diff --git a/src/controllers/adminTokenController.js b/src/controllers/adminTokenController.js
index 96ad6d7..86acc37 100644
--- a/src/controllers/adminTokenController.js
+++ b/src/controllers/adminTokenController.js
@@ -1,5 +1,5 @@
 const { validateToken, cleanupTokens } = require("../utils/adminToken");
-const HttpError = require("../utils/HttpError");
+const SecurityEvent = require("../utils/SecurityEvent");
 
 exports.cleanupTokensMiddleware = (req, res, next) => {
   if (Math.random() < 0.1) {
@@ -8,9 +8,11 @@
   next();
 };
 
+// this is redirecting to authelia, despite being a "safe ip"
+
 exports.handleTokenRedirect = (req, res, next) => {
   const { token } = req.params;
-  if (!token) return next();
+  if (req.isAuthenticated || !token) return next();
 
   if (!validateToken(token)) {
     const error = new SecurityEvent("INVALID_TOKEN", { token });
@@ -28,4 +30,5 @@
   const adminLoginUrl = `${process.env.AUTH_LOGIN}${redirectTo}`;
   res.set("Content-Type", "text/html");
   res.customRedirect(adminLoginUrl, 301);
+  console.log("test");
 };
diff --git a/src/utils/SecurityEvent.js b/src/utils/SecurityEvent.js
index b50023e..1f8d55d 100644
--- a/src/utils/SecurityEvent.js
+++ b/src/utils/SecurityEvent.js
@@ -5,6 +5,91 @@
 const { winstonLogger } = require("./logging");
 const { captureSecurityData } = require("./securityForensics");
 
+const EVENT_TYPES = {
+  // Validation Events
+  VALIDATION_FAILURE: {
+    message: "Input validation failed",
+    statusCode: 400,
+    level: "warning",
+    category: "validation",
+  },
+  INVALID_INPUT: {
+    message: "Invalid input provided",
+    statusCode: 400,
+    level: "warning",
+    category: "validation",
+  },
+
+  // Authentication Events
+  INVALID_TOKEN: {
+    message: "Invalid or expired token",
+    statusCode: 401,
+    level: "warning",
+    category: "auth",
+  },
+  AUTH_FAILURE: {
+    message: "Authentication failed",
+    statusCode: 401,
+    level: "warning",
+    category: "auth",
+  },
+
+  // CAPTCHA Events
+  MISSING_CAPTCHA: {
+    message: "CAPTCHA token missing from submission",
+    statusCode: 400,
+    level: "info",
+    category: "captcha",
+  },
+  CAPTCHA_FAILED: {
+    message: "CAPTCHA verification failed",
+    statusCode: 403,
+    level: "warning",
+    category: "captcha",
+  },
+
+  // Threat Events
+  THREAT_BLOCKED: {
+    message: "Submission blocked due to high threat level",
+    statusCode: 403,
+    level: "critical",
+    category: "threat",
+  },
+  SUSPICIOUS_ACTIVITY: {
+    message: "Suspicious activity detected",
+    statusCode: 403,
+    level: "warning",
+    category: "threat",
+  },
+
+  // Success Events
+  CONTACT_SUCCESS: {
+    message: "Contact form submitted successfully",
+    statusCode: 200,
+    level: "info",
+    category: "success",
+  },
+  PAGE_ACCESS: {
+    message: "Page accessed",
+    statusCode: 200,
+    level: "info",
+    category: "access",
+  },
+
+  // Error Events
+  CONTACT_ERROR: {
+    message: "Error processing contact form",
+    statusCode: 500,
+    level: "error",
+    category: "error",
+  },
+  SYSTEM_ERROR: {
+    message: "System error occurred",
+    statusCode: 500,
+    level: "error",
+    category: "error",
+  },
+};
 class SecurityEvent extends HttpError {
   constructor(eventType, metadata = {}, options = {}) {
     // Handle both string event types and direct metadata for backwards compatibility