HEX
Server: Apache/2.4.65 (Debian)
System: Linux kubikelcreative 5.10.0-35-amd64 #1 SMP Debian 5.10.237-1 (2025-05-19) x86_64
User: www-data (33)
PHP: 8.4.13
Disabled: NONE
$ pwd: /var/www/indoadvisory_new/web/webapp/
Upload Files
File: /var/www/indoadvisory_new/web/webapp/README.md
# Indo Advisory - Indonesian Private Equity Firm Website

## Project Overview

**Indo Advisory** is a comprehensive WordPress-style CMS built for Indonesian private equity firms, specifically designed for enterprise VPS deployment with advanced security features. The application provides a complete content management system with bilingual support (Indonesian/English), team management, client portfolio showcase, and McKinsey-inspired professional design.

## 🌟 Key Features

### ✅ Currently Completed Features

#### **Enterprise Security & Authentication**
- Session-based authentication with enterprise-grade security
- Failed login attempt tracking and account locking (5 attempts = 30min lock)
- CSRF protection on all forms and API endpoints
- Rate limiting for different endpoint types (login: 5/15min, API: 100/15min)
- Comprehensive audit logging for all user actions
- IP-based access control capabilities
- Secure password requirements with bcrypt hashing (12 rounds)
- JWT token support for API access

#### **Content Management System (CMS)**
- Complete admin dashboard with real-time statistics
- Content management for company settings and information
- Article/insights management with rich text editing
- SEO optimization with meta tags and structured data
- Bilingual content support (English/Indonesian)
- File upload management with security restrictions
- Team member profile management
- Client portfolio management with project showcase

#### **Client Portfolio Showcase**
- **Auto-scrolling client showcase** on homepage
- Responsive client cards with company logos and project details
- Featured client highlighting system
- Project value and year display
- Industry categorization
- Hover effects with smooth animations
- Mobile-responsive design

#### **Team Management System**
- Team member profiles with photos and bios
- Position management in both languages
- Social media integration (LinkedIn)
- Display order management
- Featured member highlighting
- Contact information management

#### **McKinsey-Style Professional Design**
- Professional color palette (navy #003366, blue #0066CC, light blue #4D94FF)
- Custom TailwindCSS configuration with McKinsey brand colors
- Responsive grid layouts with hover effects
- Professional typography using Inter and Playfair Display fonts
- Smooth animations and transitions
- Card-based design system with consistent styling
- Mobile-first responsive design approach

#### **Bilingual System (Indonesian/English)**
- Complete i18n implementation with JSON translation files
- Language switcher in navigation with session persistence
- Bilingual database fields for all content types
- URL parameter and session-based language detection
- Fallback to English for missing translations
- Date and number formatting per locale

#### **Enterprise VPS Deployment Ready**
- PM2 process management with cluster mode
- Nginx reverse proxy configuration
- Apache virtual host alternative configuration
- PostgreSQL database with UUID primary keys
- Comprehensive backup system with automated scheduling
- SSL/TLS configuration ready
- Firewall and Fail2Ban security setup
- Environment-specific configurations
- Health monitoring and logging

### ⚠️ Features Not Yet Implemented

#### **Additional Admin Features**
- User role management (currently admin-only)
- Email notification system for inquiries
- Advanced analytics and reporting
- Content versioning and revision history
- Bulk operations for content management

#### **Enhanced Client Features**
- Client case study detail pages
- Testimonial management system
- Investment calculator tools
- Client portal with secure access

#### **Advanced Marketing Features**
- Newsletter subscription system
- Social media integration
- SEO analytics and reporting
- Lead scoring and tracking
- A/B testing capabilities

## 📋 Functional Entry URIs (API Endpoints)

### **Public Routes**
- `GET /` - Homepage with client showcase and company overview
- `GET /about` - About page with team information
- `GET /portfolio` - Full client portfolio with pagination
- `GET /insights` - Articles/news listing with category filtering
- `GET /insights/:slug` - Individual article view with related articles
- `GET /contact` - Contact form page
- `POST /contact` - Contact form submission (rate limited: 3/min)
- `GET /lang/:lang` - Language switcher (en/id)

### **Authentication Routes**
- `GET /auth/login` - Admin login page
- `POST /auth/login` - Login form submission (rate limited: 5/15min)
- `POST /auth/logout` - Secure logout with session destruction
- `GET /auth/change-password` - Password change form (authenticated)
- `POST /auth/change-password` - Password update (authenticated)
- `POST /auth/api/login` - API token generation for mobile/API access

### **Admin Panel Routes** (Requires Authentication)
- `GET /admin` - Main dashboard with statistics and recent activities
- `GET /admin/content` - Company settings and content management
- `POST /admin/content/:key` - Update specific content setting
- `GET /admin/inquiries` - Contact form inquiries with filtering
- `POST /admin/inquiries/:id/status` - Update inquiry status
- `GET /admin/security` - Audit logs and security monitoring
- `GET /admin/users` - User management panel
- `POST /admin/users/:id/toggle` - Activate/deactivate user accounts

