Fix jwt-token

2025-09-23 15:06:54 +02:00
parent e3816b056e
commit f40d0d9b89
4 changed files with 300 additions and 12 deletions
--- a/server/utils/dataRetentionAuditLogger.js
+++ b/server/utils/dataRetentionAuditLogger.js
@@ -0,0 +1,107 @@
+/**
+ * Security Audit Logger for Data Retention Access
+ * Logs all access attempts to data retention metrics
+ */
+
+const fs = require('fs').promises;
+const path = require('path');
+
+class DataRetentionAuditLogger {
+  constructor() {
+    this.logDir = process.env.SECURITY_LOG_DIR || './logs';
+    this.logFile = path.join(this.logDir, 'data_retention_access.log');
+  }
+
+  async ensureLogDir() {
+    try {
+      await fs.mkdir(this.logDir, { recursive: true });
+    } catch (error) {
+      console.error('Failed to create security log directory:', error);
+    }
+  }
+
+  async logAccess(event) {
+    try {
+      await this.ensureLogDir();
+      
+      const logEntry = {
+        timestamp: new Date().toISOString(),
+        event: event.type,
+        user: {
+          id: event.user?.id,
+          username: event.user?.username,
+          role: event.user?.role
+        },
+        request: {
+          ip: event.ip,
+          userAgent: event.userAgent,
+          endpoint: event.endpoint,
+          method: event.method
+        },
+        result: event.result,
+        error: event.error
+      };
+
+      const logLine = JSON.stringify(logEntry) + '\n';
+      await fs.appendFile(this.logFile, logLine, 'utf8');
+      
+    } catch (error) {
+      console.error('Failed to write security log:', error);
+    }
+  }
+
+  // Log successful access
+  async logSuccess(user, req, endpoint) {
+    await this.logAccess({
+      type: 'DATA_RETENTION_ACCESS_SUCCESS',
+      user,
+      ip: req.ip,
+      userAgent: req.headers['user-agent'],
+      endpoint,
+      method: req.method,
+      result: 'success'
+    });
+  }
+
+  // Log authentication failure
+  async logAuthFailure(req, endpoint, reason) {
+    await this.logAccess({
+      type: 'DATA_RETENTION_ACCESS_AUTH_FAILED',
+      ip: req.ip,
+      userAgent: req.headers['user-agent'],
+      endpoint,
+      method: req.method,
+      result: 'auth_failed',
+      error: reason
+    });
+  }
+
+  // Log permission denied
+  async logPermissionDenied(user, req, endpoint, reason) {
+    await this.logAccess({
+      type: 'DATA_RETENTION_ACCESS_PERMISSION_DENIED',
+      user,
+      ip: req.ip,
+      userAgent: req.headers['user-agent'],
+      endpoint,
+      method: req.method,
+      result: 'permission_denied',
+      error: reason
+    });
+  }
+
+  // Log network access denied
+  async logNetworkDenied(req, endpoint) {
+    await this.logAccess({
+      type: 'DATA_RETENTION_ACCESS_NETWORK_DENIED',
+      ip: req.ip,
+      userAgent: req.headers['user-agent'],
+      endpoint,
+      method: req.method,
+      result: 'network_denied',
+      error: 'Access from unauthorized network'
+    });
+  }
+}
+
+module.exports = new DataRetentionAuditLogger();