jramos/cve-dashboard
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

added required code changes, components, and packages for login feature

Browse Source
This commit is contained in:
jramos
2026-01-28 14:36:33 -07:00
parent 1d2a6b2e72
commit da14c92d98
13 changed files with 1370 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
backend/server.js
View File

@@ -1,5 +1,5 @@
// CVE Management Backend API
// Install: npm install express sqlite3 multer cors dotenv
// Install: npm install express sqlite3 multer cors dotenv bcryptjs cookie-parser
require('dotenv').config();
@@ -7,12 +7,19 @@ const express = require('express');
const sqlite3 = require('sqlite3').verbose();
const multer = require('multer');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const path = require('path');
const fs = require('fs');
// Auth imports
const { requireAuth, requireRole } = require('./middleware/auth');
const createAuthRouter = require('./routes/auth');
const createUsersRouter = require('./routes/users');
const app = express();
const PORT = process.env.PORT || 3001;
const API_HOST = process.env.API_HOST || 'localhost';
const SESSION_SECRET = process.env.SESSION_SECRET || 'default-secret-change-me';
const CORS_ORIGINS = process.env.CORS_ORIGINS
? process.env.CORS_ORIGINS.split(',')
: ['http://localhost:3000'];
@@ -29,6 +36,7 @@ app.use(cors({
credentials: true
}));
app.use(express.json());
app.use(cookieParser());
app.use('/uploads', express.static('uploads'));
// Database connection
@@ -37,6 +45,12 @@ const db = new sqlite3.Database('./cve_database.db', (err) => {
else console.log('Connected to CVE database');
});
// Auth routes (public)
app.use('/api/auth', createAuthRouter(db));
// User management routes (admin only)
app.use('/api/users', createUsersRouter(db, requireAuth, requireRole));
// Simple storage - upload to temp directory first
const storage = multer.diskStorage({
destination: (req, file, cb) => {
@@ -59,8 +73,8 @@ const upload = multer({
// ========== CVE ENDPOINTS ==========
// Get all CVEs with optional filters
app.get('/api/cves', (req, res) => {
// Get all CVEs with optional filters (authenticated users)
app.get('/api/cves', requireAuth(db), (req, res) => {
const { search, vendor, severity, status } = req.query;
let query = `
@@ -106,8 +120,8 @@ app.get('/api/cves', (req, res) => {
});
});
// Check if CVE exists and get its status - UPDATED FOR MULTI-VENDOR
app.get('/api/cves/check/:cveId', (req, res) => {
// Check if CVE exists and get its status - UPDATED FOR MULTI-VENDOR (authenticated users)
app.get('/api/cves/check/:cveId', requireAuth(db), (req, res) => {
const { cveId } = req.params;
const query = `
@@ -153,8 +167,8 @@ app.get('/api/cves/check/:cveId', (req, res) => {
});
});
// NEW ENDPOINT: Get all vendors for a specific CVE
app.get('/api/cves/:cveId/vendors', (req, res) => {
// NEW ENDPOINT: Get all vendors for a specific CVE (authenticated users)
app.get('/api/cves/:cveId/vendors', requireAuth(db), (req, res) => {
const { cveId } = req.params;
const query = `
@@ -173,8 +187,8 @@ app.get('/api/cves/:cveId/vendors', (req, res) => {
});
// Create new CVE entry - ALLOW MULTIPLE VENDORS
app.post('/api/cves', (req, res) => {
// Create new CVE entry - ALLOW MULTIPLE VENDORS (editor or admin)
app.post('/api/cves', requireAuth(db), requireRole('editor', 'admin'), (req, res) => {
console.log('=== ADD CVE REQUEST ===');
console.log('Body:', req.body);
console.log('=======================');
@@ -210,8 +224,8 @@ app.post('/api/cves', (req, res) => {
});
// Update CVE status
app.patch('/api/cves/:cveId/status', (req, res) => {
// Update CVE status (editor or admin)
app.patch('/api/cves/:cveId/status', requireAuth(db), requireRole('editor', 'admin'), (req, res) => {
const { cveId } = req.params;
const { status } = req.body;
@@ -228,8 +242,8 @@ app.patch('/api/cves/:cveId/status', (req, res) => {
// ========== DOCUMENT ENDPOINTS ==========
// Get documents for a CVE - FILTER BY VENDOR
app.get('/api/cves/:cveId/documents', (req, res) => {
// Get documents for a CVE - FILTER BY VENDOR (authenticated users)
app.get('/api/cves/:cveId/documents', requireAuth(db), (req, res) => {
const { cveId } = req.params;
const { vendor } = req.query; // NEW: Optional vendor filter
@@ -251,8 +265,8 @@ app.get('/api/cves/:cveId/documents', (req, res) => {
});
});
// Upload document - ADD ERROR HANDLING FOR MULTER
app.post('/api/cves/:cveId/documents', (req, res, next) => {
// Upload document - ADD ERROR HANDLING FOR MULTER (editor or admin)
app.post('/api/cves/:cveId/documents', requireAuth(db), requireRole('editor', 'admin'), (req, res, next) => {
upload.single('file')(req, res, (err) => {
if (err) {
console.error('MULTER ERROR:', err);
@@ -327,8 +341,8 @@ app.post('/api/cves/:cveId/documents', (req, res, next) => {
});
});
});
// Delete document
app.delete('/api/documents/:id', (req, res) => {
// Delete document (admin only)
app.delete('/api/documents/:id', requireAuth(db), requireRole('admin'), (req, res) => {
const { id } = req.params;
// First get the file path to delete the actual file
@@ -352,8 +366,8 @@ app.delete('/api/documents/:id', (req, res) => {
// ========== UTILITY ENDPOINTS ==========
// Get all vendors
app.get('/api/vendors', (req, res) => {
// Get all vendors (authenticated users)
app.get('/api/vendors', requireAuth(db), (req, res) => {
const query = `SELECT DISTINCT vendor FROM cves ORDER BY vendor`;
db.all(query, [], (err, rows) => {
@@ -364,8 +378,8 @@ app.get('/api/vendors', (req, res) => {
});
});
// Get statistics
app.get('/api/stats', (req, res) => {
// Get statistics (authenticated users)
app.get('/api/stats', requireAuth(db), (req, res) => {
const query = `
SELECT
COUNT(DISTINCT c.id) as total_cves,