import {logger} from './logger.js';
export function auditOauthStarted(data: {clientId: string; redirectUri: string}): void {
logger.info({audit: true, event: 'oauth_started', ...data});
}
export function auditOauthSuccess(data: {userId: string}): void {
logger.info({audit: true, event: 'oauth_success', ...data});
}
export function auditOauthFailure(data: {reason: string}): void {
logger.warn({audit: true, event: 'oauth_failure', ...data});
}
export function auditTokenExchangeSuccess(data: {clientId: string}): void {
logger.info({audit: true, event: 'token_exchange_success', ...data});
}
export function auditTokenExchangeFailure(data: {reason: string; clientId?: string}): void {
logger.warn({audit: true, event: 'token_exchange_failure', ...data});
}
export function auditTokenRevoked(data: {userId: string}): void {
logger.info({audit: true, event: 'token_revoked', ...data});
}
export function auditAccessDenied(data: {reason: string; path?: string; userId?: string; error?: string}): void {
logger.warn({audit: true, event: 'access_denied', ...data});
}
export function maskToken(token: string): string {
if (token.length <= 8) {
return '***';
}
return `${token.slice(0, 4)}...${token.slice(-4)}`;
}
export function maskEmail(email: string): string {
const atIndex = email.indexOf('@');
if (atIndex <= 1) {
return '***@' + email.slice(atIndex + 1);
}
return `${email[0]}***@${email.slice(atIndex + 1)}`;
}
