jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc652ba964bc98b78efb59e74e90923c954b5fb1
cve-dashboard/backend/routes/ivantiTodoQueue.js

353 lines
14 KiB
JavaScript
Raw Normal View History

feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
// routes/ivantiTodoQueue.js
const express = require('express');
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
const pool = require('../db');
const { requireAuth, requireGroup } = require('../middleware/auth');
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
const logAudit = require('../helpers/auditLog');
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
const VALID_WORKFLOW_TYPES = ['FP', 'Archer', 'CARD', 'GRANITE'];
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
const VALID_STATUSES = ['pending', 'complete'];
function isValidVendor(vendor) {
security: address audit findings C-4 through M-8 Critical: - C-4: Add express-rate-limit to login (20 attempts/15min) - C-5: Remove default credentials from LoginForm.js - C-6: Add sandbox attribute to KB document iframe High: - H-2: Hard-fail on startup if SESSION_SECRET env var is missing - H-6: Sanitize filenames in Content-Disposition headers - H-7: Fix KB upload race condition — move file after DB insert succeeds - H-8: Generate random admin password in setup.js instead of hardcoded - H-9: Add rehype-sanitize to ReactMarkdown (requires npm install) Medium: - M-4: Fix loose equality (==) to strict (===) in users.js self-checks - M-5: Add hostname format regex validation in compliance notes - M-6: Fix vendor trim-before-validate in ivantiTodoQueue.js - M-7: Sanitize original filename in compliance temp JSON - M-8: Pull CSP frame-ancestors from CORS_ORIGINS env var New dependencies needed: - backend: express-rate-limit (npm install in root) - frontend: rehype-sanitize (npm install in frontend/)
2026-04-07 10:23:10 -06:00
if (typeof vendor !== 'string') return false;
const trimmed = vendor.trim();
return trimmed.length > 0 && trimmed.length <= 200;
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
function createIvantiTodoQueueRouter() {
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
const router = express.Router();
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// GET /api/ivanti/todo-queue
router.get('/', requireAuth(), async (req, res) => {
try {
const { rows } = await pool.query(
`SELECT q.*
FROM ivanti_todo_queue q
WHERE q.user_id = $1
ORDER BY q.vendor ASC, q.created_at ASC`,
[req.user.id]
);
const parsed = rows.map((r) => ({
...r,
cves: r.cves_json ? JSON.parse(r.cves_json) : [],
}));
res.json(parsed);
} catch (err) {
console.error('Error fetching todo queue:', err);
res.status(500).json({ error: 'Internal server error.' });
}
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// POST /api/ivanti/todo-queue/batch
router.post('/batch', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
const { findings, workflow_type, vendor } = req.body;
if (!Array.isArray(findings) || findings.length < 1 || findings.length > 200) {
return res.status(400).json({ error: 'findings array must contain 1-200 items.' });
}
for (let i = 0; i < findings.length; i++) {
const f = findings[i];
if (!f || typeof f.finding_id !== 'string' || f.finding_id.trim().length === 0) {
return res.status(400).json({ error: 'Each finding must have a non-empty finding_id string.' });
}
}
if (!VALID_WORKFLOW_TYPES.includes(workflow_type)) {
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
return res.status(400).json({ error: 'workflow_type must be FP, Archer, CARD, or GRANITE.' });
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
if (!['CARD', 'GRANITE'].includes(workflow_type)) {
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
if (!isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor is required for FP and Archer workflows.' });
}
}
if (vendor !== undefined && vendor !== '' && typeof vendor === 'string' && vendor.trim().length > 200) {
return res.status(400).json({ error: 'vendor must be under 200 chars.' });
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
const vendorVal = ['CARD', 'GRANITE'].includes(workflow_type) ? '' : vendor.trim();
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
const userId = req.user.id;
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
const client = await pool.connect();
try {
await client.query('BEGIN');
const insertedIds = [];
for (const f of findings) {
const findingId = f.finding_id.trim();
const title = f.finding_title && typeof f.finding_title === 'string'
? f.finding_title.slice(0, 500) : null;
const cvesJson = Array.isArray(f.cves) ? JSON.stringify(f.cves) : null;
const ipVal = f.ip_address && typeof f.ip_address === 'string'
? f.ip_address.trim().slice(0, 64) : null;
const hostVal = f.hostname && typeof f.hostname === 'string'
? f.hostname.trim().slice(0, 255) : null;
const { rows } = await client.query(
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
`INSERT INTO ivanti_todo_queue
