backend/routes/feedback.js

// Feedback route — proxies bug reports and feature requests to GitLab Issues API
// Keeps the GitLab PAT server-side so it's never exposed to the browser.

const express = require('express');
const https = require('https');
const http = require('http');
const { requireAuth } = require('../middleware/auth');

function createFeedbackRouter() {
    const router = express.Router();

    const GITLAB_URL = process.env.GITLAB_URL || '';
    const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID || '';
    const GITLAB_PAT = process.env.GITLAB_PAT || '';

    router.post('/', requireAuth(), async (req, res) => {
        if (!GITLAB_URL || !GITLAB_PROJECT_ID || !GITLAB_PAT) {
            return res.status(503).json({ error: 'Feedback integration not configured' });
        }

        const { type, title, description, page } = req.body;

        if (!type || !title || !description) {
            return res.status(400).json({ error: 'type, title, and description are required' });
        }

        if (!['bug', 'feature'].includes(type)) {
            return res.status(400).json({ error: 'type must be "bug" or "feature"' });
        }

        const labels = type === 'bug' ? 'bug' : 'enhancement';
        const prefix = type === 'bug' ? '🐛 Bug' : '✨ Feature Request';
        const username = req.user?.username || 'unknown';

        const body = [
            `**Submitted by:** ${username}`,
            page ? `**Page:** ${page}` : null,
            `**Type:** ${prefix}`,
            '',
            '---',
            '',
            description,
        ].filter(Boolean).join('\n');

        const postData = JSON.stringify({
            title: `[${prefix}] ${title}`,
            description: body,
            labels,
        });

        const apiUrl = `${GITLAB_URL.replace(/\/$/, '')}/api/v4/projects/${encodeURIComponent(GITLAB_PROJECT_ID)}/issues`;

        try {
            const result = await new Promise((resolve, reject) => {
                const parsed = new URL(apiUrl);
                const transport = parsed.protocol === 'https:' ? https : http;

                const reqOpts = {
                    method: 'POST',
                    hostname: parsed.hostname,
                    port: parsed.port,
                    path: parsed.pathname + parsed.search,
                    headers: {
                        'Content-Type': 'application/json',
                        'PRIVATE-TOKEN': GITLAB_PAT,
                        'Content-Length': Buffer.byteLength(postData),
                    },
                    rejectAuthorized: false,
                };

                const apiReq = transport.request(reqOpts, (apiRes) => {
                    let data = '';
                    apiRes.on('data', chunk => data += chunk);
                    apiRes.on('end', () => {
                        try {
                            resolve({ status: apiRes.statusCode, body: JSON.parse(data) });
                        } catch {
                            resolve({ status: apiRes.statusCode, body: data });
                        }
                    });
                });

                apiReq.on('error', reject);
                apiReq.write(postData);
                apiReq.end();
            });

            if (result.status === 201) {
                console.log(`[Feedback] Issue #${result.body.iid} created by ${username}: ${title}`);
                res.json({
                    success: true,
                    issue: {
                        id: result.body.iid,
                        url: result.body.web_url,
                        title: result.body.title,
                    },
                });
            } else {
                console.error(`[Feedback] GitLab API returned ${result.status}:`, result.body);
                res.status(502).json({ error: 'GitLab API error', details: result.body });
            }
        } catch (err) {
            console.error('[Feedback] Request failed:', err.message);
            res.status(502).json({ error: 'Failed to connect to GitLab' });
        }
    });

    return router;
}

module.exports = createFeedbackRouter;
feat: add multi-BU tenancy with per-user team scoping (Option B) - Add bu_teams column to users table (migration + fresh schema) - Create shared KNOWN_TEAMS constant and validateTeams helper - Expose user teams in auth middleware, login, and /me responses - Add bu_teams CRUD to user management routes with audit logging - Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var - Add query-time team filtering to GET /findings and /findings/counts - Update AuthContext with teams helpers and admin scope toggle - Create AdminScopeToggle component (My Teams / All BUs) - Scope ReportingPage findings fetch by user teams - Scope CompliancePage team selector by user teams - Scope ExportsPage findings exports by user teams - Add BU teams multi-select to UserManagement create/edit forms - Display team badges in user list table 2026-05-05 11:04:53 -06:00			`// Feedback route — proxies bug reports and feature requests to GitLab Issues API`
			`// Keeps the GitLab PAT server-side so it's never exposed to the browser.`

			`const express = require('express');`
			`const https = require('https');`
			`const http = require('http');`
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite) 2026-05-06 11:44:17 -06:00			`const { requireAuth } = require('../middleware/auth');`
feat: add multi-BU tenancy with per-user team scoping (Option B) - Add bu_teams column to users table (migration + fresh schema) - Create shared KNOWN_TEAMS constant and validateTeams helper - Expose user teams in auth middleware, login, and /me responses - Add bu_teams CRUD to user management routes with audit logging - Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var - Add query-time team filtering to GET /findings and /findings/counts - Update AuthContext with teams helpers and admin scope toggle - Create AdminScopeToggle component (My Teams / All BUs) - Scope ReportingPage findings fetch by user teams - Scope CompliancePage team selector by user teams - Scope ExportsPage findings exports by user teams - Add BU teams multi-select to UserManagement create/edit forms - Display team badges in user list table 2026-05-05 11:04:53 -06:00
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite) 2026-05-06 11:44:17 -06:00			`function createFeedbackRouter() {`
feat: add multi-BU tenancy with per-user team scoping (Option B) - Add bu_teams column to users table (migration + fresh schema) - Create shared KNOWN_TEAMS constant and validateTeams helper - Expose user teams in auth middleware, login, and /me responses - Add bu_teams CRUD to user management routes with audit logging - Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var - Add query-time team filtering to GET /findings and /findings/counts - Update AuthContext with teams helpers and admin scope toggle - Create AdminScopeToggle component (My Teams / All BUs) - Scope ReportingPage findings fetch by user teams - Scope CompliancePage team selector by user teams - Scope ExportsPage findings exports by user teams - Add BU teams multi-select to UserManagement create/edit forms - Display team badges in user list table 2026-05-05 11:04:53 -06:00			`const router = express.Router();`

