coder
diff --git a/‎cli/portforward.go
Lines changed: 0 additions & 1 deletion b/‎cli/portforward.go
Lines changed: 0 additions & 1 deletion
diff --git a/‎cli/speedtest.go
Lines changed: 5 additions & 4 deletions b/‎cli/speedtest.go
Lines changed: 5 additions & 4 deletions
diff --git a/‎cli/speedtest_test.go
Lines changed: 2 additions & 1 deletion b/‎cli/speedtest_test.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/audit.go
Lines changed: 171 additions & 0 deletions b/‎coderd/audit.go
Lines changed: 171 additions & 0 deletions
diff --git a/‎coderd/audit_test.go
Lines changed: 35 additions & 0 deletions b/‎coderd/audit_test.go
Lines changed: 35 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 9 additions & 0 deletions b/‎coderd/coderd.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 39 additions & 23 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 39 additions & 23 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 3 additions & 2 deletions b/‎coderd/database/querier.go
Lines changed: 3 additions & 2 deletions
@@ -17,7 +17,6 @@ import (
 	"golang.org/x/xerrors"
 
 	"cdr.dev/slog"
-
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/codersdk"
 
@@ -5,14 +5,15 @@ import (
 	"fmt"
 	"time"
 
-	"cdr.dev/slog"
-	"github.com/coder/coder/cli/cliflag"
-	"github.com/coder/coder/cli/cliui"
-	"github.com/coder/coder/codersdk"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 	tsspeedtest "tailscale.com/net/speedtest"
+
+	"cdr.dev/slog"
+	"github.com/coder/coder/cli/cliflag"
+	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/codersdk"
 )
 
 func speedtest() *cobra.Command {
 
@@ -4,14 +4,15 @@ import (
 	"context"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/pty/ptytest"
 	"github.com/coder/coder/testutil"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestSpeedtest(t *testing.T) {
 
@@ -0,0 +1,171 @@
+package coderd
+
+import (
+	"encoding/json"
+	"net"
+	"net/http"
+	"net/netip"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/tabbed/pqtype"
+
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/coderd/httpapi"
+	"github.com/coder/coder/coderd/httpmw"
+	"github.com/coder/coder/coderd/rbac"
+	"github.com/coder/coder/codersdk"
+)
+
+func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
+	if !api.Authorize(r, rbac.ActionRead, rbac.ResourceAuditLog) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	ctx := r.Context()
+	page, ok := parsePagination(rw, r)
+	if !ok {
+		return
+	}
+
+	dblogs, err := api.Database.GetAuditLogsOffset(ctx, database.GetAuditLogsOffsetParams{
+		Offset: int32(page.Offset),
+		Limit:  int32(page.Limit),
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	httpapi.Write(rw, http.StatusOK, codersdk.AuditLogResponse{
+		AuditLogs: convertAuditLogs(dblogs),
+	})
+}
+
+func (api *API) auditLogCount(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	if !api.Authorize(r, rbac.ActionRead, rbac.ResourceAuditLog) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	count, err := api.Database.GetAuditLogCount(ctx)
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	httpapi.Write(rw, http.StatusOK, codersdk.AuditLogCountResponse{
+		Count: count,
+	})
+}
+
+func (api *API) generateFakeAuditLog(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	if !api.Authorize(r, rbac.ActionRead, rbac.ResourceAuditLog) {
+		httpapi.Forbidden(rw)
+		return
+	}
+
+	key := httpmw.APIKey(r)
+	user, err := api.Database.GetUserByID(ctx, key.UserID)
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	diff, err := json.Marshal(codersdk.AuditDiff{
+		"foo": codersdk.AuditDiffField{Old: "bar", New: "baz"},
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	ipRaw, _, _ := net.SplitHostPort(r.RemoteAddr)
+	ip := net.ParseIP(ipRaw)
+	ipNet := pqtype.Inet{}
+	if ip != nil {
+		ipNet = pqtype.Inet{
+			IPNet: net.IPNet{
+				IP:   ip,
+				Mask: net.CIDRMask(len(ip)*8, len(ip)*8),
+			},
+			Valid: true,
+		}
+	}
+
+	_, err = api.Database.InsertAuditLog(ctx, database.InsertAuditLogParams{
+		ID:             uuid.New(),
+		Time:           time.Now(),
+		UserID:         user.ID,
+		Ip:             ipNet,
+		UserAgent:      r.UserAgent(),
+		ResourceType:   database.ResourceTypeUser,
+		ResourceID:     user.ID,
+		ResourceTarget: user.Username,
+		Action:         database.AuditActionWrite,
+		Diff:           diff,
+		StatusCode:     http.StatusOK,
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	rw.WriteHeader(http.StatusNoContent)
+}
+
+func convertAuditLogs(dblogs []database.GetAuditLogsOffsetRow) []codersdk.AuditLog {
+	alogs := make([]codersdk.AuditLog, 0, len(dblogs))
+
+	for _, dblog := range dblogs {
+		alogs = append(alogs, convertAuditLog(dblog))
+	}
+
+	return alogs
+}
+
+func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
+	ip, _ := netip.AddrFromSlice(dblog.Ip.IPNet.IP)
+
+	diff := codersdk.AuditDiff{}
+	_ = json.Unmarshal(dblog.Diff, &diff)
+
+	var user *codersdk.User
+	if dblog.UserUsername.Valid {
+		user = &codersdk.User{
+			ID:        dblog.UserID,
+			Username:  dblog.UserUsername.String,
+			Email:     dblog.UserEmail.String,
+			CreatedAt: dblog.UserCreatedAt.Time,
+			Status:    codersdk.UserStatus(dblog.UserStatus),
+			Roles:     []codersdk.Role{},
+		}
+
+		for _, roleName := range dblog.UserRoles {
+			rbacRole, _ := rbac.RoleByName(roleName)
+			user.Roles = append(user.Roles, convertRole(rbacRole))
+		}
+	}
+
+	return codersdk.AuditLog{
+		ID:               dblog.ID,
+		RequestID:        dblog.RequestID,
+		Time:             dblog.Time,
+		OrganizationID:   dblog.OrganizationID,
+		IP:               ip,
+		UserAgent:        dblog.UserAgent,
+		ResourceType:     codersdk.ResourceType(dblog.ResourceType),
+		ResourceID:       dblog.ResourceID,
+		ResourceTarget:   dblog.ResourceTarget,
+		ResourceIcon:     dblog.ResourceIcon,
+		Action:           codersdk.AuditAction(dblog.Action),
+		Diff:             diff,
+		StatusCode:       dblog.StatusCode,
+		AdditionalFields: dblog.AdditionalFields,
+		Description:      "",
+		User:             user,
+	}
+}
@@ -0,0 +1,35 @@
+package coderd_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/codersdk"
+)
+
+func TestAuditLogs(t *testing.T) {
+	t.Parallel()
+
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := context.Background()
+		client := coderdtest.New(t, nil)
+		_ = coderdtest.CreateFirstUser(t, client)
+
+		err := client.CreateTestAuditLog(ctx)
+		require.NoError(t, err)
+
+		count, err := client.AuditLogCount(ctx)
+		require.NoError(t, err)
+
+		alogs, err := client.AuditLogs(ctx, codersdk.Pagination{Limit: 1})
+		require.NoError(t, err)
+
+		require.Equal(t, int64(1), count.Count)
+		require.Len(t, alogs.AuditLogs, 1)
+	})
+}
@@ -220,6 +220,15 @@ func New(options *Options) *API {
 				})
 			})
 		})
+		r.Route("/audit", func(r chi.Router) {
+			r.Use(
+				apiKeyMiddleware,
+			)
+
+			r.Get("/", api.auditLogs)
+			r.Get("/count", api.auditLogCount)
+			r.Post("/testgenerate", api.generateFakeAuditLog)
+		})
 		r.Route("/files", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
 
