Added cleanup for audit events

claceio · Dec 20, 2024 · 3842f63 · 3842f63
1 parent a3c01d9
commit 3842f63
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 5 deletions.
diff --git a/internal/server/audit_middleware.go b/internal/server/audit_middleware.go
@@ -4,6 +4,7 @@
 package server
 
 import (
+	"cmp"
 	"context"
 	"fmt"
 	"net/http"
@@ -38,8 +39,8 @@ func (s *Server) initAuditDB(connectString string) error {
 		return err
 	}
 
-	cleanupTicker := time.NewTicker(5 * time.Minute)
-	go s.auditCleanup(cleanupTicker)
+	cleanupTicker := time.NewTicker(1 * time.Hour)
+	go s.auditCleanupLoop(cleanupTicker)
 	return nil
 }
 
@@ -105,11 +106,28 @@ func (s *Server) InsertAuditEvent(event *types.AuditEvent) error {
 }
 
 func (s *Server) cleanupEvents() error {
-	// TODO: Implement cleanup
+	httpCleanupTime := time.Now().Add(-time.Duration(s.config.System.HttpEventRetentionDays) * 24 * time.Hour).UnixNano()
+	nonHttpCleanupTime := time.Now().Add(-time.Duration(s.config.System.NonHttpEventRetentionDays) * 24 * time.Hour).UnixNano()
+
+	httpResult, err := s.auditDB.Exec(`delete from audit where event_type = "http" and create_time < ?`, httpCleanupTime)
+	if err != nil {
+		return err
+	}
+	nonHttpResult, err := s.auditDB.Exec(`delete from audit where event_type != "http" and create_time < ?`, nonHttpCleanupTime)
+	if err != nil {
+		return err
+	}
+
+	httpDeleted, err1 := httpResult.RowsAffected()
+	nonHttpDeleted, err2 := nonHttpResult.RowsAffected()
+	if cmp.Or(err1, err2) != nil {
+		return cmp.Or(err1, err2)
+	}
+	s.Info().Msgf("audit cleanup: http deleted %d, non-http deleted %d", httpDeleted, nonHttpDeleted)
 	return nil
 }
 
-func (s *Server) auditCleanup(cleanupTicker *time.Ticker) {
+func (s *Server) auditCleanupLoop(cleanupTicker *time.Ticker) {
 	err := s.cleanupEvents()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "error cleaning up audit entries %s", err)
@@ -200,6 +218,11 @@ func (server *Server) handleStatus(next http.Handler) http.Handler {
 			if err != nil {
 				return
 			}
+
+			if app.AppConfig.Audit.SkipHttpEvents {
+				// http event auditing is disabled for this app
+				return
+			}
 			redactUrl = app.AppConfig.Audit.RedactUrl
 		}
 

diff --git a/internal/system/clace.default.toml b/internal/system/clace.default.toml
@@ -60,6 +60,9 @@ disable_unknown_domains = true      # disable unknown domains, if default domain
 root_serve_list_apps = "auto"       # "auto" means serve list_apps app for default domain, "disable" means don't server for any domain,
 # any other value means server for specified domain
 
+http_event_retention_days = 90      # number of days to retain http events
+non_http_event_retention_days = 180 # number of days to retain non-http (system, action, custom) events
+
 [plugin."store.in"]
 db_connection = "sqlite:$CL_HOME/metadata/clace_app_store.db"
 
@@ -105,3 +108,4 @@ fs.file_access = ["$TEMPDIR", "/tmp"]
 
 # Audit related settings
 audit.redact_url = false
+audit.skip_http_events = false
diff --git a/internal/types/types.go b/internal/types/types.go
@@ -107,7 +107,8 @@ type FS struct {
 }
 
 type Audit struct {
-	RedactUrl bool `toml:"redact_url"`
+	RedactUrl      bool `toml:"redact_url"`
+	SkipHttpEvents bool `toml:"skip_http_events"`
 }
 
 type Container struct {
@@ -198,6 +199,9 @@ type SystemConfig struct {
 	DefaultDomain             string `toml:"default_domain"`
 	DisableUnknownDomains     bool   `toml:"disable_unknown_domains"`
 	RootServeListApps         string `toml:"root_serve_list_apps"`
+
+	HttpEventRetentionDays    int `toml:"http_event_retention_days"`
+	NonHttpEventRetentionDays int `toml:"non_http_event_retention_days"`
 }
 
 // GitAuth is a github auth config entry