Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Sharang Parnerkar
|
bec47f8c7d | ||
 sharang
|
56482911b8 |
@@ -6,7 +6,7 @@ use tokio::sync::{broadcast, watch, Semaphore};
|
||||
use compliance_core::models::pentest::PentestEvent;
|
||||
use compliance_core::AgentConfig;
|
||||
|
||||
use crate::database::{Database, DatabasePool};
|
||||
use crate::database::DatabasePool;
|
||||
use crate::llm::LlmClient;
|
||||
use crate::pipeline::orchestrator::PipelineOrchestrator;
|
||||
|
||||
@@ -16,12 +16,9 @@ const DEFAULT_MAX_CONCURRENT_SESSIONS: usize = 5;
|
||||
#[derive(Clone)]
|
||||
pub struct ComplianceAgent {
|
||||
pub config: AgentConfig,
|
||||
/// Transitional single-database handle. Used by handlers that have
|
||||
/// not yet been migrated to `db_pool.for_tenant(&ctx)` (M7.2-B/C).
|
||||
/// Will be removed once every call site is tenant-scoped (M7.2-D).
|
||||
pub db: Database,
|
||||
/// Per-tenant Mongo broker introduced in M7.2-A. Handlers should
|
||||
/// prefer this and obtain a tenant-scoped [`Database`] from it.
|
||||
/// Per-tenant Mongo broker. Every code path must obtain a
|
||||
/// tenant-scoped [`crate::database::Database`] from this pool —
|
||||
/// there is no single shared database any more.
|
||||
pub db_pool: DatabasePool,
|
||||
pub llm: Arc<LlmClient>,
|
||||
pub http: reqwest::Client,
|
||||
@@ -34,7 +31,7 @@ pub struct ComplianceAgent {
|
||||
}
|
||||
|
||||
impl ComplianceAgent {
|
||||
pub fn new(config: AgentConfig, db: Database, db_pool: DatabasePool) -> Self {
|
||||
pub fn new(config: AgentConfig, db_pool: DatabasePool) -> Self {
|
||||
let llm = Arc::new(LlmClient::new(
|
||||
config.litellm_url.clone(),
|
||||
config.litellm_api_key.clone(),
|
||||
@@ -48,7 +45,6 @@ impl ComplianceAgent {
|
||||
.unwrap_or_default();
|
||||
Self {
|
||||
config,
|
||||
db,
|
||||
db_pool,
|
||||
llm,
|
||||
http,
|
||||
@@ -60,28 +56,27 @@ impl ComplianceAgent {
|
||||
|
||||
pub async fn run_scan(
|
||||
&self,
|
||||
tenant_id: &str,
|
||||
repo_id: &str,
|
||||
trigger: compliance_core::models::ScanTrigger,
|
||||
) -> Result<(), crate::error::AgentError> {
|
||||
let orchestrator = PipelineOrchestrator::new(
|
||||
self.config.clone(),
|
||||
self.db.clone(),
|
||||
self.llm.clone(),
|
||||
self.http.clone(),
|
||||
);
|
||||
let db = self.db_pool.for_tenant_id(tenant_id).await?;
|
||||
let orchestrator =
|
||||
PipelineOrchestrator::new(self.config.clone(), db, self.llm.clone(), self.http.clone());
|
||||
orchestrator.run(repo_id, trigger).await
|
||||
}
|
||||
|
||||
/// Run a PR review: scan the diff and post review comments.
|
||||
pub async fn run_pr_review(
|
||||
&self,
|
||||
tenant_id: &str,
|
||||
repo_id: &str,
|
||||
pr_number: u64,
|
||||
base_sha: &str,
|
||||
head_sha: &str,
|
||||
) -> Result<(), crate::error::AgentError> {
|
||||
let repo = self
|
||||
.db
|
||||
let db = self.db_pool.for_tenant_id(tenant_id).await?;
|
||||
let repo = db
|
||||
.repositories()
|
||||
.find_one(mongodb::bson::doc! {
|
||||
"_id": mongodb::bson::oid::ObjectId::parse_str(repo_id)
|
||||
@@ -92,12 +87,8 @@ impl ComplianceAgent {
|
||||
crate::error::AgentError::Other(format!("Repository {repo_id} not found"))
|
||||
})?;
|
||||
|
||||
let orchestrator = PipelineOrchestrator::new(
|
||||
self.config.clone(),
|
||||
self.db.clone(),
|
||||
self.llm.clone(),
|
||||
self.http.clone(),
|
||||
);
|
||||
let orchestrator =
|
||||
PipelineOrchestrator::new(self.config.clone(), db, self.llm.clone(), self.http.clone());
|
||||
orchestrator
|
||||
.run_pr_review(&repo, repo_id, pr_number, base_sha, head_sha)
|
||||
.await
|
||||
|
||||
@@ -158,11 +158,16 @@ pub async fn get_ssh_public_key(
|
||||
#[tracing::instrument(skip_all, fields(repo_id = %id))]
|
||||
pub async fn trigger_scan(
|
||||
Extension(agent): AgentExt,
|
||||
tenant: TenantCtx,
|
||||
Path(id): Path<String>,
|
||||
) -> Result<Json<serde_json::Value>, StatusCode> {
|
||||
let agent_clone = (*agent).clone();
|
||||
let tenant_id = tenant.0.tenant_id.clone();
|
||||
tokio::spawn(async move {
|
||||
if let Err(e) = agent_clone.run_scan(&id, ScanTrigger::Manual).await {
|
||||
if let Err(e) = agent_clone
|
||||
.run_scan(&tenant_id, &id, ScanTrigger::Manual)
|
||||
.await
|
||||
{
|
||||
tracing::error!("Manual scan failed for {id}: {e}");
|
||||
}
|
||||
});
|
||||
|
||||
@@ -78,19 +78,28 @@ impl DatabasePool {
|
||||
/// first call per tenant (per process). Cheap on the hot path —
|
||||
/// subsequent calls skip the round-trip.
|
||||
pub async fn for_tenant(&self, ctx: &TenantContext) -> Result<Database, AgentError> {
|
||||
let db_name = self.tenant_db_name(&ctx.tenant_id);
|
||||
self.for_tenant_id(&ctx.tenant_id).await
|
||||
}
|
||||
|
||||
/// Like [`Self::for_tenant`] but accepts a bare tenant_id.
|
||||
/// For background paths (scheduler, webhooks, pipeline orchestrators)
|
||||
/// that don't have a full [`TenantContext`] but know which tenant
|
||||
/// they're operating on (typically resolved from a URL path, a job
|
||||
/// argument, or the registry).
|
||||
pub async fn for_tenant_id(&self, tenant_id: &str) -> Result<Database, AgentError> {
|
||||
let db_name = self.tenant_db_name(tenant_id);
|
||||
let db = Database::from_database(self.client.database(&db_name));
|
||||
// `DashMap::insert` returns the previous value; `None` means we
|
||||
// were the first writer for this tenant_id and own the
|
||||
// index-ensure work.
|
||||
if self.ensured.insert(ctx.tenant_id.clone(), ()).is_none() {
|
||||
if self.ensured.insert(tenant_id.to_string(), ()).is_none() {
|
||||
if let Err(e) = db.ensure_indexes().await {
|
||||
// Roll the marker back so the next request retries.
|
||||
self.ensured.remove(&ctx.tenant_id);
|
||||
self.ensured.remove(tenant_id);
|
||||
return Err(e);
|
||||
}
|
||||
tracing::debug!(
|
||||
tenant_id = %ctx.tenant_id,
|
||||
tenant_id = %tenant_id,
|
||||
db_name = %db_name,
|
||||
"Indexes ensured for tenant database"
|
||||
);
|
||||
@@ -131,6 +140,43 @@ impl DatabasePool {
|
||||
pub fn client(&self) -> &Client {
|
||||
&self.client
|
||||
}
|
||||
|
||||
/// List every Mongo database currently belonging to this pool,
|
||||
/// identified by the `<db_prefix>_` prefix. The result is the raw
|
||||
/// database names — opening one for offboarding/cleanup goes
|
||||
/// through [`Self::client`].
|
||||
///
|
||||
/// Note: hashed-fallback names (very long tenant_ids) lose the
|
||||
/// original tenant_id at the cluster level — we know a database
|
||||
/// exists for *some* tenant but not which one. In practice
|
||||
/// tenant_ids are UUIDs (36 chars) and never hit the fallback,
|
||||
/// so this is a theoretical concern, not an operational one.
|
||||
pub async fn list_tenant_db_names(&self) -> Result<Vec<String>, AgentError> {
|
||||
let prefix = format!("{}_", self.db_prefix);
|
||||
let names = self.client.list_database_names().await?;
|
||||
Ok(names
|
||||
.into_iter()
|
||||
.filter(|n| n.starts_with(&prefix))
|
||||
.collect())
|
||||
}
|
||||
|
||||
/// Drop the database for a specific tenant. Used by GDPR delete
|
||||
/// and tenant offboarding. Idempotent — dropping a non-existent
|
||||
/// database is a no-op at the driver level.
|
||||
///
|
||||
/// Also evicts the tenant from the in-memory `ensured` set so a
|
||||
/// later re-provision triggers fresh `ensure_indexes`.
