balikci/backend/src/app.js

require('dotenv').config({ path: require('path').join(__dirname, '../.env') });
const express = require('express');
const session = require('express-session');
const helmet = require('helmet');
const cors = require('cors');
const logger = require('./config/logger');
const sessionConfig = require('./config/session');
const { testConnection } = require('./config/database');
const errorHandler = require('./middlewares/errorHandler');
const { apiLimiter } = require('./middlewares/rateLimiter');

const app = express();
const PORT = process.env.PORT || 3000;

// Security middleware
app.use(helmet());

// Dynamic CORS configuration (will be updated from settings)
let corsOptions = {
  origin: process.env.FRONTEND_URL || 'http://localhost:5173',
  credentials: true,
};

app.use((req, res, next) => {
  cors(corsOptions)(req, res, next);
});

// Function to update CORS from database
const updateCorsFromSettings = async () => {
  try {
    const { Settings } = require('./models');
    const corsEnabledSetting = await Settings.findOne({ where: { key: 'cors_enabled' } });
    const frontendUrlSetting = await Settings.findOne({ where: { key: 'frontend_url' } });
    
    if (corsEnabledSetting && corsEnabledSetting.value === 'true' && frontendUrlSetting) {
      corsOptions.origin = frontendUrlSetting.value;
      logger.info(`CORS enabled for: ${frontendUrlSetting.value}`);
    } else {
      // Default: allow both frontend and backend on same origin
      corsOptions.origin = process.env.FRONTEND_URL || 'http://localhost:5173';
    }
  } catch (error) {
    logger.warn('Could not load CORS settings from database, using defaults');
  }
};

// Update CORS on startup (with delay to ensure DB is ready)
setTimeout(updateCorsFromSettings, 2000);

// Export for use in settings controller
app.updateCorsSettings = updateCorsFromSettings;

// Body parsing middleware
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

// Serve static files (landing page and frontend build)
const path = require('path');
app.use(express.static(path.join(__dirname, 'public')));

// Serve landing page at /landing route
app.get('/landing', (req, res) => {
  res.sendFile(path.join(__dirname, 'public', 'landing.html'));
});

// Session middleware
app.use(session(sessionConfig));

// Rate limiting
app.use('/api', apiLimiter);

// Request logging
app.use((req, res, next) => {
  logger.info(`${req.method} ${req.path}`, {
    ip: req.ip,
    userAgent: req.get('user-agent'),
  });
  next();
});

// Health check
app.get('/health', (req, res) => {
  res.json({
    success: true,
    message: 'Server is running',
    timestamp: new Date().toISOString(),
  });
});

// API Routes
app.use('/api/auth', require('./routes/auth.routes'));
app.use('/api/companies', require('./routes/company.routes'));
app.use('/api/tokens', require('./routes/token.routes'));
app.use('/api/templates', require('./routes/template.routes'));
app.use('/api/settings', require('./routes/settings.routes'));
app.use('/api/ollama', require('./routes/ollama.routes'));
app.use('/api/stats', require('./routes/stats.routes'));

// Public tracking route (no rate limit on this specific route)
app.use('/t', require('./routes/tracking.routes'));

// Serve frontend SPA (must be after API routes)
app.get('*', (req, res, next) => {
  // Skip if it's an API route, tracking route, or landing page
  if (req.path.startsWith('/api') || req.path.startsWith('/t') || req.path.startsWith('/landing') || req.path.startsWith('/health')) {
    return next();
  }
  
  // Serve frontend index.html for all other routes
  const frontendPath = path.join(__dirname, 'public', 'dist', 'index.html');
  res.sendFile(frontendPath, (err) => {
    if (err) {
      // If frontend build doesn't exist, return 404
      next();
    }
  });
});

// 404 handler
app.use((req, res) => {
  res.status(404).json({
    success: false,
    error: 'Endpoint not found',
  });
});

// Error handler (must be last)
app.use(errorHandler);

// Start server
const startServer = async () => {
  try {
    // Test database connection
    await testConnection();
    
