invenio-audit-logs 1.0.0.dev0__py2.py3-none-any.whl

invenio_audit_logs/__init__.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Invenio.
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Module providing audit logging features for Invenio.."""
+
+from .ext import InvenioAuditLogs
+
+__version__ = "1.0.0.dev0"
+
+__all__ = (
+    "__version__",
+    "InvenioAuditLogs",
+)

invenio_audit_logs/alembic/1743073617_create_audit_logs_branch.py

@@ -0,0 +1,27 @@
+#
+# This file is part of Invenio.
+# Copyright (C) 2016-2018 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Create Audit logs branch."""
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "1743073617"
+down_revision = None
+branch_labels = ("invenio_audit_logs",)
+depends_on = "dbdbc1b19cf2"
+
+
+def upgrade():
+    """Upgrade database."""
+    pass
+
+
+def downgrade():
+    """Downgrade database."""
+    pass

invenio_audit_logs/alembic/1743073720_create_audit_logs_table.py

@@ -0,0 +1,57 @@
+#
+# This file is part of Invenio.
+# Copyright (C) 2016-2018 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Create Audit Logs table."""
+
+import sqlalchemy as sa
+import sqlalchemy_utils
+from alembic import op
+from sqlalchemy.dialects import mysql, postgresql
+
+# revision identifiers, used by Alembic.
+revision = "1743073720"
+down_revision = "1743073617"
+branch_labels = ()
+depends_on = None
+
+
+def upgrade():
+    """Upgrade database."""
+    op.create_table(
+        "audit_logs_metadata",
+        sa.Column("id", sqlalchemy_utils.types.uuid.UUIDType(), nullable=False),
+        sa.Column(
+            "created",
+            sa.DateTime().with_variant(mysql.DATETIME(fsp=6), "mysql"),
+            nullable=False,
+        ),
+        sa.Column(
+            "updated",
+            sa.DateTime().with_variant(mysql.DATETIME(fsp=6), "mysql"),
+            nullable=False,
+        ),
+        sa.Column("action", sa.String(length=255), nullable=False),
+        sa.Column("resource_type", sa.String(length=255), nullable=False),
+        sa.Column("user_id", sa.String(length=255), nullable=False),
+        sa.Column(
+            "json",
+            sa.JSON()
+            .with_variant(sqlalchemy_utils.types.json.JSONType(), "mysql")
+            .with_variant(
+                postgresql.JSONB(none_as_null=True, astext_type=sa.Text()), "postgresql"
+            )
+            .with_variant(sqlalchemy_utils.types.json.JSONType(), "sqlite"),
+            nullable=True,
+        ),
+        sa.Column("version_id", sa.Integer(), nullable=False),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_audit_logs_metadata")),
+    )
+
+
+def downgrade():
+    """Downgrade database."""
+    op.drop_table("audit_logs_metadata")

invenio_audit_logs/config.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Configuration for invenio-audit-logs."""
+
+from invenio_records_resources.services.records.facets import TermsFacet
+
+AUDIT_LOGS_SEARCH = {
+    "facets": ["resource"],
+    "sort": [
+        "bestmatch",
+        "newest",
+        "oldest",
+    ],
+    # query_parser_cls
+}
+"""Search configuration for audit logs."""
+
+AUDIT_LOGS_FACETS = {
+    "resource": dict(
+        facet=TermsFacet(
+            field="resource_type",
+            label="Resource",
+            value_labels={
+                "record": "Record",
+                "community": "Community",
+            },  # Add user later
+        ),
+        ui=dict(field="resource_type"),
+    ),
+}
+
+AUDIT_LOGS_SORT_OPTIONS = {
+    "bestmatch": dict(title="Best match", fields=["_score"]),
+    "newest": dict(title="Newest", fields=["-@timestamp"]),
+    "oldest": dict(title="Oldest", fields=["@timestamp"]),
+}
+"""Sort options for audit logs."""

invenio_audit_logs/ext.py

@@ -0,0 +1,47 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Module providing audit logging features for Invenio.."""
+
+from . import config
+from .resources import AuditLogResource, AuditLogResourceConfig
+from .services import AuditLogService, AuditLogServiceConfig
+
+
+class InvenioAuditLogs(object):
+    """Invenio-Audit-Logs extension."""
+
+    def __init__(self, app=None):
+        """Extension initialization."""
+        if app:
+            self.init_app(app)
+
+    def init_app(self, app):
+        """Flask application initialization."""
+        self.init_config(app)
+        self.init_services(app)
+        self.init_resources(app)
+        app.extensions["invenio-audit-logs"] = self
+
+    def init_config(self, app):
+        """Initialize configuration."""
+        for k in dir(config):
+            if k.startswith("AUDIT_LOGS_"):
+                app.config.setdefault(k, getattr(config, k))
+
+    def init_services(self, app):
+        """Initialize services."""
+        self.audit_log_service = AuditLogService(
+            config=AuditLogServiceConfig.build(app),
+        )
+
+    def init_resources(self, app):
+        """Init resources."""
+        self.audit_log_resource = AuditLogResource(
+            service=self.audit_log_service,
+            config=AuditLogResourceConfig.build(app),
+        )

invenio_audit_logs/proxies.py

@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Jobs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Proxies."""
+
+from flask import current_app
+from werkzeug.local import LocalProxy
+
+current_audit_logs_service = LocalProxy(
+    lambda: current_app.extensions["invenio-audit-logs"].audit_log_service
+)
+"""Proxy to an instance of ``AuditLogs`` service."""