|
||||
pub async fn drop_tenant(&self, tenant_id: &str) -> Result<(), AgentError> {
|
||||
let db_name = self.tenant_db_name(tenant_id);
|
||||
self.client.database(&db_name).drop().await?;
|
||||
self.ensured.remove(tenant_id);
|
||||
tracing::info!(
|
||||
tenant_id = %tenant_id,
|
||||
db_name = %db_name,
|
||||
"Dropped tenant database"
|
||||
);
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
/// Mongo database names disallow `/`, `\`, `.`, `"`, `$`, ` `, and NUL.
|
||||
|
||||
@@ -25,16 +25,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
}
|
||||
|
||||
tracing::info!("Connecting to MongoDB...");
|
||||
let db = database::Database::connect(&config.mongodb_uri, &config.mongodb_database).await?;
|
||||
db.ensure_indexes().await?;
|
||||
|
||||
// M7.2-A: per-tenant pool. Uses `mongodb_database` as the db-name
|
||||
// prefix so tenant databases land as `<prefix>_<tenant_id>` next to
|
||||
// the legacy single-tenant database.
|
||||
// Per-tenant pool only — the agent has no shared "default" database
|
||||
// after M7.2-D. `mongodb_database` is now the db-name prefix used
|
||||
// for tenant databases (`<prefix>_<tenant_id>`).
|
||||
let db_pool =
|
||||
database::DatabasePool::connect(&config.mongodb_uri, &config.mongodb_database).await?;
|
||||
|
||||
let agent = agent::ComplianceAgent::new(config.clone(), db.clone(), db_pool);
|
||||
let agent = agent::ComplianceAgent::new(config.clone(), db_pool);
|
||||
|
||||
tracing::info!("Starting scheduler...");
|
||||
let scheduler_agent = agent.clone();
|
||||
|
||||
@@ -4,8 +4,14 @@ use tokio_cron_scheduler::{Job, JobScheduler};
|
||||
use compliance_core::models::ScanTrigger;
|
||||
|
||||
use crate::agent::ComplianceAgent;
|
||||
use crate::database::Database;
|
||||
use crate::error::AgentError;
|
||||
|
||||
/// Default tenant the scheduler runs against when `SCHEDULER_TENANT_IDS`
|
||||
/// isn't set. Matches the dev-injector default so a bare `cargo run` has
|
||||
/// the scheduler scanning whatever lives in `<prefix>_dev`.
|
||||
const DEFAULT_SCHEDULER_TENANT_ID: &str = "dev";
|
||||
|
||||
pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError> {
|
||||
let sched = JobScheduler::new()
|
||||
.await
|
||||
@@ -18,7 +24,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
|
||||
let agent = scan_agent.clone();
|
||||
Box::pin(async move {
|
||||
tracing::info!("Scheduled scan triggered");
|
||||
scan_all_repos(&agent).await;
|
||||
for tenant_id in scheduler_tenants() {
|
||||
scan_all_repos(&agent, &tenant_id).await;
|
||||
}
|
||||
})
|
||||
})
|
||||
.map_err(|e| AgentError::Scheduler(format!("Failed to create scan job: {e}")))?;
|
||||
@@ -34,7 +42,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
|
||||
let agent = cve_agent.clone();
|
||||
Box::pin(async move {
|
||||
tracing::info!("CVE monitor triggered");
|
||||
monitor_cves(&agent).await;
|
||||
for tenant_id in scheduler_tenants() {
|
||||
monitor_cves(&agent, &tenant_id).await;
|
||||
}
|
||||
})
|
||||
})
|
||||
.map_err(|e| AgentError::Scheduler(format!("Failed to create CVE monitor job: {e}")))?;
|
||||
@@ -48,8 +58,9 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
|
||||
.await
|
||||
.map_err(|e| AgentError::Scheduler(format!("Failed to start scheduler: {e}")))?;
|
||||
|
||||
let tenants = scheduler_tenants();
|
||||
tracing::info!(
|
||||
"Scheduler started: scans='{}', CVE monitor='{}'",
|
||||
"Scheduler started: scans='{}', CVE monitor='{}', tenants={tenants:?}",
|
||||
agent.config.scan_schedule,
|
||||
agent.config.cve_monitor_schedule,
|
||||
);
|
||||
@@ -60,13 +71,47 @@ pub async fn start_scheduler(agent: &ComplianceAgent) -> Result<(), AgentError>
|
||||
}
|
||||
}
|
||||
|
||||
async fn scan_all_repos(agent: &ComplianceAgent) {
|
||||
/// Tenants the scheduler iterates each tick. From `SCHEDULER_TENANT_IDS`
|
||||
/// (comma-separated), or `DEFAULT_SCHEDULER_TENANT_ID` if unset. M7.2-D
|
||||
/// will replace this with a pull from the tenant-registry.
|
||||
fn scheduler_tenants() -> Vec<String> {
|
||||
std::env::var("SCHEDULER_TENANT_IDS")
|
||||
.ok()
|
||||
.map(|s| {
|
||||
s.split(',')
|
||||
.map(str::trim)
|
||||
.filter(|s| !s.is_empty())
|
||||
.map(String::from)
|
||||
.collect::<Vec<_>>()
|
||||
})
|
||||
.filter(|v| !v.is_empty())
|
||||
.unwrap_or_else(|| vec![DEFAULT_SCHEDULER_TENANT_ID.to_string()])
|
||||
}
|
||||
|
||||
/// Resolve the per-tenant database. Logs and returns `None` on failure
|
||||
/// so the loop in the caller can continue with other tenants.
|
||||
async fn tenant_db(agent: &ComplianceAgent, tenant_id: &str) -> Option<Database> {
|
||||
match agent.db_pool.for_tenant_id(tenant_id).await {
|
||||
Ok(db) => Some(db),
|
||||
Err(e) => {
|
||||
tracing::error!("Scheduler: cannot open tenant database '{tenant_id}': {e}");
|
||||
None
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn scan_all_repos(agent: &ComplianceAgent, tenant_id: &str) {
|
||||
use futures_util::StreamExt;
|
||||
|
||||
let cursor = match agent.db.repositories().find(doc! {}).await {
|
||||
let db = match tenant_db(agent, tenant_id).await {
|
||||
Some(db) => db,
|
||||
None => return,
|
||||
};
|
||||
|
||||
let cursor = match db.repositories().find(doc! {}).await {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to list repos for scheduled scan: {e}");
|
||||
tracing::error!("Failed to list repos for tenant '{tenant_id}': {e}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
@@ -75,33 +120,44 @@ async fn scan_all_repos(agent: &ComplianceAgent) {
|
||||
|
||||
for repo in repos {
|
||||
let repo_id = repo.id.map(|id| id.to_hex()).unwrap_or_default();
|
||||
if let Err(e) = agent.run_scan(&repo_id, ScanTrigger::Scheduled).await {
|
||||
tracing::error!("Scheduled scan failed for {}: {e}", repo.name);
|
||||
if let Err(e) = agent
|
||||
.run_scan(tenant_id, &repo_id, ScanTrigger::Scheduled)
|
||||
.await
|
||||
{
|
||||
tracing::error!(
|
||||
"Scheduled scan failed for {} (tenant '{tenant_id}'): {e}",
|
||||
repo.name
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
async fn monitor_cves(agent: &ComplianceAgent, tenant_id: &str) {
|
||||
use compliance_core::models::notification::{parse_severity, CveNotification};
|
||||
use compliance_core::models::SbomEntry;
|
||||
use futures_util::StreamExt;
|
||||
|
||||
let db = match tenant_db(agent, tenant_id).await {
|
||||
Some(db) => db,
|
||||
None => return,
|
||||
};
|
||||
|
||||
// Fetch all SBOM entries grouped by repo
|
||||
let cursor = match agent.db.sbom_entries().find(doc! {}).await {
|
||||
let cursor = match db.sbom_entries().find(doc! {}).await {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
tracing::error!("CVE monitor: failed to list SBOM entries: {e}");
|
||||
tracing::error!("CVE monitor: failed to list SBOM entries for '{tenant_id}': {e}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
let entries: Vec<SbomEntry> = cursor.filter_map(|r| async { r.ok() }).collect().await;
|
||||
if entries.is_empty() {
|
||||
tracing::debug!("CVE monitor: no SBOM entries, skipping");
|
||||
tracing::debug!("CVE monitor: no SBOM entries for tenant '{tenant_id}', skipping");
|
||||
return;
|
||||
}
|
||||
|
||||
tracing::info!(
|
||||
"CVE monitor: checking {} dependencies for new CVEs",
|
||||
"CVE monitor: checking {} dependencies for new CVEs (tenant '{tenant_id}')",
|
||||
entries.len()
|
||||
);
|
||||
|
||||
@@ -112,7 +168,7 @@ async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
std::collections::HashMap::new();
|
||||
for rid in &repo_ids {
|
||||
if let Ok(oid) = mongodb::bson::oid::ObjectId::parse_str(rid) {
|
||||
if let Ok(Some(repo)) = agent.db.repositories().find_one(doc! { "_id": oid }).await {
