Optimising api changes page

akto-api-security · Sep 20, 2024 · 1ec7c98 · 1ec7c98
1 parent 3442d6f
commit 1ec7c98
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 24 deletions.
diff --git a/apps/dashboard/src/main/java/com/akto/action/observe/InventoryAction.java b/apps/dashboard/src/main/java/com/akto/action/observe/InventoryAction.java
@@ -419,10 +419,25 @@ public String fetchSensitiveParamsForEndpoints() {
         return Action.SUCCESS.toUpperCase();
     }
 
+    public String loadRecentApiInfos(){
+        Bson filter = Filters.and(
+            Filters.nin(ApiInfo.ID_API_COLLECTION_ID,deactivatedCollections),
+            Filters.gte(ApiInfo.DISCOVERED_TIMESTAMP, startTimestamp),
+            Filters.lte(ApiInfo.DISCOVERED_TIMESTAMP, endTimestamp)
+        );
+        List<ApiInfo> apiInfos = ApiInfoDao.instance.findAll(filter);
+        for(ApiInfo info: apiInfos){
+            info.calculateActualAuth();
+        }
+        response = new BasicDBObject();
+        response.put("apiInfoList", apiInfos);
+        return Action.SUCCESS.toUpperCase();
+    }
+
     public String loadRecentEndpoints() {
         List<BasicDBObject> list = fetchRecentEndpoints(startTimestamp, endTimestamp);
-        attachTagsInAPIList(list);
-        attachAPIInfoListInResponse(list, -1);
+        response = new BasicDBObject();
+        response.put("endpoints", list);
         return Action.SUCCESS.toUpperCase();
     }
 

diff --git a/apps/dashboard/src/main/resources/struts.xml b/apps/dashboard/src/main/resources/struts.xml
@@ -865,6 +865,27 @@
             </result>
         </action>
 
+        <action name="api/loadRecentApiInfos" class="com.akto.action.observe.InventoryAction" method="loadRecentApiInfos">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <interceptor-ref name="roleAccessInterceptor">
+                <param name="featureLabel">API_COLLECTIONS</param>
+                <param name="accessType">READ</param>
+            </interceptor-ref>
+
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <result name="SUCCESS"   type="json">
+                <param name="root">response</param>
+            </result>
+            <result name="ERROR" type="httpheader">
+                <param name="status">401</param>
+            </result>
+        </action>
+
         <action name="api/fetchNewParametersTrend" class="com.akto.action.observe.InventoryAction" method="fetchNewParametersTrend">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api.js
@@ -329,6 +329,15 @@ export default {
         })
         return resp
     },
+
+    async loadRecentApiInfos (startTimestamp, endTimestamp) {
+        const resp = await request({
+            url: '/api/loadRecentApiInfos',
+            method: 'post',
+            data: { startTimestamp, endTimestamp }
+        })
+        return resp
+    },
     async fetchSensitiveParamsForEndpoints (urls) {
         const resp = await request({
             url: '/api/fetchSensitiveParamsForEndpoints',

diff --git a/...board/web/polaris_web/web/src/apps/dashboard/pages/observe/api_collections/ApiChanges.jsx b/...board/web/polaris_web/web/src/apps/dashboard/pages/observe/api_collections/ApiChanges.jsx
@@ -61,29 +61,40 @@ function ApiChanges() {
         })
     }
 
+    async function fetchData() {
+        let apiCollection, apiCollectionUrls, apiInfoList;
+        let apiPromises = [
+            api.loadRecentEndpoints(startTimestamp, endTimestamp),
+            api.loadRecentApiInfos(startTimestamp, endTimestamp),
+            api.fetchNewParametersTrend(startTimestamp, endTimestamp)
+        ];
+        let results = await Promise.allSettled(apiPromises);
+        let endpointsFromStiResp = results[0].status === 'fulfilled' ? results[0].value : {"endpoints": []}
+        let endpointsFromApiInfos = results[1].status === 'fulfilled' ? results[1].value : {"apiInfoList" : []}
+        let parametersResp = results[2].status === 'fulfilled' ? results[2].value : {}
+
+        apiCollection = endpointsFromStiResp.endpoints.map(x => { return { ...x._id, startTs: x.startTs } })
+        apiCollectionUrls = endpointsFromStiResp.endpoints.map(x => x._id.url)
+        apiInfoList = endpointsFromApiInfos.apiInfoList
+
+        await api.fetchSensitiveParamsForEndpoints(apiCollectionUrls).then(allSensitiveFields => {
+            let sensitiveParams = allSensitiveFields.data.endpoints
+            setSensitiveParams([...sensitiveParams]);
+            apiCollection = transform.fillSensitiveParams(sensitiveParams, apiCollection);
+        })
+
+        let data = func.mergeApiInfoAndApiCollection(apiCollection, apiInfoList, collectionsMap);
+        const prettifiedData = transform.prettifyEndpointsData(data)
+        setNewEndpoints({prettify: prettifiedData, normal: data});
+
+        const trendObj = transform.findNewParametersCountTrend(parametersResp, startTimestamp, endTimestamp)
+        setNewParametersCount(trendObj.count)
+        setParametersTrend(trendObj.trend)
+
+        setLoading(false);
+    }
+
     useEffect(() => {
-        async function fetchData() {
-            let apiCollection, apiCollectionUrls, apiInfoList;
-            await api.loadRecentEndpoints(startTimestamp, endTimestamp).then((res) => {
-                apiCollection = res.data.endpoints.map(x => { return { ...x._id, startTs: x.startTs } })
-                apiCollectionUrls = res.data.endpoints.map(x => x._id.url)
-                apiInfoList = res.data.apiInfoList
-            })
-            await api.fetchSensitiveParamsForEndpoints(apiCollectionUrls).then(allSensitiveFields => {
-                let sensitiveParams = allSensitiveFields.data.endpoints
-                setSensitiveParams([...sensitiveParams]);
-                apiCollection = transform.fillSensitiveParams(sensitiveParams, apiCollection);
-            })
-            let data = func.mergeApiInfoAndApiCollection(apiCollection, apiInfoList, collectionsMap);
-            const prettifiedData = transform.prettifyEndpointsData(data)
-            setNewEndpoints({prettify: prettifiedData, normal: data});
-            await api.fetchNewParametersTrend(startTimestamp, endTimestamp).then((resp) => {
-                const trendObj = transform.findNewParametersCountTrend(resp, startTimestamp, endTimestamp)
-                setNewParametersCount(trendObj.count)
-                setParametersTrend(trendObj.trend)
-            })
-            setLoading(false);
-        }
         if (allCollections.length > 0) {
             fetchData();
         }

diff --git a/libs/dao/src/main/java/com/akto/dao/ApiInfoDao.java b/libs/dao/src/main/java/com/akto/dao/ApiInfoDao.java
@@ -80,6 +80,9 @@ public void createIndicesIfAbsent() {
 
         MCollection.createIndexIfAbsent(getDBName(), getCollName(),
                 new String[] { ApiInfo.RISK_SCORE, ApiInfo.ID_API_COLLECTION_ID }, false);
+
+        MCollection.createIndexIfAbsent(getDBName(), getCollName(),
+            new String[] {ApiInfo.DISCOVERED_TIMESTAMP }, false);
     }