From 57781be5a020057049a7d036e161b7bb1e48fd9c Mon Sep 17 00:00:00 2001
From: Jordan Doyle <jordan@doyle.la>
Date: Sun, 25 Jun 2023 13:07:53 +0100
Subject: [PATCH] Write connection timestamp to the audit logs

---
 Cargo.lock   | 28 ++++++++++++++++++++++++++++
 Cargo.toml   |  1 +
 src/audit.rs |  4 ++++
 3 files changed, 33 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index bae2b5d..241f129 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -853,6 +853,7 @@ dependencies = [
  "shlex",
  "thrussh",
  "thrussh-keys",
+ "time",
  "tokio",
  "toml",
  "tracing",
@@ -1248,6 +1249,33 @@ dependencies = [
 ]
 
 [[package]]
+name = "time"
+version = "0.3.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea9e1b3cf1243ae005d9e74085d4d542f3125458f3a81af210d901dcd7411efd"
+dependencies = [
+ "itoa",
+ "serde",
+ "time-core",
+ "time-macros",
+]
+
+[[package]]
+name = "time-core"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
+
+[[package]]
+name = "time-macros"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b"
+dependencies = [
+ "time-core",
+]
+
+[[package]]
 name = "tokio"
 version = "1.28.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index 382c463..bc04b9c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,6 +17,7 @@ serde_json = "1.0"
 shlex = "1.1"
 thrussh = "0.34"
 thrussh-keys = "0.22"
+time = { version = "0.3", features = ["serde", "formatting"] }
 tokio = { version = "1.28", features = ["full"] }
 toml = "0.7"
 tracing = "0.1"
diff --git a/src/audit.rs b/src/audit.rs
index a4ed10c..c951d40 100644
--- a/src/audit.rs
+++ b/src/audit.rs
@@ -7,6 +7,7 @@ use std::{
     sync::Arc,
     time::{Duration, Instant},
 };
+use time::OffsetDateTime;
 use tokio::{
     fs::OpenOptions,
     io::{AsyncWriteExt, BufWriter},
@@ -66,6 +67,8 @@ pub fn start_audit_writer(
 #[derive(Serialize)]
 pub struct AuditLog {
     pub connection_id: Uuid,
+    #[serde(with = "time::serde::rfc3339")]
+    pub ts: OffsetDateTime,
     pub peer_address: Option<SocketAddr>,
     pub environment_variables: Vec<(Box<str>, Box<str>)>,
     pub events: Vec<AuditLogEvent>,
@@ -77,6 +80,7 @@ impl Default for AuditLog {
     fn default() -> Self {
         Self {
             connection_id: Uuid::default(),
+            ts: OffsetDateTime::now_utc(),
             peer_address: None,
             environment_variables: vec![],
             events: vec![],
--
libgit2 1.7.2