|
||||
if let Ok(Some(repo)) = db.repositories().find_one(doc! { "_id": oid }).await {
|
||||
repo_names.insert(rid.clone(), repo.name.clone());
|
||||
}
|
||||
}
|
||||
@@ -160,8 +216,7 @@ async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
for alert in &alerts {
|
||||
let filter = doc! { "cve_id": &alert.cve_id, "repo_id": &alert.repo_id };
|
||||
let update = doc! { "$setOnInsert": mongodb::bson::to_bson(alert).unwrap_or_default() };
|
||||
let _ = agent
|
||||
.db
|
||||
let _ = db
|
||||
.cve_alerts()
|
||||
.update_one(filter, update)
|
||||
.upsert(true)
|
||||
@@ -174,8 +229,7 @@ async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
continue;
|
||||
}
|
||||
if let Some(entry_id) = &entry.id {
|
||||
let _ = agent
|
||||
.db
|
||||
let _ = db
|
||||
.sbom_entries()
|
||||
.update_one(
|
||||
doc! { "_id": entry_id },
|
||||
@@ -213,8 +267,7 @@ async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
let update = doc! {
|
||||
"$setOnInsert": mongodb::bson::to_bson(¬ification).unwrap_or_default()
|
||||
};
|
||||
match agent
|
||||
.db
|
||||
match db
|
||||
.cve_notifications()
|
||||
.update_one(filter, update)
|
||||
.upsert(true)
|
||||
@@ -232,8 +285,10 @@ async fn monitor_cves(agent: &ComplianceAgent) {
|
||||
}
|
||||
|
||||
if new_notifications > 0 {
|
||||
tracing::info!("CVE monitor: created {new_notifications} new notification(s)");
|
||||
tracing::info!(
|
||||
"CVE monitor: created {new_notifications} new notification(s) for tenant '{tenant_id}'"
|
||||
);
|
||||
} else {
|
||||
tracing::info!("CVE monitor: no new CVEs found");
|
||||
tracing::info!("CVE monitor: no new CVEs found for tenant '{tenant_id}'");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,24 +14,30 @@ type HmacSha256 = Hmac<Sha256>;
|
||||
|
||||
pub async fn handle_gitea_webhook(
|
||||
Extension(agent): Extension<Arc<ComplianceAgent>>,
|
||||
Path(repo_id): Path<String>,
|
||||
Path((tenant_id, repo_id)): Path<(String, String)>,
|
||||
headers: HeaderMap,
|
||||
body: Bytes,
|
||||
) -> StatusCode {
|
||||
// Look up the repo to get its webhook secret
|
||||
// Look up the repo in the tenant's database to get its webhook secret
|
||||
let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) {
|
||||
Ok(oid) => oid,
|
||||
Err(_) => return StatusCode::NOT_FOUND,
|
||||
};
|
||||
let repo = match agent
|
||||
.db
|
||||
let db = match agent.db_pool.for_tenant_id(&tenant_id).await {
|
||||
Ok(db) => db,
|
||||
Err(e) => {
|
||||
tracing::warn!("Gitea webhook: cannot open tenant database '{tenant_id}': {e}");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
let repo = match db
|
||||
.repositories()
|
||||
.find_one(mongodb::bson::doc! { "_id": oid })
|
||||
.await
|
||||
{
|
||||
Ok(Some(repo)) => repo,
|
||||
_ => {
|
||||
tracing::warn!("Gitea webhook: repo {repo_id} not found");
|
||||
tracing::warn!("Gitea webhook: repo {repo_id} not found in tenant '{tenant_id}'");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
@@ -66,15 +72,21 @@ pub async fn handle_gitea_webhook(
|
||||
"push" => {
|
||||
let agent_clone = (*agent).clone();
|
||||
let repo_id = repo_id.clone();
|
||||
let tenant_id = tenant_id.clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("Gitea push webhook: triggering scan for {repo_id}");
|
||||
if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await {
|
||||
tracing::info!(
|
||||
"Gitea push webhook: triggering scan for {repo_id} in tenant {tenant_id}"
|
||||
);
|
||||
if let Err(e) = agent_clone
|
||||
.run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook)
|
||||
.await
|
||||
{
|
||||
tracing::error!("Webhook-triggered scan failed: {e}");
|
||||
}
|
||||
});
|
||||
StatusCode::OK
|
||||
}
|
||||
"pull_request" => handle_pull_request(agent, &repo_id, &payload).await,
|
||||
"pull_request" => handle_pull_request(agent, &tenant_id, &repo_id, &payload).await,
|
||||
_ => {
|
||||
tracing::debug!("Gitea webhook: ignoring event '{event}'");
|
||||
StatusCode::OK
|
||||
@@ -84,6 +96,7 @@ pub async fn handle_gitea_webhook(
|
||||
|
||||
async fn handle_pull_request(
|
||||
agent: Arc<ComplianceAgent>,
|
||||
tenant_id: &str,
|
||||
repo_id: &str,
|
||||
payload: &serde_json::Value,
|
||||
) -> StatusCode {
|
||||
@@ -106,13 +119,14 @@ async fn handle_pull_request(
|
||||
}
|
||||
|
||||
let repo_id = repo_id.to_string();
|
||||
let tenant_id = tenant_id.to_string();
|
||||
let head_sha = head_sha.to_string();
|
||||
let base_sha = base_sha.to_string();
|
||||
let agent_clone = (*agent).clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("Gitea PR webhook: reviewing PR #{pr_number} on {repo_id}");
|
||||
if let Err(e) = agent_clone
|
||||
.run_pr_review(&repo_id, pr_number, &base_sha, &head_sha)
|
||||
.run_pr_review(&tenant_id, &repo_id, pr_number, &base_sha, &head_sha)
|
||||
.await
|
||||
{
|
||||
tracing::error!("PR review failed for #{pr_number}: {e}");
|
||||
|
||||
@@ -14,24 +14,30 @@ type HmacSha256 = Hmac<Sha256>;
|
||||
|
||||
pub async fn handle_github_webhook(
|
||||
Extension(agent): Extension<Arc<ComplianceAgent>>,
|
||||
Path(repo_id): Path<String>,
|
||||
Path((tenant_id, repo_id)): Path<(String, String)>,
|
||||
headers: HeaderMap,
|
||||
body: Bytes,
|
||||
) -> StatusCode {
|
||||
// Look up the repo to get its webhook secret
|
||||
// Look up the repo in the tenant's database to get its webhook secret
|
||||
let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) {
|
||||
Ok(oid) => oid,
|
||||
Err(_) => return StatusCode::NOT_FOUND,
|
||||
};
|
||||
let repo = match agent
|
||||
.db
|
||||
let db = match agent.db_pool.for_tenant_id(&tenant_id).await {
|
||||
Ok(db) => db,
|
||||
Err(e) => {
|
||||
tracing::warn!("GitHub webhook: cannot open tenant database '{tenant_id}': {e}");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
let repo = match db
|
||||
.repositories()
|
||||
.find_one(mongodb::bson::doc! { "_id": oid })
|
||||
.await
|
||||
{
|
||||
Ok(Some(repo)) => repo,
|
||||
_ => {
|
||||
tracing::warn!("GitHub webhook: repo {repo_id} not found");
|
||||
tracing::warn!("GitHub webhook: repo {repo_id} not found in tenant '{tenant_id}'");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
@@ -66,15 +72,21 @@ pub async fn handle_github_webhook(
|
||||
"push" => {
|
||||
let agent_clone = (*agent).clone();
|
||||
let repo_id = repo_id.clone();
|
||||
let tenant_id = tenant_id.clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("GitHub push webhook: triggering scan for {repo_id}");
|
||||
if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await {
|
||||
tracing::info!(
|
||||
"GitHub push webhook: triggering scan for {repo_id} in tenant {tenant_id}"
|
||||
);
|
||||
if let Err(e) = agent_clone
|
||||
.run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook)
|
||||
.await
|
||||
{
|
||||
tracing::error!("Webhook-triggered scan failed: {e}");
|
||||
}
|
||||
});
|
||||
StatusCode::OK
|
||||
}
|
||||
"pull_request" => handle_pull_request(agent, &repo_id, &payload).await,
|
||||
"pull_request" => handle_pull_request(agent, &tenant_id, &repo_id, &payload).await,
|
||||
_ => {
|
||||
tracing::debug!("GitHub webhook: ignoring event '{event}'");
|
||||
StatusCode::OK
|
||||
@@ -84,6 +96,7 @@ pub async fn handle_github_webhook(
|
||||
|
||||
async fn handle_pull_request(
|
||||
agent: Arc<ComplianceAgent>,
|
||||
tenant_id: &str,
|
||||
repo_id: &str,
|
||||
payload: &serde_json::Value,
|
||||
) -> StatusCode {
|
||||
@@ -105,13 +118,14 @@ async fn handle_pull_request(
|
||||
}
|
||||
|
||||
let repo_id = repo_id.to_string();
|
||||
let tenant_id = tenant_id.to_string();
|
||||
