backend-optimization
# π‘οΈ Detect Backend Threat
### Production-Grade Cyber Intelligence & Infrastructure Defense Platform
[](https://nextjs.org/)
[](https://www.typescriptlang.org/)
[](https://www.docker.com/)
[](https://www.postgresql.org/)
[](https://redis.io/)
> **Cyberpunk-themed real-time threat detection platform** with a live attack globe, threat scanner, infrastructure heatmap, and SOC incident center β fully containerized and production-ready.
β¨ Features
| # | Feature | Description |
|---|---|---|
| π | Live Attack Globe | Three.js WebGL globe with real-time animated attack arcs β DDoS (red), Malware (amber), Brute-Force (cyan) |
| π | Threat Scanner | Scan files with ClamAV, URLs with URLScan.io, hashes with VirusTotal β D3.js radar chart analysis |
| πΊοΈ | Infrastructure Heatmap | D3.js force-directed graph of your servers/APIs/DBs colored by live risk score |
| π‘ | Live Threat Feed | Terminal-style real-time event stream via Redis pub/sub + Socket.io with sound alerts |
| π« | API Abuse Detector | Auto-detects API floods & brute-force attacks, blocks IPs, AbuseIPDB lookup + D3 charts |
| β οΈ | Incident Command Center | SOC-style incident queue with Gemini AI summaries and DETECTED β RESOLVED workflow |
π₯οΈ Tech Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js 14 (App Router) + TailwindCSS + Framer Motion |
| 3D / Charts | Three.js (WebGL globe) + D3.js (force graph, radar, timeline) |
| Backend | Node.js + Express + TypeScript |
| Database | PostgreSQL 16 via Prisma ORM |
| Cache + Realtime | Redis pub/sub β Socket.io WebSockets |
| File Scanning | ClamAV (Dockerized) |
| Threat Intel | VirusTotal API v3 + AbuseIPDB + URLScan.io |
| AI | Google Gemini (incident summarization) |
| Observability | Prometheus metrics + Grafana dashboards |
| Containers | Docker Compose (8 services) |
π Prerequisites
Before you start, make sure you have these installed on your machine:
- π³ Docker Desktop β Download here
- π API Keys (free tiers are enough) β see table below
- π» Git β Download here
π API Keys You Need
| Service | Where to Get It | Free Limit | Used For |
|---|---|---|---|
| VirusTotal | virustotal.com/gui/my-apikey | 500 req/day | Hash & URL malware lookup |
| AbuseIPDB | abuseipdb.com/register β API | 1,000 req/day | IP reputation scoring |
| URLScan.io | urlscan.io/user/signup β API Keys | 100 scans/day | URL screenshot + verdict |
| Google Gemini | aistudio.google.com/apikey | Free tier | AI incident summaries |
π Quick Start β Step by Step
Step 1 β Clone the Repository
git clone https://github.com/vignesh2027/backend-optimization.git
cd backend-optimization
Step 2 β Set Up Your Environment File
Copy the example env file:
cp .env.example .env
Now open .env in any text editor and fill in your API keys:
# Open with nano (terminal)
nano .env
# Or open with VS Code
code .env
Your .env file should look like this:
# ββ Database ββββββββββββββββββββββββββββββββββ
POSTGRES_USER=dbt
POSTGRES_PASSWORD=dbtpass
POSTGRES_DB=detectthreat
DATABASE_URL=postgresql://dbt:dbtpass@localhost:5432/detectthreat
# ββ Redis βββββββββββββββββββββββββββββββββββββ
REDIS_PASSWORD=redispass
REDIS_URL=redis://:redispass@localhost:6379
# ββ API Keys (paste yours here) βββββββββββββββ
VIRUSTOTAL_API_KEY=your_virustotal_key_here
ABUSEIPDB_API_KEY=your_abuseipdb_key_here
URLSCAN_API_KEY=your_urlscan_key_here
GEMINI_API_KEY=your_gemini_key_here
# ββ App βββββββββββββββββββββββββββββββββββββββ
NEXT_PUBLIC_API_URL=http://localhost:4000
NEXT_PUBLIC_WS_URL=ws://localhost:4000
PORT=4000
NODE_ENV=production
β οΈ Never commit your
.envfile to GitHub. Itβs already in.gitignoreso youβre safe.
