From a90b8fddbc8bb720d509e6c838cc497a8ab3b2b7 Mon Sep 17 00:00:00 2001
From: Wicklow <wicklow@framasoft.org>
Date: Thu, 12 Oct 2023 14:56:57 +0200
Subject: [PATCH 1/3] Add ability to disable audit logs

---
 ...edit-advanced-configuration.component.html | 23 ++++++++++++
 .../edit-custom-config.component.ts           |  5 +++
 .../+admin/system/logs/logs.component.html    |  4 ++-
 .../app/+admin/system/logs/logs.component.ts  | 18 +++++++---
 config/default.yaml                           |  3 ++
 .../models/src/server/custom-config.model.ts  |  6 ++++
 .../models/src/server/server-config.model.ts  |  5 +++
 .../src/server/config-command.ts              |  6 ++++
 packages/tests/src/api/check-params/config.ts |  5 +++
 packages/tests/src/api/server/config.ts       |  5 +++
 packages/tests/src/api/server/logs.ts         | 35 +++++++++++++++++++
 server/core/controllers/api/config.ts         |  6 ++++
 server/core/helpers/audit-logger.ts           |  1 +
 .../core/initializers/checker-before-init.ts  |  2 +-
 server/core/initializers/config.ts            |  7 +++-
 server/core/lib/server-config-manager.ts      |  5 +++
 server/core/middlewares/validators/config.ts  |  1 +
 server/core/middlewares/validators/logs.ts    |  2 ++
 support/doc/api/openapi.yaml                  | 16 +++++++++
 19 files changed, 148 insertions(+), 7 deletions(-)

diff --git a/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html b/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html
index ddfaaa50e85..7671dccf84b 100644
--- a/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html
+++ b/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html
@@ -136,4 +136,27 @@ <h2 i18n class="inner-form-title">CUSTOMIZATIONS</h2>
     </div>
   </div>
 
+  <div class="row mt-4"> <!-- cache grid -->
+    <div class="col-12 col-lg-4 col-xl-3">
+      <div class="anchor" id="customizations"></div> <!-- customizations anchor -->
+      <h2 i18n class="inner-form-title">LOGS</h2>
+      <div i18n class="inner-form-description">
+        Slight modifications to your PeerTube instance for when creating a plugin or theme is overkill.
+      </div>
+    </div>
+
+    <div class="col-12 col-lg-8 col-xl-9">
+      <ng-container formGroupName="instance">
+        <ng-container formGroupName="logs">
+          <ng-container formGroupName="auditLogs">
+            <div class="form-group">
+              <my-peertube-checkbox inputName="auditLogsEnabled" formControlName="enabled" i18n-labelText
+                labelText="Enable audit logs"></my-peertube-checkbox>
+            </div>
+          </ng-container>
+        </ng-container>
+      </ng-container>
+    </div>
+  </div>
+
 </ng-container>
diff --git a/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts b/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts
index 2c0cc0a165a..6b44bf6e49a 100644
--- a/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts
+++ b/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts
@@ -93,6 +93,11 @@ export class EditCustomConfigComponent extends FormReactive implements OnInit {
         customizations: {
           javascript: null,
           css: null
+        },
+        logs: {
+          auditLogs: {
+            enabled: null
+          }
         }
       },
       theme: {
diff --git a/client/src/app/+admin/system/logs/logs.component.html b/client/src/app/+admin/system/logs/logs.component.html
index c945c1fdc10..81bede9c668 100644
--- a/client/src/app/+admin/system/logs/logs.component.html
+++ b/client/src/app/+admin/system/logs/logs.component.html
@@ -37,7 +37,9 @@
   <div *ngIf="loading" i18n>Loading...</div>
 
   <div #logsElement>
-    <div *ngIf="!loading && logs.length === 0" i18n>No log.</div>
+    <div *ngIf="isAuditLog && !isAuditLogsEnabled" i18n>Audit logs disabled.</div>
+
+    <div *ngIf="!loading && logs.length === 0 && isAuditLogsEnabled" i18n>No log.</div>
 
     <div *ngFor="let log of logs" class="log-row" [ngClass]="{ error: log.level === 'error', warn: log.level === 'warn' }">
       <span class="log-level">{{ log.level }}</span>
diff --git a/client/src/app/+admin/system/logs/logs.component.ts b/client/src/app/+admin/system/logs/logs.component.ts
index 22375fcd99a..f8ef2173b56 100644
--- a/client/src/app/+admin/system/logs/logs.component.ts
+++ b/client/src/app/+admin/system/logs/logs.component.ts
@@ -1,6 +1,6 @@
 import { Component, ElementRef, OnInit, ViewChild } from '@angular/core'
-import { LocalStorageService, Notifier } from '@app/core'
-import { ServerLogLevel } from '@peertube/peertube-models'
+import { LocalStorageService, Notifier, ServerService } from '@app/core'
+import { HTMLServerConfig, ServerLogLevel } from '@peertube/peertube-models'
 import { LogRow } from './log-row.model'
 import { LogsService } from './logs.service'
 
