veracode_platform/

reporting.rs

//! Veracode Reporting API
//!
//! This module provides access to the Veracode Reporting REST API for retrieving
//! audit logs and generating compliance reports.
use crate::{VeracodeClient, VeracodeError, VeracodeRegion};
use chrono::{DateTime, NaiveDateTime, TimeZone, Utc};
use chrono_tz::America::New_York;
use chrono_tz::Europe::Berlin;
use serde::{Deserialize, Serialize};

/// Request payload for generating an audit report
#[derive(Debug, Clone, Serialize)]
pub struct AuditReportRequest {
    /// The type of report to generate (always "AUDIT" for audit logs)
    pub report_type: String,
    /// Start date in YYYY-MM-DD format
    pub start_date: String,
    /// Optional end date in YYYY-MM-DD format
    #[serde(skip_serializing_if = "Option::is_none")]
    pub end_date: Option<String>,
    /// Optional list of audit actions to filter (e.g., "Delete", "Create", "Update")
    #[serde(skip_serializing_if = "Option::is_none")]
    pub audit_action: Option<Vec<String>>,
    /// Optional list of action types to filter (e.g., "Login", "Admin")
    #[serde(skip_serializing_if = "Option::is_none")]
    pub action_type: Option<Vec<String>>,
    /// Optional list of target user IDs to filter
    #[serde(skip_serializing_if = "Option::is_none")]
    pub target_user_id: Option<Vec<String>>,
    /// Optional list of modifier user IDs to filter
    #[serde(skip_serializing_if = "Option::is_none")]
    pub modifier_user_id: Option<Vec<String>>,
}

impl AuditReportRequest {
    /// Create a new audit report request with just start and end dates
    #[must_use]
    pub fn new(start_date: impl Into<String>, end_date: Option<String>) -> Self {
        Self {
            report_type: "AUDIT".to_string(),
            start_date: start_date.into(),
            end_date,
            audit_action: None,
            action_type: None,
            target_user_id: None,
            modifier_user_id: None,
        }
    }

    /// Add audit action filters
    #[must_use]
    pub fn with_audit_actions(mut self, actions: Vec<String>) -> Self {
        self.audit_action = Some(actions);
        self
    }

    /// Add action type filters
    #[must_use]
    pub fn with_action_types(mut self, types: Vec<String>) -> Self {
        self.action_type = Some(types);
        self
    }

    /// Add target user ID filters
    #[must_use]
    pub fn with_target_users(mut self, user_ids: Vec<String>) -> Self {
        self.target_user_id = Some(user_ids);
        self
    }

    /// Add modifier user ID filters
    #[must_use]
    pub fn with_modifier_users(mut self, user_ids: Vec<String>) -> Self {
        self.modifier_user_id = Some(user_ids);
        self
    }
}

/// Embedded data in generate report response
#[derive(Debug, Clone, Deserialize)]
pub struct GenerateReportData {
    /// The report ID used to retrieve the generated report
    pub id: String,
}

/// Response when generating a report
#[derive(Debug, Clone, Deserialize)]
pub struct GenerateReportResponse {
    /// Embedded report data
    #[serde(rename = "_embedded")]
    pub embedded: GenerateReportData,
}

/// Report status values
#[derive(Debug, Clone, PartialEq, Deserialize)]
#[serde(rename_all = "UPPERCASE")]
pub enum ReportStatus {
    /// Report request has been queued
    Queued,
    /// Report request has been submitted
    Submitted,
    /// Report is being processed
    Processing,
    /// Report has been completed and is ready
    Completed,
    /// Report generation failed
    Failed,
}

impl std::fmt::Display for ReportStatus {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            ReportStatus::Queued => write!(f, "Queued"),
            ReportStatus::Submitted => write!(f, "Submitted"),
            ReportStatus::Processing => write!(f, "Processing"),
            ReportStatus::Completed => write!(f, "Completed"),
            ReportStatus::Failed => write!(f, "Failed"),
        }
    }
}

