search

vipyrsec / dragonfly-mainframe

The mainframe for Dragonfly
https://docs.vipyrsec.com/dragonfly-mainframe/
MIT License
4 stars 2 forks source link

Create response models for `GET /package` endpoint #200

Closed Robin5605 closed 1 month ago

Robin5605 commented 4 months ago

Currently the GET /package endpoint dumps the entire SQLAlchemy model which contains a lot of unnecessary information, and can change frequently based on the underlying database model. I think it would be better to establish a formal interface that does not necessarily have to match up with the underlying database model 1-to-1.

BruDriguezz commented 4 months ago

:eyes:

Robin5605 commented 4 months ago

Thanks for your interest in the issue @BruDriguezz , I've assigned you the issue.

Robin5605 commented 4 months ago

@BruDriguezz Here's a sample response to GET /package?name=discord.py:

[
  {
    "scan_id": "9c42a9ad-7101-43fa-a045-e9234d7f3593",
    "name": "discord.py",
    "version": "2.3.2",
    "status": "finished",
    "score": 5,
    "inspector_url": "https://inspector.pypi.io/project/discord.py/2.3.2/packages/6f/cb/a360101905102684a4fe6fc543976842383f54ddeeef020959e4965c416e/discord.py-2.3.2.tar.gz/discord.py-2.3.2/discord/widget.py",
    "rules": [
      {
        "id": "16970910-aca9-4bfa-8890-8b554be7ce8c",
        "name": "setup_behaviors"
      },
      {
        "id": "ee990845-0c41-48a6-a292-9a74578faa66",
        "name": "discord_api_call"
      }
    ],
    "download_urls": [
      {
        "id": "c280a3b0-3833-4050-b257-f21998c94139",
        "scan_id": "9c42a9ad-7101-43fa-a045-e9234d7f3593",
        "url": "https://files.pythonhosted.org/packages/9c/7e/5f1b24b2ced0c4b3042204f7827b57c7dcb26d368e9b0fde8cec7853cf30/discord.py-2.3.2-py3-none-any.whl"
      },
      {
        "id": "70efd967-2541-4a15-b003-96a91a525ef0",
        "scan_id": "9c42a9ad-7101-43fa-a045-e9234d7f3593",
        "url": "https://files.pythonhosted.org/packages/6f/cb/a360101905102684a4fe6fc543976842383f54ddeeef020959e4965c416e/discord.py-2.3.2.tar.gz"
      }
    ],
    "queued_at": "2023-08-10T21:45:05.332381",
    "queued_by": "auth0|648e655d6ee6f0aa8794b3a3",
    "pending_at": "2023-08-10T21:45:18.516178",
    "pending_by": "auth0|6484c3cb146ddde5386f389d",
    "finished_at": "2023-08-10T21:45:21.182882",
    "finished_by": "auth0|6484c3cb146ddde5386f389d",
    "reported_at": null,
    "reported_by": null,
    "fail_reason": null,
    "commit_hash": "396197fe9f0af858088dd67e1cbc022b917e40e4"
  }
]

Here's what I'd like it to be:

[
  {
    "scan_id": "9c42a9ad-7101-43fa-a045-e9234d7f3593",
    "name": "discord.py",
    "version": "2.3.2",
    "status": "finished",
    "score": 5,
    "inspector_url": "https://inspector.pypi.io/project/discord.py/2.3.2/packages/6f/cb/a360101905102684a4fe6fc543976842383f54ddeeef020959e4965c416e/discord.py-2.3.2.tar.gz/discord.py-2.3.2/discord/widget.py",
    "rules": ["setup_behaviors", "discord_api_call"],
    "download_urls": [
        "https://files.pythonhosted.org/packages/9c/7e/5f1b24b2ced0c4b3042204f7827b57c7dcb26d368e9b0fde8cec7853cf30/discord.py-2.3.2-py3-none-any.whl",
        "https://files.pythonhosted.org/packages/6f/cb/a360101905102684a4fe6fc543976842383f54ddeeef020959e4965c416e/discord.py-2.3.2.tar.gz"
    ],
    "queued_at": "2023-08-10T21:45:05.332381",
    "queued_by": "auth0|648e655d6ee6f0aa8794b3a3",
    "pending_at": "2023-08-10T21:45:18.516178",
    "pending_by": "auth0|6484c3cb146ddde5386f389d",
    "finished_at": "2023-08-10T21:45:21.182882",
    "finished_by": "auth0|6484c3cb146ddde5386f389d",
    "commit_hash": "396197fe9f0af858088dd67e1cbc022b917e40e4"
  }
]

Also would be nice if all datetimes were UTC UNIX timestamps. This is not any sort of spec I'd like, but just something along the lines of this. Feel free to take some liberties that you see fit.