ealmeida/DashDescomplicar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48 Commits 1 Branch 0 Tags
8148eb47fe101b65e2e214c5f5ce09f78c88073f
Commit Graph

11 Commits

Author SHA1 Message Date
Emanuel Almeida
0588ee3735 feat: integrate monitoring collector into scheduler 2026-02-23 16:12:47 +00:00
Emanuel Almeida
f1756829af security: implement 6 high-severity vulnerability fixes 
HIGH-SEVERITY FIXES (Fase 2):

1. Rate Limiting (Vulnerabilidade 2.1)
   - express-rate-limit: 100 req/15min (prod), 1000 req/15min (dev)
   - Applied to all /api/* routes
   - Standard headers for retry-after

2. CORS Restrictions (Vulnerabilidade 2.2)
   - Whitelist: dashboard.descomplicar.pt, desk.descomplicar.pt
   - Localhost only in development
   - CORS blocking logs

3. Input Validation with Zod (Vulnerabilidade 2.4)
   - Generic validateRequest() middleware
   - Schemas: WordPress Monitor, server metrics, dashboard, financial
   - Applied to api/routes/wp-monitor.ts POST endpoint
   - Detailed field-level error messages

4. Backend Authentication OIDC (Vulnerabilidade 2.5 - OPTIONAL)
   - Enabled via OIDC_ENABLED=true
   - Bearer token validation on all APIs
   - Backward compatible (disabled by default)

5. SSH Key-Based Auth Migration (Vulnerabilidade 2.6)
   - Script: /media/ealmeida/Dados/Dev/ClaudeDev/migrate-ssh-keys.sh
   - Generates ed25519 key, copies to 6 servers
   - Instructions to remove passwords from .env
   - .env.example updated with SSH_PRIVATE_KEY_PATH

6. Improved Error Handling (Vulnerabilidade 2.5)
   - Unique error IDs (UUID) for tracking
   - Structured JSON logs in production
   - Stack traces blocked in production
   - Generic messages to client

FILES CHANGED:
- api/server.ts - Complete refactor with all security improvements
- api/middleware/validation.ts - NEW: Zod middleware and schemas
- api/routes/wp-monitor.ts - Added Zod validation on POST
- .env.example - Complete security documentation
- CHANGELOG.md - Full documentation of 9 fixes (3 critical + 6 high)
- package.json + package-lock.json - New dependencies

DEPENDENCIES ADDED:
- express-rate-limit@7.x
- zod@3.x
- express-openid-connect@2.x

AUDIT STATUS:
- npm audit: 0 vulnerabilities
- Hook Regra #47: PASSED

PROGRESS:
- Phase 1 (Critical): 3/3  COMPLETE
- Phase 2 (High): 6/6  COMPLETE
- Phase 3 (Medium): 0/6 - Next
- Phase 4 (Low): 0/5 - Next

Related: AUDIT-REPORT.md vulnerabilities 2.1, 2.2, 2.4, 2.5, 2.6

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 04:09:50 +00:00
Emanuel Almeida
12e1552d02 feat: add financial panel, compact services list, add Syncthing 
- New /financial page with sales/expenses cards, monthly bar chart and
  expense distribution pie chart (Recharts)
- New API endpoint GET /api/financial with queries on tblinvoices and
  tblexpenses
- Compact services grid (2-col dots layout) in Monitor page
- Add Syncthing to critical services monitoring
- Add Financeiro nav link to Dashboard, Monitor and Financial headers

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 22:50:12 +00:00
Emanuel Almeida
10fc8f5ccc feat: add SSH metrics collection with ssh2 library and auto-scheduler 
Replace sshpass with ssh2 Node.js library for reliable SSH connections.
Add all 6 servers (CWP, EasyPanel, MCP Hub, Meet, WhatsApp, WhatSMS).
Add 5-minute auto-collection scheduler in production mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 22:14:22 +00:00
Emanuel Almeida
e99fb8b274 fix: correct dist path for static serving 2026-02-04 23:44:55 +00:00
Emanuel Almeida
4af01c0f36 fix: serve static files in production 
- Added static file serving in Express for production
- Added SPA fallback for client-side routing
- Created Dockerfile with NODE_ENV=production
- Frontend now properly served at dash.descomplicar.pt

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 23:43:36 +00:00
Emanuel Almeida
bd21a8d511 fix: TypeScript errors in server-metrics service 2026-02-04 23:21:03 +00:00
Emanuel Almeida
7be99098f5 fix: TypeScript strict mode errors in server and services 2026-02-04 23:18:15 +00:00
Emanuel Almeida
13608a69bf feat: WordPress Monitor API + Site Availability Checker 
- Add POST /api/wp-monitor endpoint for WP plugin data
- Add GET /api/wp-monitor for listing monitored sites
- Add checkSiteAvailability() function for HTTP health checks
- Add checkAllSitesAvailability() for batch checking
- Add /api/scripts/check-sites.ts for cron execution
- Add POST /api/monitor/check-sites for manual trigger

DeskCRM Task: #1556

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 23:12:32 +00:00
Emanuel Almeida
853b2f526e fix: API funcionando com dados reais + dotenv config 
- Adiciona dotenv para carregar variáveis de ambiente
- Configura DB_HOST para servidor remoto (176.9.3.158)
- Cria endpoint /api/diagnostic para testes
- Actualiza título: "Plan EAL" → "Dashboard Descomplicar"
- Adiciona tsconfig.json para pasta /api
- Fix: Carrega .env antes de inicializar MySQL pool

Tarefa: #1556

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-04 03:46:34 +00:00
Emanuel Almeida
a766f3a765 feat: add Node.js/Express API with real data from Desk CRM 
-  API completa em /api com TypeScript
-  Google Calendar integration (pessoal + profissional)
-  Queries diretas à BD: tasks, leads, projectos, billing, pipeline
-  Endpoints: /api/dashboard, /api/monitor, /api/health
-  Vite proxy configurado (/api → localhost:3001)
-  App.tsx usa /api/dashboard (não mais dados mock)
-  Migração completa do PHP (index.php + monitor.php)
-  CHANGELOG.md criado para tracking
-  Scripts npm: dev (paralelo), dev:api, dev:ui, start

Dependencies:
- express, cors, mysql2, googleapis
- concurrently, tsx (dev)

Breaking: PHP backend será descontinuado
See: CHANGELOG.md, api/README.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-04 03:26:24 +00:00