/// Pagination links for navigating report pages
#[derive(Debug, Clone, Deserialize)]
pub struct ReportLinks {
    /// Link to first page
    pub first: Option<LinkHref>,
    /// Link to previous page
    pub prev: Option<LinkHref>,
    /// Link to current page (self)
    #[serde(rename = "self")]
    pub self_link: Option<LinkHref>,
    /// Link to next page
    pub next: Option<LinkHref>,
    /// Link to last page
    pub last: Option<LinkHref>,
}

/// A link with href field
#[derive(Debug, Clone, Deserialize)]
pub struct LinkHref {
    /// The URL path for the link
    pub href: String,
}

/// Page metadata for pagination
#[derive(Debug, Clone, Deserialize)]
pub struct PageMetadata {
    /// Current page number (0-indexed)
    pub number: u32,
    /// Number of items per page
    pub size: u32,
    /// Total number of audit log entries across all pages
    pub total_elements: u32,
    /// Total number of pages
    pub total_pages: u32,
}

/// A single audit log entry (optimized for minimal deserialization)
///
/// This struct only deserializes the timestamp field and keeps the rest as raw JSON
/// to minimize parsing overhead and memory allocations. The hash is computed using
/// xxHash (much faster than SHA256 for duplicate detection).
#[derive(Debug, Clone, Serialize)]
pub struct AuditLogEntry {
    /// Raw JSON string of the log entry (as received from API)
    pub raw_log: String,
    ///
    /// # Errors
    ///
    /// Returns an error if the API request fails, the resource is not found,
    /// or authentication/authorization fails.
    /// Timestamp converted to UTC (computed from the timestamp field in `raw_log`)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub timestamp_utc: Option<String>,
    /// xxHash (128-bit) of the raw log entry for fast duplicate detection
    pub log_hash: String,
}

/// Helper struct to extract only the timestamp during deserialization
#[derive(Debug, Deserialize)]
struct TimestampExtractor {
    timestamp: Option<String>,
}

/// Report data embedded in the response
#[derive(Debug, Clone, Deserialize)]
pub struct ReportData {
    /// Report ID
    pub id: String,
    /// Report type (always "AUDIT" for audit reports)
    pub report_type: String,
    /// Current status of the report
    pub status: ReportStatus,
    /// User who requested the report
    pub requested_by_user: String,
    /// Account ID that requested the report
    pub requested_by_account: u64,
    /// Date when report was requested
    pub date_report_requested: String,
    /// Date when report was completed (null if not completed)
    pub date_report_completed: Option<String>,
    /// Date when report expires (null if not completed)
    pub report_expiration_date: Option<String>,
    /// Array of audit log entries (raw JSON, processed later for efficiency)
    pub audit_logs: serde_json::Value,
    /// Links for pagination (null if not completed)
    #[serde(rename = "_links")]
    pub links: Option<ReportLinks>,
    /// Page metadata (null if not completed)
    pub page_metadata: Option<PageMetadata>,
}

/// Full report response with embedded data
#[derive(Debug, Clone, Deserialize)]
pub struct ReportResponse {
    /// Embedded report data
    #[serde(rename = "_embedded")]
    pub embedded: ReportData,
}