feat: add hostname and IP display to Ivanti queue panel - Add migration to add hostname column to ivanti_todo_queue table - Update POST and batch POST endpoints to accept and store hostname - Pass hostName from findings data when adding items to queue - Display hostname and IP address in CARD queue section - Display hostname and IP address in vendor (FP/Archer) queue sections
2026-04-09 11:56:56 -06:00
(user_id, finding_id, finding_title, cves_json, ip_address, hostname, vendor, workflow_type)
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
RETURNING id`,
[userId, findingId, title, cvesJson, ipVal, hostVal, vendorVal, workflow_type]
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
);
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
insertedIds.push(rows[0].id);
}
await client.query('COMMIT');
// Fetch all inserted rows
const { rows: fetchedRows } = await pool.query(
`SELECT * FROM ivanti_todo_queue WHERE id = ANY($1)`,
[insertedIds]
);
const items = fetchedRows.map((r) => ({
...r,
cves: r.cves_json ? JSON.parse(r.cves_json) : [],
}));
logAudit({
userId: req.user.id,
username: req.user.username,
action: 'batch_add_to_queue',
entityType: 'ivanti_todo_queue',
entityId: null,
details: {
count: insertedIds.length,
workflow_type: workflow_type,
finding_ids: findings.map((f) => f.finding_id.trim()),
},
ipAddress: req.ip,
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
return res.status(201).json({ items });
} catch (err) {
await client.query('ROLLBACK');
console.error('Batch insert error:', err);
return res.status(500).json({ error: 'Internal server error.' });
} finally {
client.release();
}
feat: add batch finding disposition — multi-select findings and bulk add to Ivanti queue
2026-04-09 09:49:40 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// POST /api/ivanti/todo-queue
router.post('/', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat: add hostname and IP display to Ivanti queue panel - Add migration to add hostname column to ivanti_todo_queue table - Update POST and batch POST endpoints to accept and store hostname - Pass hostName from findings data when adding items to queue - Display hostname and IP address in CARD queue section - Display hostname and IP address in vendor (FP/Archer) queue sections
2026-04-09 11:56:56 -06:00
const { finding_id, finding_title, cves, ip_address, hostname, vendor, workflow_type } = req.body;
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
if (!finding_id || typeof finding_id !== 'string' || finding_id.trim().length === 0) {
return res.status(400).json({ error: 'finding_id is required.' });
}
if (!VALID_WORKFLOW_TYPES.includes(workflow_type)) {
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
return res.status(400).json({ error: 'workflow_type must be FP, Archer, CARD, or GRANITE.' });
feat(reporting): CARD workflow needs no vendor + own queue section CARD workflow type no longer requires a vendor/platform entry since asset disposition is handled entirely within CARD. In the popover the vendor field is replaced with a note when CARD is selected, and the Add button is enabled immediately. In the queue panel, CARD items are separated into their own top section (green header) rather than being mixed into vendor groups. Backend validation updated to skip vendor requirement for CARD. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:52:06 -06:00
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
if (!['CARD', 'GRANITE'].includes(workflow_type) && !isValidVendor(vendor)) {
feat(reporting): CARD workflow needs no vendor + own queue section CARD workflow type no longer requires a vendor/platform entry since asset disposition is handled entirely within CARD. In the popover the vendor field is replaced with a note when CARD is selected, and the Add button is enabled immediately. In the queue panel, CARD items are separated into their own top section (green header) rather than being mixed into vendor groups. Backend validation updated to skip vendor requirement for CARD. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:52:06 -06:00
return res.status(400).json({ error: 'vendor is required for FP and Archer workflows.' });
}
if (vendor !== undefined && vendor !== '' && !isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor must be under 200 chars.' });
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
const vendorVal = ['CARD', 'GRANITE'].includes(workflow_type) ? '' : vendor.trim();
feat(reporting): CARD workflow needs no vendor + own queue section CARD workflow type no longer requires a vendor/platform entry since asset disposition is handled entirely within CARD. In the popover the vendor field is replaced with a note when CARD is selected, and the Add button is enabled immediately. In the queue panel, CARD items are separated into their own top section (green header) rather than being mixed into vendor groups. Backend validation updated to skip vendor requirement for CARD. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:52:06 -06:00
const cvesJson = Array.isArray(cves) ? JSON.stringify(cves) : null;
