[backend] introduce external ID for injector contract and associated changes (#3334)

Signed-off-by: Antoine MAZEAS <[email protected]>

Author: antoinemzs

openbas-api/src/main/java/io/openbas/migration/V4_15__Add_column_injector_contract_external_id.java

@@ -0,0 +1,26 @@
+package io.openbas.migration;
+
+import java.sql.Connection;
+import java.sql.Statement;
+import org.flywaydb.core.api.migration.BaseJavaMigration;
+import org.flywaydb.core.api.migration.Context;
+import org.springframework.stereotype.Component;
+
+@Component
+public class V4_15__Add_column_injector_contract_external_id extends BaseJavaMigration {
+
+  @Override
+  public void migrate(Context context) throws Exception {
+    Connection connection = context.getConnection();
+    Statement stmt = connection.createStatement();
+    stmt.execute(
+        """
+          ALTER TABLE injectors_contracts
+            ADD COLUMN injector_contract_external_id VARCHAR UNIQUE;
+          """);
+  }
+
+  /* ROLLBACK
+   ALTER TABLE injectors_contracts DROP COLUMN injector_contract_external_id;
+  */
+}

openbas-api/src/main/java/io/openbas/rest/attack_pattern/service/AttackPatternService.java

@@ -1,11 +1,14 @@
 package io.openbas.rest.attack_pattern.service;
 
+import static io.openbas.helper.StreamHelper.fromIterable;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.openbas.database.model.AttackPattern;
 import io.openbas.database.repository.AttackPatternRepository;
 import io.openbas.ee.Ee;
 import io.openbas.rest.attack_pattern.form.AnalysisResultFromTTPExtractionAIWebserviceOutput;
+import io.openbas.rest.exception.ElementNotFoundException;
 import jakarta.annotation.Resource;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -113,21 +116,65 @@ private Set<String> extractExternalAttackPatternIdsFromResponse(String responseB
     return externalAttackPatternIds;
   }
 
+  private List<AttackPattern> getAttackPatternsByExternalIds(Set<String> ids) {
+    if (ids.isEmpty()) {
+      return Collections.emptyList();
+    }
+    return this.attackPatternRepository.findAllByExternalIdInIgnoreCase(new ArrayList<>(ids));
+  }
+
+  private List<AttackPattern> getAttackPatternsByInternalIds(Set<String> ids) {
+    if (ids.isEmpty()) {
+      return Collections.emptyList();
+    }
+    return fromIterable(this.attackPatternRepository.findAllById(new ArrayList<>(ids)));
+  }
+
   /**
    * Get the attack pattern IDs from the external IDs.
    *
    * @param externalAttackPatternIds Set of external attack pattern IDs to be converted to internal
    *     IDs.
    * @return List of attack pattern IDs corresponding to the external IDs.
    */
-  private List<String> getAttackPatternIds(Set<String> externalAttackPatternIds) {
-    if (!externalAttackPatternIds.isEmpty()) {
-      List<AttackPattern> attackPatterns =
-          this.attackPatternRepository.findAllByExternalIdInIgnoreCase(
-              new ArrayList<>(externalAttackPatternIds));
-      return attackPatterns.stream().map(AttackPattern::getId).toList();
+  private List<String> getAttackPatternInternalIdsFromExternalIds(
+      Set<String> externalAttackPatternIds) {
+    return this.getAttackPatternsByExternalIds(externalAttackPatternIds).stream()
+        .map(AttackPattern::getId)
+        .toList();
+  }
+
+  public List<AttackPattern> getAttackPatternsByExternalIdsThrowIfMissing(
+      Set<String> externalAttackPatternIds) {
+    List<AttackPattern> attackPatterns =
+        this.getAttackPatternsByExternalIds(externalAttackPatternIds);
+    List<String> missingIds =
+        externalAttackPatternIds.stream()
+            .filter(
+                id ->
+                    !attackPatterns.stream()
+                        .map(AttackPattern::getExternalId)
+                        .toList()
+                        .contains(id))
+            .toList();
+    if (!missingIds.isEmpty()) {
+      throw new ElementNotFoundException(
+          String.format("Missing attack patterns: %s", String.join(", ", missingIds)));
+    }
+    return attackPatterns;
+  }
+
+  public List<AttackPattern> getAttackPatternsByInternalIdsThrowIfMissing(Set<String> ids) {
+    List<AttackPattern> attackPatterns = this.getAttackPatternsByInternalIds(ids);
+    List<String> missingIds =
+        ids.stream()
+            .filter(id -> !attackPatterns.stream().map(AttackPattern::getId).toList().contains(id))
+            .toList();
+    if (!missingIds.isEmpty()) {
+      throw new ElementNotFoundException(
+          String.format("Missing attack patterns: %s", String.join(", ", missingIds)));
     }
-    return Collections.emptyList();
+    return attackPatterns;
   }
 
