@logboard/cli 1.0.0

package/controllers/AuthController.js

@@ -0,0 +1,131 @@
+'use strict';
+const config = require('../config');
+
+const AuditService = require('../services/AuditService');
+class AuthController {
+	constructor (authService) {
+		this.svc = authService;
+	}
+
+	async login (req, res) {
+		try {
+			const { username, password, token } = req.body;
+			// Get org from query param or request body (for org-specific login)
+			const orgSlug = req.body.orgSlug || req.query.org || null;
+			const result = await this.svc.login(username, password, token, orgSlug);
+			new AuditService(req.org)
+				.log(username, 'login', username, {}, req.ip || '')
+				.catch(() => {});
+			res.cookie(config.SESSION_NAME, result.token, {
+				httpOnly: true,
+				secure: config.NODE_ENV === 'production',
+				sameSite: 'strict',
+				maxAge: 24 * 60 * 60 * 1000,
+			});
+			// Determine first accessible page for this role
+			const { RoleConfigService } = require('../services/RoleConfigService');
+			const { ALL_PAGES } = require('../services/RoleConfigService');
+			let firstPage = '/dashboard';
+			try {
+				const rc = new RoleConfigService(req.org || null);
+				const allowedPages = await rc.getAllowedPages(result.role);
+				if (allowedPages && allowedPages.length) {
+					// Find first page from ALL_PAGES order that is allowed
+					const ordered = (ALL_PAGES || []).map((p) => p.id || p);
+					const first = ordered.find((p) => allowedPages.includes(p));
+					if (first) {
+						firstPage = `/${first}`;
+					}
+				}
+			} catch {}
+			res.json({
+				success: true,
+				role: result.role,
+				orgSlug: result.orgSlug,
+				totpEnabled: result.totpEnabled,
+				redirect: firstPage,
+			});
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+
+	logout (req, res) {
+		res.clearCookie(config.SESSION_NAME, {
+			httpOnly: true,
+			sameSite: 'strict',
+		});
+		res.json({ success: true });
+	}
+
+	verify (req, res) {
+		const jwt = require('jsonwebtoken');
+		const tok = req.cookies[config.SESSION_NAME];
+		if (!tok) {
+			return res.status(401).json({ error: 'No session' });
+		}
+		try {
+			const payload = jwt.verify(tok, config.JWT_SECRET);
+			res.json({ valid: true, username: payload.username, role: payload.role });
+		} catch {
+			res.status(401).json({ error: 'Invalid or expired session' });
+		}
+	}
+
+	async setup2fa (req, res) {
+		try {
+			const result = await this.svc.setupTotp(req.user.username, req.org);
+			res.json(result);
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+
+	async enable2fa (req, res) {
+		try {
+			const { secret, token } = req.body;
+			if (!secret || !token) {
+				return res.status(400).json({ error: 'secret and token required' });
+			}
+			await this.svc.enableTotp(req.user.username, req.org, secret, token);
+			res.json({ success: true });
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+
+	async disable2fa (req, res) {
+		try {
+			await this.svc.disableTotp(req.user.username);
+			res.json({ success: true });
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+
+	async changePassword (req, res) {
+		try {
+			const { currentPassword, newPassword } = req.body;
+			await this.svc.changePassword(
+				req.user.username,
+				currentPassword,
+				newPassword,
+				req.org,
+			);
+			res.json({ success: true });
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+
+	async totpStatus (req, res) {
+		try {
+			const result = await this.svc.getTotpStatus(req.user.username);
+			res.json(result);
+		} catch (err) {
+			res.status(err.status || 500).json({ error: err.message });
+		}
+	}
+}
+
+module.exports = AuthController;