let head_sha = head_sha.to_string();
|
||||
let base_sha = base_sha.to_string();
|
||||
let agent_clone = (*agent).clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("GitHub PR webhook: reviewing PR #{pr_number} on {repo_id}");
|
||||
if let Err(e) = agent_clone
|
||||
.run_pr_review(&repo_id, pr_number, &base_sha, &head_sha)
|
||||
.run_pr_review(&tenant_id, &repo_id, pr_number, &base_sha, &head_sha)
|
||||
.await
|
||||
{
|
||||
tracing::error!("PR review failed for #{pr_number}: {e}");
|
||||
|
||||
@@ -10,24 +10,30 @@ use crate::agent::ComplianceAgent;
|
||||
|
||||
pub async fn handle_gitlab_webhook(
|
||||
Extension(agent): Extension<Arc<ComplianceAgent>>,
|
||||
Path(repo_id): Path<String>,
|
||||
Path((tenant_id, repo_id)): Path<(String, String)>,
|
||||
headers: HeaderMap,
|
||||
body: Bytes,
|
||||
) -> StatusCode {
|
||||
// Look up the repo to get its webhook secret
|
||||
// Look up the repo in the tenant's database to get its webhook secret
|
||||
let oid = match mongodb::bson::oid::ObjectId::parse_str(&repo_id) {
|
||||
Ok(oid) => oid,
|
||||
Err(_) => return StatusCode::NOT_FOUND,
|
||||
};
|
||||
let repo = match agent
|
||||
.db
|
||||
let db = match agent.db_pool.for_tenant_id(&tenant_id).await {
|
||||
Ok(db) => db,
|
||||
Err(e) => {
|
||||
tracing::warn!("GitLab webhook: cannot open tenant database '{tenant_id}': {e}");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
let repo = match db
|
||||
.repositories()
|
||||
.find_one(mongodb::bson::doc! { "_id": oid })
|
||||
.await
|
||||
{
|
||||
Ok(Some(repo)) => repo,
|
||||
_ => {
|
||||
tracing::warn!("GitLab webhook: repo {repo_id} not found");
|
||||
tracing::warn!("GitLab webhook: repo {repo_id} not found in tenant '{tenant_id}'");
|
||||
return StatusCode::NOT_FOUND;
|
||||
}
|
||||
};
|
||||
@@ -59,15 +65,21 @@ pub async fn handle_gitlab_webhook(
|
||||
"push" => {
|
||||
let agent_clone = (*agent).clone();
|
||||
let repo_id = repo_id.clone();
|
||||
let tenant_id = tenant_id.clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("GitLab push webhook: triggering scan for {repo_id}");
|
||||
if let Err(e) = agent_clone.run_scan(&repo_id, ScanTrigger::Webhook).await {
|
||||
tracing::info!(
|
||||
"GitLab push webhook: triggering scan for {repo_id} in tenant {tenant_id}"
|
||||
);
|
||||
if let Err(e) = agent_clone
|
||||
.run_scan(&tenant_id, &repo_id, ScanTrigger::Webhook)
|
||||
.await
|
||||
{
|
||||
tracing::error!("Webhook-triggered scan failed: {e}");
|
||||
}
|
||||
});
|
||||
StatusCode::OK
|
||||
}
|
||||
"merge_request" => handle_merge_request(agent, &repo_id, &payload).await,
|
||||
"merge_request" => handle_merge_request(agent, &tenant_id, &repo_id, &payload).await,
|
||||
_ => {
|
||||
tracing::debug!("GitLab webhook: ignoring event '{event_type}'");
|
||||
StatusCode::OK
|
||||
@@ -77,6 +89,7 @@ pub async fn handle_gitlab_webhook(
|
||||
|
||||
async fn handle_merge_request(
|
||||
agent: Arc<ComplianceAgent>,
|
||||
tenant_id: &str,
|
||||
repo_id: &str,
|
||||
payload: &serde_json::Value,
|
||||
) -> StatusCode {
|
||||
@@ -101,13 +114,14 @@ async fn handle_merge_request(
|
||||
}
|
||||
|
||||
let repo_id = repo_id.to_string();
|
||||
let tenant_id = tenant_id.to_string();
|
||||
let head_sha = head_sha.to_string();
|
||||
let base_sha = base_sha.to_string();
|
||||
let agent_clone = (*agent).clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("GitLab MR webhook: reviewing MR !{mr_iid} on {repo_id}");
|
||||
if let Err(e) = agent_clone
|
||||
.run_pr_review(&repo_id, mr_iid, &base_sha, &head_sha)
|
||||
.run_pr_review(&tenant_id, &repo_id, mr_iid, &base_sha, &head_sha)
|
||||
.await
|
||||
{
|
||||
tracing::error!("MR review failed for !{mr_iid}: {e}");
|
||||
|
||||
@@ -9,17 +9,21 @@ use crate::webhooks::{gitea, github, gitlab};
|
||||
|
||||
pub async fn start_webhook_server(agent: &ComplianceAgent) -> Result<(), AgentError> {
|
||||
let app = Router::new()
|
||||
// Per-repo webhook URLs: /webhook/{platform}/{repo_id}
|
||||
// Per-tenant per-repo webhook URLs: /webhook/{tenant_id}/{platform}/{repo_id}
|
||||
// The tenant_id is resolved from the URL path because webhooks
|
||||
// arrive without a JWT — they're authenticated via per-repo HMAC,
|
||||
// not via the tenant gate. The dashboard surfaces the full URL
|
||||
// including the tenant_id when the repo is registered.
|
||||
.route(
|
||||
"/webhook/github/{repo_id}",
|
||||
"/webhook/{tenant_id}/github/{repo_id}",
|
||||
post(github::handle_github_webhook),
|
||||
)
|
||||
.route(
|
||||
"/webhook/gitlab/{repo_id}",
|
||||
"/webhook/{tenant_id}/gitlab/{repo_id}",
|
||||
post(gitlab::handle_gitlab_webhook),
|
||||
)
|
||||
.route(
|
||||
"/webhook/gitea/{repo_id}",
|
||||
"/webhook/{tenant_id}/gitea/{repo_id}",
|
||||
post(gitea::handle_gitea_webhook),
|
||||
)
|
||||
.layer(Extension(Arc::new(agent.clone())));
|
||||
|
||||
@@ -7,7 +7,7 @@ use std::sync::Arc;
|
||||
|
||||
use compliance_agent::agent::ComplianceAgent;
|
||||
use compliance_agent::api;
|
||||
use compliance_agent::database::{Database, DatabasePool};
|
||||
use compliance_agent::database::DatabasePool;
|
||||
use compliance_core::AgentConfig;
|
||||
use secrecy::SecretString;
|
||||
|
||||
@@ -28,11 +28,6 @@ impl TestServer {
|
||||
// Unique database name per test run to avoid collisions
|
||||
let db_name = format!("test_{}", uuid::Uuid::new_v4().simple());
|
||||
|
||||
let db = Database::connect(&mongodb_uri, &db_name)
|
||||
.await
|
||||
.expect("Failed to connect to MongoDB — is it running?");
|
||||
db.ensure_indexes().await.expect("Failed to create indexes");
|
||||
|
||||
let db_pool = DatabasePool::connect(&mongodb_uri, &db_name)
|
||||
.await
|
||||
.expect("Failed to build DatabasePool");
|
||||
@@ -73,7 +68,7 @@ impl TestServer {
|
||||
pentest_imap_password: None,
|
||||
};
|
||||
|
||||
let agent = ComplianceAgent::new(config, db, db_pool);
|
||||
let agent = ComplianceAgent::new(config, db_pool);
|
||||
|
||||
// Build the router with the agent extension. After M7.2-B every
|
||||
// handler takes a TenantCtx extractor; without KC in the test
|
||||
@@ -164,12 +159,11 @@ impl TestServer {
|
||||
&self.db_name
|
||||
}
|
||||
|
||||
/// Drop the test database on cleanup. Post-M7.2-B the actual data
|
||||
/// lives in `<db_name>_<tenant>` per-tenant databases; list those
|
||||
/// off the cluster and drop them too.
|
||||
/// Drop every per-tenant database belonging to this test run.
|
||||
/// Post-M7.2-D the agent never opens a `db_name` directly —
|
||||
/// data lives only in `<db_name>_<tenant>` per-tenant databases.
|
||||
pub async fn cleanup(&self) {
|
||||
if let Ok(client) = mongodb::Client::with_uri_str(&self.mongodb_uri).await {
|
||||
client.database(&self.db_name).drop().await.ok();
|
||||
if let Ok(names) = client.list_database_names().await {
|
||||
let prefix = format!("{}_", self.db_name);
|
||||
for name in names {
|
||||
|
||||
@@ -158,6 +158,70 @@ async fn tenant_db_name_sanitizes_unsafe_characters() {
|
||||
}
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn admin_helpers_list_and_drop_tenant_dbs() {
|
||||
let uri = std::env::var("TEST_MONGODB_URI")
|
||||
.unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into());
|
||||
let prefix = format!("m72d_{}", short_id());
|
||||
let pool = DatabasePool::connect(&uri, &prefix).await.expect("connect");
|
||||
|
||||
let acme = ctx("00000000-0000-0000-0000-00000000acme", "acme");
|
||||
let globex = ctx("00000000-0000-0000-0000-0000globex000", "globex");
|
||||
|
||||
// Provision two tenants and write a doc into each so the databases
|
||||
// actually materialize on the cluster (Mongo lazily creates DBs).
