|
|
f667792ba7
|
fix: complete audit logging integration based on audit review
Fixes identified gaps from the monitoring & alerting audit:
1. Auth Events Integration:
- Add auditAuthEvents.ts hook for login/logout tracking
- Integrate afterLogin and afterLogout hooks in Users collection
- Log successful logins, logouts, and password reset requests
2. Rate-Limit Logging:
- Add logRateLimit calls to /api/send-email endpoint
- Log when users exceed rate limits
3. Access-Denied Logging:
- Add logAccessDenied calls to all protected endpoints:
- /api/send-email
- /api/email-logs/export
- /api/email-logs/stats
4. Tenant Delete Sanitizing Fix:
- Extract sanitizeTenantDoc as reusable function
- Apply sanitization to auditTenantAfterDelete hook
- SMTP passwords are now properly masked in delete audit logs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-12-07 21:24:28 +00:00 |
|
|
|
6bbbea52fc
|
feat: implement monitoring & alerting system
- Add AuditLogs collection for tracking critical system actions
- User changes (create, update, delete)
- Tenant changes with sensitive data masking
- Login events tracking
- Add Alert Service with multi-channel support
- Email, Slack, Discord, Console channels
- Configurable alert levels (info, warning, error, critical)
- Environment-based configuration
- Add Email failure alerting
- Automatic alerts on repeated failed emails
- Per-tenant failure counting with hourly reset
- Add Email-Logs API endpoints
- GET /api/email-logs/export (CSV/JSON export)
- GET /api/email-logs/stats (statistics with filters)
- Add audit hooks for Users and Tenants collections
- Update TODO.md with completed monitoring tasks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-12-07 20:58:20 +00:00 |
|