			`const GITLAB_URL = process.env.GITLAB_URL \|\| '';`
			`const GITLAB_PROJECT_ID = process.env.GITLAB_PROJECT_ID \|\| '';`
			`const GITLAB_PAT = process.env.GITLAB_PAT \|\| '';`

feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite) 2026-05-06 11:44:17 -06:00			`router.post('/', requireAuth(), async (req, res) => {`
feat: add multi-BU tenancy with per-user team scoping (Option B) - Add bu_teams column to users table (migration + fresh schema) - Create shared KNOWN_TEAMS constant and validateTeams helper - Expose user teams in auth middleware, login, and /me responses - Add bu_teams CRUD to user management routes with audit logging - Make Ivanti FINDINGS_FILTERS configurable via IVANTI_BU_FILTER env var - Add query-time team filtering to GET /findings and /findings/counts - Update AuthContext with teams helpers and admin scope toggle - Create AdminScopeToggle component (My Teams / All BUs) - Scope ReportingPage findings fetch by user teams - Scope CompliancePage team selector by user teams - Scope ExportsPage findings exports by user teams - Add BU teams multi-select to UserManagement create/edit forms - Display team badges in user list table 2026-05-05 11:04:53 -06:00			`if (!GITLAB_URL \|\| !GITLAB_PROJECT_ID \|\| !GITLAB_PAT) {`
			`return res.status(503).json({ error: 'Feedback integration not configured' });`
			`}`

			`const { type, title, description, page } = req.body;`

			`if (!type \|\| !title \|\| !description) {`
			`return res.status(400).json({ error: 'type, title, and description are required' });`
			`}`

			`if (!['bug', 'feature'].includes(type)) {`
			`return res.status(400).json({ error: 'type must be "bug" or "feature"' });`
			`}`

			`const labels = type === 'bug' ? 'bug' : 'enhancement';`
			`const prefix = type === 'bug' ? '🐛 Bug' : '✨ Feature Request';`
			`const username = req.user?.username \|\| 'unknown';`

			`const body = [`
			`Submitted by: ${username}`,
			page ? `Page: ${page}` : null,
			`Type: ${prefix}`,
			`'',`
			`'---',`
			`'',`
			`description,`
			`].filter(Boolean).join('\n');`

			`const postData = JSON.stringify({`
			title: `[${prefix}] ${title}`,
			`description: body,`
			`labels,`
			`});`

			const apiUrl = `${GITLAB_URL.replace(/\/$/, '')}/api/v4/projects/${encodeURIComponent(GITLAB_PROJECT_ID)}/issues`;

			`try {`
			`const result = await new Promise((resolve, reject) => {`
			`const parsed = new URL(apiUrl);`
			`const transport = parsed.protocol === 'https:' ? https : http;`

			`const reqOpts = {`
			`method: 'POST',`
			`hostname: parsed.hostname,`
			`port: parsed.port,`
			`path: parsed.pathname + parsed.search,`
			`headers: {`
			`'Content-Type': 'application/json',`
			`'PRIVATE-TOKEN': GITLAB_PAT,`
			`'Content-Length': Buffer.byteLength(postData),`
			`},`
			`rejectAuthorized: false,`
			`};`

			`const apiReq = transport.request(reqOpts, (apiRes) => {`
			`let data = '';`
			`apiRes.on('data', chunk => data += chunk);`
			`apiRes.on('end', () => {`
			`try {`
			`resolve({ status: apiRes.statusCode, body: JSON.parse(data) });`
			`} catch {`
			`resolve({ status: apiRes.statusCode, body: data });`
			`}`
			`});`
			`});`

			`apiReq.on('error', reject);`
			`apiReq.write(postData);`
			`apiReq.end();`
			`});`

			`if (result.status === 201) {`
			console.log(`[Feedback] Issue #${result.body.iid} created by ${username}: ${title}`);
			`res.json({`
			`success: true,`
			`issue: {`
			`id: result.body.iid,`
			`url: result.body.web_url,`
			`title: result.body.title,`
			`},`
			`});`
			`} else {`
			console.error(`[Feedback] GitLab API returned ${result.status}:`, result.body);
			`res.status(502).json({ error: 'GitLab API error', details: result.body });`
			`}`
			`} catch (err) {`
			`console.error('[Feedback] Request failed:', err.message);`
			`res.status(502).json({ error: 'Failed to connect to GitLab' });`
			`}`
			`});`

			`return router;`
			`}`

			`module.exports = createFeedbackRouter;`