diff --git a/docs/STANDARDS.md b/docs/STANDARDS.md index 39a7c2e..777d6b1 100644 --- a/docs/STANDARDS.md +++ b/docs/STANDARDS.md @@ -1,8 +1,8 @@ # Classic ASP Development Standards ## ShopDB Application -**Version:** 1.1 -**Last Updated:** 2025-12-11 +**Version:** 1.2 +**Last Updated:** 2025-12-12 **Status:** MANDATORY for all new development and modifications --- @@ -26,7 +26,9 @@ ### Authentication & Authorization -**MANDATORY:** All pages MUST implement authentication checks. +> **NOTE:** Authentication is not yet implemented. SAML integration is planned for a future release. The patterns below document the intended implementation. + +**MANDATORY (when implemented):** All pages MUST implement authentication checks. ```vbscript @@ -43,6 +45,7 @@ Call RequireRole("Admin") - `login.asp` - `error.asp` - `404.asp` +- API endpoints (use API key authentication instead) ### Session Management @@ -94,6 +97,25 @@ objConn.Open %> ``` +**Environment Toggle:** Set `USE_DSN` in config.asp: +- `USE_DSN = False` - Development (direct ODBC driver connection) +- `USE_DSN = True` - Production (DSN-based connection) + +```vbscript +' config.asp controls connection method +Const USE_DSN = False ' Set True for production + +Function GetConnectionString() + If USE_DSN Then + ' Production: DSN-based + GetConnectionString = "DSN=" & DB_DSN & ";Uid=...;Pwd=...;Option=3;Pooling=True;Max Pool Size=100;" + Else + ' Development: Direct ODBC + GetConnectionString = "Driver={" & DB_DRIVER & "};Server=...;..." + End If +End Function +``` + ### Parameterized Queries **MANDATORY:** ALL database queries MUST use parameterization. @@ -721,6 +743,7 @@ lastupdated |----------|--------|-------| | `ipaddress` | `address` | communications | | `gateway` | `defaultgateway` | communications | +| `communicationid` | `comid` | communications | | `notes` | `machinenotes` | machines | | `pcid` | `machineid` | machines (PCs are in unified table) | | `pc_comm_config` | `commconfig` | (table name) | @@ -728,7 +751,9 @@ lastupdated **PC Identification:** PCs are in the `machines` table, identified by: - `pctypeid IS NOT NULL` -- `machinetypeid IN (33, 34, 35)` +- `machinetypeid = 33` (generic PC type) + +> **Note:** Redundant PC machinetypes (34-46) were removed. All PCs now use machinetypeid=33 with pctypeid for categorization (Standard, Engineer, Shopfloor, CMM, etc.) --- @@ -937,6 +962,43 @@ This script tests 41 endpoints including: Test data uses `AUTOTEST_` prefix for easy cleanup. See `tests/cleanup_test_data.sql`. +### API Endpoint Testing + +**REQUIRED:** Test API endpoints used by PowerShell scripts after changes to api.asp. + +```bash +# Health check +curl -s "http://192.168.122.151:8080/api.asp?action=getDashboardData" + +# Get shopfloor PCs +curl -s "http://192.168.122.151:8080/api.asp?action=getShopfloorPCs" + +# Simulate PowerShell PC data collection +curl -s -X POST "http://192.168.122.151:8080/api.asp" \ + -d "action=updateCompleteAsset" \ + -d "hostname=TESTPC01" \ + -d "serialNumber=TEST123" \ + -d "manufacturer=Dell Inc." \ + -d "model=OptiPlex 7080" \ + -d "osVersion=Microsoft Windows 11 Pro" \ + -d "pcType=Standard" + +# Get recorded IP (POST method) +curl -s -X POST "http://192.168.122.151:8080/api.asp" \ + -d "action=getRecordedIP" \ + -d "hostname=TESTPC01" +``` + +**Key API Endpoints:** +| Action | Method | Purpose | +|--------|--------|---------| +| getDashboardData | GET | Health check | +| getShopfloorPCs | GET | List shopfloor PCs | +| updateCompleteAsset | POST | PC data collection (main PowerShell endpoint) | +| getRecordedIP | POST | Get recorded IP for hostname | +| updatePrinterMapping | POST | Link printer to PC | +| updateInstalledApps | POST | Record installed applications | + ### Unit Testing **REQUIRED:** Test all validation functions. @@ -1043,16 +1105,22 @@ Before committing code, verify: **Structure:** ``` /includes/ - config.asp.template (Template with placeholders) - config.dev.asp (Development settings) - config.test.asp (Testing settings) - config.prod.asp (Production settings) + config.asp.example (Template with placeholder credentials - tracked in git) + config.asp (Actual credentials - gitignored, never commit) ``` **Deployment Process:** -1. Copy appropriate config file to `config.asp` -2. Never commit `config.asp` to source control -3. Add `config.asp` to `.gitignore` +1. Copy `config.asp.example` to `config.asp` +2. Fill in actual credentials +3. Set `USE_DSN = True` for production, `False` for development +4. `config.asp` is gitignored - never committed to source control + +**Configuration includes:** +- ShopDB credentials (with DSN/direct ODBC toggle) +- Employee database credentials (with DSN/direct ODBC toggle) +- Zabbix API URL and token +- Application settings (session timeout, page size, cache duration) +- Business logic constants (serial number length, CSF prefix, etc.) ### Secrets Management @@ -1070,69 +1138,57 @@ Before