# Migration Discrepancies - Backup vs Current Blueprint Structure ## 1. Missing Routes ### Authentication/Profile Routes (Not in any blueprint) - `/profile` - User profile page - `/profile/change-password` - Change password endpoint - `/profile/setup-2fa` - Setup 2FA page - `/profile/enable-2fa` - Enable 2FA endpoint - `/profile/disable-2fa` - Disable 2FA endpoint - `/heartbeat` - Session heartbeat endpoint ### Customer API Routes (Missing from api_routes.py) - `/api/customer//licenses` - Get licenses for a customer - `/api/customer//quick-stats` - Get quick stats for a customer ### Resource Routes (Missing from resource_routes.py) - `/resources` - Main resources page - `/resources/add` - Add new resources page - `/resources/quarantine/` - Quarantine a resource - `/resources/release` - Release resources from quarantine - `/resources/history/` - View resource history - `/resources/metrics` - Resource metrics page - `/resources/report` - Resource report page ### Main Dashboard Route (Missing) - `/` - Main dashboard (currently in backup shows dashboard with stats) ## 2. Database Column Discrepancies ### Column Name Differences - **created_by** - Used in backup_history table but not consistently referenced - **is_test_license** vs **is_test** - The database uses `is_test` but some code might reference `is_test_license` ### Session Table Aliases The sessions table has multiple column aliases that need to be handled: - `login_time` (alias for `started_at`) - `last_activity` (alias for `last_heartbeat`) - `logout_time` (alias for `ended_at`) - `active` (alias for `is_active`) ## 3. Template Name Mismatches ### Templates Referenced in Backup - `login.html` - Login page - `verify_2fa.html` - 2FA verification - `profile.html` - User profile - `setup_2fa.html` - 2FA setup - `backup_codes.html` - 2FA backup codes - `dashboard.html` - Main dashboard - `index.html` - Create license form - `batch_result.html` - Batch operation results - `batch_form.html` - Batch form - `edit_license.html` - Edit license - `edit_customer.html` - Edit customer - `create_customer.html` - Create customer - `customers_licenses.html` - Customer-license overview - `sessions.html` - Sessions list - `audit_log.html` - Audit log - `backups.html` - Backup management - `blocked_ips.html` - Blocked IPs - `resources.html` - Resources list - `add_resources.html` - Add resources form - `resource_history.html` - Resource history - `resource_metrics.html` - Resource metrics - `resource_report.html` - Resource report ## 4. URL_FOR References That Need Blueprint Prefixes ### In Templates and Redirects - `url_for('login')` → `url_for('auth.login')` - `url_for('logout')` → `url_for('auth.logout')` - `url_for('verify_2fa')` → `url_for('auth.verify_2fa')` - `url_for('profile')` → `url_for('auth.profile')` (needs implementation) - `url_for('index')` → `url_for('main.index')` or appropriate blueprint - `url_for('blocked_ips')` → `url_for('admin.blocked_ips')` - `url_for('audit_log')` → `url_for('admin.audit_log')` - `url_for('backups')` → `url_for('admin.backups')` ## 5. Missing Functions/Middleware ### Authentication Decorators - `@login_required` decorator implementation needs to be verified - `@require_2fa` decorator (if used) ### Helper Functions - `get_connection()` - Database connection helper - `log_audit()` - Audit logging function - `create_backup()` - Backup creation function - Rate limiting functions for login attempts ### Session Management - Session timeout handling - Heartbeat mechanism for active sessions ## 6. API Endpoint Inconsistencies ### URL Prefix Issues - API routes in backup don't use `/api` prefix consistently - Some use `/api/...` while others are at root level ### Missing API Endpoints - `/api/generate-license-key` - Generate license key - `/api/global-search` - Global search functionality ## 7. Export Routes Organization ### Current vs Expected - Export routes might need different URL structure - Check if all export types are covered: - `/export/licenses` - `/export/audit` - `/export/customers` - `/export/sessions` - `/export/resources` ## 8. Special Configurations ### Missing Configurations - TOTP/2FA configuration - Backup encryption settings - Rate limiting configuration - Session timeout settings ### Environment Variables - Check if all required environment variables are properly loaded - Database connection parameters - Secret keys and encryption keys ## 9. JavaScript/AJAX Endpoints ### API calls that might be broken - Device management endpoints - Quick edit functionality - Bulk operations - Resource allocation checks ## 10. Permission/Access Control ### Missing or Incorrect Access Control - All routes need `@login_required` decorator - Some routes might need additional permission checks - API routes need proper authentication ## Action Items 1. **Implement missing profile/auth routes** in auth_routes.py 2. **Add missing customer API routes** to api_routes.py 3. **Create complete resource management blueprint** with all routes 4. **Fix main dashboard route** - decide which blueprint should handle "/" 5. **Update all url_for() calls** in templates to use blueprint prefixes 6. **Verify database column names** are consistent throughout 7. **Check template names** match between routes and actual files 8. **Implement heartbeat mechanism** for session management 9. **Add missing helper functions** to appropriate modules 10. **Test all export routes** work correctly with new structure