Audit webhook

vzdv-site/src/endpoints/admin.rs

@@ -4,7 +4,8 @@ use crate::{
     email::{self, send_mail},
     flashed_messages::{self, MessageLevel},
     shared::{
-        is_user_member_of, reject_if_not_in, AppError, AppState, UserInfo, SESSION_USER_INFO_KEY,
+        is_user_member_of, post_audit, reject_if_not_in, AppError, AppState, UserInfo,
+        SESSION_USER_INFO_KEY,
     },
 };
 use axum::{
@@ -607,10 +608,12 @@ async fn api_delete_resource(
         .bind(id)
         .execute(&state.db)
         .await?;
-    info!(
+    let message = format!(
         "{} deleted resource {id} (name: {}, category: {})",
         user_info.cid, resource.name, resource.category
     );
+    info!("{message}");
+    post_audit(&state.config, message);
     Ok(StatusCode::OK)
 }
 
@@ -673,13 +676,14 @@ async fn post_new_resource(
         .bind(resource.updated)
         .execute(&state.db)
         .await?;
-
-    info!(
+    flashed_messages::push_flashed_message(session, MessageLevel::Info, "New resource created")
+        .await?;
+    let message = format!(
         "{} created a new resource name: {}, category: {}",
         user_info.cid, resource.name, resource.category,
     );
-    flashed_messages::push_flashed_message(session, MessageLevel::Info, "New resource created")
-        .await?;
+    info!("{message}");
+    post_audit(&state.config, message);
     Ok(Redirect::to("/admin/resources"))
 }
 

vzdv-site/src/endpoints/controller.rs

@@ -3,8 +3,8 @@
 use crate::{
     flashed_messages::{self, MessageLevel},
     shared::{
-        is_user_member_of, js_timestamp_to_utc, reject_if_not_in, AppError, AppState, UserInfo,
-        SESSION_USER_INFO_KEY,
+        is_user_member_of, js_timestamp_to_utc, post_audit, reject_if_not_in, AppError, AppState,
+        UserInfo, SESSION_USER_INFO_KEY,
     },
 };
 use axum::{
@@ -579,17 +579,18 @@ async fn post_set_roles(
         .iter()
         .join(",");
 
-    info!(
-        "{} is setting roles for {cid} to '{}'; was '{}'",
-        user_info.cid, new_roles, controller.roles
-    );
     sqlx::query(sql::SET_CONTROLLER_ROLES)
         .bind(cid)
-        .bind(new_roles)
+        .bind(&new_roles)
         .execute(&state.db)
         .await?;
     flashed_messages::push_flashed_message(session, MessageLevel::Info, "Roles updated").await?;
-
+    let message = format!(
+        "{} is setting roles for {cid} to '{}'; was '{}'",
+        user_info.cid, new_roles, controller.roles
+    );
+    info!("{message}");
+    post_audit(&state.config, message);
     Ok(Redirect::to(&format!("/controller/{cid}")))
 }
 

vzdv-site/src/shared.rs

@@ -254,3 +254,18 @@ pub fn js_timestamp_to_utc(timestamp: &str, timezone: &str) -> Result<NaiveDateT
         .naive_utc();
     Ok(converted)
 }
+
+/// Send message to the audit webhook.
+pub fn post_audit(config: &Config, message: String) {
+    let audit_webhook = config.discord.webhooks.audit.clone();
+    tokio::spawn(async move {
+        let res = GENERAL_HTTP_CLIENT
+            .post(&audit_webhook)
+            .json(&json!({ "content": message }))
+            .send()
+            .await;
+        if let Err(e) = res {
+            error!("Could not send info to audit webhook: {e}");
+        }
+    });
+}

vzdv-site/templates/changelog.jinja

@@ -20,6 +20,7 @@
     <div class="card-text">
       <ul>
         <li>Login sessions will last much longer.</li>
+        <li>Audit reporting for some events to another Discord webhook.</li>
       </ul>
     </div>
   </div>

vzdv.empty.toml

@@ -44,6 +44,7 @@ staffing_request = ""
 feedback = ""
 new_visitor_app = ""
 errors = ""
+audit = ""
 
 [discord.roles]
 # role

vzdv.example.toml

@@ -175,6 +175,7 @@ staffing_request = ""
 feedback = ""
 new_visitor_app = ""
 errors = ""
+audit = ""
 
 [discord.roles]
 # role

vzdv/src/config.rs

@@ -92,6 +92,7 @@ pub struct ConfigDiscordWebhooks {
     pub feedback: String,
     pub new_visitor_app: String,
     pub errors: String,
+    pub audit: String,
 }
 
 #[derive(Debug, Clone, Deserialize, Default)]