/// Convert a timestamp from region-specific timezone to UTC
///
/// Each Veracode API region returns timestamps in its corresponding timezone:
///
/// # Errors
///
/// Returns an error if the API request fails, the resource is not found,
/// or authentication/authorization fails.
/// - **Commercial** (api.veracode.com): `America/New_York` (US-East-1)
///   - EST (Eastern Standard Time): UTC-5 (winter)
///   - EDT (Eastern Daylight Time): UTC-4 (summer)
/// - **European** (api.veracode.eu): Europe/Berlin (eu-central-1)
///   - CET (Central European Time): UTC+1 (winter)
///   - CEST (Central European Summer Time): UTC+2 (summer)
///
/// # Errors
///
/// Returns an error if the API request fails, the resource is not found,
/// or authentication/authorization fails.
/// - **Federal** (api.veracode.us): `America/New_York` (US-East-1)
///   - EST/EDT same as Commercial
///
/// This function automatically handles Daylight Saving Time (DST) transitions
/// for each region using the IANA timezone database.
///
/// # Arguments
///
/// * `timestamp_str` - Timestamp string in format "YYYY-MM-DD HH:MM:SS.sss"
/// * `region` - The Veracode region determining source timezone
///
/// # Returns
///
/// UTC timestamp string in same format, or None if parsing fails
///
/// # Examples
///
/// ```ignore
/// use veracode_platform::VeracodeRegion;
///
/// // European region: Summer timestamp (CEST, UTC+2)
/// let utc = convert_regional_timestamp_to_utc("2025-06-15 14:30:00.000", &VeracodeRegion::European);
/// assert_eq!(utc, Some("2025-06-15 12:30:00".to_string())); // 14:30 CEST = 12:30 UTC
///
/// // Commercial region: Winter timestamp (EST, UTC-5)
/// let utc = convert_regional_timestamp_to_utc("2025-12-15 14:30:00.000", &VeracodeRegion::Commercial);
/// assert_eq!(utc, Some("2025-12-15 19:30:00".to_string())); // 14:30 EST = 19:30 UTC
/// ```
fn convert_regional_timestamp_to_utc(
    timestamp_str: &str,
    region: &VeracodeRegion,
) -> Option<String> {
    // Parse timestamp string - handle variable-length milliseconds
    let has_millis = timestamp_str.contains('.');

    // Parse the base datetime without milliseconds
    let naive_dt = if has_millis {
        // Try to parse with variable-length fractional seconds
        // The %.f format is flexible and handles 1-9 digits
        NaiveDateTime::parse_from_str(timestamp_str, "%Y-%m-%d %H:%M:%S%.f").ok()?
    } else {
        NaiveDateTime::parse_from_str(timestamp_str, "%Y-%m-%d %H:%M:%S").ok()?
    };

    // Convert from region-specific timezone to UTC
    let utc_time = match region {
        VeracodeRegion::European => {
            // European region uses Europe/Berlin timezone (CET/CEST)
            let regional_time: DateTime<_> = Berlin.from_local_datetime(&naive_dt).single()?;
            regional_time.with_timezone(&Utc)
        }
        VeracodeRegion::Commercial | VeracodeRegion::Federal => {
            // Commercial and Federal regions use America/New_York timezone (EST/EDT)
            let regional_time: DateTime<_> = New_York.from_local_datetime(&naive_dt).single()?;
            regional_time.with_timezone(&Utc)
        }
    };

    // Format back to string (preserve original millisecond precision)
    if has_millis {
        // Format with the same number of decimal places as input
        let formatted = utc_time.format("%Y-%m-%d %H:%M:%S%.f").to_string();
        // Ensure we preserve the original precision
        Some(formatted)
    } else {
        Some(utc_time.format("%Y-%m-%d %H:%M:%S").to_string())
    }
}

/// Generate a fast hash of a raw log entry JSON string for duplicate detection
///
///
/// # Errors
///
/// Returns an error if the API request fails, the resource is not found,
/// or authentication/authorization fails.
/// Uses xxHash (`xxh3_128`) which is significantly faster than SHA256 while still
/// providing excellent collision resistance for deduplication purposes. This is
/// NOT a cryptographic hash - use only for duplicate detection, not security.
///
/// Performance comparison vs SHA256:
/// - xxHash: ~10-50x faster than SHA256
/// - Still has excellent collision resistance for duplicate detection
/// - Returns 32 hex characters (128-bit hash)
///
/// # Arguments
///
/// * `raw_json` - The raw JSON string of the log entry
///
/// # Returns
///
/// Hex-encoded xxHash3 (128-bit) hash string (32 characters)
///
/// # Examples
///
/// ```ignore
/// let hash = generate_log_hash(r#"{"timestamp":"2025-01-01 12:00:00.000"}"#);
/// assert_eq!(hash.len(), 32); // xxh3_128 produces 32 hex characters
/// ```
fn generate_log_hash(raw_json: &str) -> String {
    use xxhash_rust::xxh3::xxh3_128;

