salvacybersec/balikci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c898ca4a65e8c88d847eabaaef750600535e1bd8
balikci/backend/src/app.js

151 lines
4.6 KiB
JavaScript
Raw Normal View History

fix: CORS configuration and update all README files - Fixed dotenv path in app.js to properly load .env from backend root - Updated CORS to allow http://localhost:5173 (frontend URL) - Updated README.md with accurate project statistics (58 files, 6677+ lines) - Updated backend/README.md - marked as Production Ready - Updated frontend/README.md with complete feature list - All systems tested and working (backend + frontend)
2025-11-10 17:09:35 +03:00
require('dotenv').config({ path: require('path').join(__dirname, '../.env') });
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
const express = require('express');
const session = require('express-session');
const helmet = require('helmet');
const cors = require('cors');
const logger = require('./config/logger');
const sessionConfig = require('./config/session');
const { testConnection } = require('./config/database');
const errorHandler = require('./middlewares/errorHandler');
const { apiLimiter } = require('./middlewares/rateLimiter');
const app = express();
const PORT = process.env.PORT || 3000;
corsu siktim
2025-11-11 07:40:02 +03:00
// Security middleware - CSP ayarlarını gevşet (inline script'ler için)
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'", "http://*", "https://*"],
styleSrc: ["'self'", "'unsafe-inline'", "http://*", "https://*"],
imgSrc: ["'self'", "data:", "http://*", "https://*"],
connectSrc: ["'self'", "http://*", "https://*"],
fontSrc: ["'self'", "data:", "http://*", "https://*"],
objectSrc: ["'none'"],
mediaSrc: ["'self'"],
frameSrc: ["'none'"],
},
},
crossOriginEmbedderPolicy: false,
}));
Domain support
2025-11-10 20:01:41 +03:00
corsu siktim
2025-11-11 07:40:02 +03:00
// CORS - Her yerden erişime izin ver
app.use(cors({
origin: true, // Tüm origin'lere izin ver
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
credentials: true,
corsu siktim
2025-11-11 07:40:02 +03:00
methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
}));
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
// Body parsing middleware
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
docker again
2025-11-11 07:31:43 +03:00
// Serve static files (landing page and frontend build)
const path = require('path');
corsu siktim
2025-11-11 07:40:02 +03:00
app.use(express.static(path.join(__dirname, 'public'), {
setHeaders: (res, path) => {
// CORS headers for static files
res.set('Access-Control-Allow-Origin', '*');
res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.set('Access-Control-Allow-Headers', 'Content-Type');
}
}));
docker again
2025-11-11 07:31:43 +03:00
// Serve landing page at /landing route
app.get('/landing', (req, res) => {
res.sendFile(path.join(__dirname, 'public', 'landing.html'));
});
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
// Session middleware
app.use(session(sessionConfig));
// Rate limiting
app.use('/api', apiLimiter);
// Request logging
app.use((req, res, next) => {
logger.info(`${req.method} ${req.path}`, {
ip: req.ip,
userAgent: req.get('user-agent'),
});
next();
});
// Health check
app.get('/health', (req, res) => {
res.json({
success: true,
message: 'Server is running',
timestamp: new Date().toISOString(),
});
});
// API Routes
app.use('/api/auth', require('./routes/auth.routes'));
app.use('/api/companies', require('./routes/company.routes'));
app.use('/api/tokens', require('./routes/token.routes'));
app.use('/api/templates', require('./routes/template.routes'));
app.use('/api/settings', require('./routes/settings.routes'));
feat: Add Ollama AI integration for automatic mail template generation ✨ New Features: - 🤖 AI-powered mail template generation with Ollama - 📧 Test mail sending with preview - 🔧 Ollama server and model management - 🎨 Beautiful AI generation dialog in Templates page - ⚙️ Ollama settings panel with connection test Backend: - Add ollama.service.js - Ollama API integration - Add ollama.controller.js - Template generation endpoint - Add ollama.routes.js - /api/ollama/* routes - Support for multiple Ollama models (llama3.2, mistral, gemma) - JSON-formatted AI responses with subject + HTML body - Configurable server URL and model selection Frontend: - Settings: Ollama configuration panel - Server URL input - Model selection - Connection test with model listing - Templates: AI generation dialog - Company name, scenario, employee info inputs - Custom prompt for AI instructions - Auto-save to database - Test mail sending functionality Documentation: - OLLAMA_SETUP.md - Comprehensive setup guide - Installation instructions - Model recommendations - Usage examples - Troubleshooting Tech Stack: - Ollama API integration (REST) - Axios HTTP client - React dialogs with MUI - Self-hosted AI (privacy-friendly) - Zero external API dependencies Example Usage: Company: Garanti Bankası Scenario: Account security warning → AI generates professional phishing test mail in seconds!
2025-11-10 21:13:58 +03:00
app.use('/api/ollama', require('./routes/ollama.routes'));
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
app.use('/api/stats', require('./routes/stats.routes'));
// Public tracking route (no rate limit on this specific route)
app.use('/t', require('./routes/tracking.routes'));
docker again
2025-11-11 07:31:43 +03:00
// Serve frontend SPA (must be after API routes)
app.get('*', (req, res, next) => {
// Skip if it's an API route, tracking route, or landing page
if (req.path.startsWith('/api') || req.path.startsWith('/t') || req.path.startsWith('/landing') || req.path.startsWith('/health')) {
return next();
}
// Serve frontend index.html for all other routes
const frontendPath = path.join(__dirname, 'public', 'dist', 'index.html');
res.sendFile(frontendPath, (err) => {
if (err) {
// If frontend build doesn't exist, return 404
next();
}
});
});
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
// 404 handler
app.use((req, res) => {
res.status(404).json({
success: false,
error: 'Endpoint not found',
});
});
// Error handler (must be last)
app.use(errorHandler);
// Start server
const startServer = async () => {
try {
// Test database connection
await testConnection();
bind
2025-11-11 07:37:27 +03:00
// Start listening on all interfaces (0.0.0.0) to allow remote access
app.listen(PORT, '0.0.0.0', () => {
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
logger.info(`🚀 Server is running on port ${PORT}`);
logger.info(`📊 Environment: ${process.env.NODE_ENV || 'development'}`);
bind
2025-11-11 07:37:27 +03:00
logger.info(`🔗 Health check: http://0.0.0.0:${PORT}/health`);
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
console.log(`\n✨ Oltalama Backend Server Started!`);
bind
2025-11-11 07:37:27 +03:00
console.log(`🌐 API: http://0.0.0.0:${PORT}/api`);
console.log(`🎯 Tracking: http://0.0.0.0:${PORT}/t/:token`);
console.log(`🌍 Server listening on all interfaces (0.0.0.0:${PORT})\n`);
first commit: Complete phishing test management panel with Node.js backend and React frontend
2025-11-10 17:00:40 +03:00
});
} catch (error) {
logger.error('Failed to start server:', error);
process.exit(1);
}
};
startServer();
module.exports = app;
Reference in New Issue Copy Permalink