From 2376ee98e72c115b59350ae09d7830f8906fad95 Mon Sep 17 00:00:00 2001
From: janis steiner <janis@jakach.ch>
Date: Thu, 7 May 2026 21:26:48 +0200
Subject: [PATCH] .

---
 backend/api/index.php       | 60 ++++++++++++++++---------------------
 backend/config/database.php |  6 +++-
 docker/init.sql             |  9 +++++-
 3 files changed, 39 insertions(+), 36 deletions(-)

diff --git a/backend/api/index.php b/backend/api/index.php
index 177af70..e11b836 100644
--- a/backend/api/index.php
+++ b/backend/api/index.php
@@ -366,42 +366,31 @@ function handleComments($method, $id, $db) {
 function handleNodes($method, $id, $db) {
     switch ($method) {
         case 'GET':
-            echo json_encode($db->query("SELECT * FROM network_nodes ORDER BY group_name, label")->fetchAll(PDO::FETCH_ASSOC));
+            echo json_encode($db->query("SELECT n.*, nn.notes FROM network_nodes n LEFT JOIN node_notes nn ON n.id = nn.node_id ORDER BY n.group_name, n.label")->fetchAll(PDO::FETCH_ASSOC));
             break;
         case 'POST':
             $data = json_decode(file_get_contents('php://input'), true);
-            try {
-                $stmt = $db->prepare("
-                    INSERT INTO network_nodes (label, ip_address, node_type, status, group_name, pos_x, pos_y, notes)
-                    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-                ");
-                $stmt->execute([
-                    $data['label'],
-                    $data['ip_address'] ?? '',
-                    $data['node_type'] ?? 'host',
-                    $data['status'] ?? 'unknown',
-                    $data['group_name'] ?? 'default',
-                    $data['pos_x'] ?? 0,
-                    $data['pos_y'] ?? 0,
-                    $data['notes'] ?? ''
-                ]);
-            } catch (Exception $e) {
-                // Fallback without notes column
-                $stmt = $db->prepare("
-                    INSERT INTO network_nodes (label, ip_address, node_type, status, group_name, pos_x, pos_y)
-                    VALUES (?, ?, ?, ?, ?, ?, ?)
-                ");
-                $stmt->execute([
-                    $data['label'],
-                    $data['ip_address'] ?? '',
-                    $data['node_type'] ?? 'host',
-                    $data['status'] ?? 'unknown',
-                    $data['group_name'] ?? 'default',
-                    $data['pos_x'] ?? 0,
-                    $data['pos_y'] ?? 0
-                ]);
+            $stmt = $db->prepare("
+                INSERT INTO network_nodes (label, ip_address, node_type, status, group_name, pos_x, pos_y)
+                VALUES (?, ?, ?, ?, ?, ?, ?)
+            ");
+            $stmt->execute([
+                $data['label'],
+                $data['ip_address'] ?? '',
+                $data['node_type'] ?? 'host',
+                $data['status'] ?? 'unknown',
+                $data['group_name'] ?? 'default',
+                $data['pos_x'] ?? 0,
+                $data['pos_y'] ?? 0
+            ]);
+            $nodeId = $db->lastInsertId();
+            if (!empty($data['notes'])) {
+                try {
+                    $db->prepare("INSERT INTO node_notes (node_id, notes) VALUES (?, ?) ON DUPLICATE KEY UPDATE notes = VALUES(notes)")
+                        ->execute([$nodeId, $data['notes']]);
+                } catch (Exception $e) {}
             }
-            echo json_encode(['id' => $db->lastInsertId()]);
+            echo json_encode(['id' => $nodeId]);
             break;
         case 'PUT':
             if ($id) {
@@ -419,9 +408,12 @@ function handleNodes($method, $id, $db) {
                     $stmt = $db->prepare("UPDATE network_nodes SET " . implode(', ', $fields) . " WHERE id = ?");
                     $stmt->execute($params);
                 }
-                // Update notes separately (column may not exist)
+                // Update notes via separate table
                 if (isset($data['notes'])) {
-                    try { $db->prepare("UPDATE network_nodes SET notes = ? WHERE id = ?")->execute([$data['notes'], $id]); } catch (Exception $e) {}
+                    try {
+                        $db->prepare("INSERT INTO node_notes (node_id, notes) VALUES (?, ?) ON DUPLICATE KEY UPDATE notes = VALUES(notes)")
+                            ->execute([$id, $data['notes']]);
+                    } catch (Exception $e) {}
                 }
                 echo json_encode(['updated' => true]);
             }
diff --git a/backend/config/database.php b/backend/config/database.php
index 0e644a8..82c378c 100644
--- a/backend/config/database.php
+++ b/backend/config/database.php
@@ -39,7 +39,11 @@ function migrate($db) {
         created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
     )");
     try {
-        $db->exec("ALTER TABLE network_nodes ADD COLUMN notes TEXT DEFAULT ''");
+        $db->exec("CREATE TABLE IF NOT EXISTS node_notes (
+            node_id INT PRIMARY KEY,
+            notes TEXT DEFAULT '',
+            FOREIGN KEY (node_id) REFERENCES network_nodes(id) ON DELETE CASCADE
+        )");
     } catch (Exception $e) {
     }
 }
\ No newline at end of file
diff --git a/docker/init.sql b/docker/init.sql
index e02c25b..a73a016 100644
--- a/docker/init.sql
+++ b/docker/init.sql
@@ -68,4 +68,11 @@ INSERT IGNORE INTO teams (name, color) VALUES
     ('Blue Team', '#0d6efd'),
     ('Red Team', '#dc3545'),
     ('SOC', '#ffc107'),
-    ('Threat Intel', '#198754');
\ No newline at end of file
+    ('Threat Intel', '#198754');
+
+-- Ensure notes column exists and grant ALTER privilege
+CREATE TABLE IF NOT EXISTS node_notes (
+    node_id INT PRIMARY KEY,
+    notes TEXT DEFAULT '',
+    FOREIGN KEY (node_id) REFERENCES network_nodes(id) ON DELETE CASCADE
+);
\ No newline at end of file