|
||||
let acme_db = pool.for_tenant(&acme).await.expect("acme db");
|
||||
let globex_db = pool.for_tenant(&globex).await.expect("globex db");
|
||||
acme_db
|
||||
.repositories()
|
||||
.insert_one(fixture_repo("acme-app", "git@example.com:acme/app.git"))
|
||||
.await
|
||||
.expect("insert acme");
|
||||
globex_db
|
||||
.repositories()
|
||||
.insert_one(fixture_repo("globex-app", "git@example.com:globex/app.git"))
|
||||
.await
|
||||
.expect("insert globex");
|
||||
|
||||
// list_tenant_db_names sees both, filtered by prefix
|
||||
let names = pool.list_tenant_db_names().await.expect("list tenants");
|
||||
let acme_name = pool.tenant_db_name(&acme.tenant_id);
|
||||
let globex_name = pool.tenant_db_name(&globex.tenant_id);
|
||||
assert!(
|
||||
names.contains(&acme_name),
|
||||
"expected {acme_name} in {names:?}"
|
||||
);
|
||||
assert!(
|
||||
names.contains(&globex_name),
|
||||
"expected {globex_name} in {names:?}"
|
||||
);
|
||||
for name in &names {
|
||||
assert!(name.starts_with(&format!("{prefix}_")));
|
||||
}
|
||||
|
||||
// drop_tenant removes acme's DB
|
||||
pool.drop_tenant(&acme.tenant_id)
|
||||
.await
|
||||
.expect("drop acme tenant");
|
||||
let after = pool
|
||||
.list_tenant_db_names()
|
||||
.await
|
||||
.expect("list tenants after drop");
|
||||
assert!(
|
||||
!after.contains(&acme_name),
|
||||
"acme should be gone after drop, got {after:?}"
|
||||
);
|
||||
assert!(
|
||||
after.contains(&globex_name),
|
||||
"globex should still be present, got {after:?}"
|
||||
);
|
||||
|
||||
// Cleanup remaining
|
||||
pool.drop_tenant(&globex.tenant_id)
|
||||
.await
|
||||
.expect("drop globex tenant");
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn tenant_db_name_falls_back_to_hash_when_too_long() {
|
||||
let uri = std::env::var("TEST_MONGODB_URI")
|
||||
|
||||
@@ -0,0 +1,210 @@
|
||||
//! Authenticated HTTP client for talking to the compliance-agent.
|
||||
//!
|
||||
//! Every dashboard server function that hits `comp-dev.meghsakha.com/api/v1/*`
|
||||
//! must go through here so the Keycloak access token from the user's
|
||||
//! session is attached as `Authorization: Bearer <token>`. Without it
|
||||
//! the agent's M7.1 `require_jwt_auth` middleware rejects with 401
|
||||
//! "Missing authorization header".
|
||||
//!
|
||||
//! When Keycloak is not configured (dev convenience), the helper
|
||||
//! returns an unauthenticated builder — matching the agent's
|
||||
//! pass-through behavior in the same state.
|
||||
//!
|
||||
//! **Token refresh**: KC access tokens are short-lived (5 min default
|
||||
//! in the certifai realm). Before attaching, we decode the JWT's `exp`
|
||||
//! claim and proactively refresh via the stored refresh_token if the
|
||||
//! access token is expired or about to expire. The session is updated
|
||||
//! with the new pair. If refresh fails, we send the (stale) token
|
||||
//! anyway — the agent's 401 will surface to the UI, which can prompt
|
||||
//! re-login.
|
||||
|
||||
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
|
||||
use dioxus::prelude::ServerFnError;
|
||||
use dioxus_fullstack::FullstackContext;
|
||||
use reqwest::Method;
|
||||
|
||||
use super::auth::LOGGED_IN_USER_SESS_KEY;
|
||||
use super::server_state::ServerState;
|
||||
use super::user_state::UserStateInner;
|
||||
|
||||
/// Seconds before the JWT's `exp` time at which we consider it stale
|
||||
/// enough to refresh. Covers clock skew + the round-trip to the agent
|
||||
/// so the token doesn't expire mid-flight.
|
||||
const REFRESH_SKEW_SECS: i64 = 30;
|
||||
|
||||
/// Build a `RequestBuilder` for `<agent_api_url><path>` with the
|
||||
/// session's access token attached. `path` should include a leading
|
||||
/// `/`, e.g. `"/api/v1/repositories"`.
|
||||
pub async fn agent_request(
|
||||
method: Method,
|
||||
path: &str,
|
||||
) -> Result<reqwest::RequestBuilder, ServerFnError> {
|
||||
let state: ServerState = FullstackContext::extract().await?;
|
||||
let url = format!("{}{}", state.agent_api_url, path);
|
||||
let mut req = reqwest::Client::new().request(method, &url);
|
||||
req = attach_token(req, &state).await?;
|
||||
Ok(req)
|
||||
}
|
||||
|
||||
/// Same as [`agent_request`] but for `GET`. Convenience for the common case.
|
||||
pub async fn agent_get(path: &str) -> Result<reqwest::RequestBuilder, ServerFnError> {
|
||||
agent_request(Method::GET, path).await
|
||||
}
|
||||
|
||||
/// Attach the session's bearer token if Keycloak is configured AND the
|
||||
/// session has a logged-in user. Refresh the token proactively if it's
|
||||
/// expired or about to expire. Persists refreshed tokens back into the
|
||||
/// session.
|
||||
async fn attach_token(
|
||||
req: reqwest::RequestBuilder,
|
||||
state: &ServerState,
|
||||
) -> Result<reqwest::RequestBuilder, ServerFnError> {
|
||||
if state.keycloak.is_none() {
|
||||
return Ok(req);
|
||||
}
|
||||
let session: tower_sessions::Session = FullstackContext::extract().await?;
|
||||
let user: Option<UserStateInner> = session
|
||||
.get(LOGGED_IN_USER_SESS_KEY)
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(format!("session read failed: {e}")))?;
|
||||
let Some(mut user) = user else {
|
||||
return Ok(req);
|
||||
};
|
||||
|
||||
if token_needs_refresh(&user.access_token) {
|
||||
tracing::debug!("Access token expired or near-expiring; refreshing");
|
||||
match refresh_tokens(state, &user.refresh_token).await {
|
||||
Ok((new_access, new_refresh)) => {
|
||||
user.access_token = new_access;
|
||||
if let Some(rt) = new_refresh {
|
||||
user.refresh_token = rt;
|
||||
}
|
||||
if let Err(e) = session.insert(LOGGED_IN_USER_SESS_KEY, &user).await {
|
||||
tracing::warn!("Failed to persist refreshed tokens: {e}");
|
||||
}
|
||||
}
|
||||
Err(e) => {
|
||||
tracing::warn!("Token refresh failed: {e}; sending current token anyway");
|
||||
// Fall through — the agent will 401 and the UI will
|
||||
// prompt re-login. Better than failing the request at
|
||||
// the dashboard layer with no helpful UX cue.
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(req.bearer_auth(user.access_token))
|
||||
}
|
||||
|
||||
/// Decode the JWT's payload (no signature verification — the agent
|
||||
/// does that) and check the `exp` claim. Treats malformed tokens as
|
||||
/// expired so the refresh path runs.
|
||||
fn token_needs_refresh(jwt: &str) -> bool {
|
||||
let Some(payload_b64) = jwt.split('.').nth(1) else {
|
||||
return true;
|
||||
};
|
||||
let Ok(bytes) = URL_SAFE_NO_PAD.decode(payload_b64) else {
|
||||
return true;
|
||||
};
|
||||
#[derive(serde::Deserialize)]
|
||||
struct ExpClaim {
|
||||
exp: i64,
|
||||
}
|
||||
let Ok(claims) = serde_json::from_slice::<ExpClaim>(&bytes) else {
|
||||
return true;
|
||||
};
|
||||
let now = chrono::Utc::now().timestamp();
|
||||
claims.exp - REFRESH_SKEW_SECS <= now
|
||||
}
|
||||
|
||||
/// Exchange a refresh_token for a new access_token. Returns the new
|
||||
/// access_token and (optionally) the new refresh_token KC issued.
|
||||
/// KC may rotate refresh_tokens on use; we honor whatever it sends.
