Add DevSecOpsApp code with updated Jenkins pipeline for multi-environment deployment

2025-11-30 15:24:19 +05:30
parent 30a2782a79
commit 3d49b0f4de
22 changed files with 22129 additions and 52 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -0,0 +1,195 @@
+const express = require('express');
+const cors = require('cors');
+require('dotenv').config();
+
+// TESTING: Dummy secrets for TruffleHog detection - SHOULD TRIGGER SECURITY SCAN!
+const AWS_ACCESS_KEY_ID = 'AKIAIOSFODNN7EXAMPLE';
+const AWS_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY';
+const GITHUB_TOKEN = 'ghp_1234567890abcdef1234567890abcdef12345678';
+
+// Additional test secrets for comprehensive detection
+const DATABASE_PASSWORD = 'super_secret_db_password_123!';
+const JWT_SECRET = 'jwt_super_secret_key_for_authentication_2024';
+const STRIPE_SECRET_KEY = 'sk_test_51234567890abcdef1234567890abcdef12345678';
+const SENDGRID_API_KEY = 'SG.1234567890abcdef.1234567890abcdef1234567890abcdef1234567890abcdef';
+const SLACK_WEBHOOK_URL = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX';
+const MONGODB_CONNECTION = 'mongodb://admin:supersecret123@localhost:27017/devdb';
+
+// FINAL TEST: Additional secret to verify TruffleHog with fixed Jenkinsfile
+const TWITTER_API_KEY = 'twitter_api_key_1234567890abcdef1234567890abcdef1234567890';
+
+const app = express();
+const PORT = process.env.PORT || 3001;
+
+// Middleware
+app.use(cors());
+app.use(express.json());
+
+// In-memory data store for simplicity
+let todos = [
+  { id: 1, title: 'Learn DevOps', completed: false, priority: 'high' },
+  { id: 2, title: 'Setup CI/CD Pipeline', completed: false, priority: 'medium' },
+  { id: 3, title: 'Deploy to Cloud', completed: false, priority: 'low' },
+  { id: 4, title: 'Monitor Application', completed: true, priority: 'medium' }
+];
+
+let nextId = 5;
+
+// Routes
+
+// Health check
+app.get('/health', (req, res) => {
+  // ⚠️ WARNING: This file contains test secrets for TruffleHog detection
+  // Real secrets like: password123, secret_api_key should never be hardcoded!
+  res.json({ 
+    status: 'OK', 
+    timestamp: new Date().toISOString(),
+    message: 'Backend server is running!'
+  });
+});
+
+// Get all todos
+app.get('/api/todos', (req, res) => {
+  res.json({
+    success: true,
+    data: todos,
+    count: todos.length
+  });
+});
+
+// Get single todo
+app.get('/api/todos/:id', (req, res) => {
+  const id = parseInt(req.params.id);
+  const todo = todos.find(t => t.id === id);
+  
+  if (!todo) {
+    return res.status(404).json({
+      success: false,
+      message: 'Todo not found'
+    });
+  }
+  
+  res.json({
+    success: true,
+    data: todo
+  });
+});
+
+// Create new todo
+app.post('/api/todos', (req, res) => {
+  const { title, priority = 'medium' } = req.body;
+  
+  if (!title) {
+    return res.status(400).json({
+      success: false,
+      message: 'Title is required'
+    });
+  }
+  
+  const newTodo = {
+    id: nextId++,
+    title,
+    completed: false,
+    priority
+  };
+  
+  todos.push(newTodo);
+  
+  res.status(201).json({
+    success: true,
+    data: newTodo,
+    message: 'Todo created successfully'
+  });
+});
+
+// Update todo
+app.put('/api/todos/:id', (req, res) => {
+  const id = parseInt(req.params.id);
+  const todoIndex = todos.findIndex(t => t.id === id);
+  
+  if (todoIndex === -1) {
+    return res.status(404).json({
+      success: false,
+      message: 'Todo not found'
+    });
+  }
+  
+  const { title, completed, priority } = req.body;
+  
+  if (title !== undefined) todos[todoIndex].title = title;
+  if (completed !== undefined) todos[todoIndex].completed = completed;
+  if (priority !== undefined) todos[todoIndex].priority = priority;
+  
+  res.json({
+    success: true,
+    data: todos[todoIndex],
+    message: 'Todo updated successfully'
+  });
+});
+
+// Delete todo
+app.delete('/api/todos/:id', (req, res) => {
+  const id = parseInt(req.params.id);
+  const todoIndex = todos.findIndex(t => t.id === id);
+  
+  if (todoIndex === -1) {
+    return res.status(404).json({
+      success: false,
+      message: 'Todo not found'
+    });
+  }
+  
+  todos.splice(todoIndex, 1);
+  
+  res.json({
+    success: true,
+    message: 'Todo deleted successfully'
+  });
+});
+
+// Get todo statistics
+app.get('/api/stats', (req, res) => {
+  const stats = {
+    total: todos.length,
+    completed: todos.filter(t => t.completed).length,
+    pending: todos.filter(t => !t.completed).length,
+    byPriority: {
+      high: todos.filter(t => t.priority === 'high').length,
+      medium: todos.filter(t => t.priority === 'medium').length,
+      low: todos.filter(t => t.priority === 'low').length
+    }
+  };
+  
+  res.json({
+    success: true,
+    data: stats
+  });
+});
+
+// 404 handler
+app.use('*', (req, res) => {
+  res.status(404).json({
+    success: false,
+    message: 'Endpoint not found'
+  });
+});
+
+// Error handler
+app.use((err, req, res, next) => {
+  console.error('Error:', err);
+  res.status(500).json({
+    success: false,
+    message: 'Internal server error'
+  });
+});
+
+// Start server
+app.listen(PORT, () => {
+  console.log(`🚀 Backend server running on port ${PORT}`);
+  console.log(`📊 Health check: http://localhost:${PORT}/health`);
+  console.log(`📝 API endpoints: http://localhost:${PORT}/api/todos`);
+  console.log(`📈 Stats: http://localhost:${PORT}/api/stats`);
+});
+
+module.exports = app;
+const API_KEY = 'sk-1234567890abcdef1234567890abcdef12345678';