web-agent-bridge 3.2.0 → 3.4.0

package/server/routes/admin-shieldqr.js

@@ -0,0 +1,90 @@
+/**
+ * Admin ShieldQR — moderate user-submitted reports + browse recent scans.
+ *   GET  /api/admin/shieldqr/reports?status=open
+ *   PUT  /api/admin/shieldqr/reports/:id   { status }
+ *   GET  /api/admin/shieldqr/scans?host=&level=&limit=
+ *   GET  /api/admin/shieldqr/stats
+ */
+'use strict';
+
+const express = require('express');
+const Database = require('better-sqlite3');
+const path = require('path');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { auditLog } = require('../services/security');
+
+const router = express.Router();
+router.use(authenticateAdmin);
+
+const DATA_DIR = process.env.NODE_ENV === 'test'
+  ? path.join(__dirname, '..', '..', 'data-test')
+  : (process.env.DATA_DIR || path.join(__dirname, '..', '..', 'data'));
+const DB_FILE = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
+
+let _db = null;
+function db() {
+  if (!_db) { _db = new Database(path.join(DATA_DIR, DB_FILE)); }
+  return _db;
+}
+
+const VALID_STATUSES = new Set(['open', 'reviewing', 'resolved', 'rejected']);
+const VALID_LEVELS = new Set(['green', 'yellow', 'red']);
+
+router.get('/reports', (req, res) => {
+  const status = req.query.status && VALID_STATUSES.has(req.query.status) ? req.query.status : null;
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const sql = status
+    ? `SELECT r.*, s.level, s.score, s.host
+         FROM shieldqr_reports r
+         LEFT JOIN shieldqr_scans s ON s.id = r.scan_id
+        WHERE r.status = ? ORDER BY r.created_at DESC LIMIT ?`
+    : `SELECT r.*, s.level, s.score, s.host
+         FROM shieldqr_reports r
+         LEFT JOIN shieldqr_scans s ON s.id = r.scan_id
+        ORDER BY r.created_at DESC LIMIT ?`;
+  const rows = status ? db().prepare(sql).all(status, limit) : db().prepare(sql).all(limit);
+  res.json({ reports: rows, count: rows.length });
+});
+
+router.put('/reports/:id', (req, res) => {
+  const id = parseInt(req.params.id, 10);
+  const status = req.body && req.body.status;
+  if (!Number.isFinite(id) || !VALID_STATUSES.has(status)) {
+    return res.status(400).json({ error: 'invalid id or status' });
+  }
+  const info = db().prepare('UPDATE shieldqr_reports SET status = ? WHERE id = ?').run(status, id);
+  if (info.changes === 0) { return res.status(404).json({ error: 'report not found' }); }
+  auditLog({
+    actorType: 'admin', actorId: String(req.admin.id),
+    action: 'shieldqr_report_update',
+    details: { id, status }, ip: req.ip,
+  });
+  res.json({ ok: true, id, status });
+});
+
+router.get('/scans', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const where = []; const params = [];
+  if (req.query.host) { where.push('host = ?'); params.push(String(req.query.host).toLowerCase()); }
+  if (req.query.level && VALID_LEVELS.has(req.query.level)) {
+    where.push('level = ?'); params.push(req.query.level);
+  }
+  const sql = `SELECT id, url, host, level, score, trust_ok, ssl_ok, created_at
+                 FROM shieldqr_scans
+                 ${where.length ? 'WHERE ' + where.join(' AND ') : ''}
+                 ORDER BY created_at DESC LIMIT ?`;
+  const rows = db().prepare(sql).all(...params, limit);
+  res.json({ scans: rows, count: rows.length });
+});
+
+router.get('/stats', (req, res) => {
+  const totalScans = db().prepare('SELECT COUNT(*) AS n FROM shieldqr_scans').get().n;
+  const byLevel = db().prepare('SELECT level, COUNT(*) AS n FROM shieldqr_scans GROUP BY level').all();
+  const reportsByStatus = db().prepare('SELECT status, COUNT(*) AS n FROM shieldqr_reports GROUP BY status').all();
+  const recent24h = db().prepare(
+    "SELECT COUNT(*) AS n FROM shieldqr_scans WHERE created_at >= datetime('now','-1 day')"
+  ).get().n;
+  res.json({ totalScans, recent24h, byLevel, reportsByStatus });
+});
+
+module.exports = router;

