Diff -- /var/www/vhosts/3dshawn.com/repricer.3dshawn.com/admin_audit.cgi
Diff
/var/www/vhosts/3dshawn.com/repricer.3dshawn.com/admin_audit.cgi
added on local at 2026-07-11 18:33:21
Added
+104
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 3690837005f6
to 3690837005f6
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.| 1 | #!/usr/bin/perl | |
| 2 | #====================================================================== | |
| 3 | # RePricer -- admin audit log viewer. | |
| 4 | # | |
| 5 | # /admin_audit.cgi | |
| 6 | # /admin_audit.cgi?admin_id=N | |
| 7 | # /admin_audit.cgi?target_id=N | |
| 8 | # /admin_audit.cgi?action=impersonate_start | |
| 9 | # | |
| 10 | # Lists rows from admin_action_log (impersonate start/stop, plan | |
| 11 | # overrides, credit grants, account closures, etc.). Filter by admin, | |
| 12 | # target, or action. | |
| 13 | #====================================================================== | |
| 14 | use strict; | |
| 15 | use warnings; | |
| 16 | ||
| 17 | use lib '/var/www/vhosts/3dshawn.com/repricer.3dshawn.com'; | |
| 18 | use CGI; | |
| 19 | use MODS::DBConnect; | |
| 20 | use MODS::Login; | |
| 21 | use MODS::RePricer::Config; | |
| 22 | use MODS::RePricer::Wrapper; | |
| 23 | ||
| 24 | $|=1; | |
| 25 | my $q = CGI->new; | |
| 26 | my $form = $q->Vars; | |
| 27 | my $auth = MODS::Login->new; | |
| 28 | my $wrap = MODS::RePricer::Wrapper->new; | |
| 29 | my $db = MODS::DBConnect->new; | |
| 30 | my $cfg = MODS::RePricer::Config->new; | |
| 31 | my $DB = $cfg->settings('database_name'); | |
| 32 | ||
| 33 | my $userinfo = $auth->login_verify(); | |
| 34 | unless ($userinfo) { print "Status: 302 Found\nLocation: /login.cgi\n\n"; exit; } | |
| 35 | unless ($userinfo->{is_admin}) { | |
| 36 | print "Status: 302 Found\nLocation: /dashboard.cgi?denied=admin\n\n"; exit; | |
| 37 | } | |
| 38 | ||
| 39 | sub _h { my $s = shift // ''; $s =~ s/&/&/g; $s =~ s/</</g; $s =~ s/>/>/g; $s =~ s/"/"/g; $s } | |
| 40 | ||
| 41 | my $admin_id = $form->{admin_id} || ''; $admin_id =~ s/[^0-9]//g; | |
| 42 | my $target_id = $form->{target_id} || ''; $target_id =~ s/[^0-9]//g; | |
| 43 | my $action_f = $form->{action} || ''; $action_f =~ s/[^a-z_]//g; | |
| 44 | ||
| 45 | my @where = ('1=1'); | |
| 46 | push @where, "l.admin_user_id='$admin_id'" if length $admin_id; | |
| 47 | push @where, "l.target_user_id='$target_id'" if length $target_id; | |
| 48 | push @where, "l.action='$action_f'" if length $action_f; | |
| 49 | my $where = join(' AND ', @where); | |
| 50 | ||
| 51 | my $dbh = $db->db_connect(); | |
| 52 | my $rows = $db->db_readwrite_multiple($dbh, qq~ | |
| 53 | SELECT l.id, l.admin_user_id, l.target_user_id, l.action, | |
| 54 | l.detail, l.ip_address, l.created_at, | |
| 55 | UNIX_TIMESTAMP(l.created_at) AS created_at_epoch, | |
| 56 | a.email AS admin_email, | |
| 57 | t.email AS target_email | |
| 58 | FROM `${DB}`.admin_action_log l | |
| 59 | LEFT JOIN `${DB}`.users a ON a.id = l.admin_user_id | |
| 60 | LEFT JOIN `${DB}`.users t ON t.id = l.target_user_id | |
| 61 | WHERE $where | |
| 62 | ORDER BY l.id DESC LIMIT 200 | |
| 63 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 64 | $db->db_disconnect($dbh); | |
| 65 | ||
| 66 | my $body = '<div style="max-width:1100px;margin:0 auto;padding:24px 28px">'; | |
| 67 | $body .= '<div style="font-size:12px;color:#7e92b6;margin-bottom:8px"><a href="/admin.cgi" style="color:#7e92b6">← Admin</a></div>'; | |