   /**
@@ -159,7 +206,7 @@ public List<String> searchAttackPatternWithTTPAIWebservice(
       String responseBody = callTTPExtractionAIWebservice(files, text);
       Set<String> attackPatternExternalIds =
           extractExternalAttackPatternIdsFromResponse(responseBody);
-      return getAttackPatternIds(attackPatternExternalIds);
+      return getAttackPatternInternalIdsFromExternalIds(attackPatternExternalIds);
 
     } catch (IOException e) {
       throw new RuntimeException(e);

openbas-api/src/main/java/io/openbas/rest/injector_contract/InjectorContractApi.java

@@ -1,26 +1,19 @@
 package io.openbas.rest.injector_contract;
 
 import static io.openbas.database.model.User.ROLE_ADMIN;
-import static io.openbas.helper.DatabaseHelper.updateRelation;
-import static io.openbas.helper.StreamHelper.fromIterable;
 import static io.openbas.utils.ArchitectureFilterUtils.handleArchitectureFilter;
 import static io.openbas.utils.pagination.PaginationUtils.buildPaginationCriteriaBuilder;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import io.openbas.database.model.InjectorContract;
 import io.openbas.database.raw.RawInjectorsContrats;
-import io.openbas.database.repository.AttackPatternRepository;
-import io.openbas.database.repository.InjectorContractRepository;
-import io.openbas.database.repository.InjectorRepository;
-import io.openbas.rest.exception.ElementNotFoundException;
 import io.openbas.rest.helper.RestBehavior;
 import io.openbas.rest.injector_contract.form.InjectorContractAddInput;
 import io.openbas.rest.injector_contract.form.InjectorContractUpdateInput;
 import io.openbas.rest.injector_contract.form.InjectorContractUpdateMappingInput;
-import io.openbas.rest.injector_contract.output.InjectorContractOutput;
-import io.openbas.utils.pagination.SearchPaginationInput;
-import jakarta.transaction.Transactional;
+import io.openbas.rest.injector_contract.input.InjectorContractSearchPaginationInput;
+import io.openbas.rest.injector_contract.output.InjectorContractBaseOutput;
 import jakarta.validation.Valid;
-import java.time.Instant;
 import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Page;
 import org.springframework.security.access.annotation.Secured;
@@ -30,91 +23,64 @@
 @RestController
 public class InjectorContractApi extends RestBehavior {
 
-  private final AttackPatternRepository attackPatternRepository;
+  private final ObjectMapper mapper;
 
-  private final InjectorRepository injectorRepository;
-
-  private final InjectorContractRepository injectorContractRepository;
+  public static final String INJECTOR_CONTRACT_URL = "/api/injector_contracts";
 
   private final InjectorContractService injectorContractService;
 
-  @GetMapping("/api/injector_contracts")
+  @GetMapping(INJECTOR_CONTRACT_URL)
   public Iterable<RawInjectorsContrats> injectContracts() {
-    return injectorContractRepository.getAllRawInjectorsContracts();
+    return injectorContractService.getAllRawInjectContracts();
   }
 
-  @PostMapping("/api/injector_contracts/search")
-  public Page<InjectorContractOutput> injectorContracts(
-      @RequestBody @Valid final SearchPaginationInput searchPaginationInput) {
-    return buildPaginationCriteriaBuilder(
-        this.injectorContractService::injectorContracts,
-        handleArchitectureFilter(searchPaginationInput),
-        InjectorContract.class);
+  @PostMapping(INJECTOR_CONTRACT_URL + "/search")
+  public Page<? extends InjectorContractBaseOutput> injectorContracts(
+      @RequestBody @Valid final InjectorContractSearchPaginationInput input) {
+    if (input.isIncludeFullDetails()) {
+      return buildPaginationCriteriaBuilder(
+          this.injectorContractService::getSinglePageFullDetails,
+          handleArchitectureFilter(input),
+          InjectorContract.class);
+    } else {
+      return buildPaginationCriteriaBuilder(
+          this.injectorContractService::getSinglePageBaseDetails,
+          handleArchitectureFilter(input),
+          InjectorContract.class);
+    }
   }
 
