Welcome to the Modular Cyber Security Website & CMS Manual

This manual provides detailed guidance for developers on using and extending the modular cyber security website and content management system (CMS). It covers folder structure, frontend and admin usage, adding new pages and features, security best practices, and development tips to help you build and maintain a secure, scalable, and maintainable platform.

Folder Structure

The project follows a modular folder structure to keep frontend, backend, and CMS components organized and maintainable: 

/
├── public/
│   ├── assets/
│   │   ├── images/
│   │   ├── css/
│   │   └── js/
│   ├── index.html
│   └── favicon.ico
├── src/
│   ├── frontend/
│   │   ├── pages/
│   │   ├── components/
│   │   └── styles/
│   ├── cms/
│   │   ├── admin/
│   │   ├── features/
│   │   └── utils/
│   ├── config/
│   └── utils/
├── server/
│   ├── controllers/
│   ├── middleware/
│   ├── models/
│   └── routes/
├── tests/
├── .env
├── package.json
└── README.md

Key points:

  • public/ contains static assets and the main entry HTML.
  • src/frontend/ holds frontend pages, reusable components, and styles.
  • src/cms/ contains CMS admin interface, modular features, and utilities.
  • server/ includes backend API logic, middleware, and data models.
  • tests/ is for automated tests.

Frontend Usage

The frontend is built with modular HTML, CSS (Tailwind CSS), and vanilla JavaScript. It is designed to be responsive, accessible, and performant.

Key Features:

  • Semantic HTML5 with ARIA attributes for accessibility.
  • Responsive layout using Tailwind CSS utility classes.
  • Interactive elements enhanced with vanilla JavaScript.
  • Consistent color palette and typography for a professional look.
  • Placeholder images use https://fakeimg.pl/ with specific dimensions.

Usage Tips:

  • Use semantic tags like <main>, <section>, <article>, and <nav>.
  • Ensure all interactive elements are keyboard accessible and have focus styles.
  • Use Tailwind’s responsive modifiers (e.g., sm:, md:, lg:) to adapt layouts.
  • Apply smooth CSS transitions for hover and focus states to improve UX.

CMS Admin Usage

The CMS admin interface allows authorized users to manage website content, users, and settings through a modular dashboard.

Features:

  • Modular feature system to add or remove CMS capabilities easily.
  • Secure login and session management with logout functionality.
  • Image upload with validation and preview.
  • Data tables with search, sort, and pagination powered by Grid.js.
  • Data visualization with ApexCharts for metrics and trends.

Usage Notes:

  • Use keyboard navigation and ARIA roles for accessibility.
  • Ensure all forms have client-side validation and clear error messages.
  • Use local storage to save user preferences like theme or table settings.
  • Implement loading states and feedback for asynchronous operations.

Adding New Frontend Pages

To add a new frontend page, follow these steps:

  1. Create the HTML file: Add a new file under src/frontend/pages/ with semantic structure and Tailwind classes.
  2. Include necessary components: Reuse components from src/frontend/components/ for consistency.
  3. Add styles: Use Tailwind utility classes or extend styles in src/frontend/styles/ if needed.
  4. Link scripts: Add any required JavaScript for interactivity, ensuring accessibility and responsiveness.
  5. Update navigation: Add links to the new page in the site’s navigation menus.
  6. Test: Verify the page on multiple devices and browsers for layout, accessibility, and performance.

Example snippet for a new page header:

<header class="bg-primary-600 text-white p-6 rounded-b-lg shadow">
  <h1 class="text-4xl font-bold">New Page Title</h1>
  <nav aria-label="Breadcrumb">
    <ol class="flex space-x-2 text-sm">
      <li><a href="/" class="hover:underline">Home</a></li>
      <li><span>/</span></li>
      <li aria-current="page" class="font-semibold">New Page</li>
    </ol>
  </nav>
</header>

Adding New CMS Features

The CMS is designed to be modular. To add a new feature:

  1. Create a new feature module: Add a folder under src/cms/features/ with the feature’s frontend and backend code.
  2. Develop frontend UI: Build the admin interface components using Tailwind CSS and vanilla JS.
  3. Implement backend logic: Add API routes, controllers, and models in the server/ directory.
  4. Integrate with CMS dashboard: Register the feature in the CMS admin navigation and load it dynamically.
  5. Secure the feature: Apply authentication and authorization middleware to protect feature routes.
  6. Test thoroughly: Validate functionality, security, and performance.

