jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eef324936d799c5e1b1f603161d3c8b318d3c35e
cve-dashboard/backend/routes/ivantiWorkflows.js

200 lines
7.1 KiB
JavaScript
Raw Normal View History

Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
// Ivanti / RiskSense Workflow Routes
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// Data is cached in PostgreSQL and refreshed on a daily schedule or on-demand.
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
const express = require('express');
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
const pool = require('../db');
const { requireAuth, requireGroup } = require('../middleware/auth');
feat: add Ivanti FP workflow submission from Queue - Add shared ivantiApi.js helper (ivantiPost + ivantiMultipartPost) - Add ivantiFpWorkflow.js backend route with validation, Ivanti API workflow creation, attachment uploads, submission tracking, and audit - Add add_fp_submissions_table.js migration - Wire route into server.js at /api/ivanti/fp-workflow - Add FpWorkflowModal component in ReportingPage.js with form fields, drag-and-drop file upload, progress indicator, and result views - Add Create FP Workflow button to QueuePanel footer (editor/admin only) - Refactor ivantiWorkflows.js and ivantiFindings.js to use shared helper
2026-04-07 16:20:24 -06:00
const { ivantiPost } = require('../helpers/ivantiApi');
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
const SYNC_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
// ---------------------------------------------------------------------------
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// Core sync — calls Ivanti API, stores result in PostgreSQL
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
// ---------------------------------------------------------------------------
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
async function syncWorkflows() {
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
const apiKey = process.env.IVANTI_API_KEY;
const clientId = process.env.IVANTI_CLIENT_ID || '1550';
const firstName = process.env.IVANTI_FIRST_NAME || '';
const lastName = process.env.IVANTI_LAST_NAME || '';
const skipTls = process.env.IVANTI_SKIP_TLS === 'true';
if (!apiKey) {
const errMsg = 'IVANTI_API_KEY not set in .env — skipping sync';
console.warn('[Ivanti]', errMsg);
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
await pool.query(
`UPDATE ivanti_sync_state SET sync_status='error', error_message=$1, synced_at=NOW() WHERE id=1`,
[errMsg]
);
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
return;
}
console.log('[Ivanti] Syncing workflows...');
const urlPath = `/client/${encodeURIComponent(clientId)}/workflowBatch/search`;
const body = {
filters: [
{
field: 'created_by_last_name',
exclusive: false,
operator: 'IN',
orWithPrevious: false,
implicitFilters: [],
value: lastName,
caseSensitive: false
},
{
field: 'created_by_first_name',
exclusive: false,
operator: 'IN',
orWithPrevious: false,
implicitFilters: [],
value: firstName,
caseSensitive: false
}
],
projection: 'internal',
sort: [{ field: 'created', direction: 'DESC' }],
page: 0,
size: 50
};
try {
const result = await ivantiPost(urlPath, body, apiKey, skipTls);
if (result.status === 401) {
throw new Error('Invalid or missing API key (401) — check IVANTI_API_KEY in .env');
}
if (result.status === 419) {
throw new Error('Insufficient privileges (419) — API key lacks workflow access');
}
if (result.status === 429) {
throw new Error('Rate limited (429) — will retry at next scheduled sync');
}
if (result.status !== 200) {
throw new Error(`Ivanti API returned unexpected status ${result.status}`);
}
const data = JSON.parse(result.body);
let total = 0;
let workflows = [];
if (data.page && typeof data.page.totalElements === 'number') {
total = data.page.totalElements;
workflows = data._embedded?.workflowBatches
|| data._embedded?.workflowBatch
|| [];
} else if (typeof data.total === 'number') {
total = data.total;
workflows = data.data || data.content || data.results || [];
} else if (typeof data.totalElements === 'number') {
total = data.totalElements;
workflows = data.content || data.data || [];
} else if (Array.isArray(data)) {
workflows = data;
total = data.length;
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
await pool.query(
`UPDATE ivanti_sync_state
SET total=$1, workflows_json=$2, synced_at=NOW(), sync_status='success', error_message=NULL
WHERE id=1`,
[total, JSON.stringify(workflows)]
);
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
console.log(`[Ivanti] Sync complete — ${total} workflows`);
} catch (err) {
const msg = err.message || 'Unknown error';
console.error('[Ivanti] Sync failed:', msg);
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
await pool.query(
`UPDATE ivanti_sync_state SET sync_status='error', error_message=$1, synced_at=NOW() WHERE id=1`,
[msg]
);
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
}
}
// ---------------------------------------------------------------------------
// Scheduler — runs sync immediately if >24h stale, then every 24h
// ---------------------------------------------------------------------------
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
