Problem statement
Refresh-token failures are being logged through serviceTokenInvalid, and suspicious request events use both request_suspicious and misspelled request_suspicous while the typed event enum doesn’t include either.
see files:
- src/controllers/authentication.ts (line 277)
- src/middleware/verifyCookieAuth.ts (line 131)
- src/app.ts (line 40)
- src/services/authEventService.ts (line 135)
- src/schemas/authEvent.types.ts (line 1)
Proposed solution
One canonical event taxonomy, corrected writers, updated anomaly queries, and tests.
I also think have the event service just export functions for each case would be better too, but lets start with this.
Alternatives considered
No response
Impact area
Security
Problem statement
Refresh-token failures are being logged through serviceTokenInvalid, and suspicious request events use both request_suspicious and misspelled request_suspicous while the typed event enum doesn’t include either.
see files:
Proposed solution
One canonical event taxonomy, corrected writers, updated anomaly queries, and tests.
I also think have the event service just export functions for each case would be better too, but lets start with this.
Alternatives considered
No response
Impact area
Security