// Ivanti / RiskSense Workflow Routes // Data is cached in PostgreSQL and refreshed on a daily schedule or on-demand. const express = require('express'); const pool = require('../db'); const { requireAuth, requireGroup } = require('../middleware/auth'); const { ivantiPost } = require('../helpers/ivantiApi'); const SYNC_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours // --------------------------------------------------------------------------- // Core sync — calls Ivanti API, stores result in PostgreSQL // --------------------------------------------------------------------------- async function syncWorkflows() { const apiKey = process.env.IVANTI_API_KEY; const clientId = process.env.IVANTI_CLIENT_ID || '1550'; const firstName = process.env.IVANTI_FIRST_NAME || ''; const lastName = process.env.IVANTI_LAST_NAME || ''; const skipTls = process.env.IVANTI_SKIP_TLS === 'true'; if (!apiKey) { const errMsg = 'IVANTI_API_KEY not set in .env — skipping sync'; console.warn('[Ivanti]', errMsg); await pool.query( `UPDATE ivanti_sync_state SET sync_status='error', error_message=$1, synced_at=NOW() WHERE id=1`, [errMsg] ); return; } console.log('[Ivanti] Syncing workflows...'); const urlPath = `/client/${encodeURIComponent(clientId)}/workflowBatch/search`; const body = { filters: [ { field: 'created_by_last_name', exclusive: false, operator: 'IN', orWithPrevious: false, implicitFilters: [], value: lastName, caseSensitive: false }, { field: 'created_by_first_name', exclusive: false, operator: 'IN', orWithPrevious: false, implicitFilters: [], value: firstName, caseSensitive: false } ], projection: 'internal', sort: [{ field: 'created', direction: 'DESC' }], page: 0, size: 50 }; try { const result = await ivantiPost(urlPath, body, apiKey, skipTls); if (result.status === 401) { throw new Error('Invalid or missing API key (401) — check IVANTI_API_KEY in .env'); } if (result.status === 419) { throw new Error('Insufficient privileges (419) — API key lacks workflow access'); } if (result.status === 429) { throw new Error('Rate limited (429) — will retry at next scheduled sync'); } if (result.status !== 200) { throw new Error(`Ivanti API returned unexpected status ${result.status}`); } const data = JSON.parse(result.body); let total = 0; let workflows = []; if (data.page && typeof data.page.totalElements === 'number') { total = data.page.totalElements; workflows = data._embedded?.workflowBatches || data._embedded?.workflowBatch || []; } else if (typeof data.total === 'number') { total = data.total; workflows = data.data || data.content || data.results || []; } else if (typeof data.totalElements === 'number') { total = data.totalElements; workflows = data.content || data.data || []; } else if (Array.isArray(data)) { workflows = data; total = data.length; } await pool.query( `UPDATE ivanti_sync_state SET total=$1, workflows_json=$2, synced_at=NOW(), sync_status='success', error_message=NULL WHERE id=1`, [total, JSON.stringify(workflows)] ); console.log(`[Ivanti] Sync complete — ${total} workflows`); } catch (err) { const msg = err.message || 'Unknown error'; console.error('[Ivanti] Sync failed:', msg); await pool.query( `UPDATE ivanti_sync_state SET sync_status='error', error_message=$1, synced_at=NOW() WHERE id=1`, [msg] ); } } // --------------------------------------------------------------------------- // Scheduler — runs sync immediately if >24h stale, then every 24h // --------------------------------------------------------------------------- async function scheduleSync() { try { const { rows } = await pool.query('SELECT synced_at FROM ivanti_sync_state WHERE id = 1'); const row = rows[0]; if (!row || !row.synced_at) { syncWorkflows(); } else { const lastSync = new Date(row.synced_at); const hoursSince = (Date.now() - lastSync.getTime()) / (1000 * 60 * 60); if (hoursSince >= 24) { syncWorkflows(); } else { const hoursUntil = (24 - hoursSince).toFixed(1); console.log(`[Ivanti] Last sync ${hoursSince.toFixed(1)}h ago — next auto-sync in ${hoursUntil}h`); } } } catch (err) { console.error('[Ivanti] Schedule check failed:', err); syncWorkflows(); } setInterval(() => syncWorkflows(), SYNC_INTERVAL_MS); } // --------------------------------------------------------------------------- // Helper — read current state from DB and return as JSON-ready object // --------------------------------------------------------------------------- async function readState() { const { rows } = await pool.query( 'SELECT total, workflows_json, synced_at, sync_status, error_message FROM ivanti_sync_state WHERE id = 1' ); const row = rows[0]; if (!row) return { total: 0, workflows: [], synced_at: null, sync_status: 'never', error_message: null }; let workflows = []; try { workflows = JSON.parse(row.workflows_json || '[]'); } catch (_) { /* leave empty */ } return { total: workflows.length, workflows, synced_at: row.synced_at, sync_status: row.sync_status, error_message: row.error_message }; } // --------------------------------------------------------------------------- // Router // --------------------------------------------------------------------------- function createIvantiWorkflowsRouter() { const router = express.Router(); // Kick off scheduler (fire-and-forget on startup) scheduleSync().catch((err) => console.error('[Ivanti] Init failed:', err)); // All routes require authentication router.use(requireAuth()); // GET / — return cached data (fast, no external call) router.get('/', async (req, res) => { try { res.json(await readState()); } catch { res.status(500).json({ error: 'Database error reading sync state' }); } }); // POST /sync — trigger an immediate sync, await completion, return fresh state router.post('/sync', requireGroup('Admin', 'Standard_User'), async (req, res) => { await syncWorkflows(); try { res.json(await readState()); } catch { res.status(500).json({ error: 'Sync ran but could not read updated state' }); } }); return router; } module.exports = createIvantiWorkflowsRouter;