   @Secured(ROLE_ADMIN)
-  @GetMapping("/api/injector_contracts/{injectorContractId}")
+  @GetMapping(INJECTOR_CONTRACT_URL + "/{injectorContractId}")
   public InjectorContract injectorContract(@PathVariable String injectorContractId) {
-    return injectorContractRepository
-        .findById(injectorContractId)
-        .orElseThrow(ElementNotFoundException::new);
+    return injectorContractService.getSingleInjectorContract(injectorContractId);
   }
 
   @Secured(ROLE_ADMIN)
-  @PostMapping("/api/injector_contracts")
-  @Transactional(rollbackOn = Exception.class)
+  @PostMapping(INJECTOR_CONTRACT_URL)
   public InjectorContract createInjectorContract(
       @Valid @RequestBody InjectorContractAddInput input) {
-    InjectorContract injectorContract = new InjectorContract();
-    injectorContract.setCustom(true);
-    injectorContract.setUpdateAttributes(input);
-    if (!input.getAttackPatternsExternalIds().isEmpty()) {
-      injectorContract.setAttackPatterns(
-          fromIterable(
-              attackPatternRepository.findAllByExternalIdInIgnoreCase(
-                  input.getAttackPatternsExternalIds())));
-    } else if (!input.getAttackPatternsIds().isEmpty()) {
-      injectorContract.setAttackPatterns(
-          fromIterable(attackPatternRepository.findAllById(input.getAttackPatternsIds())));
-    }
-    injectorContract.setInjector(
-        updateRelation(input.getInjectorId(), injectorContract.getInjector(), injectorRepository));
-    return injectorContractRepository.save(injectorContract);
+    return injectorContractService.createNewInjectorContract(input);
   }
 
   @Secured(ROLE_ADMIN)
-  @PutMapping("/api/injector_contracts/{injectorContractId}")
+  @PutMapping(INJECTOR_CONTRACT_URL + "/{injectorContractId}")
   public InjectorContract updateInjectorContract(
       @PathVariable String injectorContractId,
       @Valid @RequestBody InjectorContractUpdateInput input) {
-    InjectorContract injectorContract =
-        injectorContractRepository
-            .findById(injectorContractId)
-            .orElseThrow(ElementNotFoundException::new);
-    injectorContract.setUpdateAttributes(input);
-    injectorContract.setAttackPatterns(
-        fromIterable(attackPatternRepository.findAllById(input.getAttackPatternsIds())));
-    injectorContract.setUpdatedAt(Instant.now());
-    return injectorContractRepository.save(injectorContract);
+    return injectorContractService.updateInjectorContract(injectorContractId, input);
   }
 
   @Secured(ROLE_ADMIN)
-  @PutMapping("/api/injector_contracts/{injectorContractId}/mapping")
+  @PutMapping(INJECTOR_CONTRACT_URL + "/{injectorContractId}/mapping")
   public InjectorContract updateInjectorContractMapping(
       @PathVariable String injectorContractId,
       @Valid @RequestBody InjectorContractUpdateMappingInput input) {
-    InjectorContract injectorContract =
-        injectorContractRepository
-            .findById(injectorContractId)
-            .orElseThrow(ElementNotFoundException::new);
-    injectorContract.setAttackPatterns(
-        fromIterable(attackPatternRepository.findAllById(input.getAttackPatternsIds())));
-    injectorContract.setUpdatedAt(Instant.now());
-    return injectorContractRepository.save(injectorContract);
+    return injectorContractService.updateAttackPatternMappings(injectorContractId, input);
   }
 
   @Secured(ROLE_ADMIN)
-  @DeleteMapping("/api/injector_contracts/{injectorContractId}")
+  @DeleteMapping(INJECTOR_CONTRACT_URL + "/{injectorContractId}")
   public void deleteInjectorContract(@PathVariable String injectorContractId) {
     this.injectorContractService.deleteInjectorContract(injectorContractId);
   }