feat: Add login/logout audit logging (refs #10)

Backend:
- Add login event logging to getUserStatus() controller method
- Create POST /auth/track-logout endpoint for logout tracking

Frontend:
- Create useLogout hook that wraps Auth0 logout with audit tracking
- Update all logout locations to use the new hook (SettingsPage,
  Layout, MobileSettingsScreen, useDeletion)

Login events are logged when the frontend calls /auth/user-status after
Auth0 callback. Logout events are logged via fire-and-forget call to
/auth/track-logout before Auth0 logout.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

frontend/src/components/Layout.tsx

@@ -5,6 +5,7 @@
 import React from 'react';
 import { useAuth0 } from '@auth0/auth0-react';
 import { Link, useLocation } from 'react-router-dom';
+import { useLogout } from '../core/auth/useLogout';
 import { Container, Paper, Typography, Box, IconButton, Avatar } from '@mui/material';
 import HomeRoundedIcon from '@mui/icons-material/HomeRounded';
 import DirectionsCarRoundedIcon from '@mui/icons-material/DirectionsCarRounded';
@@ -26,7 +27,8 @@ interface LayoutProps {
 }
 
 export const Layout: React.FC<LayoutProps> = ({ children, mobileMode = false }) => {
-  const { user, logout } = useAuth0();
+  const { user } = useAuth0();
+  const { logout } = useLogout();
   const { sidebarOpen, toggleSidebar, setSidebarOpen } = useAppStore();
   const location = useLocation();
 
@@ -222,7 +224,7 @@ export const Layout: React.FC<LayoutProps> = ({ children, mobileMode = false })
             variant="secondary"
             size="sm"
             className="w-full"
-            onClick={() => logout({ logoutParams: { returnTo: window.location.origin } })}
+            onClick={() => logout()}
           >
             Sign Out
           </Button>

frontend/src/core/auth/useLogout.ts

@@ -0,0 +1,46 @@
+/**
+ * @ai-summary Custom logout hook with audit logging
+ * @ai-context Tracks logout event before Auth0 logout for audit trail
+ */
+
+import { useAuth0 } from '@auth0/auth0-react';
+import { useCallback } from 'react';
+
+/**
+ * Custom hook that wraps Auth0 logout with audit tracking.
+ * Calls /api/auth/track-logout before performing Auth0 logout.
+ * The audit call is fire-and-forget to ensure logout always completes.
+ */
+export const useLogout = () => {
+  const { logout: auth0Logout, getAccessTokenSilently } = useAuth0();
+
+  const logout = useCallback(async () => {
+    // Fire-and-forget audit call (don't block logout)
+    try {
+      const token = await getAccessTokenSilently({ cacheMode: 'on' as const });
+      if (token) {
+        // Use fetch directly to avoid axios interceptor issues during logout
+        fetch('/api/auth/track-logout', {
+          method: 'POST',
+          headers: {
+            'Authorization': `Bearer ${token}`,
+            'Content-Type': 'application/json',
+          },
+        }).catch(() => {
+          // Silently ignore errors - don't block logout
+        });
+      }
+    } catch {
+      // Token not available - proceed with logout anyway
+    }
+
+    // Perform Auth0 logout
+    auth0Logout({
+      logoutParams: {
+        returnTo: window.location.origin,
+      },
+    });
+  }, [auth0Logout, getAccessTokenSilently]);
+
+  return { logout };
+};

frontend/src/features/settings/hooks/useDeletion.ts

@@ -4,6 +4,7 @@
 
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import { useAuth0 } from '@auth0/auth0-react';
+import { useLogout } from '../../../core/auth/useLogout';
 import { profileApi } from '../api/profile.api';
 import { RequestDeletionRequest } from '../types/profile.types';
 import toast from 'react-hot-toast';
@@ -36,7 +37,7 @@ export const useDeletionStatus = () => {
 
 export const useRequestDeletion = () => {
   const queryClient = useQueryClient();
-  const { logout } = useAuth0();
+  const { logout } = useLogout();
 
   return useMutation({
     mutationFn: (data: RequestDeletionRequest) => profileApi.requestDeletion(data),
@@ -45,9 +46,9 @@ export const useRequestDeletion = () => {
       queryClient.invalidateQueries({ queryKey: ['user-profile'] });
       toast.success(response.data.message || 'Account deletion scheduled');
 
-      // Logout after 2 seconds
+      // Logout after 2 seconds (with audit tracking)
       setTimeout(() => {
-        logout({ logoutParams: { returnTo: window.location.origin } });
+        logout();
       }, 2000);
     },
     onError: (error: ApiError) => {

frontend/src/features/settings/mobile/MobileSettingsScreen.tsx

@@ -1,5 +1,6 @@
 import React, { useState } from 'react';
 import { useAuth0 } from '@auth0/auth0-react';
+import { useLogout } from '../../../core/auth/useLogout';
 import { GlassCard } from '../../../shared-minimal/components/mobile/GlassCard';
 import { MobileContainer } from '../../../shared-minimal/components/mobile/MobileContainer';
 import { useSettings } from '../hooks/useSettings';
@@ -75,7 +76,8 @@ const Modal: React.FC<ModalProps> = ({ isOpen, onClose, title, children }) => {
 };
 
 export const MobileSettingsScreen: React.FC = () => {
-  const { user, logout } = useAuth0();
+  const { user } = useAuth0();
+  const { logout } = useLogout();
   const { navigateToScreen } = useNavigationStore();
   const { settings, updateSetting, isLoading, error } = useSettings();
   const { data: profile, isLoading: profileLoading } = useProfile();
@@ -98,11 +100,7 @@ export const MobileSettingsScreen: React.FC = () => {
   }, [profile, isEditingProfile]);
 
   const handleLogout = () => {
-    logout({
-      logoutParams: {
-        returnTo: window.location.origin
-      }
-    });
+    logout();
   };
 
   const handleExportData = () => {

frontend/src/pages/SettingsPage.tsx

@@ -5,6 +5,7 @@
 import React, { useState } from 'react';
 import { useAuth0 } from '@auth0/auth0-react';
 import { useNavigate } from 'react-router-dom';
+import { useLogout } from '../core/auth/useLogout';
 import { useUnits } from '../core/units/UnitsContext';
 import { useAdminAccess } from '../core/auth/useAdminAccess';
 import { useProfile, useUpdateProfile } from '../features/settings/hooks/useProfile';
@@ -44,7 +45,8 @@ import CancelIcon from '@mui/icons-material/Cancel';
 import { Card } from '../shared-minimal/components/Card';
 
 export const SettingsPage: React.FC = () => {
-  const { user, logout } = useAuth0();
+  const { user } = useAuth0();
+  const { logout } = useLogout();
   const navigate = useNavigate();
   const { unitSystem, setUnitSystem } = useUnits();
   const { isAdmin, loading: adminLoading } = useAdminAccess();
@@ -73,7 +75,7 @@ export const SettingsPage: React.FC = () => {
   }, [profile, isEditingProfile]);
 
   const handleLogout = () => {
-    logout({ logoutParams: { returnTo: window.location.origin } });
+    logout();
   };
 
   const handleEditProfile = () => {