import { v4 as uuidv4 } from 'uuid'
import { db } from '../config/secureDatabase'
import { logger } from '../utils/logger'
import type { Request } from 'express'

export function logSecurityAudit(
  action: 'create' | 'read' | 'update' | 'delete' | 'login' | 'logout' | 'failed_login',
  entityType: string,
  entityId: string,
  userId: string,
  req: Request,
  riskLevel: 'low' | 'medium' | 'high' | 'critical' = 'low'
) {
  try {
    db.prepare(`
      INSERT INTO security_audit_log (
        id, entity_type, entity_id, action, user_id,
        timestamp, ip_address, user_agent, risk_level
      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
    `).run(
      uuidv4(),
      entityType,
      entityId,
      action,
      userId,
      new Date().toISOString(),
      (req as any).ip || (req as any).connection?.remoteAddress,
      req.get('user-agent'),
      riskLevel
    )
  } catch (error) {
    logger.error('Failed to log security audit:', error)
  }
}