Major security update. Logic to setPayload and API endpoints changed.…

Api/Controllers/poamUpload.controller.js → Api/Controllers/Import.js

@@ -1,15 +1,18 @@
 /*
 !#######################################################################
 ! C-PATTM SOFTWARE
-! CRANE C-PATTM plan of action and milestones software. Use is governed by the Open Source Academic Research License Agreement contained in the file
+! CRANE C-PATTM plan of action and milestones software. Use is governed by the 
+! Open Source Academic Research License Agreement contained in the file
 ! crane_C_PAT.1_license.txt, which is part of this software package. BY
 ! USING OR MODIFYING THIS SOFTWARE, YOU ARE AGREEING TO THE TERMS AND    
 ! CONDITIONS OF THE LICENSE.  
 !########################################################################
 */
 
+const express = require('express');
+const db = require('../utils/sequelize');
+const router = express.Router();
 const ExcelJS = require('exceljs');
-const { db } = require('../utils/sequelize.js');
 const { poamAsset, Poam } = require('../utils/sequelize.js');
 
 const excelColumnToDbColumnMapping = {
@@ -57,7 +60,7 @@ function convertToMySQLDate(excelDate) {
     return convertedDate;
 }
 
-exports.uploadPoamFile = async (req, res) => {
+module.exports.uploadPoamFile = exports.uploadPoamFile = async (req, res) => {
     if (!req.file) {
         return res.status(400).send({ message: "Please upload an Excel file!" });
     }
@@ -120,8 +123,8 @@ exports.uploadPoamFile = async (req, res) => {
             const createdBatch = await Poam.bulkCreate(batch, { returning: true });
             createdPoams.push(...createdBatch);
         }
-         // Process devicesAffected for each createdPoam...
-         for (const poamEntry of createdPoams) {
+        // Process devicesAffected for each createdPoam...
+        for (const poamEntry of createdPoams) {
             if (!poamEntry || !poamEntry.poamId) {
                 console.error('Invalid poamEntry or missing poamId:', poamEntry);
                 continue;
@@ -151,4 +154,94 @@ exports.uploadPoamFile = async (req, res) => {
             error: error.message,
         });
     }
-};
+}
+module.exports.importAssets = async function importAssets(req, res) {
+    try {
+        const { assets } = req.body;
+
+        // Handle Assets
+        for (const asset of assets) {
+            const collection = asset.collection || {};
+            const assetData = {
+                assetId: asset.assetId,
+                assetName: asset.name,
+                fullyQualifiedDomainName: asset.fqdn || '',
+                description: asset.description || '',
+                ipAddress: asset.ip || '',
+                macAddress: asset.mac || '',
+                nonComputing: asset.noncomputing ? 1 : 0,
+                collectionId: collection.collectionId || null,
+                metadata: asset.metadata ? JSON.stringify(asset.metadata) : '{}',
+            };
+
+            // Find or create the asset
+            const [assetRecord, assetCreated] = await db.Asset.findOrCreate({
+                where: { assetName: asset.name },
+                defaults: assetData
+            });
+
+            if (!assetCreated) {
+                await assetRecord.update(assetData);
+            }
+        }
+
+        res.status(200).json({ message: 'Assets Imported Successfully' });
+    } catch (error) {
+        console.error(error);
+        res.status(500).json({ message: 'Internal Server Error' });
+    }
+}
+
+module.exports.importCollectionAndAssets = async function importCollectionAndAssets(req, res) {
+    try {
+        const { collection, assets } = req.body;
+
+        // Handle Collection
+        const collectionData = {
+            collectionId: collection.collectionId,
+            collectionName: collection.name,
+            description: collection.description || '',
+            metadata: collection.metadata ? JSON.stringify(collection.metadata) : '{}',
+            settings: collection.settings ? JSON.stringify(collection.settings) : '{}'
+        };
+
+        const [collectionRecord, created] = await db.Collection.findOrCreate({
+            where: { collectionName: collection.name },
+            defaults: collectionData
+        });
+
+        if (!created) {
+            await collectionRecord.update(collectionData);
+        }
+
+        // Handle Assets
+        for (const asset of assets) {
+            const assetData = {
+                assetId: asset.assetId,
+                assetName: asset.name,
+                fullyQualifiedDomainName: asset.fqdn || '',
+                description: asset.description || '',
+                ipAddress: asset.ip || '',
+                macAddress: asset.mac || '',
+                nonComputing: asset.noncomputing ? 1 : 0,
+                collectionId: collectionRecord.collectionId, // Ensure this is correctly assigned
+                metadata: asset.metadata ? JSON.stringify(asset.metadata) : '{}',
+            };
+
+            const [assetRecord, assetCreated] = await db.Asset.findOrCreate({
+                where: { assetName: asset.name }, // Assuming assetName is unique
+                defaults: assetData
+            });
+
+            if (!assetCreated) {
+                await assetRecord.update(assetData);
+            }
+        }
+
+        res.status(200).json({ message: 'Collection and Assets Imported Successfully' });
+    } catch (error) {
+        // Log the error and send a server error response
+        console.error(error);
+        res.status(500).json({ message: 'Internal Server Error' });
+    }
+}