    // Hash the raw JSON bytes (extremely fast!)
    let hash = xxh3_128(raw_json.as_bytes());

    // Convert to hex string (128-bit = 32 hex chars)
    format!("{:032x}", hash)
}

/// The Reporting API interface
#[derive(Clone)]
pub struct ReportingApi {
    client: VeracodeClient,
    region: VeracodeRegion,
}

impl ReportingApi {
    /// Create a new Reporting API instance
    #[must_use]
    pub fn new(client: VeracodeClient) -> Self {
        let region = client.config().region;
        Self { client, region }
    }

    /// Generate an audit report (step 1 of the process)
    ///
    ///
    /// # Errors
    ///
    /// Returns an error if the API request fails, the resource is not found,
    /// or authentication/authorization fails.
    /// This sends a request to generate the report. The API returns a `report_id`
    /// which can be used to retrieve the report after it's generated.
    ///
    /// # Arguments
    ///
    /// * `request` - The audit report request parameters
    ///
    /// # Returns
    ///
    /// The report ID that can be used to retrieve the generated report
    ///
    /// # Errors
    ///
    /// Returns `VeracodeError` if the request fails
    pub async fn generate_audit_report(
        &self,
        request: &AuditReportRequest,
    ) -> Result<String, VeracodeError> {
        let response = self
            .client
            .post("/appsec/v1/analytics/report", Some(request))
            .await?;

        let response_text = response.text().await?;
        log::debug!("Generate report API response: {}", response_text);

        let generate_response: GenerateReportResponse = serde_json::from_str(&response_text)?;
        Ok(generate_response.embedded.id)
    }

    /// Retrieve a generated audit report (step 2 of the process)
    ///
    /// This retrieves the report content. The report may still be processing,
    /// so check the status field in the response.
    ///
    /// # Arguments
    ///
    /// * `report_id` - The report ID returned from `generate_audit_report`
    /// * `page` - Optional page number (0-indexed) for pagination
    ///
    /// # Returns
    ///
    /// The report response with status and audit log data
    ///
    /// # Errors
    ///
    /// Returns `VeracodeError` if the request fails
    pub async fn get_audit_report(
        &self,
        report_id: &str,
        page: Option<u32>,
    ) -> Result<ReportResponse, VeracodeError> {
        let endpoint = if let Some(page_num) = page {
            format!("/appsec/v1/analytics/report/{report_id}?page={page_num}")
        } else {
            format!("/appsec/v1/analytics/report/{report_id}")
        };

        let response = self.client.get(&endpoint, None).await?;
        let response_text = response.text().await?;
        log::debug!("Get audit report API response: {}", response_text);

        let report_response: ReportResponse = serde_json::from_str(&response_text)?;
        Ok(report_response)
    }

    /// Poll for report status until it's completed or failed
    ///
    /// This method polls the report status with exponential backoff until
    /// the report is either completed or failed.
    ///
    /// # Arguments
    ///
    /// * `report_id` - The report ID to poll
    /// * `max_attempts` - Maximum number of polling attempts (default: 30)
    /// * `initial_delay_secs` - Initial delay between polls in seconds (default: 2)
    ///
    /// # Returns
    ///
    /// The completed report response
    ///
    /// # Errors
    ///
    /// Returns `VeracodeError` if polling fails or report generation fails
    pub async fn poll_report_status(
        &self,
        report_id: &str,
        max_attempts: Option<u32>,
        initial_delay_secs: Option<u64>,
    ) -> Result<ReportResponse, VeracodeError> {
        let max_attempts = max_attempts.unwrap_or(30);
        let initial_delay = initial_delay_secs.unwrap_or(2);

        let mut attempts: u32 = 0;
        let mut delay_secs = initial_delay;

        loop {
            attempts = attempts.saturating_add(1);