Step 3 β Start Everything with Docker
docker compose up -d
This single command starts 8 containers:
| Container | What It Does | Port |
|---|---|---|
dbt-frontend |
Next.js cyberpunk UI | 3000 |
dbt-backend |
Express API + WebSocket | 4000 |
dbt-postgres |
PostgreSQL database | 5432 |
dbt-redis |
Redis pub/sub + cache | 6379 |
dbt-clamav |
Antivirus file scanner | 3310 |
dbt-prometheus |
Metrics collection | 9090 |
dbt-grafana |
Metrics dashboards | 3001 |
β³ First run takes 5β10 minutes β Docker needs to download and build all images. Subsequent starts take under 30 seconds.
Step 4 β Wait for All Containers to Be Healthy
Check that everything is running:
docker compose ps
You should see all containers showing Up or Up (healthy):
NAME STATUS
dbt-backend Up
dbt-clamav Up (healthy)
dbt-frontend Up
dbt-grafana Up
dbt-postgres Up (healthy)
dbt-prometheus Up
dbt-redis Up (healthy)
β οΈ If the backend shows
Restarting, wait 30 seconds and check again. It waits for PostgreSQL and Redis to be ready first.
Step 5 β Initialize the Database
Run this once to create all the database tables:
docker compose exec backend npx prisma db push
You should see:
β Your database is now in sync with your Prisma schema.
Step 6 β Load Demo Data (Optional but Recommended)
Seed the Incident Command Center with 3 realistic demo incidents:
curl -X POST http://localhost:4000/api/incidents/seed
Step 7 β Open Your Platform π
| Service | URL | Login |
|---|---|---|
| π‘οΈ Main Platform | http://localhost:3000 | β |
| βοΈ Backend API | http://localhost:4000 | β |
| π Grafana Dashboards | http://localhost:3001 | admin / admin123 |
| π Prometheus Metrics | http://localhost:9090 | β |
πΊοΈ Platform Pages
π Attack Globe β http://localhost:3000
- Real-time WebGL globe with animated attack arcs
- Color-coded by attack type (DDoS=red, Malware=amber, Brute-Force=cyan)
- Controls: pause/resume, filter by type, drag to rotate
- Live feed of recent attacks in the top-right panel
π Threat Scanner β http://localhost:3000/scanner
- Hash Lookup: paste any MD5/SHA1/SHA256 hash β VirusTotal results
- URL Scan: paste any URL β URLScan.io screenshot + verdict
- File Scan: upload any file β ClamAV antivirus scan
- D3.js radar chart shows threat across 6 dimensions
πΊοΈ Infrastructure Heatmap β http://localhost:3000/infrastructure
- Interactive force-directed graph of your infrastructure
- Node color = risk score (green β amber β red)
- Click any node to see CPU, memory, latency P99, open ports
π‘ Live Threat Feed β http://localhost:3000/feed
- Terminal-style scrolling event stream
- Filter by severity: CRITICAL / HIGH / MEDIUM / LOW
- Toggle sound alerts for CRITICAL events
- Pause/resume the feed at any time
π« API Abuse Detector β http://localhost:3000/abuse
- D3.js timeline chart: requests per minute over last 30 min
- D3.js bar chart: top 10 most abusive IPs
- IP lookup: paste any IP to check AbuseIPDB score
- View and manage the auto-blocked IP list
β οΈ Incident Command Center β http://localhost:3000/incidents
- SOC-style incident queue sorted by severity (CRITICAL first)
- Click βSEED DEMOβ to load 3 realistic sample incidents
- Click ββ¦ AI SUMMARYβ on any incident for a Gemini AI analysis
- Status workflow: DETECTED β INVESTIGATING β CONTAINED β RESOLVED
π Stopping the Platform
# Stop all containers (keeps your data)
docker compose down
# Stop AND delete all data (fresh start)
docker compose down -v
π§ Troubleshooting
Backend keeps restarting
docker compose logs backend --tail=30
Usually means database tables arenβt created yet. Run:
docker compose exec backend npx prisma db push
Globe shows no attacks
The backend might not have finished starting. Check:
docker compose logs backend --tail=20
Look for: [Server] Running on port 4000
Port already in use error
Another app is using a port. Stop it or change the port in docker-compose.yml.
