monorepo/cloud/maplepress-backend/internal/domain/securityevent/entity.go

// File Path: monorepo/cloud/maplepress-backend/internal/domain/securityevent/entity.go
package securityevent

import (
	"time"
)

// EventType represents the type of security event
type EventType string

const (
	// Account lockout events
	EventTypeAccountLocked   EventType = "account_locked"
	EventTypeAccountUnlocked EventType = "account_unlocked"

	// Failed login events
	EventTypeFailedLogin          EventType = "failed_login"
	EventTypeExcessiveFailedLogin EventType = "excessive_failed_login"

	// Successful events
	EventTypeSuccessfulLogin EventType = "successful_login"

	// Rate limiting events
	EventTypeIPRateLimitExceeded EventType = "ip_rate_limit_exceeded"
)

// Severity represents the severity level of the security event
type Severity string

const (
	SeverityLow      Severity = "low"
	SeverityMedium   Severity = "medium"
	SeverityHigh     Severity = "high"
	SeverityCritical Severity = "critical"
)

// SecurityEvent represents a security-related event in the system
// CWE-778: Insufficient Logging - Security events must be logged for audit
type SecurityEvent struct {
	// Unique identifier for the event
	ID string `json:"id"`

	// Type of security event
	EventType EventType `json:"event_type"`

	// Severity level
	Severity Severity `json:"severity"`

	// User email (hashed for privacy)
	EmailHash string `json:"email_hash"`

	// Client IP address
	ClientIP string `json:"client_ip"`

	// User agent
	UserAgent string `json:"user_agent,omitempty"`

	// Additional metadata as key-value pairs
	Metadata map[string]interface{} `json:"metadata,omitempty"`

	// Timestamp when the event occurred
	Timestamp time.Time `json:"timestamp"`

	// Message describing the event
	Message string `json:"message"`
}

// NewSecurityEvent creates a new security event
func NewSecurityEvent(
	eventType EventType,
	severity Severity,
	emailHash string,
	clientIP string,
	message string,
) *SecurityEvent {
	return &SecurityEvent{
		ID:        generateEventID(),
		EventType: eventType,
		Severity:  severity,
		EmailHash: emailHash,
		ClientIP:  clientIP,
		Metadata:  make(map[string]interface{}),
		Timestamp: time.Now().UTC(),
		Message:   message,
	}
}

// WithMetadata adds metadata to the security event
func (e *SecurityEvent) WithMetadata(key string, value interface{}) *SecurityEvent {
	e.Metadata[key] = value
	return e
}

// WithUserAgent sets the user agent
func (e *SecurityEvent) WithUserAgent(userAgent string) *SecurityEvent {
	e.UserAgent = userAgent
	return e
}

// generateEventID generates a unique event ID
func generateEventID() string {
	// Simple timestamp-based ID (can be replaced with UUID if needed)
	return time.Now().UTC().Format("20060102150405.000000")
}