feat(audit): Implement comprehensive audit logging across services

- Updated package.json to include winston for logging.
- Introduced auditService for structured logging and error handling.
- Enhanced userRoutes to log errors with context.
- Integrated audit logging in server.js for graceful shutdown and error handling.
- Added audit logging in appLifecycle for initialization and cleanup events.
- Implemented logging in emailService for rate limiting and email operations.
- Enhanced isEmailValid utility with audit logging for validation results.
- Integrated audit logging in leaderBoardCache for cache operations and updates.
- Added audit logging in postPOTD for challenge updates.
- Implemented audit logging in streakResetJob for scheduled operations and errors.

Author: codevoid048

server/app.js

@@ -1,6 +1,5 @@
 import express from "express";
 import cors from "cors";
-import morgan from "morgan";
 import authRoutes from "./routes/authRoutes.js";
 import profileRoutes from "./routes/profileRoutes.js";
 import challengeRoutes from "./routes/challengeRoutes.js";
@@ -18,19 +17,30 @@ import typeSenseRoutes from "./routes/typeSenseRoutes.js";
 import { startStreakCronJob } from './utils/streakResetJob.js';
 import { appLifecycle } from './utils/appLifecycle.js';
 import { globalErrorHandler } from './middleware/errorHandler.js';
+import auditService from './services/auditService.js';
+import { httpLogger, auditContextMiddleware, auditErrorMiddleware, performanceMonitor } from './middleware/auditMiddleware.js';
 dotenv.config();
 
 const app = express();
 
 app.use(cors({ origin: process.env.CLIENT_URL, credentials: true }));
 
 // Memory-safe payload size limits with proper error handling
+// Audit context middleware (must be early in middleware chain)
+app.use(auditContextMiddleware);
+
 app.use(express.json({ 
     limit: '2mb', // Reduced from 5mb to prevent memory issues
     verify: (req, res, buf) => {
-        // Monitor large requests
+        // Monitor large requests with audit service
         if (buf.length > 1024 * 1024) { // 1MB threshold
-            console.log(`Large request detected: ${buf.length} bytes from ${req.ip}`);
+            auditService.security('large_request_detected', {
+                requestId: req.auditContext?.requestId,
+                size: buf.length,
+                ip: req.ip,
+                url: req.originalUrl,
+                userAgent: req.get('User-Agent')
+            });
         }
     }
 }));
@@ -43,7 +53,10 @@ app.use(express.urlencoded({
 
 app.use(cookieParser());
 app.use(passport.initialize());
-app.use(morgan('dev'));
+
+// Replace Morgan with our audit-integrated HTTP logger
+app.use(httpLogger);
+app.use(performanceMonitor);
 
 
 app.use('/api/auth', authRoutes);
@@ -57,13 +70,26 @@ app.use('/api', statsRoutes);
 app.use('/api/user', userRoutes);
 app.use('/api', typeSenseRoutes);
 
-// Initialize application services
+// Error handling middleware
+app.use(auditErrorMiddleware);
+app.use(globalErrorHandler);
+
+// Initialize application services with audit logging
+auditService.systemEvent('app_initializing', { 
+    environment: process.env.NODE_ENV,
+    version: process.env.npm_package_version
+});
+
 warmupLeaderboardCache();
 startStreakCronJob();
 appLifecycle.initialize();
 
 // Export cleanup function for server.js
-export const cleanup = appLifecycle.cleanup.bind(appLifecycle);
+export const cleanup = async () => {
+    auditService.systemEvent('app_shutting_down');
+    await auditService.shutdown();
+    return appLifecycle.cleanup();
+};
 
 app.get('/hello', (req, res) => { return res.status(200).send("Hello, World!") })
 

