From d03977ac0ec2b3280604366c8b7c8a86128fc0e0 Mon Sep 17 00:00:00 2001
From: Ricky Niemi <rniemi@palantir.com>
Date: Mon, 9 Jan 2017 22:59:43 -0800
Subject: [PATCH] Add initial audit logging to data proxy

---
 pkg/api/dataproxy.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/pkg/api/dataproxy.go b/pkg/api/dataproxy.go
index db4c5166feb..b044f8956db 100644
--- a/pkg/api/dataproxy.go
+++ b/pkg/api/dataproxy.go
@@ -1,6 +1,9 @@
 package api
 
 import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -8,6 +11,7 @@ import (
 
 	"github.com/grafana/grafana/pkg/api/cloudwatch"
 	"github.com/grafana/grafana/pkg/bus"
+	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/metrics"
 	"github.com/grafana/grafana/pkg/middleware"
 	m "github.com/grafana/grafana/pkg/models"
@@ -115,12 +119,31 @@ func ProxyDataSourceRequest(c *middleware.Context) {
 		}
 	}
 
+	outputToAuditLog(ds.Type, c)
+
 	proxy := NewReverseProxy(ds, proxyPath, targetUrl)
 	proxy.Transport, err = ds.GetHttpTransport()
 	if err != nil {
 		c.JsonApiErr(400, "Unable to load TLS certificate", err)
 		return
 	}
+
 	proxy.ServeHTTP(c.Resp, c.Req.Request)
 	c.Resp.Header().Del("Set-Cookie")
 }
+
+func outputToAuditLog(dataSourceType string, c *middleware.Context) {
+	auditLogger := log.New("data-proxy-audit", "userId", c.UserId, "orgId", c.OrgId, "uname", c.Login)
+
+	bodyString := ""
+	if c.Req.Request.Body != nil {
+		reqBody := c.Req.Request.Body
+		buffer, _ := ioutil.ReadAll(reqBody)
+
+		c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer))
+		bodyString = string(buffer)
+	}
+
+	logFormat := "Datasource: %s, URI: %s, Method: %s, Body: %s"
+	auditLogger.Info(fmt.Sprintf(logFormat, dataSourceType, c.Req.RequestURI, c.Req.Request.Method, bodyString))
+}