invenio_audit_logs/records/__init__.py

@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Audit Log data layer definitions."""
+
+from .api import AuditLog
+
+__all__ = ("AuditLog",)

invenio_audit_logs/records/api.py

@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Invenio.
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""API classes for audit log event."""
+
+from datetime import datetime
+from uuid import UUID
+
+from invenio_records.dumpers import SearchDumper
+from invenio_records.systemfields import DictField, ModelField
+from invenio_records_resources.records.api import Record
+from invenio_records_resources.records.systemfields import IndexField
+
+from . import models
+
+
+class AuditLog(Record):
+    """API class to represent a structured audit-log event."""
+
+    model_cls = models.AuditLog
+    """The model class for the log."""
+
+    dumper = SearchDumper(
+        model_fields={
+            "id": ("id", UUID),
+            "created": ("@timestamp", datetime),
+        },
+    )
+    """Search dumper with configured dump keys."""
+
+    index = IndexField("auditlog-audit-log-v1.0.0", search_alias="auditlog")
+    """The search engine index to use."""
+
+    id = ModelField("id", dump_type=UUID)
+
+    created = ModelField("created", dump_type=datetime, dump_key="@timestamp")
+
+    action = ModelField("action", dump_type=str)
+
+    user_id = ModelField("user_id", dump=False, dump_type=str)
+
+    user = DictField("user")
+
+    resource_type = ModelField("resource_type", dump=False, dump_type=str)
+
+    resource = DictField("resource")

invenio_audit_logs/records/models.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Base model classes for Audit Logs in Invenio."""
+
+
+from invenio_db import db
+from invenio_records.models import RecordMetadataBase
+from sqlalchemy.types import String
+
+
+class AuditLog(db.Model, RecordMetadataBase):
+    """Model class for Audit Log."""
+
+    __tablename__ = "audit_logs_metadata"
+
+    encoder = None
+
+    action = db.Column(String(255), nullable=False)
+
+    resource_type = db.Column(String(255), nullable=False)
+
+    user_id = db.Column(String(255), nullable=False)

invenio_audit_logs/records/templates/__init__.py

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Invenio.
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+
+"""Audit Logs datastream index templates."""

invenio_audit_logs/records/templates/os-v1/__init__.py

@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""OpenSearch V1 template mappings."""

invenio_audit_logs/records/templates/os-v1/datastream-auditlog-v1.0.0.json

@@ -0,0 +1,73 @@
+{
+  "index_patterns": ["__SEARCH_INDEX_PREFIX__auditlog*"],
+  "data_stream": {},
+  "template": {
+    "settings": {
+      "analysis": {
+        "filter": {
+          "email_domains": {
+            "type": "pattern_capture",
+            "preserve_original": false,
+            "patterns": [
+              "@(.+)"
+            ]
+          }
+        },
+        "analyzer": {
+          "email": {
+            "tokenizer": "uax_url_email",
+            "filter": [
+              "email_domains",
+              "lowercase",
+              "unique"
+            ]
+          }
+        }
+      }
+    },
+    "mappings": {
+      "dynamic": "strict",
+      "numeric_detection": false,
+      "properties": {
+        "id": { "type": "keyword" },
+        "uuid": { "type": "keyword" },
+        "version_id": { "type": "integer" },
+        "action": { "type": "keyword" },
+        "resource": {
+          "properties": {
+            "id": { "type": "keyword" },
+            "type": { "type": "keyword" }
+          }
+        },
+        "message": { "type": "text" },
+        "user": {
+          "properties": {
+            "id": { "type": "keyword" },
+            "name": { "type": "keyword" },
+            "email": {
+              "type": "text",
+              "analyzer": "email",
+              "fielddata": true,
+              "fields": {
+                "domain": {
+                  "type": "text",
+                  "analyzer": "email",
+                  "fielddata": true
+                }
+              }
+            }
+          }
+        },
+        "metadata": {
+          "type": "object",
+          "dynamic": true
+        },
+        "updated": { "type": "date" }
+      }
+    },
+    "aliases": {
+      "__SEARCH_INDEX_PREFIX__auditlog": {},
+      "__SEARCH_INDEX_PREFIX__audit-log": {}
+    }
+  }
+}

invenio_audit_logs/records/templates/os-v2/__init__.py

@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""OpenSearch V1 template mappings."""

