kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 13:32:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2301725a3c93f64559e53065b0fcd08190c9cc5
livedash-node/lib/services/EnhancedSecurityService.ts
Kaj Kowalski e2301725a3 feat: complete development environment setup and code quality improvements 
- Set up pre-commit hooks with husky and lint-staged for automated code quality
- Improved TypeScript type safety by replacing 'any' types with proper generics
- Fixed markdown linting violations (MD030 spacing) across all documentation
- Fixed compound adjective hyphenation in technical documentation
- Fixed invalid JSON union syntax in API documentation examples
- Automated code formatting and linting on commit
- Enhanced error handling with better type constraints
- Configured biome and markdownlint for consistent code style
- All changes verified with successful production build
2025-07-13 14:44:05 +02:00

480 lines
13 KiB
TypeScript
Raw Blame History

/**
* Enhanced Security Service Example
*
* Demonstrates how to integrate performance optimization systems
* into existing services using decorators and integration utilities.
*/
import {
Cached,
Deduplicated,
Monitored,
PerformanceEnhanced,
PerformanceOptimized,
} from "../performance/integration";
import { AuditOutcome, AuditSeverity } from "../securityAuditLogger";
import { AlertChannel, type MonitoringConfig } from "../securityMonitoring";
import type { Alert, SecurityEvent } from "../types/security";
import { ThreatLevel } from "../types/security";
import { AlertManagementService } from "./AlertManagementService";
import { SecurityEventProcessor } from "./SecurityEventProcessor";
import { ThreatDetectionService } from "./ThreatDetectionService";
/**
* Configuration for enhanced security service
*/
export interface EnhancedSecurityConfig {
cacheEnabled: boolean;
deduplicationEnabled: boolean;
monitoringEnabled: boolean;
threatCacheTtl: number;
alertCacheTtl: number;
}
/**
* Enhanced Security Service with integrated performance optimizations
*/
// @PerformanceEnhanced({
// cache: {
// enabled: true,
// cacheName: "security-cache",
// ttl: 10 * 60 * 1000, // 10 minutes
// },
// deduplication: {
// enabled: true,
// deduplicatorName: "security",
// ttl: 5 * 60 * 1000, // 5 minutes
// },
// monitoring: {
// enabled: true,
// recordRequests: true,
// },
// })
export class EnhancedSecurityService {
private eventProcessor: SecurityEventProcessor;
private threatDetection: ThreatDetectionService;
private alertManager: AlertManagementService;
private config: EnhancedSecurityConfig;
constructor(config: Partial<EnhancedSecurityConfig> = {}) {
this.config = {
cacheEnabled: true,
deduplicationEnabled: true,
monitoringEnabled: true,
threatCacheTtl: 15 * 60 * 1000, // 15 minutes
alertCacheTtl: 5 * 60 * 1000, // 5 minutes
...config,
};
// Create a default monitoring config for the services
const defaultMonitoringConfig: MonitoringConfig = {
thresholds: {
failedLoginsPerMinute: 5,
failedLoginsPerHour: 10,
rateLimitViolationsPerMinute: 50,
cspViolationsPerMinute: 10,
adminActionsPerHour: 20,
massDataAccessThreshold: 1000,
suspiciousIPThreshold: 5,
},
alerting: {
enabled: true,
channels: [AlertChannel.EMAIL, AlertChannel.WEBHOOK],
suppressDuplicateMinutes: 5,
escalationTimeoutMinutes: 30,
},
retention: {
alertRetentionDays: 30,
metricsRetentionDays: 90,
},
};
this.eventProcessor = new SecurityEventProcessor();
this.threatDetection = new ThreatDetectionService(defaultMonitoringConfig);
this.alertManager = new AlertManagementService(defaultMonitoringConfig);
}
/**
* Process security event with caching and deduplication
*/
// @PerformanceOptimized({
// cache: { enabled: true, ttl: 2 * 60 * 1000 }, // 2 minutes
// deduplication: { enabled: true, ttl: 1 * 60 * 1000 }, // 1 minute
// monitoring: { enabled: true },
// })
async processSecurityEvent(event: SecurityEvent): Promise<{
processed: boolean;
threatLevel: ThreatLevel;
alertsTriggered: Alert[];
performanceMetrics: {
processingTime: number;
cacheHit: boolean;
threatAnalysisTime: number;
};
}> {
const startTime = performance.now();
// Process the event by adding it to the buffer
this.eventProcessor.addEvent(
event.type as any, // Cast to SecurityEventType
