Add HTTPS support

- Ability to configure HTTPS.
- define "npm test " for running Vulnogram in non-production mode.
diff --git a/README.md b/README.md
index a81ec72..ac3732f 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
 
 ## Getting started
 
-#### Step 1. Install required node modules
+#### Step 1. Install required Node.js modules.
 
 
 	$ cd vulnogram
@@ -23,13 +23,15 @@
 #### Step 2. Setup monogodb to be used for persistent storage of CVE JSON and users.
 	See https://www.mongodb.com/
 
-#### Step 3. Copy /config/conf-default.js to config/conf.js and edit the file to suite your requirements
+    *Important*: Ensure mongodb authentication is enabled. It is recommended to run mongodb bound to loopback/localhost and not expose it to network.
+
+#### Step 3. Edit the config parameters in conf.js to suite your requirements.
 
 	See config/conf-default.js comments for hints
 
-#### Step 4 (Optional). Copy the "default" directory as "custom" and modify relevant pug templates, schemas or routes. Files from "custom" override "default".
+#### Step 4 (Optional). Copy the "default" directory as "custom" and modify relevant pug templates, schemas or routes. Files or fields from "custom" override "default".
 
-#### Step 5. If any pug templates were modified, regenerate client side javascript
+#### Step 5. If any pug templates were modified, regenerate client side javascript.
 
 	$ node scripts/pug2js.js
 
@@ -40,24 +42,21 @@
 	Enter Password again: ********************************************
 	Success New user is now registered and can log in: tester
 
-#### Step 7. Start the node application
+#### Step 7. Start the node application.
 
 	$ npm start
-    
-  	Vulnogram@0.0.5 start /home/user/vulnogram
-	nodemon app
-	
-	[nodemon] 1.11.0
-	[nodemon] to restart at any time, enter `rs`
-	[nodemon] watching: *.*
-	[nodemon] starting `node app app.js`
-	Server started on port 3555
-	Connected to MongoDB ...
+    $ npm start
 
-Tip: Use foreverjs to run this service continuously like a daemon.
+    > Vulnogram@0.0.5 start /Users/cbn/prj/Vulnogram6
+    > NODE_ENV=production forever start --id 'vulnogram' --spinSleepTime 5000 --minUptime 2000 app.js
 
-#### Finish: Web application should be now accessible
-	http://localhost:3555/
+    info:    Forever processing file: app.js
+    info:    Forever processes running
+    data:        uid  command                      script forever pid   id        logfile                      uptime     
+    data:    [0] v3wE /usr/bin/node app.js 11208   11210 vulnogram /home/vulnogram/.forever/v3wE.log 0:0:0:0.23 
+
+#### Finish: Web application should be now accessible at:
+	http://localhost:3555/ or https://localhost:3555/ depending on configuration.
 
 ## Create the minimal standalone web page and client side scripts.
 
@@ -65,7 +64,7 @@
     
 This creates standalone/index.html with minimized javascript and stylesheets can be hosted independelty on websites serving static files.
 
-## Dependencies
+## Dependencies:
 
 This project uses or depends on software from
 
@@ -76,15 +75,16 @@
 * Pug https://pugjs.org/
 * ACE editor https://ace.c9.io/
 * JSON Schema based editor https://github.com/jdorn/json-editor
-* yamljs https://github.com/jeremyfa/yaml.js
 * tablesort v5.0.1 https://github.com/tristen/tablesort
 * cvssjs https://github.com/cvssjs
 * json-patch-extended
 * querymen
+* linkifyjs
+* pptxGenJS
 
 ## Licence
 
-Copyright (c) 2017-2019 Chandan B N
+Copyright (c) 2017-2019 Chandan B N.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
diff --git a/app.js b/app.js
index 54d3b4c..6463bdc 100644
--- a/app.js
+++ b/app.js
@@ -4,6 +4,7 @@
 const path = require('path');
 const mongoose = require('mongoose');
 const flash = require('connect-flash');
+const https = require('https');
 
 // TODO: don't use express-session for large-scale production use
 const session = require('express-session');
@@ -81,13 +82,6 @@
     next();
 });
 
