🛡️ CyberShield IRMS

Incident Response Management System

---

A full-stack Incident Response Management System built for cybersecurity operations centers. Manage security incidents, track infrastructure assets, monitor events, escalate threats, and analyze trends — all from a unified, real-time dashboard.

✨ Features

🔐 Authentication & Security

• JWT-based authentication with bcrypt password hashing
• Role-based access control (Admin / Manager / Analyst)
• Security middleware (Helmet, rate limiting, input validation)
• Change password with current password verification

📊 Dashboard & Analytics

• Real-time stats (users, incidents, logins)
• User management CRUD (Add/Edit/Deactivate)
• Audit log with action type & date range filtering
• Sortable tables, role/status filters, CSV export
• Analytics dashboard with 4 Recharts visualizations

🚨 Incident Management

• Full CRUD with severity (Critical/High/Medium/Low) & status tracking
• Status history timeline with change attribution
• Incident assignment to team members
• Advanced search, pagination, and filtering

⬆️ Escalation Module

• 5-level escalation system (L1–L5)
• Escalation modal with assignee reassignment
• Escalation history timeline on incident detail
• Real-time Socket.io notification on escalation

🔔 Real-Time Notifications

• Socket.io push notifications for new incidents & escalations
• Notification bell with unread count badge
• Notification drawer with mark-all-read & clear
• LocalStorage persistence across sessions

🖥️ Systems & Events Registry

• Infrastructure asset management (servers, networks, endpoints)
• Security event logging with severity classification
• System-to-incident linking

🎨 UI/UX

• Cyberpunk-inspired glassmorphism design
• Dark/Light theme toggle (persisted)
• GSAP-powered animations throughout
• Full mobile responsive layout
• Collapsible sidebar with 9 navigation items

📄 API Documentation

• Swagger UI at /api/docs
• OpenAPI 3.0 spec with JWT bearer auth

---

🏗️ Tech Stack

Layer	Technology
Frontend	React 18, Vite, GSAP, Recharts, Socket.io Client
Backend	Node.js, Express, Socket.io, Swagger
Database	MySQL 8
Auth	JWT, bcrypt, Role-based middleware
Security	Helmet, express-rate-limit, express-validator
Deployment	Railway (Backend), Vercel (Frontend)
CI/CD	GitHub Actions

---

📁 Project Structure

CyberShield/
├── .github/workflows/ci.yml     # CI/CD pipeline
├── backend/
│   ├── config/db.js              # MySQL pool (SSL-ready)
│   ├── middleware/
│   │   ├── auth.js               # JWT verification
│   │   └── roleCheck.js          # RBAC middleware
│   ├── routes/
│   │   ├── auth.js               # Register, Login, Profile, Session
│   │   ├── users.js              # User CRUD + Audit logs
│   │   ├── incidents.js          # Incident CRUD + Stats
│   │   ├── escalations.js        # Escalation management
│   │   ├── systems.js            # Infrastructure assets
│   │   └── events.js             # Security events
│   ├── migrations/               # SQL schema files
│   ├── server.js                 # Express + Socket.io + Swagger
│   ├── .env.example
│   └── package.json
├── frontend/
│   ├── src/
│   │   ├── components/
│   │   │   ├── Sidebar.jsx       # Navigation + Theme + Notifications
│   │   │   ├── IncidentModal.jsx # Create/Edit incident
│   │   │   ├── EscalateModal.jsx # Escalation form
│   │   │   ├── UserModal.jsx     # Add/Edit user
│   │   │   ├── ConfirmModal.jsx  # Deactivation confirm
│   │   │   ├── NotificationDrawer.jsx
│   │   │   └── ...
│   │   ├── pages/
│   │   │   ├── Dashboard.jsx     # Stats + Users + Audit tabs
│   │   │   ├── IncidentList.jsx  # Filterable incident list
│   │   │   ├── IncidentDetail.jsx# Full detail + timeline
│   │   │   ├── EscalationPage.jsx
│   │   │   ├── AnalyticsDashboard.jsx
│   │   │   ├── SystemsList.jsx
│   │   │   ├── SecurityEvents.jsx
│   │   │   ├── SettingsPage.jsx  # Profile + Password + Session
│   │   │   └── ...
│   │   ├── hooks/
│   │   │   ├── useAuth.jsx       # Auth context provider
│   │   │   └── useSocket.jsx     # Socket.io context
│   │   ├── utils/api.js          # API client (25+ endpoints)
│   │   ├── App.jsx               # Router + Layout
│   │   └── index.css             # Design system (Dark/Light)
│   ├── vercel.json
│   ├── .env.example
│   └── package.json
└── README.md