package/server/routes/admin-trust-monitor.js

@@ -0,0 +1,83 @@
+/**
+ * Admin Trust Monitor — SSL health + cert history (Extended Trust Layer).
+ *   GET  /api/admin/trust-monitor/sites      — list ssl_monitor rows
+ *   POST /api/admin/trust-monitor/check      { host } — re-check one host
+ *   POST /api/admin/trust-monitor/sweep      — re-check every site
+ *   GET  /api/admin/trust-monitor/history    ?host= — cert_history rows
+ *   GET  /api/admin/trust-monitor/stats
+ */
+'use strict';
+
+const express = require('express');
+const Database = require('better-sqlite3');
+const path = require('path');
+const { authenticateAdmin } = require('../middleware/adminAuth');
+const { auditLog } = require('../services/security');
+const monitor = require('../services/ssl-monitor');
+
+const router = express.Router();
+router.use(authenticateAdmin);
+
+const DATA_DIR = process.env.NODE_ENV === 'test'
+  ? path.join(__dirname, '..', '..', 'data-test')
+  : (process.env.DATA_DIR || path.join(__dirname, '..', '..', 'data'));
+const DB_FILE = process.env.NODE_ENV === 'test' ? 'wab-test.db' : 'wab.db';
+
+let _db = null;
+function db() { if (!_db) { _db = new Database(path.join(DATA_DIR, DB_FILE)); } return _db; }
+
+router.get('/sites', (req, res) => {
+  const rows = db().prepare(`
+    SELECT host, fingerprint_sha256, issuer, valid_to, days_until_expiry,
+           status, error, last_checked_at, last_alert_at
+      FROM ssl_monitor ORDER BY
+      CASE status WHEN 'expired' THEN 0 WHEN 'error' THEN 1 WHEN 'expiring' THEN 2 ELSE 3 END,
+      days_until_expiry ASC
+  `).all();
+  res.json({ sites: rows, count: rows.length });
+});
+
+router.post('/check', async (req, res) => {
+  const host = (req.body && req.body.host || '').trim().toLowerCase();
+  if (!host) return res.status(400).json({ error: 'host required' });
+  try {
+    const r = await monitor.checkHost(host, { source: 'admin' });
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id),
+      action: 'trust_check', details: { host, status: r.status }, ip: req.ip });
+    res.json(r);
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+router.post('/sweep', async (req, res) => {
+  try {
+    const rs = await monitor.runSweep();
+    auditLog({ actorType: 'admin', actorId: String(req.admin.id),
+      action: 'trust_sweep', details: { count: rs.length }, ip: req.ip });
+    res.json({ count: rs.length, results: rs });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+router.get('/history', (req, res) => {
+  const host = (req.query.host || '').toLowerCase();
+  const limit = Math.min(parseInt(req.query.limit, 10) || 100, 500);
+  const sql = host
+    ? `SELECT * FROM cert_history WHERE host = ? ORDER BY observed_at DESC LIMIT ?`
+    : `SELECT * FROM cert_history ORDER BY observed_at DESC LIMIT ?`;
+  const rows = host ? db().prepare(sql).all(host, limit) : db().prepare(sql).all(limit);
+  res.json({ history: rows, count: rows.length });
+});
+
+router.get('/stats', (req, res) => {
+  const total = db().prepare('SELECT COUNT(*) AS n FROM ssl_monitor').get().n;
+  const byStatus = db().prepare('SELECT status, COUNT(*) AS n FROM ssl_monitor GROUP BY status').all();
+  const expiringSoon = db().prepare(
+    "SELECT COUNT(*) AS n FROM ssl_monitor WHERE status = 'expiring'"
+  ).get().n;
+  const expired = db().prepare(
+    "SELECT COUNT(*) AS n FROM ssl_monitor WHERE status = 'expired'"
+  ).get().n;
+  const certHistory = db().prepare('SELECT COUNT(*) AS n FROM cert_history').get().n;
+  res.json({ total, byStatus, expiringSoon, expired, certHistory });
+});
+
+module.exports = router;