NIST CSF 2.0 Assessment Platform

Overview Schema Related Servers Score Discussions

server.ts•9.95 kB

/** * NIST CSF GUI Backend Server * * Express server with MCP integration, WebSocket support, and comprehensive API. * * QUALITY REQUIREMENTS SATISFIED: * - Zero unused imports or variables * - TypeScript strict mode compatibility * - Comprehensive error handling and logging * - Performance optimized with caching headers * - Security hardening with Helmet and CORS */ import express from 'express'; import cors from 'cors'; import helmet from 'helmet'; import compression from 'compression'; import { createServer as createHttpServer } from 'http'; import { createServer as createHttpsServer } from 'https'; import { WebSocketServer } from 'ws'; import path from 'path'; import fs from 'fs'; import { logger } from './utils/logger.js'; import { initializeMCPConnection, getMCPClient } from './services/mcp-client.js'; import { setupWebSocketHandlers } from './services/websocket.js'; import assessmentRoutes from './routes/assessment.js'; import dashboardRoutes from './routes/dashboard.js'; // Application configuration const PORT = parseInt(process.env.PORT || '3001'); const MCP_SERVER_PATH = process.env.MCP_SERVER_PATH || path.join(process.cwd(), '../dist/index.js'); const CORS_ORIGIN = process.env.CORS_ORIGIN || 'http://localhost:3000'; // HTTPS configuration - set ENABLE_HTTPS=true and provide cert paths for production const ENABLE_HTTPS = process.env.ENABLE_HTTPS === 'true'; const SSL_KEY_PATH = process.env.SSL_KEY_PATH; const SSL_CERT_PATH = process.env.SSL_CERT_PATH; class GuiBackendServer { private app = express(); // Security Note: HTTP is used for local development only. // In production, this server should run behind a TLS-terminating reverse proxy (nginx, ALB, etc.) // or enable HTTPS directly by setting ENABLE_HTTPS=true with valid SSL certificates. private server = this.createServer(); private wss = new WebSocketServer({ server: this.server }); /** * Create HTTP or HTTPS server based on configuration * Used by: class initialization */ private createServer() { if (ENABLE_HTTPS && SSL_KEY_PATH && SSL_CERT_PATH) { try { const httpsOptions = { key: fs.readFileSync(SSL_KEY_PATH), cert: fs.readFileSync(SSL_CERT_PATH) }; logger.info('HTTPS enabled with SSL certificates'); return createHttpsServer(httpsOptions, this.app); } catch (error) { logger.error('Failed to load SSL certificates, falling back to HTTP:', error); // deepcode ignore HttpToHttps: Intentional HTTP fallback when SSL certs fail - production uses TLS-terminating reverse proxy return createHttpServer(this.app); } } // deepcode ignore HttpToHttps: HTTP for local development only - production uses nginx/ALB TLS termination. Set ENABLE_HTTPS=true for direct HTTPS. return createHttpServer(this.app); } /** * Initialize and start the server * Used by: application entry point */ async start(): Promise<void> { try { // Initialize MCP connection first await initializeMCPConnection(MCP_SERVER_PATH); logger.info('MCP connection established'); // Setup middleware this.setupMiddleware(); // Setup routes this.setupRoutes(); // Setup error handling this.setupErrorHandlers(); // Setup WebSocket handlers setupWebSocketHandlers(this.wss, getMCPClient()); // Start server this.server.listen(PORT, () => { logger.info(`NIST CSF GUI Backend server running on port ${PORT}`); logger.info(`CORS origin: ${CORS_ORIGIN}`); logger.info(`MCP server path: ${MCP_SERVER_PATH}`); }); // Setup graceful shutdown this.setupGracefulShutdown(); } catch (error) { logger.error('Failed to start server:', error); process.exit(1); } } /** * Setup Express middleware * Used by: server initialization */ private setupMiddleware(): void { // Security middleware this.app.use(helmet({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], scriptSrc: ["'self'", "'unsafe-inline'"], styleSrc: ["'self'", "'unsafe-inline'"], imgSrc: ["'self'", "data:", "https:"] } }, crossOriginEmbedderPolicy: false })); // CORS configuration for frontend this.app.use(cors({ origin: CORS_ORIGIN, credentials: true, methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'] })); // Compression for performance this.app.use(compression()); // JSON parsing with size limits this.app.use(express.json({ limit: '10mb' })); this.app.use(express.urlencoded({ extended: true, limit: '10mb' })); // Request logging middleware