feat(reporting): store and display IP address on CARD queue items Adds ip_address column to ivanti_todo_queue so CARD entries carry the host IP needed to locate the asset in CARD. - Migration: ALTER TABLE ADD COLUMN ip_address TEXT (safe to re-run) - Backend: accepts ip_address in POST body, stores up to 64 chars - Frontend: captures finding.ipAddress when adding to queue; CARD items in the queue panel show the IP in green instead of the CVE list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 15:01:32 -06:00
const ipVal = ip_address && typeof ip_address === 'string' ? ip_address.trim().slice(0, 64) : null;
feat: add hostname and IP display to Ivanti queue panel - Add migration to add hostname column to ivanti_todo_queue table - Update POST and batch POST endpoints to accept and store hostname - Pass hostName from findings data when adding items to queue - Display hostname and IP address in CARD queue section - Display hostname and IP address in vendor (FP/Archer) queue sections
2026-04-09 11:56:56 -06:00
const hostVal = hostname && typeof hostname === 'string' ? hostname.trim().slice(0, 255) : null;
feat(reporting): CARD workflow needs no vendor + own queue section CARD workflow type no longer requires a vendor/platform entry since asset disposition is handled entirely within CARD. In the popover the vendor field is replaced with a note when CARD is selected, and the Add button is enabled immediately. In the queue panel, CARD items are separated into their own top section (green header) rather than being mixed into vendor groups. Backend validation updated to skip vendor requirement for CARD. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:52:06 -06:00
const title = finding_title && typeof finding_title === 'string'
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
? finding_title.slice(0, 500) : null;
try {
const { rows } = await pool.query(
`INSERT INTO ivanti_todo_queue
(user_id, finding_id, finding_title, cves_json, ip_address, hostname, vendor, workflow_type)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
RETURNING *`,
[req.user.id, finding_id.trim(), title, cvesJson, ipVal, hostVal, vendorVal, workflow_type]
);
const result = {
...rows[0],
cves: rows[0].cves_json ? JSON.parse(rows[0].cves_json) : [],
};
res.status(201).json(result);
} catch (err) {
console.error('Error adding to queue:', err);
res.status(500).json({ error: 'Internal server error.' });
}
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// PUT /api/ivanti/todo-queue/:id
router.put('/:id', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
const { id } = req.params;
const { vendor, workflow_type, status } = req.body;
if (vendor !== undefined && !isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor must be a non-empty string (max 200 chars).' });
}
if (workflow_type !== undefined && !VALID_WORKFLOW_TYPES.includes(workflow_type)) {
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
return res.status(400).json({ error: 'workflow_type must be FP, Archer, CARD, or GRANITE.' });
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
}
if (status !== undefined && !VALID_STATUSES.includes(status)) {
return res.status(400).json({ error: 'status must be pending or complete.' });
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
try {
const { rows: existingRows } = await pool.query(
'SELECT * FROM ivanti_todo_queue WHERE id = $1 AND user_id = $2',
[id, req.user.id]
);
if (!existingRows[0]) {
return res.status(404).json({ error: 'Queue item not found.' });
}
const updates = [];
const params = [];
let paramIndex = 1;
if (vendor !== undefined) {
updates.push(`vendor = $${paramIndex++}`);
params.push(vendor.trim());
}
if (workflow_type !== undefined) {
updates.push(`workflow_type = $${paramIndex++}`);
params.push(workflow_type);
}
if (status !== undefined) {
updates.push(`status = $${paramIndex++}`);
params.push(status);
}
if (updates.length === 0) {
return res.status(400).json({ error: 'No fields to update.' });
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
updates.push('updated_at = NOW()');
params.push(id, req.user.id);
await pool.query(
`UPDATE ivanti_todo_queue SET ${updates.join(', ')} WHERE id = $${paramIndex++} AND user_id = $${paramIndex}`,
params
);
const { rows } = await pool.query(
'SELECT * FROM ivanti_todo_queue WHERE id = $1', [id]
);
const result = {
...rows[0],
cves: rows[0].cves_json ? JSON.parse(rows[0].cves_json) : [],
};
res.json(result);
} catch (err) {
console.error(err);
res.status(500).json({ error: 'Internal server error.' });
}
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// POST /api/ivanti/todo-queue/:id/redirect
router.post('/:id/redirect', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
const { id } = req.params;
const { workflow_type, vendor } = req.body;
if (!VALID_WORKFLOW_TYPES.includes(workflow_type)) {
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
return res.status(400).json({ error: 'workflow_type must be FP, Archer, CARD, or GRANITE.' });