### **API Routes** (Requires Admin Authentication)

#### **Client Management API**
- `GET /api/clients` - List clients with filtering (featured, showcase, active)
- `GET /api/clients/:id` - Get single client details
- `POST /api/clients` - Create new client (with file upload)
- `PUT /api/clients/:id` - Update client (with file upload)
- `DELETE /api/clients/:id` - Delete client
- `POST /api/clients/:id/featured` - Toggle featured status
- `POST /api/clients/reorder` - Reorder display sequence

#### **Team Management API**
- `GET /api/team` - List team members with filtering
- `GET /api/team/:id` - Get single team member details
- `POST /api/team` - Create new team member (with avatar upload)
- `PUT /api/team/:id` - Update team member (with avatar upload)
- `DELETE /api/team/:id` - Delete team member
- `POST /api/team/:id/featured` - Toggle featured status
- `POST /api/team/reorder` - Reorder team member display

#### **Article Management API**
- `GET /api/articles` - List articles with filtering and search
- `GET /api/articles/:id` - Get article details
- `GET /api/articles/slug/:slug` - Get published article by slug (public)
- `POST /api/articles` - Create new article (with featured image upload)
- `PUT /api/articles/:id` - Update article (with featured image upload)
- `DELETE /api/articles/:id` - Delete article
- `POST /api/articles/:id/publish` - Publish/unpublish article
- `POST /api/articles/:id/featured` - Toggle featured status

#### **Public API Routes**
- `GET /api/showcase/clients` - Get clients for homepage showcase (public)

### **File Upload Routes**
- `POST /uploads/*` - File upload handling (authenticated, max 5MB)
- `GET /uploads/*` - Secure file access (authenticated)

### **Static Asset Routes**
- `GET /static/*` - Static assets (CSS, JS, images)

## 🚀 Deployment Instructions

### **Prerequisites**
- Ubuntu 20.04+ VPS with root access
- Minimum 2GB RAM, 20GB disk space
- Domain name with DNS pointing to server

### **1. Quick Deployment (Recommended)**

```bash
# Clone the repository
git clone https://github.com/your-username/indo-advisory.git
cd indo-advisory

# Make deployment script executable
chmod +x deploy.sh

# Run automated deployment
./deploy.sh production
```

The deployment script will automatically:
- Install Node.js, PostgreSQL, Nginx, PM2
- Setup database and user accounts
- Configure security (UFW firewall, Fail2Ban)
- Setup SSL certificates with Let's Encrypt
- Configure automated backups
- Start the application with PM2

### **2. Manual Deployment**

#### **System Setup**
```bash
# Update system
sudo apt update && sudo apt upgrade -y

# Install Node.js 18
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs

# Install PostgreSQL
sudo apt install postgresql postgresql-contrib

# Install Nginx
sudo apt install nginx

# Install PM2
sudo npm install -g pm2
```

#### **Database Setup**
```bash
# Create database and user
sudo -u postgres psql
CREATE DATABASE indo_advisory_production;
CREATE USER indo_advisory_user WITH PASSWORD 'your_secure_password';
GRANT ALL PRIVILEGES ON DATABASE indo_advisory_production TO indo_advisory_user;
ALTER USER indo_advisory_user CREATEDB;
\q
```

#### **Application Setup**
```bash
# Create application directory
sudo mkdir -p /var/www/indo-advisory
sudo chown $USER:www-data /var/www/indo-advisory

# Clone and setup
cd /var/www/indo-advisory
git clone https://github.com/your-username/indo-advisory.git .
npm install --only=production

# Environment configuration
cp .env.example .env
# Edit .env with your production values

# Run migrations
npm run migrate
npm run seed
```

#### **Nginx Configuration**
```bash
# Copy Nginx config
sudo cp nginx.conf /etc/nginx/sites-available/indo-advisory
sudo ln -s /etc/nginx/sites-available/indo-advisory /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default

# Test and restart
sudo nginx -t
sudo systemctl restart nginx
```

#### **Start Application**
```bash
# Start with PM2
pm2 start ecosystem.config.js --env production
pm2 save
sudo env PATH=$PATH:/usr/bin pm2 startup systemd -u $USER --hp /home/$USER
```

### **3. SSL Certificate Setup**
```bash
# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Obtain certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
```

### **4. Security Hardening**
```bash
# Configure firewall
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

# Setup Fail2Ban
sudo apt install fail2ban
# Configure as per included fail2ban settings
```

## 🛠️ Development Setup

### **Local Development**
```bash
# Clone repository
git clone https://github.com/your-username/indo-advisory.git
cd indo-advisory

# Install dependencies
npm install

# Setup environment
cp .env.example .env
# Edit .env for local database settings

# Setup PostgreSQL locally
createdb indo_advisory
# Update .env with local database credentials

# Run migrations and seed
npm run migrate
npm run seed

# Start development server
npm run dev
```