AuditOutcome.SUCCESS, // Default outcome
{ metadata: event.metadata },
AuditSeverity.INFO
);
// Analyze threat with caching
const threatLevel = await this.analyzeThreatWithCache(event);
// Generate alerts if needed
const alertsTriggered = await this.generateAlertsIfNeeded(
event,
threatLevel
);
const processingTime = performance.now() - startTime;
return {
processed: true, // Event was successfully added to buffer
threatLevel,
alertsTriggered,
performanceMetrics: {
processingTime,
cacheHit: false, // Will be set by caching layer
threatAnalysisTime: processingTime * 0.6, // Estimated
},
};
}
/**
* Analyze threat level with advanced caching
*/
// @Cached("threat-analysis", 15 * 60 * 1000) // 15 minute cache
// @Deduplicated("threat-analysis", 5 * 60 * 1000) // 5 minute deduplication
// @Monitored("threat-analysis")
private async analyzeThreatWithCache(
event: SecurityEvent
): Promise<ThreatLevel> {
// Convert SecurityEvent to the format expected by ThreatDetectionService
const result = await this.threatDetection.detectImmediateThreats(
event.type as any, // Cast to SecurityEventType
AuditOutcome.SUCCESS,
{ metadata: event.metadata }, // Cast to AuditLogContext
event.metadata
);
// Return threat level based on detected threats
if (result.threats.length === 0) {
return ThreatLevel.LOW;
}
// Find the highest severity threat
const highestSeverity = result.threats.reduce((max, threat) => {
const severityOrder = { LOW: 1, MEDIUM: 2, HIGH: 3, CRITICAL: 4 };
const current =
severityOrder[threat.severity as keyof typeof severityOrder] || 1;
const maxVal = severityOrder[max as keyof typeof severityOrder] || 1;
return current > maxVal ? threat.severity : max;
}, "LOW" as any);
// Map AlertSeverity to ThreatLevel
switch (highestSeverity) {
case "CRITICAL":
return ThreatLevel.CRITICAL;
case "HIGH":
return ThreatLevel.HIGH;
case "MEDIUM":
return ThreatLevel.MEDIUM;
default:
return ThreatLevel.LOW;
}
}
/**
* Generate alerts with intelligent caching
*/
// @PerformanceOptimized({
// cache: {
// enabled: true,
// ttl: 5 * 60 * 1000,
// keyGenerator: (event: SecurityEvent, threatLevel: ThreatLevel) =>
// `alerts:${event.type}:${event.severity}:${threatLevel}`,
// },
// monitoring: { enabled: true },
// })
private async generateAlertsIfNeeded(
event: SecurityEvent,
threatLevel: ThreatLevel
): Promise<Alert[]> {
if (threatLevel === ThreatLevel.LOW) {
return [];
}
// Generate alerts based on threat level and event
// For now, return empty array as this is a mock implementation
// In a real implementation, you would create appropriate alerts
return [];
}
/**
* Get security metrics with heavy caching
*/
// @Cached("security-metrics", 5 * 60 * 1000) // 5 minute cache
// @Monitored("security-metrics")
async getSecurityMetrics(timeRange: { start: Date; end: Date }): Promise<{
totalEvents: number;
threatDistribution: Record<ThreatLevel, number>;
alertCounts: Record<string, number>;
performanceStats: {
avgProcessingTime: number;
cacheHitRate: number;
deduplicationRate: number;
};
}> {
// This would typically involve expensive database queries
const events = await this.getSecurityEvents(timeRange);
const metrics = {
totalEvents: events.length,
threatDistribution: this.calculateThreatDistribution(events),
alertCounts: await this.getAlertCounts(timeRange),
performanceStats: {
avgProcessingTime: 150, // ms
cacheHitRate: 0.75,
deduplicationRate: 0.45,
},
};
return metrics;
}
/**
* Bulk process events with intelligent batching and caching
*/
// @PerformanceOptimized({
// deduplication: {
// enabled: true,
// ttl: 2 * 60 * 1000,
// keyGenerator: (events: SecurityEvent[]) =>
// `bulk:${events.length}:${events
// .map((e) => e.id)
// .sort()
// .join(",")
// .substring(0, 50)}`,
// },
// monitoring: { enabled: true },
// })
async bulkProcessEvents(events: SecurityEvent[]): Promise<{
results: Array<{
eventId: string;
processed: boolean;
threatLevel: ThreatLevel;
processingTime: number;
}>;
summary: {
totalProcessed: number;
avgProcessingTime: number;
threatLevelCounts: Record<ThreatLevel, number>;
};
}> {
const startTime = performance.now();
const results: Array<{
eventId: string;
processed: boolean;
threatLevel: ThreatLevel;
processingTime: number;