@@ -25,13 +25,20 @@ export class LogsComponent implements OnInit {
   logType: 'audit' | 'standard'
   tagsOneOf: string[] = []
 
+  serverConfig: HTMLServerConfig
+  isAuditLogsEnabled: boolean
+
   constructor (
     private logsService: LogsService,
     private notifier: Notifier,
-    private localStorage: LocalStorageService
+    private localStorage: LocalStorageService,
+    private serverService: ServerService
   ) { }
 
   ngOnInit (): void {
+    this.serverConfig = this.serverService.getHTMLConfig()
+    console.log(JSON.stringify(this.serverConfig))
+
     this.buildTimeChoices()
     this.buildLevelChoices()
     this.buildLogTypeChoices()
@@ -55,7 +62,10 @@ export class LogsComponent implements OnInit {
     const tagsOneOf = this.tagsOneOf.length !== 0
       ? this.tagsOneOf
       : undefined
-
+    if (!this.isAuditLogsEnabled) {
+      this.loading = false
+      return
+    }
     this.logsService.getLogs({
       isAuditLog: this.isAuditLog(),
       level: this.level,
diff --git a/config/default.yaml b/config/default.yaml
index 2a0b0fb1ce5..913238aad90 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -763,6 +763,9 @@ instance:
   securitytxt: |
     Contact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md
     Expires: 2025-12-31T11:00:00.000Z'
+  logs:
+    audit_logs: 
+      enabled: true
 
 services:
   # Cards configuration to format video in Twitter
diff --git a/packages/models/src/server/custom-config.model.ts b/packages/models/src/server/custom-config.model.ts
index df4176ba7fc..93063adc0b7 100644
--- a/packages/models/src/server/custom-config.model.ts
+++ b/packages/models/src/server/custom-config.model.ts
@@ -39,6 +39,12 @@ export interface CustomConfig {
       javascript?: string
       css?: string
     }
+
+    logs: {
+      auditLogs: {
+        enabled: boolean
+      }
+    }
   }
 
   theme: {
diff --git a/packages/models/src/server/server-config.model.ts b/packages/models/src/server/server-config.model.ts
index a2a2bd5aa38..ba4ca22ac09 100644
--- a/packages/models/src/server/server-config.model.ts
+++ b/packages/models/src/server/server-config.model.ts
@@ -90,6 +90,11 @@ export interface ServerConfig {
       javascript: string
       css: string
     }
+    logs: {
+      auditLogs: {
+        enabled: boolean
+      }
+    }
   }
 
   search: {
diff --git a/packages/server-commands/src/server/config-command.ts b/packages/server-commands/src/server/config-command.ts
index 8fcf0bd5162..d389646f8e0 100644
--- a/packages/server-commands/src/server/config-command.ts
+++ b/packages/server-commands/src/server/config-command.ts
@@ -371,6 +371,12 @@ export class ConfigCommand extends AbstractCommand {
         customizations: {
           javascript: 'alert("coucou")',
           css: 'body { background-color: red; }'
+        },
+
+        logs: {
+          auditLogs: {
+            enabled: true
+          }
         }
       },
       theme: {
diff --git a/packages/tests/src/api/check-params/config.ts b/packages/tests/src/api/check-params/config.ts
index 8179a8815c2..560d214c5ad 100644
--- a/packages/tests/src/api/check-params/config.ts
+++ b/packages/tests/src/api/check-params/config.ts
@@ -42,6 +42,11 @@ describe('Test config API validators', function () {
       customizations: {
         javascript: 'alert("coucou")',
         css: 'body { background-color: red; }'
+      },
+      logs: {
+        auditLogs: {
+          enabled: true
+        }
       }
     },
     theme: {
diff --git a/packages/tests/src/api/server/config.ts b/packages/tests/src/api/server/config.ts
index ce64668f811..a4a948d7adc 100644
--- a/packages/tests/src/api/server/config.ts
+++ b/packages/tests/src/api/server/config.ts
@@ -264,6 +264,11 @@ const newCustomConfig: CustomConfig = {
     customizations: {
       javascript: 'alert("coucou")',
       css: 'body { background-color: red; }'
+    },
+    logs: {
+      auditLogs: {
+        enabled: true
+      }
     }
   },
   theme: {
diff --git a/packages/tests/src/api/server/logs.ts b/packages/tests/src/api/server/logs.ts
index 11c86d69428..3594b7e7486 100644
--- a/packages/tests/src/api/server/logs.ts
+++ b/packages/tests/src/api/server/logs.ts
@@ -193,6 +193,41 @@ describe('Test logs', function () {
       expect(logsString.includes('video 10')).to.be.true
       expect(logsString.includes('video 11')).to.be.false
     })
+
+    it('Should refuse to create logs if disabled', async function () {
+      this.timeout(60000)
+
+      await server.config.updateCustomSubConfig({
+        newConfig: {
+          instance: {
+            logs: {
+              auditLogs:{
+                enabled: false
+              }
+            }
+          }
+        }
+      })
+
+      await server.videos.upload({ attributes: { name: 'video 12' } })
+      await waitJobs([ server ])
+
+      const now1 = new Date()
+
+      await server.videos.upload({ attributes: { name: 'video 13' } })
+      await waitJobs([ server ])
+
+      const now2 = new Date()
+
+      await server.videos.upload({ attributes: { name: 'video 14' } })
+      await waitJobs([ server ])
+
+      await logsCommand.getAuditLogs({
+        startDate: now1,
+        endDate: now2,
+        expectedStatus: HttpStatusCode.FORBIDDEN_403
+      })
+    })
   })
 
