3ed3877ac9
Strip every comment from the source (parsed with the TypeScript compiler so strings, template literals, regex literals and JSX are never touched), and drop internal/working artifacts that do not belong in the public repository (design mockups, internal analysis docs, a stray backup file and an old log). No functional change: build is green, the full test suite passes.
120 lines
3.1 KiB
TypeScript
120 lines
3.1 KiB
TypeScript
import fs from "node:fs";
|
|
import { logTimestamp } from "./log-timestamp";
|
|
import path from "node:path";
|
|
|
|
type AuditLevel = "INFO" | "WARN" | "ERROR";
|
|
|
|
const AUDIT_LOG_MAX_FILE_BYTES = Number(process.env.RD_AUDIT_LOG_MAX_BYTES || 10 * 1024 * 1024);
|
|
const AUDIT_LOG_RETENTION_DAYS = Number(process.env.RD_AUDIT_LOG_RETENTION_DAYS || 30);
|
|
|
|
let auditLogPath: string | null = null;
|
|
|
|
function sanitizeFieldValue(value: unknown): string {
|
|
if (value === undefined || value === null) {
|
|
return "";
|
|
}
|
|
if (typeof value === "string") {
|
|
return value.replace(/\r?\n/g, "\\n");
|
|
}
|
|
if (typeof value === "number" || typeof value === "boolean") {
|
|
return String(value);
|
|
}
|
|
try {
|
|
return JSON.stringify(value).replace(/\r?\n/g, "\\n");
|
|
} catch {
|
|
return String(value);
|
|
}
|
|
}
|
|
|
|
function formatFields(fields?: Record<string, unknown>): string {
|
|
if (!fields) {
|
|
return "";
|
|
}
|
|
const parts = Object.entries(fields)
|
|
.filter(([, value]) => value !== undefined && value !== null && sanitizeFieldValue(value) !== "")
|
|
.map(([key, value]) => `${key}=${sanitizeFieldValue(value)}`);
|
|
return parts.length > 0 ? ` | ${parts.join(" | ")}` : "";
|
|
}
|
|
|
|
function rotateIfNeeded(filePath: string): void {
|
|
try {
|
|
const stat = fs.statSync(filePath);
|
|
if (stat.size < AUDIT_LOG_MAX_FILE_BYTES) {
|
|
return;
|
|
}
|
|
const backup = `${filePath}.old`;
|
|
try {
|
|
fs.rmSync(backup, { force: true });
|
|
} catch {
|
|
}
|
|
fs.renameSync(filePath, backup);
|
|
} catch {
|
|
}
|
|
}
|
|
|
|
function cleanupOldBackup(filePath: string): void {
|
|
const backup = `${filePath}.old`;
|
|
try {
|
|
const stat = fs.statSync(backup);
|
|
const cutoff = Date.now() - AUDIT_LOG_RETENTION_DAYS * 24 * 60 * 60 * 1000;
|
|
if (stat.mtimeMs < cutoff) {
|
|
fs.rmSync(backup, { force: true });
|
|
}
|
|
} catch {
|
|
}
|
|
}
|
|
|
|
export function initAuditLog(baseDir: string): void {
|
|
auditLogPath = path.join(baseDir, "audit.log");
|
|
try {
|
|
fs.mkdirSync(path.dirname(auditLogPath), { recursive: true });
|
|
cleanupOldBackup(auditLogPath);
|
|
if (!fs.existsSync(auditLogPath)) {
|
|
fs.writeFileSync(auditLogPath, "", "utf8");
|
|
}
|
|
rotateIfNeeded(auditLogPath);
|
|
if (!fs.existsSync(auditLogPath)) {
|
|
fs.writeFileSync(auditLogPath, "", "utf8");
|
|
}
|
|
fs.appendFileSync(auditLogPath, `=== Audit-Log Start: ${logTimestamp()} ===\n`, "utf8");
|
|
} catch {
|
|
auditLogPath = null;
|
|
}
|
|
}
|
|
|
|
export function logAuditEvent(level: AuditLevel, message: string, fields?: Record<string, unknown>): void {
|
|
if (!auditLogPath) {
|
|
return;
|
|
}
|
|
try {
|
|
rotateIfNeeded(auditLogPath);
|
|
if (!fs.existsSync(auditLogPath)) {
|
|
fs.writeFileSync(auditLogPath, "", "utf8");
|
|
}
|
|
fs.appendFileSync(
|
|
auditLogPath,
|
|
`${logTimestamp()} [${level}] ${message}${formatFields(fields)}\n`,
|
|
"utf8"
|
|
);
|
|
} catch {
|
|
}
|
|
}
|
|
|
|
export function getAuditLogPath(): string | null {
|
|
if (!auditLogPath) {
|
|
return null;
|
|
}
|
|
return fs.existsSync(auditLogPath) ? auditLogPath : null;
|
|
}
|
|
|
|
export function shutdownAuditLog(): void {
|
|
if (!auditLogPath) {
|
|
return;
|
|
}
|
|
try {
|
|
fs.appendFileSync(auditLogPath, `=== Audit-Log Ende: ${logTimestamp()} ===\n`, "utf8");
|
|
} catch {
|
|
}
|
|
auditLogPath = null;
|
|
}
|