### **Database Commands**
```bash
npm run migrate       # Run database migrations
npm run seed         # Seed initial data
npm run db:reset     # Reset database (development only)
```

### **PM2 Commands**
```bash
pm2 status           # Check application status
pm2 logs indo-advisory  # View logs
pm2 restart indo-advisory  # Restart application
pm2 stop indo-advisory     # Stop application
pm2 delete indo-advisory   # Remove from PM2
```

## 📊 Technology Stack

### **Backend**
- **Node.js** + **Express.js** - Server framework
- **PostgreSQL** - Enterprise database with UUID primary keys
- **bcryptjs** - Password hashing (12 rounds)
- **express-session** - Session management
- **express-rate-limit** - API rate limiting
- **helmet** - Security headers
- **multer** - File upload handling
- **winston** - Logging system

### **Frontend**
- **EJS** - Server-side templating
- **TailwindCSS** - Utility-first CSS framework
- **Inter & Playfair Display** - Professional typography
- **Font Awesome** - Icon library
- **Axios** - HTTP client for AJAX

### **Security**
- **CSRF Protection** - All forms and APIs protected
- **Rate Limiting** - Endpoint-specific limits
- **Audit Logging** - Complete action tracking
- **File Upload Security** - Type and size restrictions
- **Input Validation** - express-validator on all inputs
- **SQL Injection Prevention** - Parameterized queries

### **DevOps & Deployment**
- **PM2** - Process management with cluster mode
- **Nginx** - Reverse proxy with compression and caching
- **UFW Firewall** - Network security
- **Fail2Ban** - Intrusion prevention
- **Let's Encrypt** - SSL certificate automation
- **PostgreSQL** - Production database
- **Automated Backups** - Daily database and file backups

## 🔒 Security Features

### **Authentication Security**
- Enterprise-grade session management
- Failed attempt tracking (5 attempts = 30min lockout)
- Secure password requirements (8+ chars, mixed case, numbers, symbols)
- CSRF tokens on all forms
- JWT support for API access

### **Network Security**
- Nginx rate limiting by endpoint type
- UFW firewall with minimal open ports
- Fail2Ban intrusion detection
- SSL/TLS encryption with strong ciphers

### **Application Security**
- Input validation on all endpoints
- SQL injection prevention with parameterized queries
- XSS protection with content security policies
- File upload restrictions and scanning
- Audit logging for compliance

## 📈 Recommended Next Steps

### **Phase 1: Enhanced CMS Features**
1. Implement user role management (Editor, Viewer roles)
2. Add email notifications for inquiry management
3. Create content versioning system
4. Add bulk operations for content management

### **Phase 2: Client Portal Enhancement**
1. Build detailed case study pages for each client
2. Implement testimonial management system
3. Create investment calculator tools
4. Develop secure client login portal

### **Phase 3: Marketing & Analytics**
1. Integrate Google Analytics and SEO tools
2. Add newsletter subscription system
3. Implement lead scoring and tracking
4. Create A/B testing framework for content

### **Phase 4: Mobile & API Enhancement**
1. Build React Native mobile application
2. Expand REST API for third-party integrations
3. Add webhook support for external systems
4. Implement real-time notifications

## 📝 Configuration Files

### **Important Files**
- `server.js` - Main application server
- `ecosystem.config.js` - PM2 configuration
- `nginx.conf` - Nginx reverse proxy config
- `apache.conf` - Apache alternative configuration
- `deploy.sh` - Automated deployment script
- `.env.example` - Environment variables template

### **Directory Structure**
```
indo-advisory/
├── config/          # Database and app configuration
├── controllers/     # Business logic (future expansion)
├── middleware/      # Authentication, security, i18n
├── models/          # Database models (future expansion)  
├── routes/          # API and web routes
├── views/           # EJS templates
├── public/          # Static assets (CSS, JS, images)
├── uploads/         # User uploaded files
├── migrations/      # Database migrations
├── scripts/         # Deployment and maintenance scripts
├── logs/            # Application logs
└── locales/         # Translation files (en.json, id.json)
```

## 🆘 Support & Troubleshooting

### **Common Issues**
1. **Database connection failed**: Check PostgreSQL service and credentials
2. **Port 3000 already in use**: Kill existing processes with `fuser -k 3000/tcp`
3. **SSL certificate issues**: Verify domain DNS and run `certbot renew`
4. **File upload failures**: Check upload directory permissions and file size limits

### **Monitoring Commands**
```bash
# Application status
pm2 status
pm2 logs --lines 50

# System resources
htop
df -h

# Database status  
sudo systemctl status postgresql

# Nginx status
sudo systemctl status nginx
```

## 📄 License

This project is licensed under the MIT License. See LICENSE file for details.

## 🤝 Contributing

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request

---

**Indo Advisory** - Empowering Indonesian Enterprises through Technology

For technical support, please contact the development team or create an issue in the GitHub repository.
@ Telegram