/**
 * Federation Audit Service
 *
 * Logs security-sensitive operations for compliance and monitoring.
 * Uses application logger since ActivityLog requires workspace context.
 */

import { Injectable, Logger } from "@nestjs/common";

@Injectable()
export class FederationAuditService {
  private readonly logger = new Logger(FederationAuditService.name);

  /**
   * Log instance keypair regeneration (system-level operation)
   * Logged to application logs for security audit trail
   */
  logKeypairRegeneration(userId: string, instanceId: string): void {
    this.logger.warn({
      event: "FEDERATION_KEYPAIR_REGENERATED",
      userId,
      instanceId,
      timestamp: new Date().toISOString(),
      securityEvent: true,
    });
  }

  /**
   * Log federated authentication initiation
   */
  logFederatedAuthInitiation(userId: string, remoteInstanceId: string): void {
    this.logger.log({
      event: "FEDERATION_AUTH_INITIATED",
      userId,
      remoteInstanceId,
      timestamp: new Date().toISOString(),
    });
  }

  /**
   * Log federated identity linking
   */
  logFederatedIdentityLinked(userId: string, remoteInstanceId: string): void {
    this.logger.log({
      event: "FEDERATION_IDENTITY_LINKED",
      userId,
      remoteInstanceId,
      timestamp: new Date().toISOString(),
      securityEvent: true,
    });
  }

  /**
   * Log federated identity revocation
   */
  logFederatedIdentityRevoked(userId: string, remoteInstanceId: string): void {
    this.logger.warn({
      event: "FEDERATION_IDENTITY_REVOKED",
      userId,
      remoteInstanceId,
      timestamp: new Date().toISOString(),
      securityEvent: true,
    });
  }
}