On Apple Silicon Mac (M1/M2) β ClamAV error
Already handled β ClamAV runs via Rosetta emulation (platform: linux/amd64).
Force a full clean rebuild
docker compose down -v
docker compose build --no-cache
docker compose up -d
π Project Structure
detect-backend-threat/
βββ π³ docker-compose.yml # All 8 services
βββ π .env.example # Copy this to .env
β
βββ π₯οΈ frontend/ # Next.js 14 App Router
β βββ app/
β β βββ page.tsx # π Attack Globe
β β βββ scanner/page.tsx # π Threat Scanner
β β βββ infrastructure/page.tsx # πΊοΈ Infra Heatmap
β β βββ feed/page.tsx # π‘ Live Feed
β β βββ abuse/page.tsx # π« Abuse Detector
β β βββ incidents/page.tsx # β οΈ Incident Center
β βββ components/
β βββ AttackGlobe.tsx # Three.js WebGL globe
β βββ InfraGraph.tsx # D3 force graph
β βββ ThreatRadar.tsx # D3 radar chart
β βββ Sidebar.tsx # Navigation
β
βββ βοΈ backend/ # Node.js + Express
β βββ src/
β β βββ index.ts # Server entry + Prometheus
β β βββ routes/ # scan, incidents, abuse, infra
β β βββ services/ # virustotal, urlscan, abuseipdb, gemini, clamav
β β βββ middleware/ # requestLogger, ipBlock
β β βββ websocket/ # Socket.io + Redis pub/sub
β βββ prisma/schema.prisma # DB schema
β
βββ π prometheus/prometheus.yml # Metrics scrape config
βββ π grafana/provisioning/ # Auto-provisioned dashboards
π API Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/scan/file |
ClamAV file scan (multipart) |
POST |
/api/scan/url |
URLScan.io URL scan |
POST |
/api/scan/hash |
VirusTotal hash lookup |
GET |
/api/scan/history |
Recent scan results |
GET |
/api/incidents |
All incidents (priority sorted) |
POST |
/api/incidents |
Create new incident |
PATCH |
/api/incidents/:id/status |
Update incident status |
POST |
/api/incidents/:id/summarize |
Generate Gemini AI summary |
POST |
/api/incidents/seed |
Load demo incidents |
GET |
/api/abuse/stats |
Request rate stats + top IPs |
POST |
/api/abuse/check-ip |
AbuseIPDB IP lookup |
GET |
/api/abuse/blocked |
List blocked IPs |
DELETE |
/api/abuse/blocked/:ip |
Unblock an IP |
GET |
/api/infrastructure/topology |
Force graph node/link data |
GET |
/metrics |
Prometheus metrics endpoint |
GET |
/health |
Health check |
π¨ Design System
The platform uses a cyberpunk dark theme:
| Token | Color | Usage |
|---|---|---|
| Background | #0a0a0f |
Page base |
| Panel | #0d0d1a |
Glass panels |
| Neon Cyan | #00f5ff |
Primary accent, borders |
| Neon Green | #39ff14 |
Safe/clean/online |
| Threat Red | #ff2d55 |
Critical threats, DDoS |
| Threat Amber | #ff9500 |
Malware, warnings |
| Font | JetBrains Mono | All text |
CSS effects: glassmorphism panels, CRT scanline animation, neon glow shadows, animated attack arcs.
π€ Contributing
- Fork the repo
- Create a feature branch:
git checkout -b feature/your-feature - Commit your changes:
git commit -m 'feat: add your feature' - Push to the branch:
git push origin feature/your-feature - Open a Pull Request
π License
MIT License β free to use, modify, and distribute.
**Built with β€οΈ Β· Cyberpunk theme Β· Production ready**
β Star this repo if you found it useful!