-/*// make user information available
-app.get('*', function (req, res, next) {
-    res.locals.user = req.user || null;
-    res.locals.confOpts = app.locals.confOpts;
-    next();
-});
-*/
 // add this to route for authenticating before certain requests.
 function ensureAuthenticated(req, res, next) {
     if (req.isAuthenticated()) {
@@ -172,23 +166,7 @@
     res.locals.confOpts = app.locals.confOpts;
     next();
 });
-        
-/*app.post('*', function (req, res, next) {
-    res.locals.user = req.user || null;
-    res.locals.confOpts = app.locals.confOpts;
-    next();
-});
-*/
-/*
-let cveRoute = docs('cve');
-app.use('/cve', ensureAuthenticated, cveRoute.router);
 
-let saRoute = docs('sa');
-app.use('/sa', ensureAuthenticated, saRoute.router);
-
-let cnaRoute = docs('cna');
-app.use('/cna', ensureAuthenticated, cnaRoute.router);
-*/
 //Configuring a reviewToken in conf file allows sharing drafts with 'people who have a link containing the configurable token' 
 let review = require('./routes/review');
 
@@ -203,6 +181,12 @@
     res.redirect('/cve/?state=DRAFT,READY,REVIEW');
 });
 
-app.listen(conf.serverPort, function () {
-    console.log('Server started on port ' + conf.serverPort);
-});
\ No newline at end of file
+if(conf.httpsOptions) {
+    https.createServer(conf.httpsOptions, app).listen(conf.serverPort, conf.serverHost, function () {
+        console.log('Server started at https://' + conf.serverHost + ':' + conf.serverPort);
+    });
+} else {
+    app.listen(conf.serverPort, conf.serverHost, function () {
+        console.log('Server started at http://' + conf.serverHost + ':' + conf.serverPort);
+    });
+}
\ No newline at end of file
diff --git a/config/conf-default.js b/config/conf-default.js
index 5ff0733..12a431a 100644
--- a/config/conf-default.js
+++ b/config/conf-default.js
@@ -1,7 +1,9 @@
+const fs = require("fs");
+
 module.exports = {
 
     // The Mongodb URL where CVE entries and users are stored.
-    database: 'mongodb://vulnogram:Use a long & strong Password@127.0.0.1:27017/vulnogram',
+    database: 'mongodb://127.0.0.1:27017/vulnogram',
 
     // Name of the organization that should be used in page titles etc.,
     orgName: 'Example Org',
@@ -19,22 +21,37 @@
     // This may be useful to share a link to the draft for internal reviews and only those with the link have access to the drafts.    
    //reviewToken: 'randomtoken',
 
-    appName: 'Vulnogram',
     // port where this tool is running
+    serverHost: 'localhost',
     serverPort: 3555,
     basedir: '/',
+
+    //Uncomment this block to enable HTTPs. Configure paths for valid SSL certificates. 
+    // Either get them from your favorite Certificate Authority or generate self signed:
+    // $ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
+/*
+    httpsOptions: {
+        key: fs.readFileSync("./config/key.pem"),
+        cert: fs.readFileSync("./config/cert.pem"),
+        minVersion: 'TLS1.2'
+    },
+*/
+    
     mitreURL: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=',
     defectURL: 'https://example.net/internal/bugs/',
     publicDefectURL: 'https://example.net/bugs/',
+
     // ACE editor
-    //ace: '/js/ace.js',
     ace: 'https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.3/ace.js',
     aceHash: "sha384-rP/6HzF4Ap08EuRS9yaQsEPDqb8xS5WVTAzL7/LKTnUmJawbKoeSNyqHnNaiXY5X",
+    // if you want this served locally, download ace editor to /public/js/ directory and point to that:
+    //ace: '/js/ace.js',
 
