feat(admin_audit): Log cache insert/delete to audit log

That allows to see files added/removed by a filesystem scan for instance. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-12-01 12:23:52 +07:00 · 2025-12-01 12:23:52 +07:00 · 0323fcff75
parent 294c1827e6
commit 0323fcff75
4 changed files with 62 additions and 2 deletions
--- a/apps/admin_audit/composer/composer/autoload_classmap.php
+++ b/apps/admin_audit/composer/composer/autoload_classmap.php
@ -19,6 +19,7 @@ return array(
    'OCA\\AdminAudit\\IAuditLogger' => $baseDir . '/../lib/IAuditLogger.php',
    'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => $baseDir . '/../lib/Listener/AppManagementEventListener.php',
    'OCA\\AdminAudit\\Listener\\AuthEventListener' => $baseDir . '/../lib/Listener/AuthEventListener.php',
+    'OCA\\AdminAudit\\Listener\\CacheEventListener' => $baseDir . '/../lib/Listener/CacheEventListener.php',
    'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => $baseDir . '/../lib/Listener/ConsoleEventListener.php',
    'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php',
    'OCA\\AdminAudit\\Listener\\FileEventListener' => $baseDir . '/../lib/Listener/FileEventListener.php',
--- a/apps/admin_audit/composer/composer/autoload_static.php
+++ b/apps/admin_audit/composer/composer/autoload_static.php
@ -7,14 +7,14 @@ namespace Composer\Autoload;
 class ComposerStaticInitAdminAudit
 {
    public static $prefixLengthsPsr4 = array (
-        'O' => 
+        'O' =>
        array (
            'OCA\\AdminAudit\\' => 15,
        ),
    );

    public static $prefixDirsPsr4 = array (
-        'OCA\\AdminAudit\\' => 
+        'OCA\\AdminAudit\\' =>
        array (
            0 => __DIR__ . '/..' . '/../lib',
        ),
@ -34,6 +34,7 @@ class ComposerStaticInitAdminAudit
        'OCA\\AdminAudit\\IAuditLogger' => __DIR__ . '/..' . '/../lib/IAuditLogger.php',
        'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/AppManagementEventListener.php',
        'OCA\\AdminAudit\\Listener\\AuthEventListener' => __DIR__ . '/..' . '/../lib/Listener/AuthEventListener.php',
+        'OCA\\AdminAudit\\Listener\\CacheEventListener' => __DIR__ . '/..' . '/../lib/Listener/CacheEventListener.php',
        'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => __DIR__ . '/..' . '/../lib/Listener/ConsoleEventListener.php',
        'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php',
        'OCA\\AdminAudit\\Listener\\FileEventListener' => __DIR__ . '/..' . '/../lib/Listener/FileEventListener.php',
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@ -20,6 +20,7 @@ use OCA\AdminAudit\AuditLogger;
 use OCA\AdminAudit\IAuditLogger;
 use OCA\AdminAudit\Listener\AppManagementEventListener;
 use OCA\AdminAudit\Listener\AuthEventListener;
+use OCA\AdminAudit\Listener\CacheEventListener;
 use OCA\AdminAudit\Listener\ConsoleEventListener;
 use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener;
 use OCA\AdminAudit\Listener\FileEventListener;
@ -39,6 +40,8 @@ use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
 use OCP\Files\Events\Node\BeforeNodeDeletedEvent;
 use OCP\Files\Events\Node\BeforeNodeReadEvent;
 use OCP\Files\Events\Node\BeforeNodeRenamedEvent;
@ -122,6 +125,10 @@ class Application extends App implements IBootstrap {

 		// Console events
 		$context->registerEventListener(ConsoleEvent::class, ConsoleEventListener::class);
+
+		// Cache events
+		$context->registerEventListener(CacheEntryInsertedEvent::class, CacheEventListener::class);
+		$context->registerEventListener(CacheEntryRemovedEvent::class, CacheEventListener::class);
 	}

 	public function boot(IBootContext $context): void {
--- a/apps/admin_audit/lib/Listener/CacheEventListener.php
+++ b/apps/admin_audit/lib/Listener/CacheEventListener.php
@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\AdminAudit\Listener;
+
+use OCA\AdminAudit\Actions\Action;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Files\Cache\CacheEntryInsertedEvent;
+use OCP\Files\Cache\CacheEntryRemovedEvent;
+
+/**
+ * @template-implements IEventListener<CacheEntryInsertedEvent|CacheEntryRemovedEvent>
+ */
+class CacheEventListener extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof CacheEntryInsertedEvent) {
+			$this->entryInserted($event);
+		} elseif ($event instanceof CacheEntryRemovedEvent) {
+			$this->entryRemoved($event);
+		}
+	}
+
+	private function entryInserted(CacheEntryInsertedEvent $event): void {
+		$this->log('Cache entry inserted for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+
+	private function entryRemoved(CacheEntryRemovedEvent $event): void {
+		$this->log('Cache entry removed for fileid "%1$d", path "%2$s" on storageid "%3$d"',
+			[
+				'fileid' => $event->getFileId(),
+				'path' => $event->getPath(),
+				'storageid' => $event->getStorageId(),
+			],
+			['fileid', 'path', 'storageid']
+		);
+	}
+}