Skip to main content

Drupal Integration Guide

This guide explains how to integrate the Secure Project Node.js compliance/security platform with Drupal 11, including:

  • Using the Node bridge from Drupal (PHP โ†’ Node.js)
  • Calling plugin registry, audit storage, and policy engine methods from Drupal
  • Example PHP service class for Drupal
  • Example TypeScript/JS plugin registration
  • OpenAPI endpoints and compliance features

1. Node Bridge: PHP โ†’ Node.jsโ€‹

The Secure Project Node bridge exposes all compliance, audit, and plugin APIs to Drupal via HTTP or CLI. Use the provided Node.js server or CLI bridge to call methods from PHP.

Example: Drupal PHP Service (calls Node bridge via HTTP)

class SecureProjectBridgeService {
  protected $endpoint = 'http://localhost:3000/drupal-bridge';

  public function call($method, $params = []) {
    $payload = json_encode(['method' => $method, 'params' => $params]);
    $ch = curl_init($this->endpoint);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
    $result = curl_exec($ch);
    curl_close($ch);
    return json_decode($result, true);
  }
}

Usage in Drupal:

$bridge = \Drupal::service('secure_project.bridge');
$response = $bridge->call('logAction', [
  'userId' => $uid,
  'userRoles' => $roles,
  'action' => 'update',
  'entityType' => 'node',
  'entityId' => $nid,
]);

2. Calling Plugin Registry & Policy Enginesโ€‹

List plugins:

$plugins = $bridge->call('listPlugins', ['type' => 'audit-backend']);

Evaluate a policy:

$result = $bridge->call('evaluatePolicy', [
  'engineId' => 'basic-policy-engine',
  'request' => [
    'userId' => $uid,
    'action' => 'read',
    'resourceType' => 'node',
    'resourceId' => $nid,
  ]
]);

3. TypeScript/JS: Registering Plugins for Drupalโ€‹

import { PluginRegistry, InMemoryAuditStoragePlugin, BasicPolicyEnginePlugin } from 'secure_project';
const registry = new PluginRegistry();
registry.registerPlugin('audit-backend', new InMemoryAuditStoragePlugin());
registry.registerPlugin('policy-engine', new BasicPolicyEnginePlugin());

4. OpenAPI Endpoints & Compliance Featuresโ€‹

See openapi.yaml for all available endpoints, including:

  • /plugins, /plugins/item
  • /audit/logs, /audit/logs/item, /audit/logs/search
  • /policy/engines, /policy/engines/item
  • /compliance/report, /compliance/dashboard

5. Advanced Plugin Authoringโ€‹

See plugin-usage.md for how to write, register, and expose new plugins for Drupal and Node.js.