From 1065e9b8c595ff71466866a0e74716af6fc3f3bf Mon Sep 17 00:00:00 2001
From: ChrisChrome <chris@chrischro.me>
Date: Sat, 21 Dec 2024 11:05:34 -0700
Subject: [PATCH] Add audit logs; Fix Create/edit usernames

---
 migrations.js                      |  2 +-
 migrations/006_init_audit_logs.sql |  7 +++++++
 migrations/007_fix_ids             |  3 +++
 routes/admin.js                    | 21 ++++++++++++++++-----
 4 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 migrations/006_init_audit_logs.sql
 create mode 100644 migrations/007_fix_ids

diff --git a/migrations.js b/migrations.js
index 19ba8b0..706c4f3 100644
--- a/migrations.js
+++ b/migrations.js
@@ -59,7 +59,7 @@ function runMigrations(pool) {
 				resolve();
 			})
 			.catch(err => {
-				console.errorr('Error running migrations:', err);
+				console.error('Error running migrations:', err);
 				reject(err);
 			})
 			.finally(() => {
diff --git a/migrations/006_init_audit_logs.sql b/migrations/006_init_audit_logs.sql
new file mode 100644
index 0000000..96f6691
--- /dev/null
+++ b/migrations/006_init_audit_logs.sql
@@ -0,0 +1,7 @@
+CREATE TABLE audit_logs (
+	id INT AUTO_INCREMENT PRIMARY KEY,
+	timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+	user VARCHAR(255) NOT NULL,
+	action VARCHAR(255) NOT NULL,
+	data JSON NOT NULL
+);
\ No newline at end of file
diff --git a/migrations/007_fix_ids b/migrations/007_fix_ids
new file mode 100644
index 0000000..2a980dc
--- /dev/null
+++ b/migrations/007_fix_ids
@@ -0,0 +1,3 @@
+ALTER TABLE bans
+MODIFY COLUMN robloxId VARCHAR(255),
+MODIFY COLUMN discordId VARCHAR(255);
\ No newline at end of file
diff --git a/routes/admin.js b/routes/admin.js
index 74a533f..4f917f4 100644
--- a/routes/admin.js
+++ b/routes/admin.js
@@ -46,6 +46,12 @@ const authenticate = (req, res, next) => {
 	next();
 }
 
+const auditLog = async (action, data, user) => {
+	const conn = await pool.getConnection();
+	await conn.query('INSERT INTO audit_logs (action, data, user) VALUES (?, ?, ?)', [action, data, user]);
+	conn.end();
+}
+
 // MAIN PAGES
 
 router.get('/', authenticate, (req, res) => {
@@ -85,11 +91,13 @@ router.post('/create', authenticate, async (req, res) => {
 	const expiresTimestamp = data.expiresTimestamp || null;
 	const robloxId = data.robloxId || null;
 	const discordId = data.discordId || null;
+	const disordUsername = data.discordUsername || null;
+	const robloxUsername = data.robloxUsername || null;
 
 	await conn.query('INSERT INTO bans (reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId) VALUES (?, ?, ?, ?, ?, ?, ?)', 
 		[reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId]);
 	conn.end();
-
+	auditLog('ban_create', { robloxId, discordId, moderator, reasonShort, reasonLong, reasonsFlag, expiresTimestamp }, req.session.user.username);
 	res.json({ success: true, message: 'User banned successfully', redirect: '/admin' });
 });
 
@@ -98,6 +106,8 @@ router.post('/edit/:id', authenticate, async (req, res) => {
 	const conn = await pool.getConnection();
 	const id = req.params.id;
 	const data = req.body;
+	
+	const originalData = await conn.query('SELECT * FROM bans WHERE id = ?', [id]);
 
 	if (!data.robloxId && !data.discordId) {
 		res.json({ success: false, message: 'Please enter a Roblox ID or Discord ID.' });
@@ -106,15 +116,16 @@ router.post('/edit/:id', authenticate, async (req, res) => {
 	const reasonShort = data.reasonShort || 'No reason provided';
 	const reasonLong = data.reasonLong || 'No reason provided';
 	const reasonsFlag = data.reasonsFlag || 0;
-	const moderator = req.session.user.username || 'Unknown';
 	const expiresTimestamp = data.expiresTimestamp || null;
 	const robloxId = data.robloxId || null;
 	const discordId = data.discordId || null;
+	const disordUsername = data.discordUsername || null;
+	const robloxUsername = data.robloxUsername || null;
 
-	await conn.query('UPDATE bans SET reasonShort = ?, reasonLong = ?, reasonsFlag = ?, moderator = ?, expiresTimestamp = ?, robloxId = ?, discordId = ? WHERE id = ?', 
-		[reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId, id]);
+	await conn.query('UPDATE bans SET reasonShort = ?, reasonLong = ?, reasonsFlag = ?, expiresTimestamp = ?, robloxId = ?, discordId = ? WHERE id = ?', 
+		[reasonShort, reasonLong, reasonsFlag, expiresTimestamp, robloxId, discordId, id]);
 	conn.end();
-
+	auditLog('ban_edit', {old: originalData, new: { robloxId, discordId, reasonShort, reasonLong, reasonsFlag, expiresTimestamp }}, req.session.user.username);
 	res.json({ success: true, message: 'User updated successfully', redirect: '/admin' });
 });