audit-server/env/.env.dev

@@ -0,0 +1,2 @@
+DB_HOST=localhost
+DB_NAME=scow_audit

apps/audit-server/env/.env.test

@@ -0,0 +1,4 @@
+LOG_LEVEL=error
+PORT=0
+DB_HOST=localhost
+DB_NAME=scow_audit_${JEST_WORKER_ID}

apps/audit-server/jest.config.js

@@ -0,0 +1,35 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+// jest.config.js
+const { pathsToModuleNameMapper } = require("ts-jest");
+// In the following statement, replace `./tsconfig` with the path to your `tsconfig` file
+// which contains the path mapping (ie the `compilerOptions.paths` option):
+const { compilerOptions } = require("./tsconfig");
+
+const dotenv = require("dotenv");
+
+dotenv.config({ path: "env/.env.test" });
+
+/** @type {import('@jest/types').Config.InitialOptions} */
+module.exports = {
+  rootDir: ".",
+  preset: "ts-jest",
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
+  testMatch: [
+    "<rootDir>/tests/**/*.test.ts?(x)",
+  ],
+  coverageDirectory: "coverage",
+  testTimeout: 30000,
+  coverageReporters: ["lcov"],
+  setupFilesAfterEnv: ["jest-extended/all"],
+};

apps/audit-server/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@scow/audit-server",
+  "version": "1.0.0",
+  "description": "",
+  "private": true,
+  "main": "build/index.js",
+  "scripts": {
+    "dev": "dotenv -e env/.env.dev -- node --watch -r ts-node/register -r tsconfig-paths/register src/index.ts",
+    "build": "rimraf build && tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json",
+    "serve": "node build/index.js",
+    "test": "jest",
+    "orm": "dotenv -e env/.env.dev -- npx mikro-orm"
+  },
+  "files": [
+    "scripts",
+    "build",
+    ".npmrc",
+    "!**/*.map"
+  ],
+  "keywords": [],
+  "author": "PKUHPC (https://github.com/PKUHPC)",
+  "license": "Mulan PSL v2",
+  "repository": "https://github.com/PKUHPC/SCOW",
+  "dependencies": {
+    "@ddadaal/tsgrpc-server": "0.19.4",
+    "@ddadaal/tsgrpc-common": "0.2.4",
+    "@ddadaal/tsgrpc-client": "0.17.6",
+    "@grpc/grpc-js": "1.8.21",
+    "@mikro-orm/cli": "5.7.14",
+    "@mikro-orm/core": "5.7.14",
+    "@mikro-orm/migrations": "5.7.14",
+    "@mikro-orm/mysql": "5.7.14",
+    "@scow/config": "workspace:*",
+    "@scow/lib-config": "workspace:*",
+    "@scow/lib-decimal": "workspace:*",
+    "@scow/utils": "workspace:*",
+    "@scow/protos": "workspace:*",
+    "pino": "8.15.0",
+    "pino-pretty": "10.2.0"
+  },
+  "devDependencies": {
+    "@types/google-protobuf": "3.15.6"
+  },
+  "mikro-orm": {
+    "useTsNode": true,
+    "configPaths": [
+      "./src/mikro-orm.config.ts",
+      "./src/mikro-orm.config.js"
+    ]
+  },
+  "volta": {
+    "extends": "../../package.json"
+  }
+}

apps/audit-server/src/app.ts

@@ -0,0 +1,39 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { Server } from "@ddadaal/tsgrpc-server";
+import { omitConfigSpec } from "@scow/lib-config";
+import { readVersionFile } from "@scow/utils/build/version";
+import { config } from "src/config/env";
+import { plugins } from "src/plugins";
+import { operationLogServiceServer } from "src/services/operationLog";
+import { logger } from "src/utils/logger";
+
+export async function createServer() {
+
+  const server = new Server({
+    host: config.HOST,
+    port: config.PORT,
+
+    logger,
+  });
+
+  server.logger.info({ version: readVersionFile() }, "@scow/audit-server: ");
+  server.logger.info({ config: omitConfigSpec(config) }, "Loaded env config");
+
+  for (const plugin of plugins) {
+    await server.register(plugin);
+  }
+  await server.register(operationLogServiceServer);
+
+  return server;
+}