committing code, verify: ### Configuration Template +See `includes/config.asp.example` for the full template. Key sections: + ```vbscript <% '============================================================================= -' Application Configuration -' IMPORTANT: Copy this to config.asp and update values for your environment +' Database Configuration - ShopDB '============================================================================= +' Toggle between DSN (production) and direct ODBC (development) +Const USE_DSN = False ' Set True for production -'----------------------------------------------------------------------------- -' Database Configuration -'----------------------------------------------------------------------------- +' DSN configuration (production) +Const DB_DSN = "shopdb" +Const DB_DSN_USER = "YOUR_DB_USER" +Const DB_DSN_PASSWORD = "YOUR_DB_PASSWORD" + +' Direct ODBC configuration (development) Const DB_DRIVER = "MySQL ODBC 9.4 Unicode Driver" Const DB_SERVER = "192.168.122.1" Const DB_PORT = "3306" Const DB_NAME = "shopdb" -Const DB_USER = "appuser" -Const DB_PASSWORD = "CHANGE_THIS_PASSWORD" +Const DB_USER = "YOUR_DB_USER" +Const DB_PASSWORD = "YOUR_DB_PASSWORD" -'----------------------------------------------------------------------------- -' Application Settings -'----------------------------------------------------------------------------- -Const APP_SESSION_TIMEOUT = 30 -Const APP_PAGE_SIZE = 50 -Const APP_CACHE_DURATION = 300 ' seconds +'============================================================================= +' Database Configuration - Employee Database +'============================================================================= +Const USE_EMP_DSN = True ' Usually DSN-based -'----------------------------------------------------------------------------- -' Business Logic Configuration -'----------------------------------------------------------------------------- -Const SERIAL_NUMBER_LENGTH = 7 -Const SSO_NUMBER_LENGTH = 9 -Const CSF_PREFIX = "csf" -Const CSF_LENGTH = 5 +Const EMP_DB_DSN = "wjf_employees" +Const EMP_DB_DSN_USER = "YOUR_EMP_USER" +Const EMP_DB_DSN_PASSWORD = "YOUR_EMP_PASSWORD" -'----------------------------------------------------------------------------- -' Default Values -'----------------------------------------------------------------------------- -Const DEFAULT_PC_STATUS_ID = 2 -Const DEFAULT_MODEL_ID = 1 -Const DEFAULT_OS_ID = 1 - -'----------------------------------------------------------------------------- +'============================================================================= ' External Services -'----------------------------------------------------------------------------- -Const SNOW_BASE_URL = "https://geit.service-now.com/now/nav/ui/search/" -Const ZABBIX_API_URL = "http://zabbix.example.com/api_jsonrpc.php" +'============================================================================= +Const ZABBIX_URL = "http://your-zabbix-server/api_jsonrpc.php" +Const ZABBIX_API_TOKEN = "YOUR_ZABBIX_API_TOKEN" -'----------------------------------------------------------------------------- -' File Upload -'----------------------------------------------------------------------------- -Const MAX_FILE_SIZE = 10485760 ' 10MB -Const ALLOWED_EXTENSIONS = "jpg,jpeg,png,gif,pdf" - -'----------------------------------------------------------------------------- +'============================================================================= ' Helper Functions -'----------------------------------------------------------------------------- +'============================================================================= Function GetConnectionString() - GetConnectionString = "Driver={" & DB_DRIVER & "};" & _ - "Server=" & DB_SERVER & ";" & _ - "Port=" & DB_PORT & ";" & _ - "Database=" & DB_NAME & ";" & _ - "User=" & DB_USER & ";" & _ - "Password=" & DB_PASSWORD & ";" & _ - "Option=3;" & _ - "Pooling=True;Max Pool Size=100;" + If USE_DSN Then + GetConnectionString = "DSN=" & DB_DSN & ";Uid=" & DB_DSN_USER & _ + ";Pwd=" & DB_DSN_PASSWORD & ";Option=3;Pooling=True;Max Pool Size=100;" + Else + GetConnectionString = "Driver={" & DB_DRIVER & "};Server=" & DB_SERVER & _ + ";Port=" & DB_PORT & ";Database=" & DB_NAME & _ + ";User=" & DB_USER & ";Password=" & DB_PASSWORD & _ + ";Option=3;Pooling=True;Max Pool Size=100;" + End If End Function %> ``` @@ -1264,6 +1320,7 @@ Call CleanupResources() |---------|------|---------|--------| | 1.0 | 2025-10-10 | Initial standards document created from audit findings | Claude | | 1.1 | 2025-12-11 | Updated for Phase 2 schema (unified machines table), added test script reference, secrets management, column naming gotchas | Claude | +| 1.2 | 2025-12-12 | Added DSN toggle documentation, API endpoint testing section, updated PC identification (machinetypeid=33 only), added comid column gotcha, noted auth not yet implemented, updated config file structure | Claude | ---