            // Get current report status
            let report = self.get_audit_report(report_id, None).await?;
            let status = &report.embedded.status;

            log::debug!(
                "Report {} status: {} (attempt {}/{})",
                report_id,
                status,
                attempts,
                max_attempts
            );

            match status {
                ReportStatus::Completed => {
                    log::info!("Report {} completed successfully", report_id);
                    return Ok(report);
                }
                ReportStatus::Failed => {
                    return Err(VeracodeError::InvalidResponse(format!(
                        "Report generation failed for report ID: {}",
                        report_id
                    )));
                }
                ReportStatus::Queued | ReportStatus::Submitted | ReportStatus::Processing => {
                    if attempts >= max_attempts {
                        return Err(VeracodeError::InvalidResponse(format!(
                            "Report polling timeout after {} attempts. Status: {}",
                            attempts, status
                        )));
                    }

                    log::debug!("Report still processing, waiting {} seconds...", delay_secs);
                    tokio::time::sleep(tokio::time::Duration::from_secs(delay_secs)).await;

                    // Exponential backoff with max delay of 30 seconds
                    delay_secs = std::cmp::min(delay_secs.saturating_mul(2), 30);
                }
            }
        }
    }

    /// Retrieve all audit logs across all pages (OPTIMIZED)
    ///
    /// This method handles pagination automatically and collects all audit log
    /// entries from all pages into a single vector. It uses optimized processing
    /// that only deserializes the timestamp field and keeps raw JSON for efficiency.
    ///
    /// Performance optimizations:
    /// - Minimal deserialization: Only extracts timestamp field
    /// - Zero cloning: Keeps raw JSON strings instead of parsing all fields
    /// - Fast hashing: Uses xxHash (10-50x faster than SHA256) for duplicate detection
    ///
    /// # Arguments
    ///
    /// * `report_id` - The report ID (must be in COMPLETED status)
    ///
    /// # Returns
    ///
    /// A vector containing all audit log entries from all pages
    ///
    /// # Errors
    ///
    /// Returns `VeracodeError` if any page retrieval fails
    pub async fn get_all_audit_log_pages(
        &self,
        report_id: &str,
    ) -> Result<Vec<AuditLogEntry>, VeracodeError> {
        let mut all_logs = Vec::new();

        // Get report status without page parameter first
        let initial_report = self.get_audit_report(report_id, None).await?;

        // Check if report is completed
        if initial_report.embedded.status != ReportStatus::Completed {
            return Err(VeracodeError::InvalidResponse(format!(
                "Report is not completed. Status: {}",
                initial_report.embedded.status
            )));
        }

        // Check if there are any results
        let page_metadata = match initial_report.embedded.page_metadata {
            Some(metadata) if metadata.total_elements > 0 => metadata,
            Some(metadata) => {
                // Report has metadata but no elements (total_elements = 0)
                log::info!(
                    "Report completed but contains no audit log entries (0 total elements, {} total pages)",
                    metadata.total_pages
                );
                return Ok(all_logs); // Return empty vector
            }
            None => {
                // No metadata at all
                log::info!("Report completed but contains no audit log entries (no page metadata)");
                return Ok(all_logs); // Return empty vector
            }
        };

        // Collect all pages of raw JSON
        let mut all_pages_raw = Vec::new();

        // Get first page
        let first_page = self.get_audit_report(report_id, Some(0)).await?;
        all_pages_raw.push(first_page.embedded.audit_logs.clone());

        log::info!(
            "Retrieved page 1/{} ({} total)",
            page_metadata.total_pages,
            page_metadata.total_elements
        );

        // If there are more pages, retrieve them
        if page_metadata.total_pages > 1 {
            for page_num in 1..page_metadata.total_pages {
                log::debug!(
                    "Retrieving page {}/{}",
                    page_num.saturating_add(1),
                    page_metadata.total_pages
                );

                let page_response = self.get_audit_report(report_id, Some(page_num)).await?;
                all_pages_raw.push(page_response.embedded.audit_logs.clone());

                log::info!(
                    "Retrieved page {}/{}",
                    page_num.saturating_add(1),
                    page_metadata.total_pages
                );
            }
        }