|
||||
async fn refresh_tokens(
|
||||
state: &ServerState,
|
||||
refresh_token: &str,
|
||||
) -> Result<(String, Option<String>), String> {
|
||||
let kc = state
|
||||
.keycloak
|
||||
.ok_or_else(|| "Keycloak not configured".to_string())?;
|
||||
if refresh_token.is_empty() {
|
||||
return Err("no refresh_token in session".to_string());
|
||||
}
|
||||
|
||||
#[derive(serde::Deserialize)]
|
||||
struct TokenResp {
|
||||
access_token: String,
|
||||
refresh_token: Option<String>,
|
||||
}
|
||||
|
||||
let resp = reqwest::Client::new()
|
||||
.post(kc.token_endpoint())
|
||||
.form(&[
|
||||
("grant_type", "refresh_token"),
|
||||
("client_id", kc.client_id.as_str()),
|
||||
("refresh_token", refresh_token),
|
||||
])
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| format!("refresh request failed: {e}"))?;
|
||||
|
||||
if !resp.status().is_success() {
|
||||
let status = resp.status();
|
||||
let body = resp.text().await.unwrap_or_default();
|
||||
return Err(format!("refresh rejected ({status}): {body}"));
|
||||
}
|
||||
|
||||
let r: TokenResp = resp
|
||||
.json()
|
||||
.await
|
||||
.map_err(|e| format!("refresh response parse failed: {e}"))?;
|
||||
Ok((r.access_token, r.refresh_token))
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use base64::Engine;
|
||||
|
||||
/// Build a JWT-shaped string (header.payload.sig) with the given
|
||||
/// payload. Signature is bogus — we never verify it locally.
|
||||
fn make_jwt(payload: &serde_json::Value) -> String {
|
||||
let payload_b64 = URL_SAFE_NO_PAD.encode(serde_json::to_vec(payload).unwrap());
|
||||
format!("hdr.{payload_b64}.sig")
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn token_needs_refresh_true_when_expired() {
|
||||
let exp = chrono::Utc::now().timestamp() - 60;
|
||||
let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
|
||||
assert!(token_needs_refresh(&jwt));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn token_needs_refresh_true_within_skew_window() {
|
||||
// 10 seconds left; less than the 30s skew → must refresh.
|
||||
let exp = chrono::Utc::now().timestamp() + 10;
|
||||
let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
|
||||
assert!(token_needs_refresh(&jwt));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn token_needs_refresh_false_with_plenty_of_life() {
|
||||
let exp = chrono::Utc::now().timestamp() + 600;
|
||||
let jwt = make_jwt(&serde_json::json!({ "exp": exp }));
|
||||
assert!(!token_needs_refresh(&jwt));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn token_needs_refresh_true_on_malformed_jwt() {
|
||||
assert!(token_needs_refresh(""));
|
||||
assert!(token_needs_refresh("not.a.jwt"));
|
||||
assert!(token_needs_refresh("only-one-segment"));
|
||||
assert!(token_needs_refresh("hdr.not-base64!.sig"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn token_needs_refresh_true_when_exp_missing() {
|
||||
let jwt = make_jwt(&serde_json::json!({ "sub": "abc" }));
|
||||
assert!(token_needs_refresh(&jwt));
|
||||
}
|
||||
}
|
||||
@@ -61,16 +61,14 @@ pub async fn send_chat_message(
|
||||
message: String,
|
||||
history: Vec<ChatHistoryMessage>,
|
||||
) -> Result<ChatApiResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/chat/{repo_id}", state.agent_api_url);
|
||||
let client = reqwest::Client::builder()
|
||||
// Chat uses a longer timeout because the LLM round-trip can be slow;
|
||||
// agent_request doesn't expose a per-call timeout so we layer one on.
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/chat/{repo_id}"),
|
||||
)
|
||||
.await?
|
||||
.timeout(std::time::Duration::from_secs(120))
|
||||
.build()
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let resp = client
|
||||
.post(&url)
|
||||
.json(&serde_json::json!({
|
||||
"message": message,
|
||||
"history": history,
|
||||
@@ -91,16 +89,11 @@ pub async fn send_chat_message(
|
||||
|
||||
#[server]
|
||||
pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!(
|
||||
"{}/api/v1/chat/{repo_id}/build-embeddings",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/chat/{repo_id}/build-embeddings"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -111,11 +104,9 @@ pub async fn trigger_embedding_build(repo_id: String) -> Result<(), ServerFnErro
|
||||
pub async fn fetch_embedding_status(
|
||||
repo_id: String,
|
||||
) -> Result<EmbeddingStatusResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/chat/{repo_id}/status", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/chat/{repo_id}/status"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: EmbeddingStatusResponse = resp
|
||||
|
||||
@@ -26,10 +26,9 @@ pub struct DastFindingDetailResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_dast_targets() -> Result<DastTargetsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/dast/targets", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/dast/targets")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: DastTargetsResponse = resp
|
||||
@@ -41,10 +40,9 @@ pub async fn fetch_dast_targets() -> Result<DastTargetsResponse, ServerFnError>
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_dast_scan_runs() -> Result<DastScanRunsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/dast/scan-runs", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/dast/scan-runs")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: DastScanRunsResponse = resp
|
||||
@@ -56,10 +54,9 @@ pub async fn fetch_dast_scan_runs() -> Result<DastScanRunsResponse, ServerFnErro
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_dast_findings() -> Result<DastFindingsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/dast/findings", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/dast/findings")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: DastFindingsResponse = resp
|
||||
@@ -73,10 +70,9 @@ pub async fn fetch_dast_findings() -> Result<DastFindingsResponse, ServerFnError
|
||||
pub async fn fetch_dast_finding_detail(
|
||||
id: String,
|
||||
) -> Result<DastFindingDetailResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/dast/findings/{id}", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/dast/findings/{id}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: DastFindingDetailResponse = resp
|
||||
@@ -88,12 +84,8 @@ pub async fn fetch_dast_finding_detail(
|
||||
|
||||
#[server]
|
||||
pub async fn add_dast_target(name: String, base_url: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/dast/targets", state.agent_api_url);
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/dast/targets")
|
||||
.await?
|
||||
.json(&serde_json::json!({
|
||||
"name": name,
|
||||
"base_url": base_url,
|
||||
@@ -106,15 +98,11 @@ pub async fn add_dast_target(name: String, base_url: String) -> Result<(), Serve
|
||||
|
||||
#[server]
|
||||
pub async fn trigger_dast_scan(target_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/dast/targets/{target_id}/scan",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/dast/targets/{target_id}/scan"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
@@ -24,39 +24,35 @@ pub struct FindingsQuery {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_findings(query: FindingsQuery) -> Result<FindingsListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let mut url = format!(
|
||||
"{}/api/v1/findings?page={}&limit=20",
|
||||
state.agent_api_url, query.page
|
||||
);
|
||||
let mut path = format!("/api/v1/findings?page={}&limit=20", query.page);
|
||||
if !query.severity.is_empty() {
|
||||
url.push_str(&format!("&severity={}", query.severity));
|
||||
path.push_str(&format!("&severity={}", query.severity));
|
||||
}
|
||||
if !query.scan_type.is_empty() {
|
||||
url.push_str(&format!("&scan_type={}", query.scan_type));
|
||||
path.push_str(&format!("&scan_type={}", query.scan_type));
|
||||
}
|
||||
if !query.status.is_empty() {
|
||||
url.push_str(&format!("&status={}", query.status));
|
||||
path.push_str(&format!("&status={}", query.status));
|
||||
}
|
||||
if !query.repo_id.is_empty() {
|
||||
url.push_str(&format!("&repo_id={}", query.repo_id));
|
||||
path.push_str(&format!("&repo_id={}", query.repo_id));
|
||||
}
|
||||
if !query.q.is_empty() {
|
||||
url.push_str(&format!(
|
||||
path.push_str(&format!(
|
||||
"&q={}",
|
||||
url::form_urlencoded::byte_serialize(query.q.as_bytes()).collect::<String>()
|
||||
));
|
||||
}
|
||||
if !query.sort_by.is_empty() {
|
||||
url.push_str(&format!("&sort_by={}", query.sort_by));
|
||||
path.push_str(&format!("&sort_by={}", query.sort_by));
|
||||
}
|
||||
if !query.sort_order.is_empty() {
|
||||
url.push_str(&format!("&sort_order={}", query.sort_order));
|
||||
path.push_str(&format!("&sort_order={}", query.sort_order));
|
||||
}
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: FindingsListResponse = resp
|
||||
@@ -68,11 +64,9 @@ pub async fn fetch_findings(query: FindingsQuery) -> Result<FindingsListResponse
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_finding_detail(id: String) -> Result<Finding, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/findings/{id}", state.agent_api_url);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/findings/{id}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: serde_json::Value = resp
|
||||
@@ -86,18 +80,15 @@ pub async fn fetch_finding_detail(id: String) -> Result<Finding, ServerFnError>
|
||||
|
||||
#[server]
|
||||
pub async fn update_finding_status(id: String, status: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/findings/{id}/status", state.agent_api_url);
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.patch(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::PATCH,
|
||||
&format!("/api/v1/findings/{id}/status"),
|
||||
)
|
||||
.await?
|
||||
.json(&serde_json::json!({ "status": status }))
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -106,34 +97,25 @@ pub async fn bulk_update_finding_status(
|
||||
ids: Vec<String>,
|
||||
status: String,
|
||||
) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/findings/bulk-status", state.agent_api_url);
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.patch(&url)
|
||||
super::agent_client::agent_request(reqwest::Method::PATCH, "/api/v1/findings/bulk-status")
|
||||
.await?
|
||||
.json(&serde_json::json!({ "ids": ids, "status": status }))
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[server]
|
||||
pub async fn update_finding_feedback(id: String, feedback: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/findings/{id}/feedback", state.agent_api_url);
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.patch(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::PATCH,
|
||||
&format!("/api/v1/findings/{id}/feedback"),
|
||||
)
|
||||
.await?