apps/audit-server/src/config/audit.ts

@@ -0,0 +1,18 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { getAuditConfig } from "@scow/config/build/audit";
+import { logger } from "src/utils/logger";
+
+export const auditConfig = getAuditConfig(undefined, logger);
+
+

apps/audit-server/src/config/env.ts

@@ -0,0 +1,27 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { bool, envConfig, host, port, str } from "@scow/lib-config";
+
+export const config = envConfig({
+  HOST: host({ default: "0.0.0.0", desc: "监听地址" }),
+  PORT: port({ default: 5000, desc: "监听端口" }),
+  LOG_LEVEL: str({
+    default: "info",
+    desc: "日志等级",
+  }),
+  LOG_PRETTY: bool({ desc: "以可读的方式输出log", default: false }),
+
+  DB_NAME: str({ desc: "存放系统数据的数据库名，将会覆写配置文件。用于测试", default: undefined }),
+  DB_PASSWORD: str({ desc: "审计系统数据库密码，将会覆写配置文件", default: undefined }),
+});
+

apps/audit-server/src/entities/OperationLog.ts

@@ -0,0 +1,63 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { Entity, Enum, PrimaryKey, Property } from "@mikro-orm/core";
+import { CURRENT_TIMESTAMP, DATETIME_TYPE } from "src/utils/orm";
+
+export enum OperationResult {
+  UNKNOWN = "UNKNOWN",
+  SUCCESS = "SUCCESS",
+  FAIL = "FAIL",
+}
+
+@Entity()
+export class OperationLog {
+  @PrimaryKey()
+    id!: number;
+
+  @Property()
+    operatorUserId!: string;
+
+  @Property()
+    operatorIp!: string;
+
+  @Property({ columnType: DATETIME_TYPE, defaultRaw: CURRENT_TIMESTAMP })
+    operationTime?: Date;
+
+  @Enum({ items: () => OperationResult, comment: Object.values(OperationResult).join(", ") })
+    operationResult: OperationResult;
+
+  @Property({ type: "json", nullable: true })
+    metaData?: { [key: string]: any; };
+
+  constructor(init: {
+      operationLogId?: number;
+      operatorUserId: string;
+      operatorIp: string;
+      operationTime?: Date;
+      operationResult: OperationResult;
+      metaData: { [key: string]: any };
+    }) {
+    if (init.operationLogId) {
+      this.id = init.operationLogId;
+    }
+    this.operatorUserId = init.operatorUserId;
+    this.operatorIp = init.operatorIp;
+    if (init.operationTime) {
+      this.operationTime = init.operationTime;
+    }
+    this.operationResult = init.operationResult;
+    this.metaData = init.metaData;
+  }
+
+}
+

apps/audit-server/src/entities/index.ts

@@ -0,0 +1,17 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { OperationLog } from "src/entities/OperationLog";
+
+export const entities = [
+  OperationLog,
+];

apps/audit-server/src/index.ts

@@ -0,0 +1,44 @@
+/**
+ * Copyright (c) 2022 Peking University and Peking University Institute for Computing and Digital Economy
+ * SCOW is licensed under Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *          http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+ * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+ * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+import { createServer } from "src/app";
+import { migrationUp } from "src/tasks/migrationUp";
+
+async function main() {
+
+  const server = await createServer();
+
+  const args = process.argv.slice(1);
+
+  // run tasks
+  if (args.length > 1) {
+    const [_scriptName, command] = args;
+
+    const logger = server.logger.child({ task: command });
+
+    switch (command) {
+
+    case "migrationUp":
+      await migrationUp(server.ext.orm);
+      break;
+    default:
+      logger.error("Unexpected task name %s", command);
+      process.exit(1);
+    }
+
+    process.exit(0);
+  }
+
+  await server.start();
+}
+
+main();