    // Start listening on all interfaces (0.0.0.0) to allow remote access
    app.listen(PORT, '0.0.0.0', () => {
      logger.info(`🚀 Server is running on port ${PORT}`);
      logger.info(`📊 Environment: ${process.env.NODE_ENV || 'development'}`);
      logger.info(`🔗 Health check: http://0.0.0.0:${PORT}/health`);
      console.log(`\n✨ Oltalama Backend Server Started!`);
      console.log(`🌐 API: http://0.0.0.0:${PORT}/api`);
      console.log(`🎯 Tracking: http://0.0.0.0:${PORT}/t/:token`);
      console.log(`🌍 Server listening on all interfaces (0.0.0.0:${PORT})\n`);
    });
  } catch (error) {
    logger.error('Failed to start server:', error);
    process.exit(1);
  }
};

startServer();

module.exports = app;
fix: CORS configuration and update all README files - Fixed dotenv path in app.js to properly load .env from backend root - Updated CORS to allow http://localhost:5173 (frontend URL) - Updated README.md with accurate project statistics (58 files, 6677+ lines) - Updated backend/README.md - marked as Production Ready - Updated frontend/README.md with complete feature list - All systems tested and working (backend + frontend) 2025-11-10 17:09:35 +03:00			`require('dotenv').config({ path: require('path').join(__dirname, '../.env') });`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			`const express = require('express');`
			`const session = require('express-session');`
			`const helmet = require('helmet');`
			`const cors = require('cors');`
			`const logger = require('./config/logger');`
			`const sessionConfig = require('./config/session');`
			`const { testConnection } = require('./config/database');`
			`const errorHandler = require('./middlewares/errorHandler');`
			`const { apiLimiter } = require('./middlewares/rateLimiter');`

			`const app = express();`
			`const PORT = process.env.PORT \|\| 3000;`

			`// Security middleware`
			`app.use(helmet());`
Domain support 2025-11-10 20:01:41 +03:00
			`// Dynamic CORS configuration (will be updated from settings)`
			`let corsOptions = {`
			`origin: process.env.FRONTEND_URL \|\| 'http://localhost:5173',`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			`credentials: true,`
Domain support 2025-11-10 20:01:41 +03:00			`};`

			`app.use((req, res, next) => {`
			`cors(corsOptions)(req, res, next);`
			`});`

			`// Function to update CORS from database`
			`const updateCorsFromSettings = async () => {`
			`try {`
			`const { Settings } = require('./models');`
			`const corsEnabledSetting = await Settings.findOne({ where: { key: 'cors_enabled' } });`
			`const frontendUrlSetting = await Settings.findOne({ where: { key: 'frontend_url' } });`

			`if (corsEnabledSetting && corsEnabledSetting.value === 'true' && frontendUrlSetting) {`
			`corsOptions.origin = frontendUrlSetting.value;`
			logger.info(`CORS enabled for: ${frontendUrlSetting.value}`);
			`} else {`
			`// Default: allow both frontend and backend on same origin`
			`corsOptions.origin = process.env.FRONTEND_URL \|\| 'http://localhost:5173';`
			`}`
			`} catch (error) {`
			`logger.warn('Could not load CORS settings from database, using defaults');`
			`}`
			`};`

			`// Update CORS on startup (with delay to ensure DB is ready)`
			`setTimeout(updateCorsFromSettings, 2000);`

			`// Export for use in settings controller`
			`app.updateCorsSettings = updateCorsFromSettings;`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00
			`// Body parsing middleware`
			`app.use(express.json());`
			`app.use(express.urlencoded({ extended: true }));`

docker again 2025-11-11 07:31:43 +03:00			`// Serve static files (landing page and frontend build)`
			`const path = require('path');`
			`app.use(express.static(path.join(__dirname, 'public')));`

			`// Serve landing page at /landing route`
			`app.get('/landing', (req, res) => {`
			`res.sendFile(path.join(__dirname, 'public', 'landing.html'));`
			`});`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00
			`// Session middleware`
			`app.use(session(sessionConfig));`

			`// Rate limiting`
			`app.use('/api', apiLimiter);`

			`// Request logging`
			`app.use((req, res, next) => {`
			logger.info(`${req.method} ${req.path}`, {
			`ip: req.ip,`
			`userAgent: req.get('user-agent'),`
			`});`
			`next();`
			`});`

			`// Health check`
			`app.get('/health', (req, res) => {`
			`res.json({`
			`success: true,`
			`message: 'Server is running',`
			`timestamp: new Date().toISOString(),`
			`});`
			`});`

