Skip to content

Supersede #58: rebase 3-tier preview on main + runtime/CI/doc fixes #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
xMinhx wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Supersede #58: rebase 3-tier preview on main + runtime/CI/doc fixes #63

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
089c2c1
Sponsored docker container for the frontend.
Oct 5, 2025
2777c50
chore(frontend): remove deprecated frontend/src/api/apiClient.ts (mig…
Nov 2, 2025
10e14ba
refactor: implement 3-tier architecture by separating frontend and ba…
Mar 28, 2026
f72494f
refactor: migrate to 3-tier architecture by removing legacy views and…
Mar 28, 2026
477bb8d
feat: add preview data seeding for demo project in development mode
Mar 28, 2026
a9d6547
fix(runtime): stabilize preview and align CI with prod
xMinhx Apr 19, 2026
b0d98f6
docs: align preview/prod runtime guidance
xMinhx Apr 19, 2026
fc5c30f
fix: address PR review comments
xMinhx May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
### Custom Files ###
backend/assets/bundle.js
backend/staticfiles/*
frontend/staticfiles/*
frontend/dist/
node_modules
backend/*.env
.idea
Expand Down
88 changes: 88 additions & 0 deletions API_TEST_GUIDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# 🔧 Test-Anleitung: Richtiges API-Endpoint testen

## Das Problem

```bash
curl http://localhost:8005/api/
# 404 Not Found HTML
```

Das ist **eigentlich OK** - `/api/` ist nur ein Prefix, kein echtes Endpoint!

## Die Lösung

Testen Sie mit einem echten API-Endpoint:

```bash
# ✅ RICHTIG - Login Endpoint
curl -X POST http://localhost:8005/api/login \
-H "Content-Type: application/json" \
-d '{"username":"test","password":"test"}'

# ✅ RICHTIG - User Data Endpoint
curl http://localhost:8005/api/me

# ✅ RICHTIG - Projects Endpoint
curl http://localhost:8005/api/projects

# ✅ RICHTIG - Health Check
curl http://localhost:8005/check_health
```

## Warum `/api/` allein 404 gibt

In den URLs ist `/api/` nur ein Prefix:

```python
path(webserver_path, include("webserver.urls"))
# webserver_path = "api/"
# → /api/ ist nur ein PREFIX!

# Echte Endpoints sind:
# /api/login ← include("webserver.urls") → path("login")
# /api/me ← include("webserver.urls") → path("me")
# /api/projects ← include("webserver.urls") → path("projects")
```

## Richtige Test-Kommandos

```bash
# Test 1: Login (POST)
curl -X POST http://localhost:8005/api/login \
-H "Content-Type: application/json" \
-d '{"username":"secure-user@acme.de","password":"secure"}'

# Test 2: Authentifizierte Anfrage (braucht Cookie/Token)
curl -i http://localhost:8005/api/me

# Test 3: Health Check (kein Auth nötig)
curl http://localhost:8005/check_health

# Test 4: Projects (mit Auth)
curl http://localhost:8005/api/projects
```

## Success Criteria

✅ Endpoints geben JSON zurück (nicht HTML!)
✅ 404 für `/api/` allein ist OK (es ist nur Prefix)
✅ 401 bei Auth-Endpoints ohne Auth ist OK
✅ 200 mit JSON für echte Requests

## Überprüfung: Backend serviert KEINE HTML mehr

```bash
# ❌ SCHLECHT: HTML Response
<html>
<head><title>Not Found</title></head>
...

# ✅ GUT: JSON Response
{"detail":"Authentication credentials were not provided."}

# ✅ GUT: JSON Response
{"username":"...","email":"..."}
```

Testen Sie jetzt mit echten Endpoints!

204 changes: 204 additions & 0 deletions PROJEKTÜBERSICHT_3TIER.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
# SecureCheckPlus Projekt-Übersicht & 3Tier-Refactoring

## Projektstruktur

```
SecureCheckPlus.git/
├── backend/ # Django Backend (3Tier)
│ ├── analyzer/ # Sicherheitsanalyse App
│ ├── webserver/ # Web API & User Management
│ ├── securecheckplus/ # Django Settings & URLs
│ ├── utilities/ # Shared Constants & Helpers
│ ├── templates/ # Email Templates
│ └── Dockerfile
├── frontend/ # React TypeScript Frontend
│ └── src/
│ ├── components/
│ ├── page/
│ ├── queries/ # API Client
│ └── style/
├── adapter/ # Zusätzlicher Adapter Service
└── docker-compose-preview.yml # Testumgebung
```

## 3Tier-Architektur

Die Anwendung folgt einer **3-Tier-Architektur**:

### Tier 1: Presentation Layer (Frontend)
- **React + TypeScript**
- Container: `securecheckplus_frontend`
- Port: 3000
- **Komponenten:**
- Login-Seite
- Project Dashboard
- Report Viewer
- CVSS Calculator

### Tier 2: Application Layer (Backend)
- **Django 5.1.2** + REST Framework
- Container: `securecheckplus_server`
- Port: 8000 (intern) → 8005 (extern)
- **Apps:**
- `analyzer`: CVE-Analyse und Dependency-Management
- `webserver`: REST API, User & Project Management
- `utilities`: Gemeinsame Konstanten und Helper

### Tier 3: Data Layer (Database)
- **PostgreSQL**
- Container: `securecheckplus_db`
- Port: 5432

## Hauptkomponenten

### Backend: Analyzer App (`analyzer/`)
**Modelle:**
- `Project`: Verwaltete Projekte
- `Dependency`: Dependencies mit Versionierung
- `CVEObject`: CVE Informationen (CVSS, EPSS, etc.)
- `Report`: Verbindung zwischen Dependency und CVE mit Status

**Eigenschaften:**
- CVE-Daten-Integration (NVD API)
- Risk-Score Berechnung basierend auf EPSS
- Dependency Tracking pro Projekt
- Status-Management (REVIEW, NO_THREAT, THREAT_FIXED, etc.)