     // JSON Editor
-    //jsoneditor: '/js/jsoneditor.js',
     jsoneditor: 'https://cdn.jsdelivr.net/npm/@json-editor/json-editor@1.2.1/dist/jsoneditor.min.js',
     jsoneditorHash: 'sha384-iSUg2WRV2cauD+nwMuv7ITxwSe+2heHjWFIOjiWk5/Yve5ovwg/t7qp3ht6VlQBL',
+    // if you want this served locally, download above jsoneditor editor to /public/js/ directory and point to that:
+    //jsoneditor: '/js/jsoneditor.min.js',
 
     usernameRegex: '[a-zA-Z0-9]{3,}',
     sections: [
@@ -45,13 +62,13 @@
     charts: [
         {
             href: "/cve/agg?state=DRAFT,REVIEW,READY&sort=ym&f=ym&f=owner",
-            key: "owner",
-            list: "/cve/?state=DRAFT,REVIEW,READY&sort=ym",
+            key: "ym", // X-axis
+            list: "/cve/?state=DRAFT,REVIEW,READY&sort=ym", //link prefix
             title: "Active CVE Pipeline"
         },
         {
             href: "/cve/agg?sort=ym&f=ym&f=owner",
-            key: "owner",
+            key: "ym",
             list: "/cve/?sort=ym",
             title: "CVEs over time"
         },
@@ -61,6 +78,17 @@
             list: "/cve/?state=DRAFT,REVIEW,READY,PUBLIC",
             title: "Active CVEs by Product",
             type: "pie"
+        },
+        {
+            href: "/cve/agg?f=severity",
+            key: "severity",
+            list: "/cve/?",
+            title: "All CVEs by Severity",
+            type: "pie",
+            color: {
+                domain: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "NONE", "", null],
+                range: ["orangered","salmon","orange","gold","green", "lightgray", "lightgray"]
+            }            
         }
     ]
 };
diff --git a/config/conf.js b/config/conf.js
index d9b4678..39b74dc 100644
--- a/config/conf.js
+++ b/config/conf.js
@@ -1,3 +1,5 @@
+const fs = require("fs");
+
 module.exports = {
 
     // The Mongodb URL where CVE entries and users are stored.
@@ -20,20 +22,37 @@
    //reviewToken: 'randomtoken',
 
     // port where this tool is running
+    serverHost: 'localhost',
     serverPort: 3555,
     basedir: '/',
+
+    //Uncomment this block to enable HTTPs. Configure paths for valid SSL certificates. 
+    // Either get them from your favorite Certificate Authority or generate self signed:
+    // $ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
+    // Keep these safe and secured and readable only by account running vulnogram process!
+/*
+    httpsOptions: {
+        key: fs.readFileSync("./config/key.pem"),
+        cert: fs.readFileSync("./config/cert.pem"),
+        minVersion: 'TLS1.2'
+    },
+*/
+    
     mitreURL: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=',
     defectURL: 'https://example.net/internal/bugs/',
     publicDefectURL: 'https://example.net/bugs/',
+
     // ACE editor
-    //ace: '/js/ace.js',
     ace: 'https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.3/ace.js',
     aceHash: "sha384-rP/6HzF4Ap08EuRS9yaQsEPDqb8xS5WVTAzL7/LKTnUmJawbKoeSNyqHnNaiXY5X",
+    // if you want this served locally, download ace editor to /public/js/ directory and point to that:
+    //ace: '/js/ace.js',
 
     // JSON Editor
-    //jsoneditor: '/js/jsoneditor.js',
     jsoneditor: 'https://cdn.jsdelivr.net/npm/@json-editor/json-editor@1.2.1/dist/jsoneditor.min.js',
     jsoneditorHash: 'sha384-iSUg2WRV2cauD+nwMuv7ITxwSe+2heHjWFIOjiWk5/Yve5ovwg/t7qp3ht6VlQBL',
+    // if you want this served locally, download above jsoneditor editor to /public/js/ directory and point to that:
+    //jsoneditor: '/js/jsoneditor.min.js',
 
     usernameRegex: '[a-zA-Z0-9]{3,}',
     sections: [
diff --git a/package.json b/package.json
index 367fc29..cb0f1d5 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,10 @@
   "description": "Making the world safer one CVE at a time, since 2017. Tool for creating Security Advisories and CVE ID information.",
   "main": "app.js",
   "scripts": {
-    "start": "NODE_ENV=production forever start app.js"
+    "test": "NODE_ENV=developement nodemon app",
+    "start": "NODE_ENV=production forever start --id 'vulnogram' --spinSleepTime 5000 --minUptime 2000 app.js;forever list",
+    "stop": "NODE_ENV=production forever stop app.js",
+    "restart": "NODE_ENV=production forever restart app.js"
   },
   "author": "Chandan B N.",
   "license": "SEE LICENSE IN README.md",