@axova/shared 1.0.0

package/dist/lib/auditLogger.js

@@ -0,0 +1,626 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+exports.createAuditLogger = createAuditLogger;
+exports.createAuditMiddleware = createAuditMiddleware;
+exports.logAuditEvent = logAuditEvent;
+exports.logStoreAuditEvent = logStoreAuditEvent;
+exports.setDefaultAuditLogger = setDefaultAuditLogger;
+exports.getDefaultAuditLogger = getDefaultAuditLogger;
+exports.quickLog = quickLog;
+exports.quickLogUserAction = quickLogUserAction;
+exports.quickLogSystemAction = quickLogSystemAction;
+const node_perf_hooks_1 = require("node:perf_hooks");
+const cuid2_1 = require("@paralleldrive/cuid2");
+// Shared Audit Logger Class
+class AuditLogger {
+    constructor(config, initialContext) {
+        this.buffer = [];
+        this.flushTimer = null;
+        this.performanceTrackers = new Map();
+        this.config = {
+            bufferSize: 100,
+            flushInterval: 5000,
+            defaultRetentionDays: 2555,
+            autoEnrichment: true,
+            sensitiveFieldMasking: true,
+            geoLocationEnabled: false,
+            enableLocalLogging: true,
+            enableRemoteLogging: true,
+            ...config,
+        };
+        this.context = {
+            serviceName: config.serviceName,
+            serviceVersion: config.serviceVersion,
+            environment: config.environment ||
+                process.env.NODE_ENV ||
+                "DEVELOPMENT",
+            ...initialContext,
+        };
+        this.setupAutoFlush();
+    }
+    // Update context (useful for request-scoped information)
+    updateContext(contextUpdate) {
+        this.context = { ...this.context, ...contextUpdate };
+    }
+    // Get current context
+    getContext() {
+        return { ...this.context };
+    }
+    // Log a custom audit event
+    async log(entry) {
+        try {
+            const enrichedEntry = await this.enrichEntry(entry);
+            const auditId = (0, cuid2_1.createId)();
+            // Add to buffer
+            this.addToBuffer(enrichedEntry);
+            // Local logging
+            if (this.config.enableLocalLogging) {
+                this.logLocally(enrichedEntry, auditId);
+            }
+            // Check if immediate flush is needed for critical events
+            if (this.isCriticalEvent(enrichedEntry)) {
+                await this.flush();
+            }
+            return auditId;
+        }
+        catch (error) {
+            console.error("Failed to log audit event:", error);
+            throw error;
+        }
+    }
+    // Performance tracking helpers
+    startPerformanceTracking(operationId) {
+        const id = operationId || (0, cuid2_1.createId)();
+        const tracker = {
+            start: node_perf_hooks_1.performance.now(),
+            end: () => node_perf_hooks_1.performance.now(),
+            duration: function () {
+                return this.end() - this.start;
+            },
+        };
+        this.performanceTrackers.set(id, tracker);
+        return id;
+    }
+    endPerformanceTracking(operationId) {
+        const tracker = this.performanceTrackers.get(operationId);
+        if (tracker) {
+            const duration = tracker.duration();
+            this.performanceTrackers.delete(operationId);
+            return Math.round(duration);
+        }
+        return 0;
+    }
+    // Quick action builders
+    get quick() {
+        return {
+            userLogin: (userId, additionalData) => ({
+                eventType: "LOGIN",
+                eventCategory: "USER_ACTION",
+                action: "user_login",
+                resource: "authentication",
+                resourceId: userId,
+                resourceType: "USER",
+                performedBy: userId,
+                performedByType: "USER",
+                riskLevel: "LOW",
+                complianceRelevant: true,
+                ...additionalData,
+            }),
+            userLogout: (userId, additionalData) => ({
+                eventType: "LOGOUT",
+                eventCategory: "USER_ACTION",
+                action: "user_logout",
+                resource: "authentication",
+                resourceId: userId,
+                resourceType: "USER",
+                performedBy: userId,
+                performedByType: "USER",
+                riskLevel: "NONE",
+                ...additionalData,
+            }),
+            dataAccess: (resource, resourceId, userId, additionalData) => ({
+                eventType: "ACCESS",
+                eventCategory: "DATA_ACTION",
+                action: "data_access",
+                resource,
+                resourceId,
+                performedBy: userId,
+                performedByType: "USER",
+                riskLevel: "LOW",
+                complianceRelevant: true,
+                ...additionalData,
+            }),
+            dataCreate: (resource, resourceId, userId, data, additionalData) => ({
+                eventType: "CREATE",
+                eventCategory: "DATA_ACTION",
+                action: "data_create",
+                resource,