---

🚀 Quick Start

Prerequisites

• Node.js 18+
• MySQL 8.0+
• npm 9+

1. Clone & Install

git clone https://github.com/your-username/CyberShield.git
cd CyberShield

# Backend
cd backend
cp .env.example .env    # Edit with your MySQL credentials
npm install

# Frontend
cd ../frontend
cp .env.example .env
npm install

2. Database Setup

-- Create the database
CREATE DATABASE CyberShield_IRMS;
USE CyberShield_IRMS;

-- Run the schema (tables: User, Incident, Incident_Status_History,
-- Systems, Security_Event, Audit_Log, Escalation)
SOURCE backend/migrations/escalation_table.sql;

3. Run Development Servers

# Terminal 1 — Backend
cd backend
npm run dev          # → http://localhost:5000

# Terminal 2 — Frontend
cd frontend
npm run dev          # → http://localhost:5173

4. Open

• App: http://localhost:5173
• API Docs: http://localhost:5000/api/docs

---

🌐 Deployment

Backend → Railway

1. Create a Railway project with MySQL plugin
2. Set environment variables: PORT, DB_HOST, DB_PORT, DB_USER, DB_PASSWORD, DB_NAME, JWT_SECRET, NODE_ENV=production, CORS_ORIGINS=https://your-app.vercel.app
3. Deploy from GitHub — Railway auto-detects Node.js

Frontend → Vercel

1. Connect GitHub repo to Vercel
2. Set VITE_API_URL to your Railway backend URL (e.g., https://your-backend.railway.app/api)
3. Deploy — Vercel handles Vite builds automatically

---

🔑 API Endpoints

Method	Endpoint	Auth	Description
POST	/api/auth/register	✗	Register user
POST	/api/auth/login	✗	Login + JWT
GET	/api/auth/me	✓	Current user
PUT	/api/auth/profile	✓	Update profile
POST	/api/auth/change-password	✓	Change password
GET	/api/auth/session	✓	Session info
GET	/api/users	✓ Admin/Mgr	All users
POST	/api/users/admin/create	✓ Admin	Create user
PUT	/api/users/:id	✓ Admin/Mgr	Update user
DELETE	/api/users/:id	✓ Admin	Deactivate user
GET	/api/users/audit/logins	✓	Audit logs
GET	/api/incidents	✓	All incidents
POST	/api/incidents	✓	Create incident
GET	/api/incidents/:id	✓	Incident detail
PUT	/api/incidents/:id	✓	Update incident
DELETE	/api/incidents/:id	✓ Admin	Delete incident
GET	/api/escalations	✓	All escalations
POST	/api/escalations	✓ Admin/Mgr	Escalate incident
GET	/api/systems	✓	All systems
POST	/api/systems	✓	Register system
GET	/api/events	✓	All events
POST	/api/events	✓	Log event
GET	/api/docs	✗	Swagger UI

---

👥 Roles & Permissions

Feature	Admin	Manager	Analyst
View Dashboard	✅	✅	✅
Create Incidents	✅	✅	✅
Escalate Incidents	✅	✅	✗
Manage Users	✅	✅ (edit)	✗
Delete/Deactivate Users	✅	✗	✗
Delete Incidents	✅	✗	✗
Admin Create User	✅	✗	✗

---

📊 Database Schema

User ──────────── Incident ──────── Systems
 │                  │                  │
 │                  ├── Incident_Status_History
 │                  │
 │                  ├── Escalation
 │                  │
 └── Audit_Log     └── Security_Event

---

🛡️ Security Features

• Helmet — HTTP security headers
• Rate Limiting — 200 req/15min (API), 20 req/15min (auth)
• Input Validation — express-validator on all mutations
• Password Hashing — bcrypt with 12 salt rounds
• JWT — Token-based stateless authentication
• RBAC — Role-based middleware on all sensitive routes
• CORS — Configurable allowed origins

---

📝 License

MIT