package/controllers/HealthController.js

@@ -0,0 +1,56 @@
+'use strict';
+const fsP = require('fs').promises;
+const config = require('../config');
+
+const startTime = Date.now();
+
+class HealthController {
+	async health (req, res) {
+		const mem = process.memoryUsage();
+		const uptime = Math.floor((Date.now() - startTime) / 1000);
+
+		let logDirOk = true;
+		try { await fsP.access(config.LOG_BASE_DIR); } catch { logDirOk = false; }
+
+		res.json({
+			status: 'ok',
+			timestamp: new Date().toISOString(),
+			uptime,
+			uptimeHuman: `${Math.floor(uptime / 3600)}h ${Math.floor((uptime % 3600) / 60)}m ${uptime % 60}s`,
+			memory: {
+				rss: `${Math.round(mem.rss / 1024 / 1024)} MB`,
+				heapUsed: `${Math.round(mem.heapUsed / 1024 / 1024)} MB`,
+				heapTotal: `${Math.round(mem.heapTotal / 1024 / 1024)} MB`,
+			},
+			checks: {
+				logDir: logDirOk ? 'ok' : 'missing',
+				stream: config.ENABLE_STREAM ? 'enabled' : 'disabled',
+				nodeVer: process.version,
+				env: config.NODE_ENV,
+			},
+		});
+	}
+
+	metrics (req, res) {
+		const mem = process.memoryUsage();
+		const cpu = process.cpuUsage();
+		res.setHeader('Content-Type', 'text/plain; version=0.0.4');
+		res.send([
+			'# HELP nodejs_heap_bytes Heap memory bytes',
+			'# TYPE nodejs_heap_bytes gauge',
+			`nodejs_heap_bytes{type="heapTotal"} ${mem.heapTotal}`,
+			`nodejs_heap_bytes{type="heapUsed"}  ${mem.heapUsed}`,
+			'# HELP nodejs_rss_bytes Resident set size bytes',
+			'# TYPE nodejs_rss_bytes gauge',
+			`nodejs_rss_bytes ${mem.rss}`,
+			'# HELP process_cpu_seconds_total Total CPU time seconds',
+			'# TYPE process_cpu_seconds_total counter',
+			`process_cpu_seconds_total ${((cpu.user + cpu.system) / 1e6).toFixed(3)}`,
+			'# HELP process_uptime_seconds Process uptime seconds',
+			'# TYPE process_uptime_seconds gauge',
+			`process_uptime_seconds ${process.uptime().toFixed(1)}`,
+		].join('\n'));
+	}
+}
+
+module.exports = HealthController;

package/controllers/LogController.js

@@ -0,0 +1,197 @@
+'use strict';
+
+class LogController {
+	constructor (logService) {
+		this.svc = logService;
+	}
+
+	_logAudit (req, service, date, q) {
+		try {
+			const audit = require('../services/AuditService');
+			new audit()
+				.logLogAccess(
+					req.user?.username || 'anon',
+					service || '',
+					date || '',
+					q || '',
+					req.ip || '',
+				)
+				.catch(() => {});
+		} catch {}
+	}
+
+	async ingest (req, res) {
+		try {
+			const { logs, appName } = req.body;
+			if (!Array.isArray(logs)) {
+				return res.status(400).json({ error: 'logs must be an array' });
+			}
+			const resolvedName = appName || req.apiKey?.name || '';
+			if (!resolvedName) {
+				return res
+					.status(400)
+					.json({
+						error:
+              'appName is required in the request body or API key name must be set',
+					});
+			}
+			// Use org-scoped LogService so logs go to logs/{orgSlug}/{appName}/
+			const LogService = require('../services/LogService');
+			const svc = new LogService(this.svc.batchWriter, req.org);
+			const written = await svc.ingest(logs, resolvedName);
+			res.json({ written });
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async services (req, res) {
+		try {
+			res.json(await this.svc.getServices());
+		} catch (e) {
+			res.status(500).json({ error: e.message });
+		}
+	}
+
+	async tail (req, res) {
+		try {
+			const { appName, date } = req.params;
+			const n = Math.min(parseInt(req.query.n || '200', 10), 2000);
+			this._logAudit(req, appName, date, '');
+			res.json(await this.svc.tail(appName, date, n));
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async search (req, res) {
+		try {
+			const {
+				service,
+				date,
+				level,
+				q,
+				limit,
+				offset,
+				fromTime,
+				toTime,
+				tzOffset,
+			} = req.query;
+			if (fromTime || toTime) {
+				const result = await this.svc.searchTimeRange(service, date, {
+					fromTime,
+					toTime,
+					level,
+					q,
+					tzOffset: Number(tzOffset || 0),
+					limit: Number(limit || 500),
+				});
+				return res.json(result);
+			}
+			this._logAudit(req, service, date, q);
+			res.json(
+				await this.svc.search({
+					service,
+					date,
+					level,
+					q,
+					limit: Number(limit || 200),
+					offset: Number(offset || 0),
+				}),
+			);
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async context (req, res) {
+		try {
+			const { appName, date } = req.params;
+			const { lineIndex, n = 10 } = req.query;
+			res.json(
+				await this.svc.getContext(appName, date, Number(lineIndex), Number(n)),
+			);
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async replay (req, res) {
+		try {
+			const { minutes } = req.query;
+			res.json(await this.svc.replay(minutes));
+		} catch (e) {
+			res.status(500).json({ error: e.message });
+		}
+	}
+
+	async download (req, res) {
+		try {
+			const { appName, date } = req.params;
+			const { level, q, format, fromTime, toTime, tzOffset } = req.query;
+			if (format === 'txt') {
+				await this.svc.downloadTxt(
+					appName,
+					date,
+					{ level, q, fromTime, toTime, tzOffset: Number(tzOffset || 0) },
+					res,
+				);
+			} else {
+				await this.svc.download(appName, date, { level, q }, res);
+			}
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async traceSearch (req, res) {
+		try {
+			const { traceId, date } = req.query;
+			if (!traceId) {
+				return res.status(400).json({ error: 'traceId required' });
+			}
+			res.json(await this.svc.findByTraceId(traceId, date));
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async searchRange (req, res) {
+		try {
+			const { service, fromDate, toDate, level, q, limit } = req.query;
+			if (!service || !fromDate || !toDate) {
+				return res
+					.status(400)
+					.json({ error: 'service, fromDate, toDate required' });
+			}
+			res.json(
+				await this.svc.searchMultiDate(service, fromDate, toDate, {
+					level,
+					q,
+					limit: Number(limit || 500),
+				}),
+			);
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async clusters (req, res) {
+		try {
+			const { appName, date } = req.params;
+			res.json(await this.svc.clusterErrors(appName, date));
+		} catch (e) {
+			res.status(e.status || 500).json({ error: e.message });
+		}
+	}
+
+	async anomalies (req, res) {
+		try {
+			res.json(await this.svc.detectAnomalies(req.params.appName));
+		} catch (e) {
+			res.status(500).json({ error: e.message });
+		}
+	}
+}
+
+module.exports = LogController;