+                resourceId,
+                performedBy: userId,
+                performedByType: "USER",
+                changes: data ? { after: data } : undefined,
+                riskLevel: "LOW",
+                ...additionalData,
+            }),
+            dataUpdate: (resource, resourceId, userId, changes, additionalData) => ({
+                eventType: "UPDATE",
+                eventCategory: "DATA_ACTION",
+                action: "data_update",
+                resource,
+                resourceId,
+                performedBy: userId,
+                performedByType: "USER",
+                changes: changes
+                    ? {
+                        before: changes?.before,
+                        after: changes?.after,
+                        fields: changes?.fields,
+                    }
+                    : undefined,
+                riskLevel: "MEDIUM",
+                ...additionalData,
+            }),
+            dataDelete: (resource, resourceId, userId, additionalData) => ({
+                eventType: "DELETE",
+                eventCategory: "DATA_ACTION",
+                action: "data_delete",
+                resource,
+                resourceId,
+                performedBy: userId,
+                performedByType: "USER",
+                riskLevel: "HIGH",
+                complianceRelevant: true,
+                ...additionalData,
+            }),
+            permissionChange: (targetUserId, changedBy, changes, additionalData) => ({
+                eventType: "PERMISSION_CHANGE",
+                eventCategory: "ADMIN_ACTION",
+                action: "permission_change",
+                resource: "user_permissions",
+                resourceId: targetUserId,
+                performedBy: changedBy,
+                performedByType: "ADMIN",
+                changes: changes
+                    ? {
+                        before: changes?.before,
+                        after: changes?.after,
+                        fields: changes?.fields,
+                    }
+                    : undefined,
+                riskLevel: "HIGH",
+                securityImpact: "MEDIUM",
+                ...additionalData,
+            }),
+            securityEvent: (eventType, description, severity, additionalData) => ({
+                eventType: "SECURITY_EVENT",
+                eventCategory: "SECURITY_ACTION",
+                action: eventType,
+                resource: "security",
+                resourceId: (0, cuid2_1.createId)(),
+                performedBy: "SYSTEM",
+                performedByType: "SYSTEM",
+                riskLevel: severity,
+                securityImpact: severity,
+                metadata: {
+                    severity,
+                    description,
+                    businessImpact: severity === "CRITICAL"
+                        ? "Service disruption possible"
+                        : "Monitoring required",
+                },
+                ...additionalData,
+            }),
+            complianceEvent: (framework, requirement, status, additionalData) => ({
+                eventType: "COMPLIANCE_ACTION",
+                eventCategory: "COMPLIANCE_ACTION",
+                action: "compliance_check",
+                resource: "compliance_requirement",
+                resourceId: `${framework}_${requirement}`,
+                performedBy: "SYSTEM",
+                performedByType: "SYSTEM",
+                complianceRelevant: true,
+                riskLevel: status === "NOT_MET" ? "HIGH" : "LOW",
+                metadata: {
+                    framework,
+                    requirement,
+                    status,
+                    businessImpact: status === "NOT_MET"
+                        ? "Compliance violation detected"
+                        : "Compliance maintained",
+                },
+                ...additionalData,
+            }),
+            systemAction: (action, resource, resourceId, additionalData) => ({
+                eventType: "SYSTEM_ACTION",
+                eventCategory: "SYSTEM_ACTION",
+                action,
+                resource,
+                resourceId,
+                performedBy: this.context.serviceName,
+                performedByType: "SYSTEM",
+                riskLevel: "NONE",
+                ...additionalData,
+            }),
+            storeAction: (storeId, action, resource, resourceId, userId, additionalData) => ({
+                eventType: "UPDATE",
+                eventCategory: userId ? "USER_ACTION" : "SYSTEM_ACTION",
+                action,
+                resource,
+                resourceId,
+                resourceType: "STORE",
+                performedBy: userId || this.context.serviceName,
+                performedByType: userId ? "USER" : "SYSTEM",
+                storeId,
+                riskLevel: "LOW",
+                ...additionalData,
+            }),
+        };
+    }
+    // Convenience methods for common audit events
+    async logUserLogin(userId, additionalData) {
+        return this.log(this.quick.userLogin(userId, additionalData));