        // Process all raw log entries efficiently
        let mut conversion_stats: (u32, u32) = (0, 0); // (successes, failures)
        let mut total_entries: u32 = 0;

        for page_value in all_pages_raw {
            if let Some(logs_array) = page_value.as_array() {
                for log_value in logs_array {
                    total_entries = total_entries.saturating_add(1);

                    // Get raw JSON string (canonical form for hashing)
                    let raw_log =
                        serde_json::to_string(log_value).unwrap_or_else(|_| "{}".to_string());

                    // Generate hash from raw JSON (extremely fast with xxHash!)
                    let log_hash = generate_log_hash(&raw_log);

                    // Extract only the timestamp field for UTC conversion
                    let timestamp_utc = if let Ok(extractor) =
                        serde_json::from_value::<TimestampExtractor>(log_value.clone())
                    {
                        if let Some(timestamp) = extractor.timestamp {
                            match convert_regional_timestamp_to_utc(&timestamp, &self.region) {
                                Some(utc) => {
                                    conversion_stats.0 = conversion_stats.0.saturating_add(1);
                                    Some(utc)
                                }
                                None => {
                                    log::warn!("Failed to convert timestamp to UTC: {}", timestamp);
                                    conversion_stats.1 = conversion_stats.1.saturating_add(1);
                                    None
                                }
                            }
                        } else {
                            None
                        }
                    } else {
                        None
                    };

                    // Create optimized log entry with minimal allocations
                    all_logs.push(AuditLogEntry {
                        raw_log,
                        timestamp_utc,
                        log_hash,
                    });
                }
            }
        }

        log::info!(
            "Successfully processed {} audit log entries across {} pages",
            total_entries,
            page_metadata.total_pages
        );

        let (region_name, source_timezone) = match self.region {
            VeracodeRegion::Commercial => (
                "Commercial (api.veracode.com)",
                "America/New_York (EST/EDT, UTC-5/-4)",
            ),
            VeracodeRegion::European => (
                "European (api.veracode.eu)",
                "Europe/Berlin (CET/CEST, UTC+1/+2)",
            ),
            VeracodeRegion::Federal => (
                "Federal (api.veracode.us)",
                "America/New_York (EST/EDT, UTC-5/-4)",
            ),
        };

        log::info!(
            "Converted {} timestamps from {} to UTC - Region: {} ({} failures)",
            conversion_stats.0,
            source_timezone,
            region_name,
            conversion_stats.1
        );

        log::info!(
            "Generated xxHash hashes for {} log entries (optimized: 10-50x faster than SHA256, zero cloning)",
            total_entries
        );

        Ok(all_logs)
    }

    /// Convenience method to generate and retrieve audit logs in one call
    ///
    /// This method combines report generation, status polling, and pagination
    /// to retrieve all audit logs. It's the recommended way to retrieve audit logs.
    ///
    /// # Arguments
    ///
    /// * `request` - The audit report request parameters
    ///
    /// # Returns
    ///
    /// The audit log data as a JSON value containing all entries from all pages
    ///
    /// # Errors
    ///
    /// Returns `VeracodeError` if the request fails
    pub async fn get_audit_logs(
        &self,
        request: &AuditReportRequest,
    ) -> Result<serde_json::Value, VeracodeError> {
        // Step 1: Generate the report
        log::info!(
            "Generating audit report for date range: {} to {}",
            request.start_date,
            request.end_date.as_deref().unwrap_or("now")
        );
        let report_id = self.generate_audit_report(request).await?;
        log::info!("Report generated with ID: {}", report_id);

        // Step 2: Poll for report completion
        log::info!("Polling for report completion...");
        let completed_report = self.poll_report_status(&report_id, None, None).await?;
        log::info!(
            "Report completed at: {}",
            completed_report
                .embedded
                .date_report_completed
                .as_deref()
                .unwrap_or("unknown")
        );

        // Step 3: Retrieve all pages
        log::info!("Retrieving all audit log pages...");
        let mut all_logs = self.get_all_audit_log_pages(&report_id).await?;