package/controllers/OrgController.js

@@ -0,0 +1,152 @@
+'use strict';
+const OrgService = require('../services/OrgService');
+const config = require('../config');
+const path = require('path');
+const fsP = require('fs').promises;
+const bcrypt = require('bcryptjs');
+
+class OrgController {
+	// ── Super-admin: list all orgs ───────────────────────────────────────────
+	async listOrgs (req, res) {
+		try {
+			const orgs = await OrgService.getOrgs();
+			res.json({ orgs: Object.values(orgs) });
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// ── Super-admin: create org ───────────────────────────────────────────────
+	async createOrg (req, res) {
+		try {
+			const { name, ownerUsername, ownerPassword, plan } = req.body;
+			const org = await OrgService.create({ name, ownerUsername, ownerPassword, plan });
+			res.status(201).json({ success: true, org: { slug: org.slug, name: org.name, plan: org.plan } });
+		} catch (e) { res.status(e.status || 500).json({ error: e.message }); }
+	}
+
+	// ── Super-admin: get org detail ───────────────────────────────────────────
+	async getOrg (req, res) {
+		try {
+			const org = await OrgService.getOrg(req.params.slug);
+			if (!org) { return res.status(404).json({ error: 'Org not found' }); }
+			// Include user count
+			let userCount = 0;
+			try {
+				const users = JSON.parse(await fsP.readFile(org.usersFile, 'utf8'));
+				userCount = Object.keys(users).length;
+			} catch {}
+			res.json({ ...org, dataDir: undefined, logsDir: undefined, userCount });
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// ── Super-admin: delete org ───────────────────────────────────────────────
+	async deleteOrg (req, res) {
+		try {
+			if (req.params.slug === 'default') { return res.status(400).json({ error: 'Cannot delete default org' }); }
+			await OrgService.delete(req.params.slug);
+			res.json({ success: true });
+		} catch (e) { res.status(e.status || 500).json({ error: e.message }); }
+	}
+
+	// ── Admin: invite user to org ─────────────────────────────────────────────
+	async createInvite (req, res) {
+		try {
+			const orgSlug = req.org?.slug;
+			if (!orgSlug) { return res.status(400).json({ error: 'No org context' }); }
+			const { email, role } = req.body;
+			if (!email) { return res.status(400).json({ error: 'Email required' }); }
+			const inv = await OrgService.createInvite(orgSlug, email, role || 'viewer', req.user.username);
+			// Send invite email if SMTP configured
+			try {
+				const SettingsService = require('../services/SettingsService');
+				const settings = await new SettingsService(req.org).get();
+				if (settings.smtpHost && settings.emailEnabled) {
+					const baseUrl = process.env.OAUTH_CALLBACK_BASE || `http://localhost:${config.PORT}`;
+					const link = `${baseUrl}/invite/${inv.token}`;
+					const nodemailer = require('nodemailer');
+					const transport = nodemailer.createTransport({ host: settings.smtpHost, port: settings.smtpPort || 587, auth: { user: settings.smtpUser, pass: settings.smtpPass } });
+					await transport.sendMail({
+						from: settings.smtpFrom || 'logboard@example.com',
+						to: email,
+						subject: `You've been invited to ${settings.appName || 'LogBoard'}`,
+						html: `<p>You've been invited to join <strong>${settings.appName || 'LogBoard'}</strong> as <strong>${role || 'viewer'}</strong>.</p><p><a href="${link}">Accept Invitation</a></p><p>This link expires in 7 days.</p>`,
+					});
+				}
+			} catch (mailErr) { /* email sending optional */ }
+			res.json({ success: true, token: inv.token, email: inv.email, role: inv.role });
+		} catch (e) { res.status(e.status || 500).json({ error: e.message }); }
