feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

src/Framework/Http/Middlewares/RateLimitMiddleware.php

@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Framework\Http\Middlewares;
 
-use App\Framework\ErrorHandling\SecurityEventLogger;
 use App\Framework\Exception\SecurityEvent\SystemExcessiveUseEvent;
 use App\Framework\Http\Headers;
 use App\Framework\Http\HttpMiddleware;
@@ -17,6 +16,10 @@ use App\Framework\Http\RequestStateManager;
 use App\Framework\Http\Response;
 use App\Framework\Http\ResponseManipulator;
 use App\Framework\Http\Status;
+use App\Framework\Logging\Logger;
+use App\Framework\Logging\Processors\SecurityEventProcessor;
+use App\Framework\Logging\ValueObjects\LogContext;
+use App\Framework\Logging\ValueObjects\SecurityContext;
 use App\Framework\RateLimit\RateLimitConfig;
 use App\Framework\RateLimit\RateLimiter;
 use App\Framework\RateLimit\RateLimitResult;
@@ -33,8 +36,9 @@ final readonly class RateLimitMiddleware implements HttpMiddleware
     public function __construct(
         private RateLimiter $rateLimiter,
         private ResponseManipulator $responseManipulator,
-        private RateLimitConfig $config = new RateLimitConfig(),
-        private ?SecurityEventLogger $securityLogger = null
+        private readonly Logger $logger,
+        private readonly SecurityEventProcessor $processor,
+        private RateLimitConfig $config = new RateLimitConfig()
     ) {
     }
 
@@ -146,16 +150,30 @@ final readonly class RateLimitMiddleware implements HttpMiddleware
 
     private function logSecurityEvent(string $clientIp, string $path, RateLimitResult $result): void
     {
-        if (! $this->securityLogger) {
-            return;
-        }
-
+        // Create security event with correct constructor parameters
         $event = new SystemExcessiveUseEvent(
-            null, // No user ID for IP-based limiting
             $clientIp,
-            "Rate limit exceeded for {$path}: {$result->getCurrent()}/{$result->getLimit()} requests"
+            $result->getLimit(),
+            $result->getCurrent()
         );
 
-        $this->securityLogger->log($event);
+        // Create SecurityContext for OWASP-compliant logging
+        $securityContext = SecurityContext::forIntrusion(
+            eventId: $event->getEventIdentifier(),
+            description: $event->getDescription(),
+            level: $event->getLogLevel(),
+            requiresAlert: $event->requiresAlert(),
+            eventData: array_merge($event->toArray(), ['path' => $path])
+        )->withRequestInfo($clientIp, null);
+
+        // Map SecurityLogLevel to framework LogLevel
+        $logLevel = $this->processor->mapSecurityLevelToLogLevel($event->getLogLevel());
+
+        // Log directly via Logger with SecurityContext
+        $this->logger->log(
+            $logLevel,
+            $event->getDescription(),
+            LogContext::empty()->withSecurityContext($securityContext)
+        );
     }
 }