securelens-backend/main.py

from fastapi.middleware.cors import CORSMiddleware
from fastapi import FastAPI
from pydantic import BaseModel
import requests

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

class ScanRequest(BaseModel):
    url: str


@app.get("/")
def read_root():
    return {"message": "SecureLens AI backend running 🚀"}


@app.post("/scan")
def scan_website(data: ScanRequest):
    url = data.url
    issues = []
    score = 100

    layers = {
        "Transport Layer": {"issues": 0, "status": "green"},
        "Server Config Layer": {"issues": 0, "status": "green"},
        "Exposure Layer": {"issues": 0, "status": "green"}
    }

    try:
        response = requests.get(url, timeout=5)
        headers = response.headers

        # Transport Layer
        if not url.startswith("https"):
            issues.append({
                "issue": "Website is not using HTTPS",
                "severity": "Critical",
                "layer": "Transport Layer",
                "fix": "Install SSL certificate and redirect HTTP to HTTPS"
            })
            score -= 15
            layers["Transport Layer"]["issues"] += 1

        # Server Config
        if "Content-Security-Policy" not in headers:
            issues.append({
                "issue": "Missing Content-Security-Policy header",
                "severity": "Warning",
                "layer": "Server Config Layer",
                "fix": "Add header: Content-Security-Policy: default-src 'self';"
            })
            score -= 5
            layers["Server Config Layer"]["issues"] += 1

        if "X-Frame-Options" not in headers:
            issues.append({
                "issue": "Missing X-Frame-Options header",
                "severity": "Warning",
                "layer": "Server Config Layer",
                "fix": "Add header: X-Frame-Options: SAMEORIGIN"
            })
            score -= 5
            layers["Server Config Layer"]["issues"] += 1

        if "Strict-Transport-Security" not in headers:
            issues.append({
                "issue": "Missing HSTS header",
                "severity": "Warning",
                "layer": "Server Config Layer",
                "fix": "Add header: Strict-Transport-Security: max-age=31536000; includeSubDomains"
            })
            score -= 5
            layers["Server Config Layer"]["issues"] += 1

        if headers.get("Access-Control-Allow-Origin") == "*":
            issues.append({
                "issue": "CORS allows all origins (*)",
                "severity": "Warning",
                "layer": "Server Config Layer",
                "fix": "Restrict Access-Control-Allow-Origin to trusted domains"
            })
            score -= 5
            layers["Server Config Layer"]["issues"] += 1

        # Exposure
        sensitive_paths = ["/admin", "/.env", "/backup", "/debug"]

        for path in sensitive_paths:
            try:
                test_url = url.rstrip("/") + path
                r = requests.get(test_url, timeout=3)
                if r.status_code == 200:
                    issues.append({
                        "issue": f"Sensitive path exposed: {path}",
                        "severity": "Critical",
                        "layer": "Exposure Layer",
                        "fix": f"Restrict access to {path} using authentication or firewall rules"
                    })
                    score -= 15
                    layers["Exposure Layer"]["issues"] += 1
            except:
                pass

    except Exception as e:
        return {"error": str(e)}

    # Set layer status
    for layer in layers:
        count = layers[layer]["issues"]
        if count == 0:
            layers[layer]["status"] = "green"
        elif count < 3:
            layers[layer]["status"] = "yellow"
        else:
            layers[layer]["status"] = "red"

    return {
        "url": url,
        "security_score": max(score, 0),
        "layers": layers,
        "issues": issues
    }