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
if (!['CARD', 'GRANITE'].includes(workflow_type)) {
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
if (!isValidVendor(vendor)) {
return res.status(400).json({ error: 'vendor is required for FP and Archer workflows.' });
}
}
if (vendor !== undefined && vendor !== '' && typeof vendor === 'string' && vendor.trim().length > 200) {
return res.status(400).json({ error: 'vendor must be under 200 chars.' });
}
feat: add GRANITE as fourth workflow type in Ivanti queue - Add GRANITE to VALID_WORKFLOW_TYPES in backend (no vendor required, same as CARD) - Update vendor validation and error messages across all endpoints (single add, batch, PUT, redirect) - Add GRANITE option to RedirectModal with warm slate color (#A1887F) - Rename QueuePanel CARD section to Inventory, group CARD + GRANITE with sub-divider - Add GRANITE to AddToQueuePopover and SelectionToolbar - Update spec docs (requirements, design, tasks)
2026-04-14 15:33:19 -06:00
const vendorVal = ['CARD', 'GRANITE'].includes(workflow_type) ? '' : vendor.trim();
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
try {
const { rows: origRows } = await pool.query(
'SELECT * FROM ivanti_todo_queue WHERE id = $1 AND user_id = $2',
[id, req.user.id]
);
const original = origRows[0];
if (!original) {
return res.status(404).json({ error: 'Queue item not found.' });
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
if (original.status !== 'complete') {
return res.status(400).json({ error: 'Only completed queue items can be redirected.' });
}
const { rows } = await pool.query(
`INSERT INTO ivanti_todo_queue
(user_id, finding_id, finding_title, cves_json, ip_address, hostname, vendor, workflow_type)
VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
RETURNING *`,
[req.user.id, original.finding_id, original.finding_title, original.cves_json, original.ip_address, original.hostname, vendorVal, workflow_type]
);
logAudit({
userId: req.user.id,
username: req.user.username,
action: 'queue_item_redirected',
entityType: 'ivanti_todo_queue',
entityId: String(original.id),
details: {
original_workflow_type: original.workflow_type,
target_workflow_type: workflow_type,
new_item_id: rows[0].id,
vendor: vendorVal,
},
ipAddress: req.ip,
});
const result = {
...rows[0],
cves: rows[0].cves_json ? JSON.parse(rows[0].cves_json) : [],
};
return res.status(201).json(result);
} catch (err) {
console.error('Error redirecting queue item:', err);
res.status(500).json({ error: 'Internal server error.' });
}
feat: add Ivanti Queue redirect for completed items
2026-04-09 16:01:36 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// DELETE /api/ivanti/todo-queue/completed
router.delete('/completed', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
try {
const result = await pool.query(
"DELETE FROM ivanti_todo_queue WHERE user_id = $1 AND status = 'complete'",
[req.user.id]
);
res.json({ message: 'Completed items cleared.', deleted: result.rowCount });
} catch (err) {
console.error('Error clearing completed queue items:', err);
res.status(500).json({ error: 'Internal server error.' });
}
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
});
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// DELETE /api/ivanti/todo-queue/:id
router.delete('/:id', requireAuth(), requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
const { id } = req.params;
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
try {
const { rows } = await pool.query(
'SELECT id FROM ivanti_todo_queue WHERE id = $1 AND user_id = $2',
[id, req.user.id]
);
if (!rows[0]) {
return res.status(404).json({ error: 'Queue item not found.' });
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
await pool.query(
'DELETE FROM ivanti_todo_queue WHERE id = $1 AND user_id = $2',
[id, req.user.id]
);
res.json({ message: 'Queue item deleted.' });
} catch (err) {
console.error(err);
res.status(500).json({ error: 'Internal server error.' });
}
feat(reporting): add Ivanti queue panel for batch FP/Archer staging Adds a persistent per-user staging queue so analysts can tag findings during review and batch-process Ivanti workflows in one focused session. Backend: - New ivanti_todo_queue table (user-scoped, vendor, workflow_type, status) - Table auto-created on server startup via idempotent CREATE IF NOT EXISTS - New route /api/ivanti/todo-queue: GET, POST, PUT/:id, DELETE/:id, DELETE/completed — all scoped to req.user.id Frontend (ReportingPage): - Fixed checkbox column on findings table; clicking opens an add-to-queue popover (portal) with vendor input and FP/Archer toggle - Already-queued rows show checked/disabled checkbox - Queue slide-out panel (420px fixed, CSS transition) with items grouped by vendor, per-item complete toggle + delete, Clear Completed footer - Queue button in header with live pending-count badge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:10:53 -06:00
});
return router;
}
module.exports = createIvantiTodoQueueRouter;
Reference in New Issue Copy Permalink