feat: add hostname and IP display to Ivanti queue panel

- Add migration to add hostname column to ivanti_todo_queue table - Update POST and batch POST endpoints to accept and store hostname - Pass hostName from findings data when adding items to queue - Display hostname and IP address in CARD queue section - Display hostname and IP address in vendor (FP/Archer) queue sections
2026-04-09 11:56:56 -06:00
parent fc68097821
commit 690c30aac0
9 changed files with 402 additions and 31 deletions
--- a/backend/routes/ivantiTodoQueue.js
+++ b/backend/routes/ivantiTodoQueue.js
@@ -56,6 +56,7 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
     * @body {string} [findings[].finding_title] - Optional finding title (max 500 chars)
     * @body {string[]} [findings[].cves]        - Optional array of CVE identifiers
     * @body {string} [findings[].ip_address]    - Optional IP address (max 64 chars)
+     * @body {string} [findings[].hostname]      - Optional hostname (max 255 chars)
     * @body {string} workflow_type     - One of 'FP', 'Archer', 'CARD'
     * @body {string} vendor            - Required for FP/Archer (max 200 chars); optional for CARD
     *
@@ -108,7 +109,10 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
            const ipVal = f.ip_address && typeof f.ip_address === 'string'
                ? f.ip_address.trim().slice(0, 64)
                : null;
-            return [userId, findingId, title, cvesJson, ipVal, vendorVal, workflow_type];
+            const hostVal = f.hostname && typeof f.hostname === 'string'
+                ? f.hostname.trim().slice(0, 255)
+                : null;
+            return [userId, findingId, title, cvesJson, ipVal, hostVal, vendorVal, workflow_type];
        });

        const insertedIds = [];
@@ -121,8 +125,8 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
            rows.forEach((params) => {
                db.run(
                    `INSERT INTO ivanti_todo_queue
-                         (user_id, finding_id, finding_title, cves_json, ip_address, vendor, workflow_type)
-                     VALUES (?, ?, ?, ?, ?, ?, ?)`,
+                         (user_id, finding_id, finding_title, cves_json, ip_address, hostname, vendor, workflow_type)
+                     VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
                    params,
                    function (err) {
                        if (err && !insertError) {
@@ -199,7 +203,7 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
     * @body {string} [finding_title]   - Optional finding title (max 500 chars)
     * @body {string[]} [cves]          - Optional array of CVE identifiers
     * @body {string} [ip_address]      - Optional IP address (max 64 chars)
-     * @body {string} vendor            - Required for FP/Archer (max 200 chars); optional for CARD
+     * @body {string} [hostname]        - Optional hostname (max 255 chars)     * @body {string} vendor            - Required for FP/Archer (max 200 chars); optional for CARD
     * @body {string} workflow_type     - One of 'FP', 'Archer', 'CARD'
     *
     * @returns {Object} 201 - Created queue item with parsed cves array:
@@ -209,7 +213,7 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
     * @returns {Object} 500 - { error: string } on database error
     */
    router.post('/', requireAuth(db), requireGroup('Admin', 'Standard_User'), (req, res) => {
-        const { finding_id, finding_title, cves, ip_address, vendor, workflow_type } = req.body;
+        const { finding_id, finding_title, cves, ip_address, hostname, vendor, workflow_type } = req.body;

        if (!finding_id || typeof finding_id !== 'string' || finding_id.trim().length === 0) {
            return res.status(400).json({ error: 'finding_id is required.' });
@@ -228,15 +232,16 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
        const vendorVal = workflow_type === 'CARD' ? '' : vendor.trim();
        const cvesJson  = Array.isArray(cves) ? JSON.stringify(cves) : null;
        const ipVal     = ip_address && typeof ip_address === 'string' ? ip_address.trim().slice(0, 64) : null;
+        const hostVal   = hostname && typeof hostname === 'string' ? hostname.trim().slice(0, 255) : null;
        const title     = finding_title && typeof finding_title === 'string'
            ? finding_title.slice(0, 500)
            : null;

        db.run(
            `INSERT INTO ivanti_todo_queue
-                 (user_id, finding_id, finding_title, cves_json, ip_address, vendor, workflow_type)
-             VALUES (?, ?, ?, ?, ?, ?, ?)`,
-            [req.user.id, finding_id.trim(), title, cvesJson, ipVal, vendorVal, workflow_type],
+                 (user_id, finding_id, finding_title, cves_json, ip_address, hostname, vendor, workflow_type)
+             VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+            [req.user.id, finding_id.trim(), title, cvesJson, ipVal, hostVal, vendorVal, workflow_type],
            function (err) {
                if (err) {
                    console.error('Error adding to queue:', err);