src/utils/securityAudit.js

import { AuditLog } from "../models/AuditLog.js";
import { extractFeature } from "../security/featureExtractor.js";
import { isAnomaly } from "../security/anomalyEngine.js";
import { emitAdminAlert } from "../ws/adminWs.js";

export async function securityAudit(req, payload) {
  const log = await AuditLog.create({
    ...payload,
    userId: req.user?.id,
    ip: req.ip,
    userAgent: req.headers["user-agent"],
  });

  const value = await extractFeature(log);

  if (isAnomaly(value)) {
    log.isAnomaly = true;
    await log.save();

    emitAdminAlert({
      type: "ANOMALY",
      ip: log.ip,
      value,
    });
  }
}