+    }
+    async logUserLogout(userId, additionalData) {
+        return this.log(this.quick.userLogout(userId, additionalData));
+    }
+    async logDataAccess(resource, resourceId, userId, additionalData) {
+        return this.log(this.quick.dataAccess(resource, resourceId, userId, additionalData));
+    }
+    async logDataCreate(resource, resourceId, userId, data, additionalData) {
+        return this.log(this.quick.dataCreate(resource, resourceId, userId, data, additionalData));
+    }
+    async logDataUpdate(resource, resourceId, userId, changes, additionalData) {
+        return this.log(this.quick.dataUpdate(resource, resourceId, userId, changes, additionalData));
+    }
+    async logDataDelete(resource, resourceId, userId, additionalData) {
+        return this.log(this.quick.dataDelete(resource, resourceId, userId, additionalData));
+    }
+    async logSecurityEvent(eventType, description, severity, additionalData) {
+        return this.log(this.quick.securityEvent(eventType, description, severity, additionalData));
+    }
+    async logStoreAction(storeId, action, resource, resourceId, userId, additionalData) {
+        return this.log(this.quick.storeAction(storeId, action, resource, resourceId, userId, additionalData));
+    }
+    // Wrapper for async operations with automatic audit logging
+    async auditedOperation(operationName, operation, auditData) {
+        const trackingId = this.startPerformanceTracking();
+        const _startTime = Date.now();
+        try {
+            const result = await operation();
+            const duration = this.endPerformanceTracking(trackingId);
+            const _auditId = await this.log({
+                ...auditData,
+                action: operationName,
+                success: true,
+                duration,
+            });
+            return { result, auditId: _auditId, duration };
+        }
+        catch (error) {
+            const duration = this.endPerformanceTracking(trackingId);
+            const _auditId = await this.log({
+                ...auditData,
+                action: operationName,
+                success: false,
+                duration,
+                errorMessage: error instanceof Error ? error.message : "Unknown error",
+                stackTrace: error instanceof Error ? error.stack : undefined,
+                riskLevel: "MEDIUM",
+            });
+            throw error;
+        }
+    }
+    // Bulk logging for batch operations
+    async logBatch(entries) {
+        try {
+            const enrichedEntries = await Promise.all(entries.map((entry) => this.enrichEntry(entry)));
+            const auditIds = enrichedEntries.map(() => (0, cuid2_1.createId)());
+            // Add all to buffer
+            enrichedEntries.forEach((entry) => this.addToBuffer(entry));
+            // Local logging
+            if (this.config.enableLocalLogging) {
+                enrichedEntries.forEach((entry, index) => {
+                    this.logLocally(entry, auditIds[index]);
+                });
+            }
+            // Check if any critical events require immediate flush
+            const hasCriticalEvents = enrichedEntries.some((entry) => this.isCriticalEvent(entry));
+            if (hasCriticalEvents) {
+                await this.flush();
+            }
+            return auditIds;
+        }
+        catch (error) {
+            console.error("Failed to log batch audit events:", error);
+            throw error;
+        }
+    }
+    // Flush buffer manually
+    async flush() {
+        if (this.buffer.length === 0)
+            return;
+        try {
+            const entriesToFlush = this.buffer.splice(0);
+            if (this.config.enableRemoteLogging) {
+                await this.sendToAuditService(entriesToFlush);
+            }
+            console.log(`✅ Flushed ${entriesToFlush.length} audit log entries`);
+        }
+        catch (error) {
+            console.error("Failed to flush audit log buffer:", error);
+            // Re-add entries to buffer for retry
+            this.buffer.unshift(...this.buffer);
+            throw error;
+        }
+    }
+    // Private helper methods
+    async enrichEntry(entry) {
+        const baseEntry = {
+            eventType: entry.eventType || "SYSTEM_ACTION",
+            eventCategory: entry.eventCategory || "SYSTEM_ACTION",
+            action: entry.action || "unknown_action",
+            resource: entry.resource || "unknown_resource",
+            resourceId: entry.resourceId || (0, cuid2_1.createId)(),
+            performedBy: entry.performedBy || this.context.serviceName,
+            performedByType: entry.performedByType || "SYSTEM",
+            success: entry.success ?? true,
+            riskLevel: entry.riskLevel || "NONE",
+            securityImpact: entry.securityImpact || "NONE",
+            retentionPeriod: entry.retentionPeriod || this.config.defaultRetentionDays,
+            ...entry,
+        };
+        // Auto-enrichment from context
+        if (this.config.autoEnrichment) {
+            if (this.context.requestId && !baseEntry.requestId) {