        // Step 4: Sort logs by timestamp_utc (oldest first, newest last)
        log::info!(
            "Sorting {} audit logs by timestamp (oldest to newest)...",
            all_logs.len()
        );
        all_logs.sort_by(|a, b| {
            match (&a.timestamp_utc, &b.timestamp_utc) {
                // Both have timestamps - parse and compare them
                (Some(ts_a), Some(ts_b)) => {
                    // Parse timestamps for comparison
                    // Format is "YYYY-MM-DD HH:MM:SS" (possibly with milliseconds)
                    let parsed_a = NaiveDateTime::parse_from_str(ts_a, "%Y-%m-%d %H:%M:%S%.f")
                        .or_else(|_| NaiveDateTime::parse_from_str(ts_a, "%Y-%m-%d %H:%M:%S"));
                    let parsed_b = NaiveDateTime::parse_from_str(ts_b, "%Y-%m-%d %H:%M:%S%.f")
                        .or_else(|_| NaiveDateTime::parse_from_str(ts_b, "%Y-%m-%d %H:%M:%S"));

                    match (parsed_a, parsed_b) {
                        (Ok(dt_a), Ok(dt_b)) => dt_a.cmp(&dt_b), // Both parsed successfully
                        (Ok(_), Err(_)) => std::cmp::Ordering::Less, // a is valid, b is not - a comes first
                        (Err(_), Ok(_)) => std::cmp::Ordering::Greater, // b is valid, a is not - b comes first
                        (Err(_), Err(_)) => std::cmp::Ordering::Equal, // Neither parsed - keep original order
                    }
                }
                // Only a has timestamp - a comes first
                (Some(_), None) => std::cmp::Ordering::Less,
                // Only b has timestamp - b comes first
                (None, Some(_)) => std::cmp::Ordering::Greater,
                // Neither has timestamp - keep original order
                (None, None) => std::cmp::Ordering::Equal,
            }
        });
        log::info!("Logs sorted successfully (oldest to newest)");

        // Convert to JSON for backward compatibility with veraaudit
        let json_logs = serde_json::to_value(&all_logs)?;
        log::info!(
            "Successfully retrieved {} total audit log entries",
            all_logs.len()
        );

        Ok(json_logs)
    }
}

/// Error type for reporting operations
#[derive(Debug, thiserror::Error)]
#[must_use = "Need to handle all error enum types."]
pub enum ReportingError {
    /// Wraps a Veracode API error
    #[error("Veracode API error: {0}")]
    VeracodeApi(#[from] VeracodeError),

    /// Invalid date format
    #[error("Invalid date format: {0}")]
    InvalidDate(String),

    /// Date range exceeds maximum allowed (6 months)
    #[error("Date range exceeds maximum allowed: {0}")]
    DateRangeExceeded(String),
}

#[cfg(test)]
#[allow(clippy::expect_used)]
mod tests {
    use super::*;

    #[test]
    fn test_audit_report_request_new() {
        let request = AuditReportRequest::new("2025-01-01", Some("2025-01-31".to_string()));

        assert_eq!(request.report_type, "AUDIT");
        assert_eq!(request.start_date, "2025-01-01");
        assert_eq!(request.end_date, Some("2025-01-31".to_string()));
        assert!(request.audit_action.is_none());
        assert!(request.action_type.is_none());
    }

    #[test]
    fn test_audit_report_request_with_filters() {
        let request = AuditReportRequest::new("2025-01-01", Some("2025-01-31".to_string()))
            .with_audit_actions(vec!["Delete".to_string(), "Create".to_string()])
            .with_action_types(vec!["Admin".to_string()]);

        assert_eq!(
            request.audit_action,
            Some(vec!["Delete".to_string(), "Create".to_string()])
        );
        assert_eq!(request.action_type, Some(vec!["Admin".to_string()]));
    }

