Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

审计功能增强 #1342

Merged
merged 13 commits into from
Jan 19, 2022
Merged

审计功能增强 #1342

merged 13 commits into from
Jan 19, 2022

Conversation

weideguo
Copy link
Collaborator

将审计功能全部抽到一个菜单栏
关联之前的 pr #1251

@codecov
Copy link

codecov bot commented Jan 17, 2022
edited
Loading

Codecov Report

Merging #1342 (d7f2a9c) into master (47d8e4d) will decrease coverage by 0.13%.
The diff coverage is 58.16%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1342      +/-   ##
==========================================
- Coverage   75.54%   75.40%   -0.14%     
==========================================
  Files          81       81              
  Lines       12548    12624      +76     
==========================================
+ Hits         9479     9519      +40     
- Misses       3069     3105      +36
Impacted Files Coverage Δ
sql/urls.py 100.00% <ø> (ø)
sql/audit_log.py 39.74% <27.50%> (-15.36%) ⬇️
sql/models.py 95.64% <60.00%> (+<0.01%) ⬆️
sql/query.py 71.25% <72.72%> (-0.09%) ⬇️
sql/views.py 68.68% <76.92%> (+0.07%) ⬆️
sql/sql_workflow.py 67.25% <83.33%> (+0.18%) ⬆️
sql/admin.py 92.64% <100.00%> (ø)
sql/tests.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 47d8e4d...d7f2a9c. Read the comment docs.

hhyo
hhyo reviewed Jan 17, 2022
View reviewed changes
Copy link
Owner

@hhyo hhyo left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

如果感兴趣可以借鉴一下https://github.com/getredash/redash/blob/d8d7c78992e44a4b6d7fdd4c39ccc1c35cd8c7a9/redash/handlers/events.py#L1

sql/migrations/0001_initial.py Outdated Show resolved Hide resolved
@weideguo
Copy link
Collaborator Author

如果感兴趣可以借鉴一下https://github.com/getredash/redash/blob/d8d7c78992e44a4b6d7fdd4c39ccc1c35cd8c7a9/redash/handlers/events.py#L1

没懂要做什么?

@hhyo
Copy link
Owner

hhyo commented Jan 18, 2022

如果感兴趣可以借鉴一下https://github.com/getredash/redash/blob/d8d7c78992e44a4b6d7fdd4c39ccc1c35cd8c7a9/redash/handlers/events.py#L1

没懂要做什么?

看是否需要在extra中记录设备等信息,同时关于不存在的账号登录操作是否也有必要记录到数据库中,这块因为无法锁定可能存在风险

@weideguo
Copy link
Collaborator Author

如果感兴趣可以借鉴一下https://github.com/getredash/redash/blob/d8d7c78992e44a4b6d7fdd4c39ccc1c35cd8c7a9/redash/handlers/events.py#L1

没懂要做什么?

看是否需要在extra中记录设备等信息,同时关于不存在的账号登录操作是否也有必要记录到数据库中,这块因为无法锁定可能存在风险

扩展成这样?
1642561402

不存在的账号登录操作不记录会导致个信息缺失。是否是因为DDOS的考虑呢?限制登录接口的访问频率似乎更好

@weideguo
Copy link
Collaborator Author

如果感兴趣可以借鉴一下https://github.com/getredash/redash/blob/d8d7c78992e44a4b6d7fdd4c39ccc1c35cd8c7a9/redash/handlers/events.py#L1

没懂要做什么?

看是否需要在extra中记录设备等信息,同时关于不存在的账号登录操作是否也有必要记录到数据库中,这块因为无法锁定可能存在风险

考虑应该都是内网环境使用,加入地理信息没有太多用

hhyo
hhyo requested changes Jan 19, 2022
View reviewed changes
Copy link
Owner

@hhyo hhyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

记录和agent应该差不多了

sql/audit_log.py Outdated
@@ -2,6 +2,8 @@
import logging
import datetime
import simplejson as json
import geolite2
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这两个包应该没用到

hhyo
hhyo requested changes Jan 19, 2022
View reviewed changes
sql/audit_log.py Outdated
now = timezone.now()
AuditEntry.objects.create(action=u'登入', extra_info=ip, user_id=user.id, user_name=user.username, user_display=user.display, action_time=now)
AuditEntry.objects.create(action=u'登入', extra_info='|'.join([ip,ua]), user_id=user.id, user_name=user.username, user_display=user.display, action_time=now)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

加入ua应该要扩充长度了,要不还是恢复前面的记录ip吧😂,我考虑过多了

@hhyo hhyo merged commit 0a21e81 into hhyo:master Jan 19, 2022
hhyo
hhyo reviewed Jan 19, 2022
View reviewed changes
sql/templates/sqlquery.html
}

// 通过前端元素查看确定要绑定事件的对象,有其他更好的实现方式?
function downloadAppendOpt(){
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

发现查询没有记录查询的语句,可以参考这个issue处理下

#970

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

好的,我研究研究。

This was referenced Jan 21, 2022
Merged
Merged
@hhyo hhyo mentioned this pull request Jun 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hhyo hhyo hhyo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@weideguo @hhyo