ealmeida/DashDescomplicar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3283d338ceadb85bffa61890d368837c58ccda2c
DashDescomplicar/api/services/monitoring.ts
Emanuel Almeida f1756829af security: implement 6 high-severity vulnerability fixes 
HIGH-SEVERITY FIXES (Fase 2):

1. Rate Limiting (Vulnerabilidade 2.1)
   - express-rate-limit: 100 req/15min (prod), 1000 req/15min (dev)
   - Applied to all /api/* routes
   - Standard headers for retry-after

2. CORS Restrictions (Vulnerabilidade 2.2)
   - Whitelist: dashboard.descomplicar.pt, desk.descomplicar.pt
   - Localhost only in development
   - CORS blocking logs

3. Input Validation with Zod (Vulnerabilidade 2.4)
   - Generic validateRequest() middleware
   - Schemas: WordPress Monitor, server metrics, dashboard, financial
   - Applied to api/routes/wp-monitor.ts POST endpoint
   - Detailed field-level error messages

4. Backend Authentication OIDC (Vulnerabilidade 2.5 - OPTIONAL)
   - Enabled via OIDC_ENABLED=true
   - Bearer token validation on all APIs
   - Backward compatible (disabled by default)

5. SSH Key-Based Auth Migration (Vulnerabilidade 2.6)
   - Script: /media/ealmeida/Dados/Dev/ClaudeDev/migrate-ssh-keys.sh
   - Generates ed25519 key, copies to 6 servers
   - Instructions to remove passwords from .env
   - .env.example updated with SSH_PRIVATE_KEY_PATH

6. Improved Error Handling (Vulnerabilidade 2.5)
   - Unique error IDs (UUID) for tracking
   - Structured JSON logs in production
   - Stack traces blocked in production
   - Generic messages to client

FILES CHANGED:
- api/server.ts - Complete refactor with all security improvements
- api/middleware/validation.ts - NEW: Zod middleware and schemas
- api/routes/wp-monitor.ts - Added Zod validation on POST
- .env.example - Complete security documentation
- CHANGELOG.md - Full documentation of 9 fixes (3 critical + 6 high)
- package.json + package-lock.json - New dependencies

DEPENDENCIES ADDED:
- express-rate-limit@7.x
- zod@3.x
- express-openid-connect@2.x

AUDIT STATUS:
- npm audit: 0 vulnerabilities
- Hook Regra #47: PASSED

PROGRESS:
- Phase 1 (Critical): 3/3  COMPLETE
- Phase 2 (High): 6/6  COMPLETE
- Phase 3 (Medium): 0/6 - Next
- Phase 4 (Low): 0/5 - Next

Related: AUDIT-REPORT.md vulnerabilities 2.1, 2.2, 2.4, 2.5, 2.6

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-14 04:09:50 +00:00

86 lines
2.1 KiB
TypeScript
Executable File
Raw Blame History

/**
* Monitoring Queries Service
* @author Descomplicar® | @link descomplicar.pt | @copyright 2026
*/
import db from '../db.js'
import type { RowDataPacket } from 'mysql2'
interface MonitoringItem {
id: number
name: string
category: string
status: string
details: any
last_check: string
}
interface CategorySummary {
category: string
total: number
ok: number
warning: number
critical: number
}
export async function getMonitoringData() {
// Get all items
const [items] = await db.query<RowDataPacket[]>(`
SELECT * FROM tbl_eal_monitoring
ORDER BY category, name
`)
// Get summary by category
const [summary] = await db.query<RowDataPacket[]>(`
SELECT
category,
COUNT(*) as total,
SUM(CASE WHEN status IN ('ok','up') THEN 1 ELSE 0 END) as ok,
SUM(CASE WHEN status = 'warning' THEN 1 ELSE 0 END) as warning,
SUM(CASE WHEN status IN ('failed','down') THEN 1 ELSE 0 END) as critical
FROM tbl_eal_monitoring
GROUP BY category
`)
// Parse details JSON and cast to MonitoringItem
const itemsParsed: MonitoringItem[] = items.map(item => ({
...item,
details: typeof item.details === 'string' ? JSON.parse(item.details) : item.details
} as MonitoringItem))
// Organize by category
const data: Record<string, MonitoringItem[]> = {}
for (const item of itemsParsed) {
if (!data[item.category]) {
data[item.category] = []
}
data[item.category].push(item)
}
// Calculate overall status
let overall: 'ok' | 'warning' | 'critical' = 'ok'
let total_critical = 0
let total_warning = 0
let total_ok = 0
for (const s of summary as CategorySummary[]) {
// MySQL pode retornar strings, converter para número
total_critical += Number(s.critical) || 0
total_warning += Number(s.warning) || 0
total_ok += Number(s.ok) || 0
}
if (total_critical > 0) overall = 'critical'
else if (total_warning > 0) overall = 'warning'
return {
items: data,
summary,
overall,
stats: {
total_critical,
total_warning,
total_ok
}
}
}
Reference in New Issue View Git Blame Copy Permalink