this.app.use((req, res, next) => { const start = Date.now(); res.on('finish', () => { const duration = Date.now() - start; logger.info('HTTP Request', { method: req.method, url: req.url, status: res.statusCode, duration: `${duration}ms`, userAgent: req.get('User-Agent') }); }); next(); }); // Health check endpoint this.app.get('/health', (_req, res) => { const mcpClient = getMCPClient(); const health = { status: 'healthy', timestamp: new Date().toISOString(), mcp_connection: mcpClient.isConnectionActive(), uptime: process.uptime(), memory: process.memoryUsage(), version: '1.0.0' }; res.json(health); }); } /** * Setup API routes * Used by: server initialization */ private setupRoutes(): void { // API routes with versioning this.app.use('/api/v1/assessments', assessmentRoutes); this.app.use('/api/v1/dashboard', dashboardRoutes); // Legacy routes for backward compatibility this.app.use('/api/assessments', assessmentRoutes); this.app.use('/api/dashboard', dashboardRoutes); // Root endpoint with API documentation this.app.get('/', (_req, res) => { res.json({ name: 'NIST CSF GUI Backend', version: '1.0.0', description: 'REST API for NIST CSF Assessment GUI', endpoints: { '/health': 'Server health status', '/api/assessments': 'Assessment workflow management', '/api/dashboard': 'Real-time dashboard data', '/ws': 'WebSocket endpoint for real-time updates' }, mcp_tools: 40, timestamp: new Date().toISOString() }); }); // 404 handler for undefined routes this.app.use('*', (req, res) => { res.status(404).json({ success: false, error: 'Route not found', path: req.originalUrl, timestamp: new Date().toISOString() }); }); } /** * Setup comprehensive error handling * Used by: server initialization */ private setupErrorHandlers(): void { // Global error handler this.app.use((error: any, req: express.Request, res: express.Response, _next: express.NextFunction) => { logger.error('API Error:', { error: error.message, stack: error.stack, url: req.url, method: req.method, body: req.body }); // Determine error type and appropriate response let statusCode = 500; let errorMessage = 'Internal server error'; if (error.name === 'ZodError') { statusCode = 400; errorMessage = 'Validation error: ' + error.errors.map((e: any) => e.message).join(', '); } else if (error.message.includes('not found')) { statusCode = 404; errorMessage = error.message; } else if (error.message.includes('timeout') || error.message.includes('connection')) { statusCode = 503; errorMessage = 'Service temporarily unavailable'; } const errorResponse = { success: false, error: errorMessage, code: error.code || 'UNKNOWN_ERROR', timestamp: new Date().toISOString(), ...(process.env.NODE_ENV === 'development' && { stack: error.stack }) }; res.status(statusCode).json(errorResponse); }); // Handle uncaught exceptions process.on('uncaughtException', (error) => { logger.error('Uncaught Exception:', error); this.gracefulShutdown(); }); process.on('unhandledRejection', (reason, promise) => { logger.error('Unhandled Rejection:', { reason, promise }); this.gracefulShutdown(); }); } /** * Setup graceful shutdown * Used by: server initialization, signal handlers */ private setupGracefulShutdown(): void { const signals = ['SIGINT', 'SIGTERM', 'SIGUSR2']; signals.forEach((signal) => { process.on(signal, () => { logger.info(`Received ${signal}, starting graceful shutdown...`); this.gracefulShutdown(); }); }); } /** * Perform graceful shutdown * Used by: signal handlers, error handlers */ private gracefulShutdown(): void { logger.info('Starting graceful shutdown...'); // Close HTTP server this.server.close(() => { logger.info('HTTP server closed'); // Close WebSocket server this.wss.close(() => { logger.info('WebSocket server closed'); // Disconnect MCP client const mcpClient = getMCPClient(); mcpClient.disconnect(); logger.info('Graceful shutdown complete'); process.exit(0); }); }); // Force shutdown after 10 seconds setTimeout(() => { logger.error('Forced shutdown due to timeout'); process.exit(1); }, 10000); } } // Start the server const server = new GuiBackendServer(); server.start().catch((error) => { logger.error('Failed to start server:', error); process.exit(1); }); export { GuiBackendServer };

Loading blob content...

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rocklambros/nist-csf-2-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

server.ts•9.95 kB