}> = [];
const threatLevelCounts: Record<ThreatLevel, number> = {
[ThreatLevel.LOW]: 0,
[ThreatLevel.MEDIUM]: 0,
[ThreatLevel.HIGH]: 0,
[ThreatLevel.CRITICAL]: 0,
};
// Process events in batches for better performance
const batchSize = 10;
for (let i = 0; i < events.length; i += batchSize) {
const batch = events.slice(i, i + batchSize);
const batchResults = await this.processBatch(batch);
results.push(...batchResults);
// Update counts
batchResults.forEach((result) => {
threatLevelCounts[result.threatLevel]++;
});
}
const totalTime = performance.now() - startTime;
return {
results,
summary: {
totalProcessed: results.length,
avgProcessingTime: totalTime / results.length,
threatLevelCounts,
},
};
}
/**
* Get real-time security status with aggressive caching
*/
// @Cached("security-status", 30 * 1000) // 30 second cache for real-time data
// @Monitored("security-status")
async getSecurityStatus(): Promise<{
status: "SECURE" | "WARNING" | "CRITICAL";
activeThreats: number;
recentAlerts: Alert[];
systemHealth: {
eventProcessingRate: number;
avgResponseTime: number;
errorRate: number;
};
}> {
const [activeThreats, recentAlerts, systemHealth] = await Promise.all([
this.getActiveThreatsCount(),
this.getRecentAlerts(10),
this.getSystemHealthMetrics(),
]);
const status =
activeThreats > 5 ? "CRITICAL" : activeThreats > 2 ? "WARNING" : "SECURE";
return {
status,
activeThreats,
recentAlerts,
systemHealth,
};
}
/**
* Search security events with intelligent caching based on query patterns
*/
// @PerformanceOptimized({
// cache: {
// enabled: true,
// ttl: 10 * 60 * 1000, // 10 minutes
// keyGenerator: (query: Record<string, unknown>) => `search:${JSON.stringify(query)}`,
// },
// deduplication: {
// enabled: true,
// ttl: 5 * 60 * 1000,
// },
// })
async searchSecurityEvents(query: {
eventType?: string;
severity?: string;
timeRange?: { start: Date; end: Date };
ipAddress?: string;
limit?: number;
}): Promise<{
events: SecurityEvent[];
total: number;
aggregations: {
byType: Record<string, number>;
bySeverity: Record<string, number>;
byHour: Record<string, number>;
};
}> {
// This represents an expensive search operation
const events = await this.performSearch(query);
const aggregations = this.calculateAggregations(events);
return {
events: events.slice(0, query.limit || 100),
total: events.length,
aggregations,
};
}
// Private helper methods (would be implemented based on actual data access)
private async getSecurityEvents(timeRange: {
start: Date;
end: Date;
}): Promise<SecurityEvent[]> {
// Mock implementation
return [];
}
private calculateThreatDistribution(
events: SecurityEvent[]
): Record<ThreatLevel, number> {
return {
[ThreatLevel.LOW]: 0,
[ThreatLevel.MEDIUM]: 0,
[ThreatLevel.HIGH]: 0,
[ThreatLevel.CRITICAL]: 0,
};
}
private async getAlertCounts(timeRange: {
start: Date;
end: Date;
}): Promise<Record<string, number>> {
return {};
}
private async processBatch(events: SecurityEvent[]): Promise<
Array<{
eventId: string;
processed: boolean;
threatLevel: ThreatLevel;
processingTime: number;
}>
> {
return events.map((event) => ({
eventId: event.id,
processed: true,
threatLevel: ThreatLevel.LOW,
processingTime: Math.random() * 100 + 50,
}));
}
private async getActiveThreatsCount(): Promise<number> {
return Math.floor(Math.random() * 10);
}
private async getRecentAlerts(limit: number): Promise<Alert[]> {
return [];
}
private async getSystemHealthMetrics() {
return {
eventProcessingRate: 150,
avgResponseTime: 75,
errorRate: 0.02,
};
}
private async performSearch(
query: Record<string, unknown>
): Promise<SecurityEvent[]> {
// Mock search implementation
return [];
}
private calculateAggregations(events: SecurityEvent[]) {
return {
byType: {},
bySeverity: {},
byHour: {},
};
}
}
// Example usage and factory function
export function createEnhancedSecurityService(
config?: Partial<EnhancedSecurityConfig>
) {
return new EnhancedSecurityService(config);
}
// Export a default enhanced instance
export const securityService = createEnhancedSecurityService({
cacheEnabled: true,
deduplicationEnabled: true,
monitoringEnabled: true,
threatCacheTtl: 15 * 60 * 1000,
alertCacheTtl: 5 * 60 * 1000,
});
Reference in New Issue View Git Blame Copy Permalink