security: add logging

SMS-COSMO · Mar 22, 2024 · 5974aab · 5974aab
1 parent 4688393
commit 5974aab
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 13 deletions.
diff --git a/bun.lockb b/bun.lockb
diff --git a/package.json b/package.json
@@ -36,6 +36,7 @@
     "nanoid": "^5.0.4",
     "pinia": "^2.1.7",
     "radix-vue": "^1.3.2",
+    "roarr": "^7.21.1",
     "superjson": "^2.2.1",
     "tailwind-merge": "^2.2.0",
     "tailwindcss-animate": "^1.0.7",

diff --git a/server/trpc/routers/arrangement.ts b/server/trpc/routers/arrangement.ts
@@ -1,13 +1,13 @@
 import { TRPCError } from '@trpc/server';
 import { z } from 'zod';
-import { protectedProcedure, publicProcedure, router } from '../trpc';
+import { loggedProcedure, protectedProcedure, publicProcedure, router } from '../trpc';
 import { serializeSong } from '../utils/serializer';
 
 const dateRegExp = /(202[3-9]|20[3-9]\d)-[01]\d-[0-3]\d/;
 const dateZod = z.string().min(1, '排歌表日期不能为空').refine(val => dateRegExp.test(val), '日期格式不正确');
 
 export const arrangementRouter = router({
-  create: protectedProcedure
+  create: loggedProcedure
     .input(z.object({
       date: dateZod,
       songIds: z.array(z.string()).optional(),
@@ -19,7 +19,7 @@ export const arrangementRouter = router({
       else return res;
     }),
 
-  remove: protectedProcedure
+  remove: loggedProcedure
     .input(z.object({ date: dateZod }))
     .mutation(async ({ ctx, input }) => {
       const res = await ctx.arrangementController.remove(input.date);
@@ -37,7 +37,7 @@ export const arrangementRouter = router({
       else return res.res;
     }),
 
-  modifySongList: protectedProcedure
+  modifySongList: loggedProcedure
     .input(z.object({
       date: dateZod,
       newSongList: z.array(z.string()),
@@ -49,7 +49,7 @@ export const arrangementRouter = router({
       else return res;
     }),
 
-  modifyVisibility: protectedProcedure
+  modifyVisibility: loggedProcedure
     .input(z.object({
       date: dateZod,
       isPublic: z.boolean(),

diff --git a/server/trpc/routers/time.ts b/server/trpc/routers/time.ts
@@ -1,9 +1,9 @@
 import { TRPCError } from '@trpc/server';
 import { z } from 'zod';
-import { protectedProcedure, publicProcedure, router } from '../trpc';
+import { loggedProcedure, publicProcedure, router } from '../trpc';
 
 export const timeRouter = router({
-  create: protectedProcedure
+  create: loggedProcedure
     .input(z.object({
       name: z.string().max(50, '时间段名不能大于50'),
       startAt: z.date(),
@@ -17,7 +17,7 @@ export const timeRouter = router({
       else return res.res;
     }),
 
-  remove: protectedProcedure
+  remove: loggedProcedure
     .input(z.object({ id: z.string().min(1, '时间段不存在') }))
     .mutation(async ({ ctx, input }) => {
       const res = await ctx.timeController.remove(input.id);
@@ -41,7 +41,7 @@ export const timeRouter = router({
       return res;
     }),
 
-  modify: protectedProcedure
+  modify: loggedProcedure
     .input(z.object({
       id: z.string().min(1, '时间段不存在'),
       name: z.string(),
@@ -57,7 +57,7 @@ export const timeRouter = router({
       else return res;
     }),
 
-  modifyActive: protectedProcedure
+  modifyActive: loggedProcedure
     .input(z.object({
       id: z.string().min(1, '时间段不存在'),
       isActive: z.boolean(),

diff --git a/server/trpc/routers/user.ts b/server/trpc/routers/user.ts
@@ -1,11 +1,11 @@
 import { TRPCError } from '@trpc/server';
 import { z } from 'zod';
-import { protectedProcedure, publicProcedure, router } from '../trpc';
+import { loggedProcedure, protectedProcedure, publicProcedure, router } from '../trpc';
 import { passwordRegex } from '~/constants/index';
 
 export const userRouter = router({
 
-  register: protectedProcedure
+  register: loggedProcedure
     .input(z.object({
       id: z.string().min(4, { message: '用户ID长度应至少为4' }).max(24, { message: '用户ID超出长度范围' }),
       password: z.string().min(8, { message: '用户密码长度应至少为8' }).regex(passwordRegex, '密码必须包含大小写字母、数字与特殊符号'),
@@ -41,7 +41,7 @@ export const userRouter = router({
       return res;
     }),
 
-  modifyPassword: protectedProcedure
+  modifyPassword: loggedProcedure
     .input(z.object({
       oldPassword: z.string(),
       newPassword: z

diff --git a/server/trpc/trpc.ts b/server/trpc/trpc.ts
@@ -1,4 +1,5 @@
 import { TRPCError, initTRPC } from '@trpc/server';
+import { Roarr as log } from 'roarr';
 import superjson from 'superjson';
 import { ZodError } from 'zod';
 import type { Context } from '~/server/trpc/context';
@@ -35,3 +36,14 @@ export const publicProcedure = t.procedure;
 export const protectedProcedure = t.procedure.use(enforceUserIsAuthed);
 export const router = t.router;
 export const middleware = t.middleware;
+
+export const loggedProcedure = protectedProcedure.use(async (opts) => {
+  const result = await opts.next();
+  const meta = { path: opts.path, type: opts.type, operator: opts.ctx.user.id };
+
+  result.ok
+    ? log.info(JSON.stringify(meta))
+    : log.error(JSON.stringify(meta));
+
+  return result;
+});