async function scheduleSync() {
try {
const { rows } = await pool.query('SELECT synced_at FROM ivanti_sync_state WHERE id = 1');
const row = rows[0];
if (!row || !row.synced_at) {
syncWorkflows();
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
} else {
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
const lastSync = new Date(row.synced_at);
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
const hoursSince = (Date.now() - lastSync.getTime()) / (1000 * 60 * 60);
if (hoursSince >= 24) {
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
syncWorkflows();
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
} else {
const hoursUntil = (24 - hoursSince).toFixed(1);
console.log(`[Ivanti] Last sync ${hoursSince.toFixed(1)}h ago — next auto-sync in ${hoursUntil}h`);
}
}
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
} catch (err) {
console.error('[Ivanti] Schedule check failed:', err);
syncWorkflows();
}
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
setInterval(() => syncWorkflows(), SYNC_INTERVAL_MS);
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
}
// ---------------------------------------------------------------------------
// Helper — read current state from DB and return as JSON-ready object
// ---------------------------------------------------------------------------
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
async function readState() {
const { rows } = await pool.query(
'SELECT total, workflows_json, synced_at, sync_status, error_message FROM ivanti_sync_state WHERE id = 1'
);
const row = rows[0];
if (!row) return { total: 0, workflows: [], synced_at: null, sync_status: 'never', error_message: null };
let workflows = [];
try { workflows = JSON.parse(row.workflows_json || '[]'); } catch (_) { /* leave empty */ }
return {
total: row.total || 0,
workflows,
synced_at: row.synced_at,
sync_status: row.sync_status,
error_message: row.error_message
};
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
}
// ---------------------------------------------------------------------------
// Router
// ---------------------------------------------------------------------------
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
function createIvantiWorkflowsRouter() {
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
const router = express.Router();
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
// Kick off scheduler (fire-and-forget on startup)
scheduleSync().catch((err) => console.error('[Ivanti] Init failed:', err));
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
// All routes require authentication
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
router.use(requireAuth());
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
// GET / — return cached data (fast, no external call)
router.get('/', async (req, res) => {
try {
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
res.json(await readState());
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
} catch {
res.status(500).json({ error: 'Database error reading sync state' });
}
});
// POST /sync — trigger an immediate sync, await completion, return fresh state
fix: address all 11 review items for group-based access control Bugs fixed: - knowledgeBase.js: logAudit calls converted from positional args to object signature - archerTickets.js: targetType/targetId renamed to entityType/entityId - server.js: single CVE delete now has cascade/compliance check for Standard_User Unprotected endpoints secured: - ivantiTodoQueue.js: POST/PUT/DELETE now require Admin or Standard_User - ivantiFindings.js: PUT note and POST sync now require Admin or Standard_User - compliance.js: POST notes now requires Admin or Standard_User - ivantiWorkflows.js: POST sync now requires Admin or Standard_User - auth.js: cleanup-sessions now requires Admin via requireAuth + requireGroup Additional fixes: - ExportsPage.js: canExport() guard blocks Read_Only users - knowledgeBase.js: Standard_User delete checks created_by ownership - Migration: added INSERT/UPDATE triggers to enforce valid user_group values
2026-04-07 09:52:26 -06:00
router.post('/sync', requireGroup('Admin', 'Standard_User'), async (req, res) => {
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
await syncWorkflows();
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
try {
feat(postgres): migrate all route files from SQLite to pg pool - All 16 route files now import pool from ../db directly - Removed db parameter from all factory functions - All callbacks replaced with async/await pool.query() - All ? placeholders converted to $1, $2... numbered params - datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING - LIKE → ILIKE for case-insensitive searches - Error detection: err.code === '23505' for unique violations - server.js no longer passes pool/db/requireAuth to route factories - Only ivantiFindings.js still receives pool (pending task 8 rewrite)
2026-05-06 11:44:17 -06:00
res.json(await readState());
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:29:33 -06:00
} catch {
res.status(500).json({ error: 'Sync ran but could not read updated state' });
}
});
return router;
}
module.exports = createIvantiWorkflowsRouter;
Reference in New Issue Copy Permalink