|
||||
.json(&serde_json::json!({ "feedback": feedback }))
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -50,10 +50,9 @@ pub struct SearchResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_graph(repo_id: String) -> Result<GraphDataResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/graph/{repo_id}", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: GraphDataResponse = resp
|
||||
@@ -68,13 +67,10 @@ pub async fn fetch_impact(
|
||||
repo_id: String,
|
||||
finding_id: String,
|
||||
) -> Result<ImpactResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/graph/{repo_id}/impact/{finding_id}",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/impact/{finding_id}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: ImpactResponse = resp
|
||||
@@ -86,10 +82,9 @@ pub async fn fetch_impact(
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_communities(repo_id: String) -> Result<CommunitiesResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/graph/{repo_id}/communities", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/graph/{repo_id}/communities"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: CommunitiesResponse = resp
|
||||
@@ -104,13 +99,11 @@ pub async fn fetch_file_content(
|
||||
repo_id: String,
|
||||
file_path: String,
|
||||
) -> Result<FileContentResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/graph/{repo_id}/file-content?path={file_path}",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!(
|
||||
"/api/v1/graph/{repo_id}/file-content?path={file_path}"
|
||||
))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: FileContentResponse = resp
|
||||
@@ -122,13 +115,11 @@ pub async fn fetch_file_content(
|
||||
|
||||
#[server]
|
||||
pub async fn search_nodes(repo_id: String, query: String) -> Result<SearchResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/graph/{repo_id}/search?q={query}&limit=50",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!(
|
||||
"/api/v1/graph/{repo_id}/search?q={query}&limit=50"
|
||||
))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: SearchResponse = resp
|
||||
@@ -140,12 +131,11 @@ pub async fn search_nodes(repo_id: String, query: String) -> Result<SearchRespon
|
||||
|
||||
#[server]
|
||||
pub async fn trigger_graph_build(repo_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/graph/{repo_id}/build", state.agent_api_url);
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/graph/{repo_id}/build"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
@@ -12,11 +12,9 @@ pub struct IssuesListResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_issues(page: u64) -> Result<IssuesListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/issues?page={page}&limit=20", state.agent_api_url);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/issues?page={page}&limit=20"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: IssuesListResponse = resp
|
||||
|
||||
@@ -18,6 +18,8 @@ pub mod stats;
|
||||
|
||||
// Server-only modules
|
||||
#[cfg(feature = "server")]
|
||||
mod agent_client;
|
||||
#[cfg(feature = "server")]
|
||||
mod auth;
|
||||
#[cfg(feature = "server")]
|
||||
mod auth_middleware;
|
||||
|
||||
@@ -32,11 +32,9 @@ pub struct NotificationCountResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_notification_count() -> Result<u64, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/notifications/count", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/notifications/count")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: NotificationCountResponse = resp
|
||||
@@ -48,11 +46,9 @@ pub async fn fetch_notification_count() -> Result<u64, ServerFnError> {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_notifications() -> Result<NotificationListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/notifications?limit=20", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/notifications?limit=20")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: NotificationListResponse = resp
|
||||
@@ -64,12 +60,8 @@ pub async fn fetch_notifications() -> Result<NotificationListResponse, ServerFnE
|
||||
|
||||
#[server]
|
||||
pub async fn mark_all_notifications_read() -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/notifications/read-all", state.agent_api_url);
|
||||
reqwest::Client::new()
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/notifications/read-all")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -78,12 +70,11 @@ pub async fn mark_all_notifications_read() -> Result<(), ServerFnError> {
|
||||
|
||||
#[server]
|
||||
pub async fn dismiss_notification(id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/notifications/{id}/dismiss", state.agent_api_url);
|
||||
reqwest::Client::new()
|
||||
.patch(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::PATCH,
|
||||
&format!("/api/v1/notifications/{id}/dismiss"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
@@ -32,12 +32,10 @@ pub struct AttackChainResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
// Fetch sessions
|
||||
let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/pentest/sessions")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let mut body: PentestSessionsResponse = resp
|
||||
@@ -46,8 +44,8 @@ pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerF
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
// Fetch DAST targets to resolve target names
|
||||
let targets_url = format!("{}/api/v1/dast/targets", state.agent_api_url);
|
||||
if let Ok(tresp) = reqwest::get(&targets_url).await {
|
||||
if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await {
|
||||
if let Ok(tresp) = tresp_builder.send().await {
|
||||
if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
|
||||
let targets = tbody.get("data").and_then(|v| v.as_array());
|
||||
if let Some(targets) = targets {
|
||||
@@ -77,16 +75,16 @@ pub async fn fetch_pentest_sessions() -> Result<PentestSessionsResponse, ServerF
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(body)
|
||||
}
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/pentest/sessions/{id}", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{id}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let mut body: PentestSessionResponse = resp
|
||||
@@ -96,8 +94,8 @@ pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse,
|
||||
|
||||
// Resolve target name from targets list
|
||||
if let Some(tid) = body.data.get("target_id").and_then(|v| v.as_str()) {
|
||||
let targets_url = format!("{}/api/v1/dast/targets", state.agent_api_url);
|
||||
if let Ok(tresp) = reqwest::get(&targets_url).await {
|
||||
if let Ok(tresp_builder) = super::agent_client::agent_get("/api/v1/dast/targets").await {
|
||||
if let Ok(tresp) = tresp_builder.send().await {
|
||||
if let Ok(tbody) = tresp.json::<serde_json::Value>().await {
|
||||
if let Some(targets) = tbody.get("data").and_then(|v| v.as_array()) {
|
||||
for t in targets {
|
||||
@@ -122,6 +120,7 @@ pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(body)
|
||||
}
|
||||
@@ -130,13 +129,10 @@ pub async fn fetch_pentest_session(id: String) -> Result<PentestSessionResponse,
|
||||
pub async fn fetch_pentest_messages(
|
||||
session_id: String,
|
||||
) -> Result<PentestMessagesResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/messages",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/messages"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: PentestMessagesResponse = resp
|
||||
@@ -148,10 +144,9 @@ pub async fn fetch_pentest_messages(
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_pentest_stats() -> Result<PentestStatsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/pentest/stats", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/pentest/stats")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: PentestStatsResponse = resp
|
||||
@@ -163,13 +158,11 @@ pub async fn fetch_pentest_stats() -> Result<PentestStatsResponse, ServerFnError
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_attack_chain(session_id: String) -> Result<AttackChainResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/attack-chain",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!(
|
||||
"/api/v1/pentest/sessions/{session_id}/attack-chain"
|
||||
))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: AttackChainResponse = resp
|
||||
@@ -185,12 +178,9 @@ pub async fn create_pentest_session(
|
||||
strategy: String,
|
||||
message: String,
|
||||
) -> Result<PentestSessionResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions")
|
||||
.await?
|
||||
.json(&serde_json::json!({
|
||||
"target_id": target_id,
|
||||
"strategy": strategy,
|
||||
@@ -211,14 +201,11 @@ pub async fn create_pentest_session(
|
||||
pub async fn create_pentest_session_wizard(
|
||||
config_json: String,
|
||||
) -> Result<PentestSessionResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/pentest/sessions", state.agent_api_url);
|
||||
let config: serde_json::Value =
|
||||
serde_json::from_str(&config_json).map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/pentest/sessions")
|
||||
.await?
|
||||
.json(&serde_json::json!({ "config": config }))
|
||||
.send()
|
||||
.await
|
||||
@@ -239,8 +226,6 @@ pub async fn create_pentest_session_wizard(
|
||||
/// Look up a tracked repository by its git URL
|
||||
#[server]
|
||||
pub async fn lookup_repo_by_url(url: String) -> Result<serde_json::Value, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let encoded_url: String = url
|
||||
.bytes()
|
||||
.flat_map(|b| {
|
||||
@@ -251,11 +236,10 @@ pub async fn lookup_repo_by_url(url: String) -> Result<serde_json::Value, Server
|
||||
}
|
||||
})
|
||||
.collect();
|
||||
let api_url = format!(
|
||||
"{}/api/v1/pentest/lookup-repo?url={}",
|
||||
state.agent_api_url, encoded_url
|
||||
);
|
||||
let resp = reqwest::get(&api_url)
|
||||
let resp =
|
||||
super::agent_client::agent_get(&format!("/api/v1/pentest/lookup-repo?url={encoded_url}"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: serde_json::Value = resp
|
||||
@@ -270,15 +254,11 @@ pub async fn send_pentest_message(
|
||||
session_id: String,
|
||||
message: String,
|
||||
) -> Result<PentestMessagesResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/chat",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/pentest/sessions/{session_id}/chat"),
|
||||
)
|
||||
.await?