Example: Registering a new feature in CMS navigation

// src/cms/admin/navigation.js
const cmsFeatures = [
  { id: 'dashboard', label: 'Dashboard', icon: 'fa-tachometer-alt', path: '/admin/dashboard' },
  { id: 'users', label: 'User Management', icon: 'fa-users', path: '/admin/users' },
  { id: 'newFeature', label: 'New Feature', icon: 'fa-cogs', path: '/admin/new-feature' } // Added feature
];

// Render navigation dynamically
function renderNavigation(container) {
  container.innerHTML = '';
  cmsFeatures.forEach(feature => {
    const link = document.createElement('a');
    link.href = feature.path;
    link.className = 'flex items-center space-x-2 p-2 rounded hover:bg-primary-500 hover:text-white transition';
    link.setAttribute('role', 'menuitem');
    link.innerHTML = `${feature.label}`;
    container.appendChild(link);
  });
}

Page Protection

Protecting sensitive pages is critical for security. Use authentication and authorization to restrict access.

Best Practices:

  • Use secure session management with HTTP-only cookies or tokens.
  • Apply middleware on backend routes to verify user identity and roles.
  • Redirect unauthorized users to login or error pages.
  • On frontend, conditionally render content based on user permissions.
  • Use HTTPS and secure headers to protect data in transit.

Example: Express middleware for authentication

// server/middleware/auth.js
function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated && req.isAuthenticated()) {
    return next();
  }
  res.status(401).json({ error: 'Unauthorized' });
}

module.exports = ensureAuthenticated;

Image Upload

The CMS supports image uploads with validation and preview to ensure security and usability.

Key Points:

  • Validate file type and size on client and server sides.
  • Use secure storage locations and sanitize filenames.
  • Provide image preview before upload.
  • Use asynchronous upload with progress indicators.
  • Restrict upload access to authorized users only.

Example: Client-side image preview

// HTML:
// <input type="file" id="imageUpload" accept="image/*" aria-label="Upload image">
// <img id="imagePreview" alt="Image preview" class="mt-4 max-w-xs rounded-lg shadow">

document.getElementById('imageUpload').addEventListener('change', function(event) {
  const file = event.target.files[0];
  if (file && file.type.startsWith('image/')) {
    const reader = new FileReader();
    reader.onload = e => {
      const preview = document.getElementById('imagePreview');
      preview.src = e.target.result;
      preview.alt = file.name;
    };
    reader.readAsDataURL(file);
  }
});

Logout

Implementing a secure logout mechanism is essential to protect user sessions.

Implementation Notes:

  • Invalidate the user session or token on the server.
  • Clear authentication cookies or local storage tokens on the client.
  • Redirect users to the login or homepage after logout.
  • Provide a visible and accessible logout button in the UI.

Example: Logout button with event handler

// HTML:
// <button id="logoutBtn" class="px-4 py-2 bg-primary-600 hover:bg-primary-700 text-white rounded-md transition">
//   <i class="fas fa-sign-out-alt mr-2"></i>Logout
// </button>

document.getElementById('logoutBtn').addEventListener('click', () => {
  fetch('/api/logout', { method: 'POST', credentials: 'include' })
    .then(response => {
      if (response.ok) {
        localStorage.clear();
        window.location.href = '/login';
      } else {
        alert('Logout failed. Please try again.');
      }
    })
    .catch(() => alert('Network error during logout.'));
});

Development Tips

Follow these tips to maintain high code quality and security:

  • Use version control: Commit changes frequently with clear messages.
  • Write modular code: Keep components and features isolated and reusable.
  • Document your code: Use comments and maintain updated README files.
  • Test thoroughly: Write unit and integration tests for critical features.
  • Follow security best practices: Sanitize inputs, use HTTPS, and keep dependencies updated.
  • Use local storage wisely: Store only non-sensitive preferences and clear on logout.
  • Optimize performance: Minimize assets, lazy load images, and use caching.
  • Accessibility matters: Test with screen readers and keyboard navigation.
  • Use Tailwind CSS utilities: Avoid inline styles and keep styling consistent.
  • Leverage Grid.js and ApexCharts: For interactive tables and data visualization.

Example: Data Visualization with ApexCharts

Example: Interactive User Table with Grid.js