fix: address multiple PR review issues

- Fixed accessibility in audit logs with keyboard navigation and ARIA attributes - Refactored ThreatAnalysisResults interface to module level for reusability - Added BatchOperation enum validation and proper CSV escaping in batch monitoring - Removed unused company state causing skeleton view in dashboard overview - Enhanced error handling with user-facing messages for metrics loading - Replaced hardcoded timeouts with condition-based waits in E2E tests - Removed duplicate state management in security monitoring hooks - Fixed CSRF documentation to show proper secret fallback pattern - Updated CSP metrics docs with GDPR Article 6(1)(f) legal basis clarification - Fixed React hooks order to prevent conditional execution after early returns - Added explicit button type to prevent form submission behavior
2026-01-16 13:12:10 +01:00 · 2025-07-14 00:24:10 +02:00
parent bba79d509b
commit ef1f0769c2
9 changed files with 221 additions and 77 deletions
--- a/app/api/admin/security-monitoring/threat-analysis/route.ts
+++ b/app/api/admin/security-monitoring/threat-analysis/route.ts
@ -14,6 +14,31 @@ import {
  type ThreatLevel,
 } from "@/lib/securityMonitoring";

+interface ThreatAnalysisResults {
+  ipThreatAnalysis?: {
+    ipAddress: string;
+    threatLevel: ThreatLevel;
+    isBlacklisted: boolean;
+    riskFactors: string[];
+    recommendations: string[];
+  };
+  timeRangeAnalysis?: {
+    timeRange: { start: Date; end: Date };
+    securityScore: number;
+    threatLevel: string;
+    topThreats: Array<{ type: AlertType; count: number }>;
+    geoDistribution: Record<string, number>;
+    riskUsers: Array<{ userId: string; email: string; riskScore: number }>;
+  };
+  overallThreatLandscape?: {
+    currentThreatLevel: string;
+    securityScore: number;
+    activeAlerts: number;
+    criticalEvents: number;
+    recommendations: string[];
+  };
+}
+
 const threatAnalysisSchema = z.object({
  ipAddress: z.string().optional(),
  userId: z.string().uuid().optional(),
@ -37,31 +62,6 @@ export async function POST(request: NextRequest) {
    const analysis = threatAnalysisSchema.parse(body);
    const context = await createAuditContext(request, session);

-    interface ThreatAnalysisResults {
-      ipThreatAnalysis?: {
-        ipAddress: string;
-        threatLevel: ThreatLevel;
-        isBlacklisted: boolean;
-        riskFactors: string[];
-        recommendations: string[];
-      };
-      timeRangeAnalysis?: {
-        timeRange: { start: Date; end: Date };
-        securityScore: number;
-        threatLevel: string;
-        topThreats: Array<{ type: AlertType; count: number }>;
-        geoDistribution: Record<string, number>;
-        riskUsers: Array<{ userId: string; email: string; riskScore: number }>;
-      };
-      overallThreatLandscape?: {
-        currentThreatLevel: string;
-        securityScore: number;
-        activeAlerts: number;
-        criticalEvents: number;
-        recommendations: string[];
-      };
-    }
-
    const results: ThreatAnalysisResults = {};

    // IP threat analysis