From 6e7b42b94296f59d696b26a0973fe83f009ccee3 Mon Sep 17 00:00:00 2001 From: Catherine Date: Wed, 3 Dec 2025 06:32:07 +0000 Subject: [PATCH] Implement audit notifications. --- conf/config.example.toml | 1 + go.mod | 1 + go.sum | 2 ++ src/audit.go | 32 ++++++++++++++++++++++++++++++++ src/config.go | 2 ++ 5 files changed, 38 insertions(+) diff --git a/conf/config.example.toml b/conf/config.example.toml index fb03a9c..fa74d6f 100644 --- a/conf/config.example.toml +++ b/conf/config.example.toml @@ -57,6 +57,7 @@ allowed-custom-headers = ["X-Clacks-Overhead"] [audit] node-id = 0 collect = false +notify-url = "" [observability] slow-response-threshold = "500ms" diff --git a/go.mod b/go.mod index 11c426f..9e043ed 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/go-git/go-billy/v6 v6.0.0-20251126203821-7f9c95185ee0 github.com/go-git/go-git/v6 v6.0.0-20251128074608-48f817f57805 github.com/influxdata/influxdb v1.12.2 + github.com/jpillora/backoff v1.0.0 github.com/klauspost/compress v1.18.1 github.com/maypok86/otter/v2 v2.2.1 github.com/minio/minio-go/v7 v7.0.97 diff --git a/go.sum b/go.sum index bbe1b95..52e0bd7 100644 --- a/go.sum +++ b/go.sum @@ -59,6 +59,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/influxdata/influxdb v1.12.2 h1:Y0ZBu47gYVbDCRPMFOrlRRZ3grdqPGIJxerFysVSq+g= github.com/influxdata/influxdb v1.12.2/go.mod h1:EwqFMB6GKV0Huug82Msa5f8QfXhqETUmC4L9A0QZJQM= +github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/kevinburke/ssh_config v1.4.0 h1:6xxtP5bZ2E4NF5tuQulISpTO2z8XbtH8cg1PWkxoFkQ= github.com/kevinburke/ssh_config v1.4.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M= github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= diff --git a/src/audit.go b/src/audit.go index 608d0f9..a7cdc31 100644 --- a/src/audit.go +++ b/src/audit.go @@ -3,9 +3,12 @@ package git_pages import ( "context" "fmt" + "net/http" "strings" + "time" "github.com/influxdata/influxdb/pkg/snowflake" + exponential "github.com/jpillora/backoff" "google.golang.org/protobuf/proto" timestamppb "google.golang.org/protobuf/types/known/timestamppb" ) @@ -62,11 +65,40 @@ func (audited *auditedBackend) appendNewAuditRecord(ctx context.Context, record subject = fmt.Sprintf("%s/%s", *record.Domain, *record.Project) } logc.Printf(ctx, "audit %s ok: %s %s\n", subject, record.Event.String(), id) + + // Send a notification to the audit server, if configured, and try to make sure + // it is delivered by retrying with exponential backoff on errors. + notifyAudit(context.WithoutCancel(ctx), id) } } return } +func notifyAudit(ctx context.Context, id string) { + if config.Audit.NotifyURL != nil { + notifyURL := config.Audit.NotifyURL.URL + notifyURL.RawQuery = id + go func() { + backoff := exponential.Backoff{ + Jitter: true, + Min: time.Second * 1, + Max: time.Second * 60, + } + for { + _, err := http.Get(notifyURL.String()) + if err != nil { + sleepFor := backoff.Duration() + logc.Printf(ctx, "audit notify %s err: %s (retry in %s)", id, err, sleepFor) + time.Sleep(sleepFor) + } else { + logc.Printf(ctx, "audit notify %s ok", id) + break + } + } + }() + } +} + func (audited *auditedBackend) CommitManifest(ctx context.Context, name string, manifest *Manifest) (err error) { domain, project, ok := strings.Cut(name, "/") if !ok { diff --git a/src/config.go b/src/config.go index 9303b7e..29642f7 100644 --- a/src/config.go +++ b/src/config.go @@ -152,6 +152,8 @@ type AuditConfig struct { NodeID int `toml:"node-id"` // Whether audit reports should be stored whenever an audit event occurs. Collect bool `toml:"collect"` + // Endpoint to notify with a `GET /?` whenever an audit event occurs. + NotifyURL *URL `toml:"notify-url"` } type ObservabilityConfig struct {