feat: security and auditing

api/prisma/schema.prisma

@@ -152,6 +152,7 @@ model User {
   email        String    @unique
   avatar       String?
   isAdmin      Boolean   @default(false)
+  isBanned     Boolean   @default(false)
   createdAt    DateTime  @default(now())
   updatedAt    DateTime  @updatedAt
   comments     Comment[]
@@ -177,3 +178,40 @@ model Comment {
   createdAt    DateTime  @default(now())
   updatedAt    DateTime  @updatedAt
 }
+
+model AuditLog {
+  id           String       @id @default(auto()) @map("_id") @db.ObjectId
+  action       AuditAction
+  category     AuditCategory
+  userId       String?      @db.ObjectId
+  targetUserId String?      @db.ObjectId
+  resourceType String?
+  resourceId   String?
+  details      String?
+  userAgent    String?
+  success      Boolean      @default(true)
+  createdAt    DateTime     @default(now())
+}
+
+enum AuditAction {
+  LOGIN
+  LOGOUT
+  LOGIN_FAILED
+  COMMENT_CREATE
+  COMMENT_DELETE
+  ENTRY_CREATE
+  ENTRY_UPDATE
+  ENTRY_DELETE
+  USER_BAN
+  USER_UNBAN
+  RATE_LIMIT_EXCEEDED
+  CSRF_VALIDATION_FAILED
+  UNAUTHORIZED_ACCESS
+}
+
+enum AuditCategory {
+  AUTH
+  CONTENT
+  ADMIN
+  SECURITY
+}