    #[test]
    fn test_audit_report_request_serialization() {
        let request = AuditReportRequest::new("2025-01-01", Some("2025-01-31".to_string()));
        let json = serde_json::to_string(&request).expect("should serialize to json");

        assert!(json.contains("\"report_type\":\"AUDIT\""));
        assert!(json.contains("\"start_date\":\"2025-01-01\""));
        assert!(json.contains("\"end_date\":\"2025-01-31\""));
    }

    #[test]
    fn test_audit_report_request_serialization_without_optional_fields() {
        let request = AuditReportRequest::new("2025-01-01", None);
        let json = serde_json::to_string(&request).expect("should serialize to json");

        // Optional fields should not be present when None
        assert!(!json.contains("end_date"));
        assert!(!json.contains("audit_action"));
        assert!(!json.contains("action_type"));
    }

    #[test]
    fn test_convert_european_timezone_winter() {
        // Winter timestamp: CET is UTC+1
        let result =
            convert_regional_timestamp_to_utc("2025-01-15 10:00:00.000", &VeracodeRegion::European);
        assert!(result.is_some());
        // 10:00 CET = 09:00 UTC
        // Note: %.f format drops trailing zeros
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-01-15 09:00:00"
        );
    }

    #[test]
    fn test_convert_european_timezone_summer() {
        // Summer timestamp: CEST is UTC+2
        let result =
            convert_regional_timestamp_to_utc("2025-06-15 10:00:00.000", &VeracodeRegion::European);
        assert!(result.is_some());
        // 10:00 CEST = 08:00 UTC
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-06-15 08:00:00"
        );
    }

    #[test]
    fn test_convert_commercial_timezone_winter() {
        // Winter timestamp: EST is UTC-5
        let result = convert_regional_timestamp_to_utc(
            "2025-01-15 14:30:00.000",
            &VeracodeRegion::Commercial,
        );
        assert!(result.is_some());
        // 14:30 EST = 19:30 UTC
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-01-15 19:30:00"
        );
    }

    #[test]
    fn test_convert_commercial_timezone_summer() {
        // Summer timestamp: EDT is UTC-4
        let result = convert_regional_timestamp_to_utc(
            "2025-06-15 14:30:00.000",
            &VeracodeRegion::Commercial,
        );
        assert!(result.is_some());
        // 14:30 EDT = 18:30 UTC
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-06-15 18:30:00"
        );
    }

    #[test]
    fn test_convert_federal_timezone_winter() {
        // Federal uses same timezone as Commercial (America/New_York)
        let result =
            convert_regional_timestamp_to_utc("2025-12-15 14:30:00.000", &VeracodeRegion::Federal);
        assert!(result.is_some());
        // 14:30 EST = 19:30 UTC
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-12-15 19:30:00"
        );
    }

    #[test]
    fn test_convert_timezone_without_milliseconds() {
        // Test without milliseconds
        let result =
            convert_regional_timestamp_to_utc("2025-01-15 10:00:00", &VeracodeRegion::European);
        assert!(result.is_some());
        // Should not have milliseconds in output
        assert_eq!(
            result.expect("should convert timestamp"),
            "2025-01-15 09:00:00"
        );
    }

    #[test]
    fn test_convert_timezone_variable_milliseconds() {
        // Test with different millisecond precisions
        let result =
            convert_regional_timestamp_to_utc("2025-01-15 10:00:00.1", &VeracodeRegion::European);
        assert!(result.is_some());

        let result =
            convert_regional_timestamp_to_utc("2025-01-15 10:00:00.12", &VeracodeRegion::European);
        assert!(result.is_some());

        let result = convert_regional_timestamp_to_utc(
            "2025-01-15 10:00:00.123456",
            &VeracodeRegion::European,
        );
        assert!(result.is_some());
    }

    #[test]
    fn test_convert_timezone_invalid_format() {
        // Invalid format should return None
        let result = convert_regional_timestamp_to_utc("invalid", &VeracodeRegion::European);
        assert!(result.is_none());

        let result =
            convert_regional_timestamp_to_utc("2025-13-45 25:99:99", &VeracodeRegion::Commercial);
        assert!(result.is_none());
    }
}