|
||||
.json(&serde_json::json!({
|
||||
"message": message,
|
||||
}))
|
||||
@@ -294,15 +274,11 @@ pub async fn send_pentest_message(
|
||||
|
||||
#[server]
|
||||
pub async fn stop_pentest_session(session_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/stop",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/pentest/sessions/{session_id}/stop"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -311,15 +287,11 @@ pub async fn stop_pentest_session(session_id: String) -> Result<(), ServerFnErro
|
||||
|
||||
#[server]
|
||||
pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/pause",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/pentest/sessions/{session_id}/pause"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -332,15 +304,11 @@ pub async fn pause_pentest_session(session_id: String) -> Result<(), ServerFnErr
|
||||
|
||||
#[server]
|
||||
pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/resume",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/pentest/sessions/{session_id}/resume"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -355,13 +323,10 @@ pub async fn resume_pentest_session(session_id: String) -> Result<(), ServerFnEr
|
||||
pub async fn fetch_pentest_findings(
|
||||
session_id: String,
|
||||
) -> Result<DastFindingsResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/findings",
|
||||
state.agent_api_url
|
||||
);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_get(&format!("/api/v1/pentest/sessions/{session_id}/findings"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: DastFindingsResponse = resp
|
||||
@@ -385,15 +350,11 @@ pub async fn export_pentest_report(
|
||||
requester_name: String,
|
||||
requester_email: String,
|
||||
) -> Result<ExportReportResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/pentest/sessions/{session_id}/export",
|
||||
state.agent_api_url
|
||||
);
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/pentest/sessions/{session_id}/export"),
|
||||
)
|
||||
.await?
|
||||
.json(&serde_json::json!({
|
||||
"password": password,
|
||||
"requester_name": requester_name,
|
||||
|
||||
@@ -12,14 +12,10 @@ pub struct RepositoryListResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_repositories(page: u64) -> Result<RepositoryListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/repositories?page={page}&limit=20",
|
||||
state.agent_api_url
|
||||
);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let path = format!("/api/v1/repositories?page={page}&limit=20");
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: RepositoryListResponse = resp
|
||||
@@ -41,10 +37,6 @@ pub async fn add_repository(
|
||||
tracker_repo: Option<String>,
|
||||
tracker_token: Option<String>,
|
||||
) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/repositories", state.agent_api_url);
|
||||
|
||||
let mut body = serde_json::json!({
|
||||
"name": name,
|
||||
"git_url": git_url,
|
||||
@@ -69,9 +61,8 @@ pub async fn add_repository(
|
||||
body["tracker_token"] = serde_json::Value::String(tk);
|
||||
}
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.post(&url)
|
||||
let resp = super::agent_client::agent_request(reqwest::Method::POST, "/api/v1/repositories")
|
||||
.await?
|
||||
.json(&body)
|
||||
.send()
|
||||
.await
|
||||
@@ -100,10 +91,6 @@ pub async fn update_repository(
|
||||
tracker_token: Option<String>,
|
||||
scan_schedule: Option<String>,
|
||||
) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url);
|
||||
|
||||
let mut body = serde_json::Map::new();
|
||||
if let Some(v) = name.filter(|s| !s.is_empty()) {
|
||||
body.insert("name".into(), serde_json::Value::String(v));
|
||||
@@ -133,9 +120,11 @@ pub async fn update_repository(
|
||||
body.insert("scan_schedule".into(), serde_json::Value::String(v));
|
||||
}
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.patch(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::PATCH,
|
||||
&format!("/api/v1/repositories/{repo_id}"),
|
||||
)
|
||||
.await?
|
||||
.json(&body)
|
||||
.send()
|
||||
.await
|
||||
@@ -153,11 +142,9 @@ pub async fn update_repository(
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_ssh_public_key() -> Result<String, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/settings/ssh-public-key", state.agent_api_url);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/settings/ssh-public-key")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
|
||||
@@ -179,13 +166,11 @@ pub async fn fetch_ssh_public_key() -> Result<String, ServerFnError> {
|
||||
|
||||
#[server]
|
||||
pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/repositories/{repo_id}", state.agent_api_url);
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
let resp = client
|
||||
.delete(&url)
|
||||
let resp = super::agent_client::agent_request(
|
||||
reqwest::Method::DELETE,
|
||||
&format!("/api/v1/repositories/{repo_id}"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -202,13 +187,11 @@ pub async fn delete_repository(repo_id: String) -> Result<(), ServerFnError> {
|
||||
|
||||
#[server]
|
||||
pub async fn trigger_repo_scan(repo_id: String) -> Result<(), ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/repositories/{repo_id}/scan", state.agent_api_url);
|
||||
|
||||
let client = reqwest::Client::new();
|
||||
client
|
||||
.post(&url)
|
||||
super::agent_client::agent_request(
|
||||
reqwest::Method::POST,
|
||||
&format!("/api/v1/repositories/{repo_id}/scan"),
|
||||
)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
@@ -224,14 +207,10 @@ pub struct WebhookConfigResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_webhook_config(repo_id: String) -> Result<WebhookConfigResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/repositories/{repo_id}/webhook-config",
|
||||
state.agent_api_url
|
||||
);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp =
|
||||
super::agent_client::agent_get(&format!("/api/v1/repositories/{repo_id}/webhook-config"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: WebhookConfigResponse = resp
|
||||
@@ -244,11 +223,9 @@ pub async fn fetch_webhook_config(repo_id: String) -> Result<WebhookConfigRespon
|
||||
/// Check if a repository has any running scans
|
||||
#[server]
|
||||
pub async fn check_repo_scanning(repo_id: String) -> Result<bool, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/scan-runs?page=1&limit=1", state.agent_api_url);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/scan-runs?page=1&limit=1")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: serde_json::Value = resp
|
||||
|
||||
@@ -87,11 +87,9 @@ pub struct SbomFiltersResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_sbom_filters() -> Result<SbomFiltersResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!("{}/api/v1/sbom/filters", state.agent_api_url);
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/sbom/filters")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let text = resp
|
||||
@@ -112,9 +110,6 @@ pub async fn fetch_sbom_filtered(
|
||||
license: Option<String>,
|
||||
page: u64,
|
||||
) -> Result<SbomListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let mut params = vec![format!("page={page}"), "limit=50".to_string()];
|
||||
if let Some(r) = &repo_id {
|
||||
if !r.is_empty() {
|
||||
@@ -140,9 +135,10 @@ pub async fn fetch_sbom_filtered(
|
||||
}
|
||||
}
|
||||
|
||||
let url = format!("{}/api/v1/sbom?{}", state.agent_api_url, params.join("&"));
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let path = format!("/api/v1/sbom?{}", params.join("&"));
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let text = resp
|
||||
@@ -156,15 +152,10 @@ pub async fn fetch_sbom_filtered(
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result<String, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!(
|
||||
"{}/api/v1/sbom/export?repo_id={}&format={}",
|
||||
state.agent_api_url, repo_id, format
|
||||
);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let path = format!("/api/v1/sbom/export?repo_id={repo_id}&format={format}");
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let text = resp
|
||||
@@ -178,17 +169,16 @@ pub async fn fetch_sbom_export(repo_id: String, format: String) -> Result<String
|
||||
pub async fn fetch_license_summary(
|
||||
repo_id: Option<String>,
|
||||
) -> Result<LicenseSummaryResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let mut url = format!("{}/api/v1/sbom/licenses", state.agent_api_url);
|
||||
let mut path = "/api/v1/sbom/licenses".to_string();
|
||||
if let Some(r) = &repo_id {
|
||||
if !r.is_empty() {
|
||||
url = format!("{url}?repo_id={r}");
|
||||
path = format!("{path}?repo_id={r}");
|
||||
}
|
||||
}
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let text = resp
|
||||
@@ -205,15 +195,10 @@ pub async fn fetch_sbom_diff(
|
||||
repo_a: String,
|
||||
repo_b: String,
|
||||
) -> Result<SbomDiffResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
|
||||
let url = format!(
|
||||
"{}/api/v1/sbom/diff?repo_a={}&repo_b={}",
|
||||
state.agent_api_url, repo_a, repo_b
|
||||
);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let path = format!("/api/v1/sbom/diff?repo_a={repo_a}&repo_b={repo_b}");
|
||||
let resp = super::agent_client::agent_get(&path)
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let text = resp
|
||||
|
||||
@@ -12,14 +12,9 @@ pub struct ScansListResponse {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_scan_runs(page: u64) -> Result<ScansListResponse, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!(
|
||||
"{}/api/v1/scan-runs?page={page}&limit=20",
|
||||
state.agent_api_url
|
||||
);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get(&format!("/api/v1/scan-runs?page={page}&limit=20"))
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: ScansListResponse = resp
|
||||
|
||||
@@ -16,11 +16,9 @@ pub struct OverviewStats {
|
||||
|
||||
#[server]
|
||||
pub async fn fetch_overview_stats() -> Result<OverviewStats, ServerFnError> {
|
||||
let state: super::server_state::ServerState =
|
||||
dioxus_fullstack::FullstackContext::extract().await?;
|
||||
let url = format!("{}/api/v1/stats/overview", state.agent_api_url);
|
||||
|
||||
let resp = reqwest::get(&url)
|
||||
let resp = super::agent_client::agent_get("/api/v1/stats/overview")
|
||||
.await?
|
||||
.send()
|
||||
.await
|
||||
.map_err(|e| ServerFnError::new(e.to_string()))?;
|
||||
let body: serde_json::Value = resp
|
||||
|
||||
Reference in New Issue
Block a user