+	}
+
+	// ── Public: accept invite ────────────────────────────────────────────────
+	async acceptInvite (req, res) {
+		try {
+			const { token, username, password } = req.body;
+			if (!token || !username || !password) { return res.status(400).json({ error: 'token, username, password required' }); }
+			const result = await OrgService.acceptInvite(token, username, password);
+			res.json({ success: true, ...result });
+		} catch (e) { res.status(e.status || 500).json({ error: e.message }); }
+	}
+
+	// ── Public: get invite info (for the accept page) ────────────────────────
+	async getInvite (req, res) {
+		try {
+			const inv = await OrgService.getInvite(req.params.token);
+			if (!inv) { return res.status(404).json({ error: 'Invite not found or expired' }); }
+			const org = await OrgService.getOrg(inv.orgSlug);
+			const settings = {};
+			try {
+				const SettingsService = require('../services/SettingsService');
+				Object.assign(settings, await new SettingsService(org).get());
+			} catch {}
+			res.json({ email: inv.email, role: inv.role, orgName: org?.name || inv.orgSlug, orgSlug: inv.orgSlug, appName: settings.appName || 'LogBoard' });
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// ── Super-admin: run migration ────────────────────────────────────────────
+	async runMigration (req, res) {
+		try {
+			const result = await OrgService.migrateToDefaultOrg();
+			res.json(result);
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// ── Super-admin: create super-admin account ───────────────────────────────
+	async createSuperAdmin (req, res) {
+		try {
+			const { username, password } = req.body;
+			if (!username || !password || password.length < 8) { return res.status(400).json({ error: 'Username and password (min 8 chars) required' }); }
+			const SUPER_FILE = path.join(config.DATA_DIR, 'super-admins.json');
+			let superAdmins = {};
+			try { superAdmins = JSON.parse(await fsP.readFile(SUPER_FILE, 'utf8')); } catch {}
+			if (superAdmins[username]) { return res.status(409).json({ error: 'Super-admin already exists' }); }
+			superAdmins[username] = { username, password: await bcrypt.hash(password, 10), createdAt: new Date().toISOString() };
+			await fsP.writeFile(SUPER_FILE, JSON.stringify(superAdmins, null, 2), 'utf8');
+			res.json({ success: true });
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// ── UI: orgs management page (super-admin) ────────────────────────────────
+	async orgsPage (req, res) {
+		try {
+			const orgs = await OrgService.getOrgs();
+			res.render('super-admin-orgs', { title: 'Orgs', user: req.user, orgs: Object.values(orgs), settings: {}, themeSnippet: '' });
+		} catch (e) { res.status(500).send(e.message); }
+	}
+
+	// ── UI: invite accept page ────────────────────────────────────────────────
+	async invitePage (req, res) {
+		try {
+			const inv = await OrgService.getInvite(req.params.token);
+			if (!inv) { return res.render('invite', { title: 'Invite', expired: true, invite: null, settings: {}, themeSnippet: '' }); }
+			const org = await OrgService.getOrg(inv.orgSlug);
+			const settings = {};
+			try {
+				const SettingsService = require('../services/SettingsService');
+				Object.assign(settings, await new SettingsService(org).get());
+			} catch {}
+			const { buildThemeSnippet } = require('../lib/theme');
+			res.render('invite', { title: `Join ${ settings.appName || 'LogBoard'}`, expired: false, invite: { ...inv, token: req.params.token }, settings, themeSnippet: buildThemeSnippet(settings) });
+		} catch (e) { res.status(500).send(e.message); }
+	}
+}
+
+module.exports = OrgController;