Api/Controllers/Permissions.js

@@ -10,11 +10,12 @@
 
 const permissionService = require('../Services/mysql/permissionsService')
 
-module.exports.getPermissions_User = async function getPermissions_User(req, res, next){
-        //res.status(201).json({message: "getPermissions_User Method Called successfully"})
-        var permissions = await permissionService.getPermissions_User(req,res,next); 
-        res.status(201).json(permissions)
-}
+//User permissions are now included in the user object, try getCurrentUser or getUsers instead
+//module.exports.getPermissions_User = async function getPermissions_User(req, res, next){
+//        //res.status(201).json({message: "getPermissions_User Method Called successfully"})
+//        var permissions = await permissionService.getPermissions_User(req,res,next); 
+//        res.status(201).json(permissions)
+//}
 
 module.exports.getPermissions_Collection = async function getPermissions_Collection(req, res, next){
         //res.status(201).json({message: "getPermissions_Collection Method called successfully"})

Api/Controllers/User.js

@@ -19,12 +19,23 @@ module.exports.getUsers = async function getUsers(req, res, next) {
 	res.status(201).json(users)
 }
 
+module.exports.getCurrentUser = async function getCurrentUser(req, res) {
+	const result = await userService.getCurrentUser(req);
+
+	if (result.error) {
+		res.status(result.status).json({ message: result.error });
+	} else {
+		res.status(200).json(result.data);
+	}
+}
+
+
 
 module.exports.getUserByUserID = async function getUserByUserID(req, res, next) {
-	// console.log("getUserByUserID: ", req.params.userID)
-	let userID = req.params.userID
-	// console.log(userID)
-	var user = await userService.getUserByUserID(userID)
+	// console.log("getUserByUserID: ", req.params.userId)
+	let userId = req.params.userId
+	// console.log(userId)
+	var user = await userService.getUserByUserID(userId)
 	// console.log(user)
 	res.status(201).json(user)
 
@@ -41,8 +52,8 @@ module.exports.updateUser = async function updateUser(req, res, next) {
 
 module.exports.deleteUser = async function deleteUser(req, res, next) {
 
-	let userID = req.params.userID
-	var deletedUser = await userService.deleteUserByUserID(userID)
+	let userId = req.params.userId
+	var deletedUser = await userService.deleteUserByUserID(userId)
 
 
 	res.status(201).json(deletedUser)

Api/Controllers/auth.js

@@ -35,7 +35,7 @@ module.exports.authRegister = async function authRegister(req, res, next){
 module.exports.changeWorkspace = async function changeWorkspace(req, res, next){
 	console.log("changeWorkspace...req.body: ", req.body)
 	// var userAuth = await authService.login(req,res,next)
-	// //let test = {userID: '1' ,userName: "tyler.forajter", email: 't1@ttt.com'}
+	// //let test = {userId: '1' ,userName: "tyler.forajter", email: 't1@ttt.com'}
 	// console.log("controller login returning userAuth: ",userAuth)
 	// console.log("controller login returning res: ",res.body)
 	// res.status(201).json(userAuth)

Api/Services/mysql/assetService.js

@@ -183,7 +183,7 @@ exports.postAsset = async function posAsset(req, res, next) {
         console.log("rowAsset: ", rowAsset[0])
         await connection.release()
 
-        // console.log("userID: ", user[0].userId)
+        // console.log("userId: ", user[0].userId)
         if (req.body.labels) {
             let labels = req.body.labels;
             // console.log("collectionRequest: ",collectionRequest)

Api/Services/mysql/authService.js

@@ -249,7 +249,7 @@ exports.register = async function register(req, res, next) {
 					stack: new Error().stack,
 				})
 			}
-			// console.log("userID: ", user[0].userId)
+			// console.log("userId: ", user[0].userId)
 			if (req.body.collectionAccessRequest) {
 				let collectionRequest = req.body.collectionAccessRequest;
 				// console.log("collectionRequest: ",collectionRequest)