   describe('When creating log from the client', function () {
diff --git a/server/core/controllers/api/config.ts b/server/core/controllers/api/config.ts
index 58469e97c28..321442919cf 100644
--- a/server/core/controllers/api/config.ts
+++ b/server/core/controllers/api/config.ts
@@ -158,6 +158,12 @@ function customConfig (): CustomConfig {
       customizations: {
         css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS,
         javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT
+      },
+
+      logs: {
+        auditLogs: {
+          enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
+        }
       }
     },
     theme: {
diff --git a/server/core/helpers/audit-logger.ts b/server/core/helpers/audit-logger.ts
index f5fbb9d8478..8aa00d854e8 100644
--- a/server/core/helpers/audit-logger.ts
+++ b/server/core/helpers/audit-logger.ts
@@ -242,6 +242,7 @@ const customConfigKeysToKeep = new Set([
   'instance-defaultNSFWPolicy',
   'instance-customizations-javascript',
   'instance-customizations-css',
+  'instance-logs-auditLogs-enabled',
   'services-twitter-username',
   'services-twitter-whitelisted',
   'cache-previews-size',
diff --git a/server/core/initializers/checker-before-init.ts b/server/core/initializers/checker-before-init.ts
index f33da0914a8..1428e62c240 100644
--- a/server/core/initializers/checker-before-init.ts
+++ b/server/core/initializers/checker-before-init.ts
@@ -48,7 +48,7 @@ function checkMissedConfig () {
     'client.videos.miniature.prefer_author_display_name', 'client.menu.login.redirect_on_single_external_auth',
     'defaults.publish.download_enabled', 'defaults.publish.comments_enabled', 'defaults.publish.privacy', 'defaults.publish.licence',
     'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
-    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
+    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt', 'instance.logs.audit_logs.enabled',
     'services.twitter.username', 'services.twitter.whitelisted',
     'followers.instance.enabled', 'followers.instance.manual_approval',
     'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces',
diff --git a/server/core/initializers/config.ts b/server/core/initializers/config.ts
index 690a20c3197..a0245f97c22 100644
--- a/server/core/initializers/config.ts
+++ b/server/core/initializers/config.ts
@@ -546,7 +546,12 @@ const CONFIG = {
       get CSS () { return config.get<string>('instance.customizations.css') }
     },
     get ROBOTS () { return config.get<string>('instance.robots') },
-    get SECURITYTXT () { return config.get<string>('instance.securitytxt') }
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
+    LOGS: {
+      AUDIT_LOGS:{
+        get ENABLED () { return config.get<boolean>('instance.logs.audit_logs.enabled') }
+      }
+    }
   },
   SERVICES: {
     TWITTER: {
diff --git a/server/core/lib/server-config-manager.ts b/server/core/lib/server-config-manager.ts
index 8b3b957fe30..d80e114e991 100644
--- a/server/core/lib/server-config-manager.ts
+++ b/server/core/lib/server-config-manager.ts
@@ -100,6 +100,11 @@ class ServerConfigManager {
         customizations: {
           javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT,
           css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS
+        },
+        logs: {
+          auditLogs: {
+            enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
+          }
         }
       },
       search: {
diff --git a/server/core/middlewares/validators/config.ts b/server/core/middlewares/validators/config.ts
index e495bb959d0..0ffa78e2129 100644
--- a/server/core/middlewares/validators/config.ts
+++ b/server/core/middlewares/validators/config.ts
@@ -17,6 +17,7 @@ const customConfigUpdateValidator = [
   body('instance.defaultClientRoute').exists(),
   body('instance.customizations.css').exists(),
   body('instance.customizations.javascript').exists(),
+  body('instance.logs.auditLogs.enabled').exists(),
 