			`// API Routes`
			`app.use('/api/auth', require('./routes/auth.routes'));`
			`app.use('/api/companies', require('./routes/company.routes'));`
			`app.use('/api/tokens', require('./routes/token.routes'));`
			`app.use('/api/templates', require('./routes/template.routes'));`
			`app.use('/api/settings', require('./routes/settings.routes'));`
feat: Add Ollama AI integration for automatic mail template generation ✨ New Features: - 🤖 AI-powered mail template generation with Ollama - 📧 Test mail sending with preview - 🔧 Ollama server and model management - 🎨 Beautiful AI generation dialog in Templates page - ⚙️ Ollama settings panel with connection test Backend: - Add ollama.service.js - Ollama API integration - Add ollama.controller.js - Template generation endpoint - Add ollama.routes.js - /api/ollama/* routes - Support for multiple Ollama models (llama3.2, mistral, gemma) - JSON-formatted AI responses with subject + HTML body - Configurable server URL and model selection Frontend: - Settings: Ollama configuration panel - Server URL input - Model selection - Connection test with model listing - Templates: AI generation dialog - Company name, scenario, employee info inputs - Custom prompt for AI instructions - Auto-save to database - Test mail sending functionality Documentation: - OLLAMA_SETUP.md - Comprehensive setup guide - Installation instructions - Model recommendations - Usage examples - Troubleshooting Tech Stack: - Ollama API integration (REST) - Axios HTTP client - React dialogs with MUI - Self-hosted AI (privacy-friendly) - Zero external API dependencies Example Usage: Company: Garanti Bankası Scenario: Account security warning → AI generates professional phishing test mail in seconds! 2025-11-10 21:13:58 +03:00			`app.use('/api/ollama', require('./routes/ollama.routes'));`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			`app.use('/api/stats', require('./routes/stats.routes'));`

			`// Public tracking route (no rate limit on this specific route)`
			`app.use('/t', require('./routes/tracking.routes'));`

docker again 2025-11-11 07:31:43 +03:00			`// Serve frontend SPA (must be after API routes)`
			`app.get('*', (req, res, next) => {`
			`// Skip if it's an API route, tracking route, or landing page`
			`if (req.path.startsWith('/api') \|\| req.path.startsWith('/t') \|\| req.path.startsWith('/landing') \|\| req.path.startsWith('/health')) {`
			`return next();`
			`}`

			`// Serve frontend index.html for all other routes`
			`const frontendPath = path.join(__dirname, 'public', 'dist', 'index.html');`
			`res.sendFile(frontendPath, (err) => {`
			`if (err) {`
			`// If frontend build doesn't exist, return 404`
			`next();`
			`}`
			`});`
			`});`

first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			`// 404 handler`
			`app.use((req, res) => {`
			`res.status(404).json({`
			`success: false,`
			`error: 'Endpoint not found',`
			`});`
			`});`

			`// Error handler (must be last)`
			`app.use(errorHandler);`

			`// Start server`
			`const startServer = async () => {`
			`try {`
			`// Test database connection`
			`await testConnection();`

bind 2025-11-11 07:37:27 +03:00			`// Start listening on all interfaces (0.0.0.0) to allow remote access`
			`app.listen(PORT, '0.0.0.0', () => {`
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			logger.info(`🚀 Server is running on port ${PORT}`);
			logger.info(`📊 Environment: ${process.env.NODE_ENV \|\| 'development'}`);
bind 2025-11-11 07:37:27 +03:00			logger.info(`🔗 Health check: http://0.0.0.0:${PORT}/health`);
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			console.log(`\n✨ Oltalama Backend Server Started!`);
bind 2025-11-11 07:37:27 +03:00			console.log(`🌐 API: http://0.0.0.0:${PORT}/api`);
			console.log(`🎯 Tracking: http://0.0.0.0:${PORT}/t/:token`);
			console.log(`🌍 Server listening on all interfaces (0.0.0.0:${PORT})\n`);
first commit: Complete phishing test management panel with Node.js backend and React frontend 2025-11-10 17:00:40 +03:00			`});`
			`} catch (error) {`
			`logger.error('Failed to start server:', error);`
			`process.exit(1);`
			`}`
			`};`

			`startServer();`

			`module.exports = app;`