@@ -2303,43 +2303,59 @@ func (q *fakeQuerier) DeleteGitSSHKey(_ context.Context, userID uuid.UUID) error
 	return sql.ErrNoRows
 }
 
-func (q *fakeQuerier) GetAuditLogsBefore(_ context.Context, arg database.GetAuditLogsBeforeParams) ([]database.AuditLog, error) {
+func (q *fakeQuerier) GetAuditLogsOffset(ctx context.Context, arg database.GetAuditLogsOffsetParams) ([]database.GetAuditLogsOffsetRow, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
-	logs := make([]database.AuditLog, 0)
-	start := database.AuditLog{}
-
-	if arg.ID != uuid.Nil {
-		for _, alog := range q.auditLogs {
-			if alog.ID == arg.ID {
-				start = alog
-				break
-			}
-		}
-	} else {
-		start.ID = uuid.New()
-		start.Time = arg.StartTime
-	}
-
-	if start.ID == uuid.Nil {
-		return nil, sql.ErrNoRows
-	}
+	logs := make([]database.GetAuditLogsOffsetRow, 0, arg.Limit)
 
 	// q.auditLogs are already sorted by time DESC, so no need to sort after the fact.
 	for _, alog := range q.auditLogs {
-		if alog.Time.Before(start.Time) {
-			logs = append(logs, alog)
-		}
+		if arg.Offset > 0 {
+			arg.Offset--
+			continue
+		}
+
+		user, err := q.GetUserByID(ctx, alog.UserID)
+		userValid := err == nil
+
+		logs = append(logs, database.GetAuditLogsOffsetRow{
+			ID:               alog.ID,
+			RequestID:        alog.RequestID,
+			OrganizationID:   alog.OrganizationID,
+			Ip:               alog.Ip,
+			UserAgent:        alog.UserAgent,
+			ResourceType:     database.ResourceType(alog.UserAgent),
+			ResourceID:       alog.ResourceID,
+			ResourceTarget:   alog.ResourceTarget,
+			ResourceIcon:     alog.ResourceIcon,
+			Action:           alog.Action,
+			Diff:             alog.Diff,
+			StatusCode:       alog.StatusCode,
+			AdditionalFields: alog.AdditionalFields,
+			UserID:           alog.UserID,
+			UserUsername:     sql.NullString{String: user.Username, Valid: userValid},
+			UserEmail:        sql.NullString{String: user.Email, Valid: userValid},
+			UserCreatedAt:    sql.NullTime{Time: user.CreatedAt, Valid: userValid},
+			UserStatus:       user.Status,
+			UserRoles:        user.RBACRoles,
+		})
 
-		if len(logs) >= int(arg.RowLimit) {
+		if len(logs) >= int(arg.Limit) {
 			break
 		}
 	}
 
 	return logs, nil
 }
 
+func (q *fakeQuerier) GetAuditLogCount(_ context.Context) (int64, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	return int64(len(q.auditLogs)), nil
+}
+
 func (q *fakeQuerier) InsertAuditLog(_ context.Context, arg database.InsertAuditLogParams) (database.AuditLog, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()