apps/matrix-frontend/src/hooks/useSecurityAlerts.ts

import { useEffect, useRef } from 'react';
import { useNotifications } from '@/contexts/NotificationContext';

const THREAT_TYPES = [
  { title: 'Ransomware Detected', severity: 'critical' as const, message: 'Potential ransomware activity detected on endpoint WORKSTATION-042' },
  { title: 'DDoS Attack', severity: 'critical' as const, message: 'Distributed denial of service attack targeting primary server cluster' },
  { title: 'Brute Force Attempt', severity: 'warning' as const, message: 'Multiple failed login attempts detected from IP 192.168.1.xxx' },
  { title: 'Suspicious File Upload', severity: 'warning' as const, message: 'Malicious file signature detected in uploaded content' },
  { title: 'Port Scan Detected', severity: 'warning' as const, message: 'Network port scanning activity from external source' },
  { title: 'Firewall Rule Updated', severity: 'info' as const, message: 'Automatic firewall rule adjustment based on threat intelligence' },
  { title: 'Certificate Expiring', severity: 'info' as const, message: 'SSL certificate for api.example.com expires in 14 days' },
  { title: 'Backup Completed', severity: 'info' as const, message: 'Daily security backup completed successfully' },
  { title: 'SQL Injection Blocked', severity: 'warning' as const, message: 'SQL injection attempt blocked at web application firewall' },
  { title: 'Phishing Email Detected', severity: 'warning' as const, message: 'Suspicious email flagged and quarantined by email security' },
];

export const useSecurityAlerts = (enabled: boolean = true, intervalMs: number = 30000) => {
  const { addNotification } = useNotifications();
  const intervalRef = useRef<NodeJS.Timeout | null>(null);

  useEffect(() => {
    if (!enabled) {
      if (intervalRef.current) {
        clearInterval(intervalRef.current);
        intervalRef.current = null;
      }
      return;
    }

    // Generate random alert
    const generateAlert = () => {
      const threat = THREAT_TYPES[Math.floor(Math.random() * THREAT_TYPES.length)];
      addNotification({
        title: threat.title,
        message: threat.message,
        severity: threat.severity,
        source: 'Security Monitor',
      });
    };

    // Initial alert after 10 seconds
    const initialTimeout = setTimeout(generateAlert, 10000);

    // Periodic alerts
    intervalRef.current = setInterval(generateAlert, intervalMs);

    return () => {
      clearTimeout(initialTimeout);
      if (intervalRef.current) {
        clearInterval(intervalRef.current);
      }
    };
  }, [enabled, intervalMs, addNotification]);

  // Manual trigger for testing
  const triggerAlert = (severity?: 'critical' | 'warning' | 'info') => {
    const filtered = severity 
      ? THREAT_TYPES.filter(t => t.severity === severity)
      : THREAT_TYPES;
    const threat = filtered[Math.floor(Math.random() * filtered.length)];
    addNotification({
      title: threat.title,
      message: threat.message,
      severity: threat.severity,
      source: 'Security Monitor',
    });
  };

  return { triggerAlert };
};