   body('services.twitter.username').exists(),
   body('services.twitter.whitelisted').isBoolean(),
diff --git a/server/core/middlewares/validators/logs.ts b/server/core/middlewares/validators/logs.ts
index e93d8a61841..8b76655b648 100644
--- a/server/core/middlewares/validators/logs.ts
+++ b/server/core/middlewares/validators/logs.ts
@@ -80,6 +80,8 @@ const getAuditLogsValidator = [
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
+    if (!CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED) return res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+
     return next()
   }
 ]
diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml
index 19c4a4c7a59..0bc26c47faa 100644
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@@ -7935,6 +7935,14 @@ components:
                   type: string
                 css:
                   type: string
+            logs:
+              type: object
+              properties:
+                auditLogs:
+                  type: object
+                  properties:
+                    enabled:
+                      type: boolean
         search:
           type: object
           properties:
@@ -8252,6 +8260,14 @@ components:
                   type: string
                 css:
                   type: string
+            logs:
+              type: object
+              properties:
+                auditLogs:
+                  type: object
+                  properties:
+                    enabled:
+                      type: boolean
         theme:
           type: object
           properties:

From f88a9d46501f656f219b0feb41b16800282511eb Mon Sep 17 00:00:00 2001
From: Wicklow <wicklow@framasoft.org>
Date: Thu, 12 Oct 2023 15:18:16 +0200
Subject: [PATCH 2/3] fix admin panel

---
 client/src/app/+admin/system/logs/logs.component.html | 3 ++-
 client/src/app/+admin/system/logs/logs.component.ts   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/client/src/app/+admin/system/logs/logs.component.html b/client/src/app/+admin/system/logs/logs.component.html
index 81bede9c668..b837b1d93b8 100644
--- a/client/src/app/+admin/system/logs/logs.component.html
+++ b/client/src/app/+admin/system/logs/logs.component.html
@@ -6,6 +6,7 @@
   </div>
 
   <ng-select
+    *ngIf="!isAuditLog() || isAuditLogsEnabled"
     [(ngModel)]="startDate"
     (ngModelChange)="refresh()"
     [clearable]="false"
@@ -30,7 +31,7 @@
 
   <my-select-tags *ngIf="!isAuditLog()" i18n-placeholder placeholder="Filter logs by tags" [(ngModel)]="tagsOneOf" (ngModelChange)="refresh()"></my-select-tags>
 
-  <my-button i18n-label label="Refresh" icon="refresh" (click)="refresh()"></my-button>
+  <my-button *ngIf="!isAuditLog() || isAuditLogsEnabled" i18n-label label="Refresh" icon="refresh" (click)="refresh()"></my-button>
 </div>
 
 <div class="logs">
diff --git a/client/src/app/+admin/system/logs/logs.component.ts b/client/src/app/+admin/system/logs/logs.component.ts
index f8ef2173b56..e0ce2863f73 100644
--- a/client/src/app/+admin/system/logs/logs.component.ts
+++ b/client/src/app/+admin/system/logs/logs.component.ts
@@ -37,7 +37,7 @@ export class LogsComponent implements OnInit {
 
   ngOnInit (): void {
     this.serverConfig = this.serverService.getHTMLConfig()
-    console.log(JSON.stringify(this.serverConfig))
+    this.isAuditLogsEnabled = this.serverConfig.instance.logs.auditLogs.enabled
 
     this.buildTimeChoices()
     this.buildLevelChoices()

From 9ecc04fb5495405b75c42e30bb21e5955172365d Mon Sep 17 00:00:00 2001
From: Wicklow <wicklow@framasoft.org>
Date: Thu, 12 Oct 2023 16:17:15 +0200
Subject: [PATCH 3/3] increase timeout on test

---
 packages/tests/src/api/server/logs.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/tests/src/api/server/logs.ts b/packages/tests/src/api/server/logs.ts
index 3594b7e7486..f2551c7fa6c 100644
--- a/packages/tests/src/api/server/logs.ts
+++ b/packages/tests/src/api/server/logs.ts
@@ -195,7 +195,7 @@ describe('Test logs', function () {
     })
 
     it('Should refuse to create logs if disabled', async function () {
-      this.timeout(60000)
+      this.timeout(100000)
 
       await server.config.updateCustomSubConfig({
         newConfig: {