package/controllers/RoleConfigController.js

@@ -0,0 +1,20 @@
+'use strict';
+const { RoleConfigService } = require('../services/RoleConfigService');
+
+class RoleConfigController {
+	constructor () { this.svc = null; }
+  _svc(req) { return new RoleConfigService(req.org); }
+
+	async getConfig (req, res) {
+		try { res.json(await this._svc(req).getConfig()); } catch (err) { res.status(500).json({ error: err.message }); }
+	}
+
+	async saveConfig (req, res) {
+		try {
+			const saved = await this._svc(req).saveConfig(req.body);
+			res.json({ success: true, config: saved });
+		} catch (err) { res.status(err.status || 500).json({ error: err.message }); }
+	}
+}
+
+module.exports = RoleConfigController;

package/controllers/SettingsController.js

@@ -0,0 +1,39 @@
+'use strict';
+const { cleanupOldLogs } = require('../lib/cleanup');
+const logger = require('../lib/logger');
+
+class SettingsController {
+	constructor (settingsService) { this.svc = settingsService; }
+
+	async getSettings (req, res) {
+		try { res.json(await this.svc.get()); } catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	// POST /api/settings — pass EVERY field from req.body; SettingsService validates each one
+	async saveSettings (req, res) {
+		try {
+			const updated = await this.svc.save(req.body);
+			// Audit what changed
+			try {
+				const audit = require('../services/AuditService');
+				const fields = Object.keys(req.body).filter((k) => !['smtpPass'].includes(k)).join(', ');
+				await new audit().log(req.user?.username || 'admin', 'settings_update', fields, {}, req.ip || '');
+			} catch {}
+			res.json({ success: true, settings: updated });
+		} catch (e) { res.status(e.status || 500).json({ error: e.message }); }
+	}
+
+	async runCleanup (req, res) {
+		try {
+			logger.info(`[Settings] Manual cleanup by "${req.user.username}"`);
+			await cleanupOldLogs();
+			res.json({ success: true, message: 'Cleanup completed' });
+		} catch (e) { res.status(500).json({ error: e.message }); }
+	}
+
+	async resetSettings (req, res) {
+		try { res.json({ success: true, settings: await this.svc.reset() }); } catch (e) { res.status(500).json({ error: e.message }); }
+	}
+}
+
+module.exports = SettingsController;

package/controllers/StreamController.js

@@ -0,0 +1,55 @@
+'use strict';
+const emitter = require('../lib/emitter');
+const config = require('../config');
+
+class StreamController {
+	async stream (req, res) {
+		if (!config.ENABLE_STREAM) { return res.status(404).json({ error: 'Stream disabled' }); }
+
+		res.setHeader('Content-Type', 'text/event-stream');
+		res.setHeader('Cache-Control', 'no-cache');
+		res.setHeader('Connection', 'keep-alive');
+		res.setHeader('X-Accel-Buffering', 'no');
+		res.flushHeaders();
+
+		// Initial connect event
+		res.write('event: connected\n');
+		res.write('data: {"status":"connected"}\n\n');
+
+		const levelFilter = req.query.level || null;
+		const serviceFilter = req.query.service || null; // ?service=my-app
+
+		// RBAC: get allowed apps for this user's role
+		let allowedApps = [];
+		try {
+			const { RoleConfigService } = require('../services/RoleConfigService');
+			const role = req.user?.role || 'viewer';
+			allowedApps = await new RoleConfigService(req.org).getAllowedApps(role);
+		} catch {}
+
+		const sendLog = (raw) => {
+			try {
+				const parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
+				// Service filter from query
+				if (serviceFilter && parsed.appName !== serviceFilter) { return; }
+				// RBAC: only show allowed services
+				if (allowedApps.length && parsed.appName && !allowedApps.includes(parsed.appName)) { return; }
+				if (levelFilter && (parsed.level||'').toLowerCase() !== levelFilter.toLowerCase()) { return; }
+				res.write(`data: ${JSON.stringify(parsed)}\n\n`);
+			} catch {
+				res.write(`data: ${String(raw).replace(/\n/g, ' ')}\n\n`);
+			}
+		};
+
+		emitter.on('log', sendLog);
+		const heartbeat = setInterval(() => res.write(': ping\n\n'), 15_000);
+
+		req.on('close', () => {
+			emitter.off('log', sendLog);
+			clearInterval(heartbeat);
+			res.end();
+		});
+	}
+}
+
+module.exports = StreamController;