server/controllers/adminAuthController.js

@@ -1,21 +1,72 @@
 import adminGenerateToken from "../config/adminGenerateToken.js";
 import Admin from "../models/Admin.js";
+import auditService from "../services/auditService.js";
+
 export const adminLogin = async (req, res) => {
+    const audit = auditService.startTrace('admin_login', {
+        requestId: req.auditContext?.requestId,
+        ip: req.ip,
+        userAgent: req.get('User-Agent')
+    });
+
     try {
         const { email, password } = req.body;
-        // console.log("Admin login request received:", {email,password});
+
+        auditService.security('admin_login_attempt', {
+            requestId: req.auditContext?.requestId,
+            email,
+            ip: req.ip,
+            userAgent: req.get('User-Agent')
+        });
+
         if (!email || !password) {
+            auditService.security('admin_login_failed', {
+                requestId: req.auditContext?.requestId,
+                email,
+                reason: 'missing_credentials',
+                ip: req.ip
+            });
             return res.status(400).json({ message: "All fields are required" });
         }
+
         const admin = await Admin.findOne({ email });
-        // console.log("Admin found:", admin);
+
         if (!admin) {
+            auditService.security('admin_login_failed', {
+                requestId: req.auditContext?.requestId,
+                email,
+                reason: 'admin_not_found',
+                ip: req.ip
+            });
             return res.status(400).json({ error: "No admin found" });
         }
+
         if (password !== admin.password) {
+            auditService.security('admin_login_failed', {
+                requestId: req.auditContext?.requestId,
+                email,
+                adminId: admin._id.toString(),
+                reason: 'wrong_password',
+                ip: req.ip
+            });
             return res.status(400).json({ message: "Wrong Password" });
         }
+
         const token = await adminGenerateToken(admin);
+
+        auditService.security('admin_login_successful', {
+            requestId: req.auditContext?.requestId,
+            adminId: admin._id.toString(),
+            email: admin.email,
+            ip: req.ip
+        });
+
+        audit.complete({
+            adminId: admin._id.toString(),
+            email: admin.email,
+            success: true
+        });
+
         res.cookie('Admintoken', token, {
             httpOnly: true,
             secure: process.env.NODE_ENV === "production",
@@ -26,16 +77,32 @@ export const adminLogin = async (req, res) => {
             token
         });
     } catch (err) {
-        // console.error(err);
+        auditService.error('Admin login error', err, {
+            requestId: req.auditContext?.requestId,
+            email: req.body.email,
+            ip: req.ip
+        });
+
+        audit.error(err);
         res.status(500).json({ error: "error in admin login", details: err.message });
     }
 }
 
 export const adminLogout = async (req, res) => {
     try {
+        auditService.security('admin_logout', {
+            requestId: req.auditContext?.requestId,
+            adminId: req.user?._id?.toString(),
+            ip: req.ip
+        });
+
         res.cookie('Admintoken', "").json({ message: "Logged out" });
     } catch (err) {
-        // console.error(err);
+        auditService.error('Admin logout error', err, {
+            requestId: req.auditContext?.requestId,
+            adminId: req.user?._id?.toString(),
+            ip: req.ip
+        });
         res.status(500).json({ error: "error in admin logout", details: err.message });
     }
 }

server/controllers/adminControllers.js

@@ -1,6 +1,7 @@
 import { User } from "../models/User.js";
 import { Challenge } from "../models/Challenge.js";
 import { Solution } from "../models/Solution.js";
+import auditService from "../services/auditService.js";
 
 export const getUsers = async (req, res) => {
     try {
@@ -56,14 +57,14 @@ export const getUsers = async (req, res) => {
 
         const totalPages = Math.ceil(totalUsers / pageLimit);
 
-        res.json({
+        return res.status(200).json({
+            success: true,
             users,
             pagination: {
                 currentPage: pageNumber,
-                totalPages,
-                totalUsers,
-                limit: pageLimit,
-                hasNextPage: pageNumber < totalPages,
+                totalPages: Math.ceil(filteredUsers / pageLimit),
+                totalUsers: filteredUsers,
+                hasNextPage: pageNumber * pageLimit < filteredUsers,
                 hasPrevPage: pageNumber > 1
             },
             filters: {
@@ -73,7 +74,7 @@ export const getUsers = async (req, res) => {
         });
 
     } catch (err) {
-        console.error("Error in getUsers:", err);
+        auditService.error('admin_get_users_error', { error: err.message });
         res.status(500).json({ 
             error: "Error in getting users", 
             details: err.message 
@@ -147,7 +148,7 @@ export const addChallenge = async (req, res) => {
         });
 
     } catch (error) {
-        console.error("Error in addChallenge:", error);
+        auditService.error('admin_add_challenge_error', { error: error.message });
         res.status(500).json({ 
             success: false, 
             message: "Server error",
@@ -220,7 +221,7 @@ export const updateChallenge = async (req, res) => {
             solution: updatedSolution
         });
     } catch (error) {
-        console.error("Error in updateChallenge:", error);
+        auditService.error('admin_update_challenge_error', { error: error.message });
         res.status(500).json({ 
             success: false, 
             message: "Server error",
@@ -257,7 +258,7 @@ export const getTodayChallenge = async (req, res) => {
       solution: solution || null,
     });
   } catch (error) {
-    console.error("Error in getTodayChallenge:", error);
+    auditService.error('admin_get_today_challenge_error', { error: error.message });
     res.status(500).json({
       success: false,
       message: "Server error",