invenio_audit_logs/records/templates/os-v2/datastream-auditlog-v1.0.0.json

@@ -0,0 +1,73 @@
+{
+  "index_patterns": ["__SEARCH_INDEX_PREFIX__auditlog*"],
+  "data_stream": {},
+  "template": {
+    "settings": {
+      "analysis": {
+        "filter": {
+          "email_domains": {
+            "type": "pattern_capture",
+            "preserve_original": false,
+            "patterns": [
+              "@(.+)"
+            ]
+          }
+        },
+        "analyzer": {
+          "email": {
+            "tokenizer": "uax_url_email",
+            "filter": [
+              "email_domains",
+              "lowercase",
+              "unique"
+            ]
+          }
+        }
+      }
+    },
+    "mappings": {
+      "dynamic": "strict",
+      "numeric_detection": false,
+      "properties": {
+        "id": { "type": "keyword" },
+        "uuid": { "type": "keyword" },
+        "version_id": { "type": "integer" },
+        "action": { "type": "keyword" },
+        "resource": {
+          "properties": {
+            "id": { "type": "keyword" },
+            "type": { "type": "keyword" }
+          }
+        },
+        "message": { "type": "text" },
+        "user": {
+          "properties": {
+            "id": { "type": "keyword" },
+            "name": { "type": "keyword" },
+            "email": {
+              "type": "text",
+              "analyzer": "email",
+              "fielddata": true,
+              "fields": {
+                "domain": {
+                  "type": "text",
+                  "analyzer": "email",
+                  "fielddata": true
+                }
+              }
+            }
+          }
+        },
+        "metadata": {
+          "type": "object",
+          "dynamic": true
+        },
+        "updated": { "type": "date" }
+      }
+    },
+    "aliases": {
+      "__SEARCH_INDEX_PREFIX__auditlog": {},
+      "__SEARCH_INDEX_PREFIX__audit-log": {}
+    }
+  }
+}

invenio_audit_logs/resources/__init__.py

@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""Resources module."""
+
+from .config import AuditLogResourceConfig
+from .resource import AuditLogResource
+
+__all__ = (
+    "AuditLogResource",
+    "AuditLogResourceConfig",
+)

invenio_audit_logs/resources/config.py

@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""Audit logs resource config."""
+
+from invenio_records_resources.resources import (
+    RecordResourceConfig,
+    SearchRequestArgsSchema,
+)
+from invenio_records_resources.services.base.config import ConfiguratorMixin
+from marshmallow import fields
+
+
+#
+# Request args
+#
+class AuditLogSearchRequestArgsSchema(SearchRequestArgsSchema):
+    """Search parameters for audit-logs."""
+
+    id = fields.UUID()
+    resource_id = fields.String()
+    resource_type = fields.String()
+    user_id = fields.String()
+    action = fields.String()
+
+
+#
+# Resource config
+#
+class AuditLogResourceConfig(RecordResourceConfig, ConfiguratorMixin):
+    """Audit-Logs resource configuration."""
+
+    blueprint_name = "audit_logs"
+    url_prefix = "/audit-logs"
+
+    routes = {
+        "list": "/",
+        "item": "/<id>",
+    }
+
+    request_view_args = {
+        "id": fields.UUID(),
+    }
+
+    request_search_args = AuditLogSearchRequestArgsSchema
+
+    response_handlers = {
+        "application/vnd.inveniordm.v1+json": RecordResourceConfig.response_handlers[
+            "application/json"
+        ],
+        **RecordResourceConfig.response_handlers,
+    }

invenio_audit_logs/resources/resource.py

@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""Logs resource."""
+
+from flask import g
+from flask_resources import resource_requestctx, response_handler, route
+from invenio_records_resources.resources.records.resource import (
+    RecordResource,
+    request_extra_args,
+    request_search_args,
+    request_view_args,
+)
+from invenio_records_resources.resources.records.utils import search_preference
+
+
+#
+# Resource
+#
+class AuditLogResource(RecordResource):
+    """Resource layer for audit-logs."""
+
+    def create_blueprint(self, **options):
+        """Create the blueprint."""
+        options["url_prefix"] = ""
+        return super().create_blueprint(**options)
+
+    def create_url_rules(self):
+        """Create the URL rules for the log resource."""
+        routes = self.config.routes
+
+        def p(route):
+            """Prefix a route with the URL prefix."""
+            return f"{self.config.url_prefix}{route}"
+
+        return [
+            route("GET", p(routes["list"]), self.search),
+            route("GET", p(routes["item"]), self.read),
+        ]
+
+    @request_extra_args
+    @request_search_args
+    @request_view_args
+    @response_handler(many=True)
+    def search(self):
+        """Perform a search over the logs."""
+        hits = self.service.search(
+            identity=g.identity,
+            params=resource_requestctx.args,
+            search_preference=search_preference(),
+        )
+        return hits.to_dict(), 200
+
+    @request_extra_args
+    @request_view_args
+    @response_handler()
+    def read(self):
+        """Read a specific log entry."""
+        item = self.service.read(
+            id_=resource_requestctx.view_args["id"],
+            identity=g.identity,
+        )
+        return item.to_dict(), 200

invenio_audit_logs/services/__init__.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 CERN.
+#
+# Invenio-Audit-Logs is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Audit Log Services."""
+
+from .config import AuditLogServiceConfig
+from .schema import AuditLogSchema
+from .service import AuditLogService
+
+__all__ = (
+    "AuditLogService",
+    "AuditLogSchema",
+    "AuditLogServiceConfig",
+)