- tests
- delete accounts
- security
- binary data & compression & encryption
- document
- roles + use of ..
- res.locals
- endpoints
- document not change user roles
- re-add doc transform and change doc structure to include notIndexed
- firestore emulator for tests? https://firebase.google.com/docs/emulator-suite
- warnings in .gitignore
- how test invalidated session?
- additional logging
- All login attempts – successful and unsuccessful
- Logouts
- Password changes and reset attempts
- User creation, removal and changes to a user's authorisation
- Authorisation failures (when a user is denied access to a particular resource)
- Input validation failures (such as unexpected values received from a dropdown list)
- System administration activity
- Integrity events (changes to data) and submission of user-generated content – especially file uploads
- Access to sensitive data – like payment card information, keys etc.