+                baseEntry.requestId = this.context.requestId;
+            }
+            if (this.context.correlationId && !baseEntry.correlationId) {
+                baseEntry.correlationId = this.context.correlationId;
+            }
+            if (this.context.sessionId && !baseEntry.sessionId) {
+                baseEntry.sessionId = this.context.sessionId;
+            }
+            if (this.context.ipAddress && !baseEntry.ipAddress) {
+                baseEntry.ipAddress = this.context.ipAddress;
+            }
+            if (this.context.userAgent && !baseEntry.userAgent) {
+                baseEntry.userAgent = this.context.userAgent;
+            }
+            if (this.context.clientId && !baseEntry.clientId) {
+                baseEntry.clientId = this.context.clientId;
+            }
+            if (this.context.clientType && !baseEntry.clientType) {
+                baseEntry.clientType = this.context.clientType;
+            }
+            if (this.context.storeId && !baseEntry.storeId) {
+                baseEntry.storeId = this.context.storeId;
+            }
+            if (this.context.storeName && !baseEntry.storeName) {
+                baseEntry.storeName = this.context.storeName;
+            }
+            // Enrich metadata
+            if (!baseEntry.metadata) {
+                baseEntry.metadata = {};
+            }
+            baseEntry.metadata.environment = this.context.environment;
+            baseEntry.metadata.version = this.context.serviceVersion;
+            if (this.context.features?.length) {
+                baseEntry.metadata.tags = [
+                    ...(baseEntry.metadata.tags || []),
+                    ...this.context.features,
+                ];
+            }
+            if (this.context.tags?.length) {
+                baseEntry.metadata.tags = [
+                    ...(baseEntry.metadata.tags || []),
+                    ...this.context.tags,
+                ];
+            }
+            if (this.context.customMetadata) {
+                baseEntry.metadata.customFields = {
+                    ...baseEntry.metadata.customFields,
+                    ...this.context.customMetadata,
+                };
+            }
+        }
+        // Mask sensitive data if enabled
+        if (this.config.sensitiveFieldMasking) {
+            baseEntry.changes = this.maskSensitiveData(baseEntry.changes);
+            baseEntry.metadata = this.maskSensitiveData(baseEntry.metadata);
+        }
+        return baseEntry;
+    }
+    addToBuffer(entry) {
+        this.buffer.push(entry);
+        if (this.buffer.length >= (this.config.bufferSize || 100)) {
+            setImmediate(() => this.flush());
+        }
+    }
+    logLocally(entry, auditId) {
+        const logLevel = this.getLogLevel(entry);
+        const message = `AUDIT [${auditId}] ${entry.action} on ${entry.resource}:${entry.resourceId} by ${entry.performedBy}`;
+        switch (logLevel) {
+            case "error":
+                console.error(message, { auditEntry: entry });
+                break;
+            case "warn":
+                console.warn(message, { auditEntry: entry });
+                break;
+            default:
+                console.log(message, { auditEntry: entry });
+                break;
+        }
+    }
+    getLogLevel(entry) {
+        if (!entry.success ||
+            entry.riskLevel === "CRITICAL" ||
+            entry.securityImpact === "CRITICAL") {
+            return "error";
+        }
+        if (entry.riskLevel === "HIGH" || entry.securityImpact === "HIGH") {
+            return "warn";
+        }
+        return "info";
+    }
+    isCriticalEvent(entry) {
+        return (entry.riskLevel === "CRITICAL" ||
+            entry.securityImpact === "CRITICAL" ||
+            entry.eventCategory === "SECURITY_ACTION" ||
+            (entry.success === false && entry.eventType === "LOGIN"));
+    }
+    async sendToAuditService(entries) {
+        if (!this.config.auditServiceUrl)
+            return;
+        try {
+            const response = await fetch(`${this.config.auditServiceUrl}/audit/bulk`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    ...(this.config.auditServiceApiKey && {
+                        Authorization: `Bearer ${this.config.auditServiceApiKey}`,
+                    }),
+                },
+                body: JSON.stringify({ entries }),
+            });
+            if (!response.ok) {
+                throw new Error(`Audit service responded with status: ${response.status}`);
+            }
+        }
+        catch (error) {
+            console.error("Failed to send audit logs to audit service:", error);
+            throw error;
+        }
+    }
+    maskSensitiveData(data) {
+        if (!data || typeof data !== "object") {
+            return data;
+        }
+        const sensitiveKeys = [
+            "password",
+            "token",
+            "secret",
+            "key",
+            "ssn",
+            "credit",
+            "card",
+            "bank",
+            "account",
+        ];
+        const masked = { ...data };
