feat(audit): wider coverage — sensitive views, cron, jobs, portal abuse
Builds on the audit infra split (severity/source) by emitting events
from every place a security or operations review would want to see:
Sensitive data views (severity=warning):
- GDPR export download URL issued
- Audit log page opened (watch-the-watchers; first page only)
- CSV export of expenses
- Webhook secret regenerated
Authentication abuse (severity=warning, source=auth):
- Portal sign-in: success + failed-credentials + portal-disabled
- Portal password reset: unknown email + portal-disabled + bad token
- Portal activation: bad/expired token
Inbound webhook hardening:
- Documenso webhook with invalid X-Documenso-Secret now writes
webhook_failed instead of being silently logged
Background work (source=cron / job):
- New attachWorkerAudit() helper wires every BullMQ worker to emit
job_failed (severity=error) on .on('failed') and cron_run on
.on('completed') for any job whose name matches the recurring
scheduler list. Applied across all 10 workers.
1175/1175 vitest passing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
@@ -218,6 +218,7 @@ export async function regenerateSecret(portId: string, webhookId: string, meta:
|
||||
metadata: { type: 'secret_regenerated' },
|
||||
ipAddress: meta.ipAddress,
|
||||
userAgent: meta.userAgent,
|
||||
severity: 'warning',
|
||||
});
|
||||
|
||||
// Return new plaintext secret - shown ONCE
|
||||
|
||||
Reference in New Issue
Block a user