### Backend: Webserver App (`webserver/`)
**Modelle:**
- `User`: Authentifizierung & Benachrichtigungen
- `UserWatchProject`: Many-to-Many Beziehung User ↔ Project

**Funktionalitäten:**
- REST API für Frontend
- User Management (Favoriten, Verlauf)
- LDAP Integration (optional)

## Docker Compose Services

### Development Setup (docker-compose-preview.yml)

1. **securecheckplus_frontend**
- Build: `./frontend` (Dev-Modus)
- Environment: `REACT_APP_API_URL=""` (Same-Origin via Nginx Proxy)
- Exposes: Port 3000

2. **securecheckplus_server**
- Build: `./backend` (target: dev)
- Environment: Django Config (SECRET_KEY, DB-Credentials, etc.)
- Volumes: `./backend:/backend` (Hot-Reload)
- Exposes: Port 8005 → 8000 (intern)
- Dependencies: PostgreSQL, SMTP Mailserver

3. **securecheckplus_db**
- Image: postgres (latest)
- Environment: DB Credentials
- Exposes: Port 5432

4. **smtp_mailserver**
- Image: maildev/maildev
- Purpose: Email Testing
- Exposes: Port 1080 (MailDev UI)

## Häufige Kommandos

### Backend starten/stoppen
```bash
# Mit Preview Compose
docker-compose -f docker-compose-preview.yml up --build

# Mit Logs
docker-compose -f docker-compose-preview.yml logs -f securecheckplus_server

# Backend-Shell betreten
docker exec -it securecheckplus_server sh
```

### Datenbank-Operationen
```bash
# In der Container-Shell:
python manage.py migrate
python manage.py createsuperuser
python manage.py showmigrations
```

### Tests ausführen
```bash
# Im Backend Container
python manage.py test

# Mit Coverage
pytest --cov=analyzer --cov=webserver
```

## Konfiguration

### Umgebungsvariablen (backend)
- `IS_DEV`: Development-Modus (True/False)
- `FULLY_QUALIFIED_DOMAIN_NAME`: Frontend URL (für CORS)
- `DJANGO_SECRET_KEY`: Sicherheitsschlüssel
- `POSTGRES_*`: Datenbankzugangsdaten
- `NVD_API_KEY`: National Vulnerability Database API-Key
- `ADMIN_USERNAME/PASSWORD`: Superuser-Credentials
- `USER_USERNAME/PASSWORD`: Normaler User

### LDAP Integration (Optional)
- `LDAP_HOST`: LDAP Server
- `LDAP_ADMIN_DN`: Admin Distinguished Name
- `LDAP_ADMIN_PASSWORD`: Admin Passwort
- `LDAP_USER_BASE_DN`: User Search Base
- `LDAP_ADMIN_GROUP_DN`: Admin Group DN
- etc.

## Problembehebung

### Issue: "Your models in app(s): 'analyzer' have changes"
**Lösung:**
Nur manuell in der Entwicklung ausführen (nicht automatisch beim Container-Start):
```bash
python manage.py makemigrations
python manage.py migrate
```

### Issue: "The directory '/backend/assets' does not exist"
**Lösung:**
```bash
mkdir -p backend/assets
touch backend/assets/.gitkeep
```

### Issue: CSRF deactivated warnings
**Erklärung:** Normal in DEV-Modus, da HTTP verwendet wird. In PROD automatisch HTTPS erzwungen.

## Migrationen Management

### Migrationsdatei Struktur
- `analyzer/migrations/0001_initial.py`: Erste Migrationsdatei
- `analyzer/migrations/0002_initial.py`: ForeignKey & Relations Setup

Beim Refactoring müssen neue Migrationen erstellt werden:
Manuell durch Entwickler, bevor Änderungen committed werden:
```bash
python manage.py makemigrations analyzer webserver
python manage.py migrate
```

## Best Practices für Entwicklung

1. **Immer in der Container-Shell arbeiten** für Datenbank-Operationen
2. **Hot-Reload aktiviert**: Änderungen am Backend werden automatisch neu geladen
3. **Migrationen versionieren**: Nach Model-Änderungen `makemigrations` ausführen
4. **Environment-Variablen nutzen**: Für Dev/Prod-Unterschiede
5. **Tests schreiben**: Vor Production-Deployment testen

## Nächste Schritte (3Tier-Refactoring)

- [ ] Alle Migrationen generieren und testen
- [ ] API-Layer vollständig separieren
- [ ] Frontend-Komponenten refaktorieren
- [ ] Authentifizierung erweitern
- [ ] Performance-Testing durchführen

Loading
Loading