Add audit logs; Fix Create/edit usernames

migrations.js

@@ -59,7 +59,7 @@ function runMigrations(pool) {
 				resolve();
 			})
 			.catch(err => {
-				console.errorr('Error running migrations:', err);
+				console.error('Error running migrations:', err);
 				reject(err);
 			})
 			.finally(() => {

migrations/006_init_audit_logs.sql

@@ -0,0 +1,7 @@
+CREATE TABLE audit_logs (
+	id INT AUTO_INCREMENT PRIMARY KEY,
+	timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+	user VARCHAR(255) NOT NULL,
+	action VARCHAR(255) NOT NULL,
+	data JSON NOT NULL
+);

migrations/007_fix_ids

@@ -0,0 +1,3 @@
+ALTER TABLE bans
+MODIFY COLUMN robloxId VARCHAR(255),
+MODIFY COLUMN discordId VARCHAR(255);

routes/admin.js

@@ -46,6 +46,12 @@ const authenticate = (req, res, next) => {
 	next();
 }
 
+const auditLog = async (action, data, user) => {
+	const conn = await pool.getConnection();
+	await conn.query('INSERT INTO audit_logs (action, data, user) VALUES (?, ?, ?)', [action, data, user]);
+	conn.end();
+}
+
 // MAIN PAGES
 
 router.get('/', authenticate, (req, res) => {
@@ -85,11 +91,13 @@ router.post('/create', authenticate, async (req, res) => {
 	const expiresTimestamp = data.expiresTimestamp || null;
 	const robloxId = data.robloxId || null;
 	const discordId = data.discordId || null;
+	const disordUsername = data.discordUsername || null;
+	const robloxUsername = data.robloxUsername || null;
 
 	await conn.query('INSERT INTO bans (reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId) VALUES (?, ?, ?, ?, ?, ?, ?)', 
 		[reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId]);
 	conn.end();
-
+	auditLog('ban_create', { robloxId, discordId, moderator, reasonShort, reasonLong, reasonsFlag, expiresTimestamp }, req.session.user.username);
 	res.json({ success: true, message: 'User banned successfully', redirect: '/admin' });
 });
 
@@ -99,6 +107,8 @@ router.post('/edit/:id', authenticate, async (req, res) => {
 	const id = req.params.id;
 	const data = req.body;
 	
+	const originalData = await conn.query('SELECT * FROM bans WHERE id = ?', [id]);
+
 	if (!data.robloxId && !data.discordId) {
 		res.json({ success: false, message: 'Please enter a Roblox ID or Discord ID.' });
 		return;
@@ -106,15 +116,16 @@ router.post('/edit/:id', authenticate, async (req, res) => {
 	const reasonShort = data.reasonShort || 'No reason provided';
 	const reasonLong = data.reasonLong || 'No reason provided';
 	const reasonsFlag = data.reasonsFlag || 0;
-	const moderator = req.session.user.username || 'Unknown';
 	const expiresTimestamp = data.expiresTimestamp || null;
 	const robloxId = data.robloxId || null;
 	const discordId = data.discordId || null;
+	const disordUsername = data.discordUsername || null;
+	const robloxUsername = data.robloxUsername || null;
 
-	await conn.query('UPDATE bans SET reasonShort = ?, reasonLong = ?, reasonsFlag = ?, moderator = ?, expiresTimestamp = ?, robloxId = ?, discordId = ? WHERE id = ?', 
+	await conn.query('UPDATE bans SET reasonShort = ?, reasonLong = ?, reasonsFlag = ?, expiresTimestamp = ?, robloxId = ?, discordId = ? WHERE id = ?', 
-		[reasonShort, reasonLong, reasonsFlag, moderator, expiresTimestamp, robloxId, discordId, id]);
+		[reasonShort, reasonLong, reasonsFlag, expiresTimestamp, robloxId, discordId, id]);
 	conn.end();
-
+	auditLog('ban_edit', {old: originalData, new: { robloxId, discordId, reasonShort, reasonLong, reasonsFlag, expiresTimestamp }}, req.session.user.username);
 	res.json({ success: true, message: 'User updated successfully', redirect: '/admin' });
 });