optivise

/** * Advanced Security and Privacy Service * Provides comprehensive security features including encryption, access control, and privacy protection */ import { EventEmitter } from 'events'; import type { Logger } from '../types/index.js'; export interface SecurityConfig { encryption: { algorithm: string; keyLength: number; saltLength: number; }; authentication: { tokenExpiry: number; maxFailedAttempts: number; lockoutDuration: number; }; privacy: { dataRetentionDays: number; anonymizeAfterDays: number; enableAuditLogging: boolean; }; permissions: { defaultRole: 'viewer' | 'editor' | 'admin'; hierarchicalRoles: boolean; resourceBasedAccess: boolean; }; } export interface UserSession { id: string; userId: string; token: string; createdAt: number; expiresAt: number; lastActivity: number; ipAddress?: string; userAgent?: string; permissions: Set<string>; isRevoked: boolean; } export interface AccessAttempt { userId: string; resource: string; action: string; timestamp: number; success: boolean; ipAddress?: string; userAgent?: string; failureReason?: string; } export interface AuditLog { id: string; userId: string; action: string; resource: string; timestamp: number; details: Record<string, any>; severity: 'low' | 'medium' | 'high' | 'critical'; ipAddress?: string; userAgent?: string; } export interface DataClassification { level: 'public' | 'internal' | 'confidential' | 'restricted'; categories: string[]; retentionPeriod: number; encryptionRequired: boolean; accessRestrictions: string[]; } export interface PrivacyRule { id: string; name: string; description: string; dataTypes: string[]; actions: Array<{ trigger: 'collect' | 'process' | 'store' | 'transmit' | 'delete'; requirements: string[]; approvals?: string[]; }>; compliance: string[]; enabled: boolean; } export declare class SecurityService extends EventEmitter { private config; private logger; private activeSessions; private failedAttempts; private lockedAccounts; private auditLogs; private accessAttempts; private privacyRules; private dataClassifications; private encryptionKeys; private cleanupInterval?; constructor(logger: Logger, config?: Partial<SecurityConfig>); /** * Create secure user session with token */ createSession(userId: string, permissions: string[], metadata?: { ipAddress?: string; userAgent?: string; }): UserSession; /** * Validate session token and refresh if needed */ validateSession(token: string): UserSession | null; /** * Revoke user session */ revokeSession(sessionId: string): boolean; /** * Check if user has permission for resource and action */ checkPermission(userId: string, resource: string, action: string, metadata?: { ipAddress?: string; userAgent?: string; }): boolean; /** * Encrypt sensitive data */ encrypt(data: string, keyId?: string): { encrypted: string; iv: string; keyId: string; }; /** * Decrypt sensitive data */ decrypt(encryptedData: string, iv: string, keyId: string): string; /** * Hash sensitive data (one-way) */ hash(data: string, salt?: string): { hash: string; salt: string; }; /** * Verify hashed data */ verifyHash(data: string, hash: string, salt: string): boolean; /** * Anonymize user data for privacy compliance */ anonymizeData(data: Record<string, any>, preserveFields?: string[]): Record<string, any>; /** * Classify data based on sensitivity */ classifyData(data: Record<string, any>, resourceType: string): DataClassification; /** * Apply privacy rule to data operation */ applyPrivacyRule(ruleId: string, operation: 'collect' | 'process' | 'store' | 'transmit' | 'delete', data: Record<string, any>): { allowed: boolean; requirements: string[]; modifications?: Record<string, any>; }; /** * Get security metrics and statistics */ getSecurityMetrics(): { activeSessions: number; failedAttemptsLast24h: number; lockedAccounts: number; auditLogsLast24h: number; encryptionKeysCount: number; privacyRulesActive: number; }; /** * Get audit logs with filtering */ getAuditLogs(filters?: { userId?: string; action?: string; resource?: string; severity?: string; startTime?: number; endTime?: number; limit?: number; }): AuditLog[]; /** * Generate secure random ID */ private generateSecureId; /** * Generate secure token */ private generateSecureToken; /** * Record access attempt for security monitoring */ private recordAccessAttempt; /** * Log audit event */ private logAudit; /** * Generate anonymized value for a field */ private generateAnonymizedValue; /** * Check if data contains sensitive information */ private containsSensitiveInfo; /** * Check if data contains personal information */ private containsPersonalInfo; /** * Initialize default privacy rules */ private initializeDefaultPrivacyRules; /** * Initialize default data classifications */ private initializeDefaultClassifications; /** * Start cleanup timer for expired data */ private startCleanupTimer; /** * Perform security cleanup */ private performSecurityCleanup; /** * Cleanup resources */ destroy(): void; } export declare const securityService: (logger: Logger, config?: Partial<SecurityConfig>) => SecurityService; //# sourceMappingURL=security-service.d.ts.map