| 68 | $body .= '<h1 style="font-size:24px;color:#fff;margin:0 0 6px;font-weight:700">Admin audit log</h1>'; | |
| 69 | $body .= '<p style="color:#7e92b6;font-size:14px;margin:0 0 18px">Every privileged action: who, what, when, against whom. Filter via URL params: <code>?admin_id=N</code>, <code>?target_id=N</code>, <code>?action=impersonate_start</code>.</p>'; | |
| 70 | ||
| 71 | if (@$rows) { | |
| 72 | $body .= '<section style="background:#0b1226;border:1px solid #1f2a4a;border-radius:12px;overflow:hidden">'; | |
| 73 | $body .= '<table style="width:100%;font-size:13px;color:#e6ecf6;border-collapse:collapse"><thead><tr style="color:#7e92b6;text-align:left;font-size:11px;text-transform:uppercase;letter-spacing:1px;background:#0a0f1f"><th style="padding:10px 12px">When</th><th style="padding:10px 12px">Admin</th><th style="padding:10px 12px">Action</th><th style="padding:10px 12px">Target</th><th style="padding:10px 12px">Detail</th><th style="padding:10px 12px">IP</th></tr></thead><tbody>'; | |
| 74 | foreach my $r (@$rows) { | |
| 75 | my $act_color = $r->{action} =~ /impersonate/ ? '#14b8a6' | |
| 76 | : $r->{action} =~ /credit|refund/ ? '#10b981' | |
| 77 | : $r->{action} =~ /delete|close|revoke/ ? '#fca5a5' | |
| 78 | : '#14b8a6'; | |
| 79 | $body .= '<tr style="border-top:1px solid #1f2a4a">'; | |
| 80 | my $_when_h = _h($r->{created_at} // ''); | |
| 81 | my $_when_e = int($r->{created_at_epoch} || 0); | |
| 82 | $body .= '<td style="padding:8px 12px;color:#7e92b6"><span class="ts" data-ts="' . $_when_e . '" data-fmt="datetime">' . $_when_h . '</span></td>'; | |
| 83 | $body .= '<td style="padding:8px 12px"><a href="?admin_id=' . _h($r->{admin_user_id}) . '" style="color:#e6ecf6;text-decoration:none">' . _h($r->{admin_email} // '?') . '</a></td>'; | |
| 84 | $body .= '<td style="padding:8px 12px"><a href="?action=' . _h($r->{action}) . '" style="color:' . $act_color . ';text-decoration:none;font-family:ui-monospace,Menlo,monospace">' . _h($r->{action}) . '</a></td>'; | |
| 85 | if ($r->{target_user_id}) { | |
| 86 | $body .= '<td style="padding:8px 12px"><a href="?target_id=' . _h($r->{target_user_id}) . '" style="color:#e6ecf6;text-decoration:none">' . _h($r->{target_email} // ('user#' . $r->{target_user_id})) . '</a></td>'; | |
| 87 | } else { | |
| 88 | $body .= '<td style="padding:8px 12px;color:#7e92b6">--</td>'; | |
| 89 | } | |
| 90 | $body .= '<td style="padding:8px 12px;color:#9ca3af;font-size:12px">' . _h(substr($r->{detail} // '', 0, 120)) . '</td>'; | |
| 91 | $body .= '<td style="padding:8px 12px;color:#7e92b6;font-family:ui-monospace,Menlo,monospace;font-size:11px">' . _h($r->{ip_address} // '') . '</td>'; | |
| 92 | $body .= '</tr>'; | |
| 93 | } | |
| 94 | $body .= '</tbody></table>'; | |
| 95 | $body .= '</section>'; | |
| 96 | } else { | |
| 97 | $body .= '<div style="background:#0b1226;border:1px solid #1f2a4a;border-radius:12px;padding:32px;text-align:center;color:#7e92b6">No admin actions logged yet.</div>'; | |
| 98 | } | |
| 99 | ||
| 100 | $body .= '</div>'; | |
| 101 | ||
| 102 | print "Content-Type: text/html; charset=utf-8\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\nPragma: no-cache\nExpires: 0\n\n"; | |
| 103 | $wrap->render({ userinfo => $userinfo, page_key => 'admin', title => 'Admin audit log', body => $body }); | |
| 104 | exit; |