+        Object.keys(masked).forEach((key) => {
+            const lowerKey = key.toLowerCase();
+            if (sensitiveKeys.some((sensitive) => lowerKey.includes(sensitive))) {
+                masked[key] = "[MASKED]";
+            }
+            else if (typeof masked[key] === "object" && masked[key] !== null) {
+                masked[key] = this.maskSensitiveData(masked[key]);
+            }
+        });
+        return masked;
+    }
+    setupAutoFlush() {
+        if (this.config.flushInterval && this.config.flushInterval > 0) {
+            this.flushTimer = setInterval(() => {
+                if (this.buffer.length > 0) {
+                    this.flush().catch((error) => {
+                        console.error("Auto-flush failed:", error);
+                    });
+                }
+            }, this.config.flushInterval);
+        }
+    }
+    // Cleanup
+    async shutdown() {
+        try {
+            if (this.flushTimer) {
+                clearInterval(this.flushTimer);
+                this.flushTimer = null;
+            }
+            // Flush any remaining entries
+            if (this.buffer.length > 0) {
+                await this.flush();
+            }
+            console.log("✅ Audit Logger shutdown complete");
+        }
+        catch (error) {
+            console.error("❌ Error during audit logger shutdown:", error);
+        }
+    }
+}
+exports.AuditLogger = AuditLogger;
+// Factory function for creating audit logger instances
+function createAuditLogger(config, initialContext) {
+    return new AuditLogger(config, initialContext);
+}
+// Middleware factory for Express/Fastify request context
+function createAuditMiddleware(logger) {
+    return (req, _res, next) => {
+        const requestId = req.headers?.["x-request-id"] || (0, cuid2_1.createId)();
+        const correlationId = req.headers?.["x-correlation-id"];
+        const sessionId = req.headers?.["x-session-id"] || req.session?.id;
+        // Update audit context for this request
+        logger.updateContext({
+            requestId,
+            correlationId,
+            sessionId,
+            ipAddress: req.ip || req.connection?.remoteAddress,
+            userAgent: req.headers?.["user-agent"],
+            userId: req.user?.id,
+            userType: req.user?.type,
+            clientId: req.headers?.["x-client-id"],
+            clientType: req.headers?.["x-client-type"],
+        });
+        // Attach audit logger to request for easy access
+        req.audit = logger;
+        next();
+    };
+}
+// Export convenience functions
+async function logAuditEvent(serviceName, entry, context) {
+    const logger = createAuditLogger({ serviceName }, context);
+    return logger.log(entry);
+}
+async function logStoreAuditEvent(serviceName, storeId, action, resource, resourceId, userId, additionalData) {
+    const logger = createAuditLogger({ serviceName }, { storeId });
+    return logger.logStoreAction(storeId, action, resource, resourceId, userId, additionalData);
+}
+// Default audit logger instance (can be configured once and reused)
+let defaultLogger = null;
+function setDefaultAuditLogger(logger) {
+    defaultLogger = logger;
+}
+function getDefaultAuditLogger() {
+    if (!defaultLogger) {
+        throw new Error("Default audit logger not configured. Call setDefaultAuditLogger() first.");
+    }
+    return defaultLogger;
+}
+// Quick logging functions using default logger
+async function quickLog(entry) {
+    return getDefaultAuditLogger().log(entry);
+}
+async function quickLogUserAction(action, resource, resourceId, userId, additionalData) {
+    return getDefaultAuditLogger().log({
+        eventType: "UPDATE",
+        eventCategory: "USER_ACTION",
+        action,
+        resource,
+        resourceId,
+        performedBy: userId,
+        performedByType: "USER",
+        ...additionalData,
+    });
+}
+async function quickLogSystemAction(action, resource, resourceId, additionalData) {
+    return getDefaultAuditLogger().log({
+        eventType: "SYSTEM_ACTION",
+        eventCategory: "SYSTEM_ACTION",
+        action,
+        resource,
+        resourceId,
+        performedBy: "SYSTEM",
+        performedByType: "SYSTEM",
+        ...additionalData,
+    });
+}

package/dist/lib/authOrganization.d.ts

@@ -0,0 +1,24 @@
+export interface AuthOrganizationCreateRequest {
+    name: string;
+    slug: string;
+    logo?: string;
+    metadata?: Record<string, unknown>;
+    userId?: string;
+    keepCurrentActiveOrganization?: boolean;
+}
+export interface AuthOrganizationResponse {
+    id: string;
+    name: string;
+    slug: string;
+    logo?: string;
+    metadata?: Record<string, unknown>;
+    createdAt: Date;
+    updatedAt?: Date;
+}
+/**
+ * Creates an organization using the auth service
+ * @param organizationData Organization data to create
+ * @param headers Authentication headers to forward
+ * @returns Promise resolving to created organization data
+ */
+export declare const createAuthOrganization: (organizationData: AuthOrganizationCreateRequest, headers?: Record<string, string>) => Promise<AuthOrganizationResponse>;