Merge branch 'develop' into bugfix/MARP-1629-Fix-AI-Assistant-release…

…-on-MP
axonivy-market · Dec 18, 2024 · fb2df04 · fb2df04
2 parents 7a841a1 + e1a0d85
commit fb2df04
Show file tree

Hide file tree

Showing 67 changed files with 2,501 additions and 292 deletions.
diff --git a/marketplace-build/.env b/marketplace-build/.env
@@ -12,4 +12,5 @@ MARKET_GITHUB_OAUTH_APP_CLIENT_ID=
 MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=
 MARKET_JWT_SECRET_KEY=
 MARKET_CORS_ALLOWED_ORIGIN=*
-MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_LOG_PATH=logs
diff --git a/marketplace-build/dev/.env b/marketplace-build/dev/.env
@@ -12,4 +12,5 @@ MARKET_GITHUB_OAUTH_APP_CLIENT_ID=
 MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=
 MARKET_JWT_SECRET_KEY=
 MARKET_CORS_ALLOWED_ORIGIN=*
-MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_LOG_PATH=logs
diff --git a/marketplace-build/dev/docker-compose.yml b/marketplace-build/dev/docker-compose.yml
@@ -24,6 +24,7 @@ services:
     volumes:
       - /home/axonivy/marketplace/data/market-installations.json:/app/data/market-installation.json
       - marketcache:/app/data/market-cache
+      - ./logs:/app/logs
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
@@ -36,6 +37,7 @@ services:
       - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
       - MARKET_CORS_ALLOWED_ORIGIN=${MARKET_CORS_ALLOWED_ORIGIN}
       - MARKET_MONGO_LOG_LEVEL=${MARKET_MONGO_LOG_LEVEL}
+      - MARKET_LOG_PATH=${MARKET_LOG_PATH}
     build:
       context: ../../marketplace-service
       dockerfile: Dockerfile

diff --git a/marketplace-build/docker-compose.yml b/marketplace-build/docker-compose.yml
@@ -24,6 +24,7 @@ services:
     volumes:
       - /home/axonivy/marketplace/data/market-installations.json:/app/data/market-installation.json
       - marketcache:/app/data/market-cache
+      - ./logs:/app/logs
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
@@ -36,6 +37,7 @@ services:
       - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
       - MARKET_CORS_ALLOWED_ORIGIN=${MARKET_CORS_ALLOWED_ORIGIN}
       - MARKET_MONGO_LOG_LEVEL=${MARKET_MONGO_LOG_LEVEL}
+      - MARKET_LOG_PATH=${MARKET_LOG_PATH}
     build:
       context: ../marketplace-service
       dockerfile: Dockerfile

diff --git a/marketplace-build/release/.env b/marketplace-build/release/.env
@@ -13,4 +13,5 @@ MARKET_GITHUB_OAUTH_APP_CLIENT_ID=
 MARKET_GITHUB_OAUTH_APP_CLIENT_SECRET=
 MARKET_JWT_SECRET_KEY=
 MARKET_CORS_ALLOWED_ORIGIN=*
-MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_MONGO_LOG_LEVEL=DEBUG
+MARKET_LOG_PATH=logs
diff --git a/marketplace-build/release/docker-compose.yml b/marketplace-build/release/docker-compose.yml
@@ -22,6 +22,7 @@ services:
     volumes:
       - /home/axonivy/marketplace/data/market-installations.json:/app/data/market-installation.json
       - marketcache:/app/data/market-cache
+      - ./logs:/app/logs
     environment:
       - MONGODB_HOST=${SERVICE_MONGODB_HOST}
       - MONGODB_DATABASE=${SERVICE_MONGODB_DATABASE}
@@ -34,6 +35,7 @@ services:
       - MARKET_JWT_SECRET_KEY=${MARKET_JWT_SECRET_KEY}
       - MARKET_CORS_ALLOWED_ORIGIN=${MARKET_CORS_ALLOWED_ORIGIN}
       - MARKET_MONGO_LOG_LEVEL=${MARKET_MONGO_LOG_LEVEL}
+      - MARKET_LOG_PATH=${MARKET_LOG_PATH}
     networks:
       - marketplace-network
 

diff --git a/marketplace-service/pom.xml b/marketplace-service/pom.xml
@@ -73,7 +73,11 @@
       <artifactId>jaxb-api</artifactId>
       <version>2.3.1</version>
     </dependency>
-    <dependency>
+      <dependency>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter-aop</artifactId>
+      </dependency>
+      <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-validation</artifactId>
     </dependency>

diff --git a/marketplace-service/src/main/java/com/axonivy/market/config/RestTemplateConfig.java b/marketplace-service/src/main/java/com/axonivy/market/config/RestTemplateConfig.java
@@ -0,0 +1,14 @@
+package com.axonivy.market.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class RestTemplateConfig {
+
+  @Bean
+  public RestTemplate restTemplate() {
+    return new RestTemplate();
+  }
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/constants/CommonConstants.java b/marketplace-service/src/main/java/com/axonivy/market/constants/CommonConstants.java
@@ -6,6 +6,7 @@
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class CommonConstants {
   public static final String REQUESTED_BY = "X-Requested-By";
+  public static final String USER_AGENT = "user-agent";
   public static final String SLASH = "/";
   public static final String DOT_SEPARATOR = ".";
   public static final String PLUS = "+";

diff --git a/marketplace-service/src/main/java/com/axonivy/market/constants/GitHubConstants.java b/marketplace-service/src/main/java/com/axonivy/market/constants/GitHubConstants.java
@@ -19,15 +19,19 @@ public static class Json {
     public static final String CLIENT_ID = "client_id";
     public static final String CLIENT_SECRET = "client_secret";
     public static final String CODE = "code";
-    public static final String USER_ID = "id";
-    public static final String USER_NAME = "name";
-    public static final String USER_AVATAR_URL = "avatar_url";
-    public static final String USER_LOGIN_NAME = "login";
+    public static final String SEVERITY = "severity";
+    public static final String SECURITY_SEVERITY_LEVEL = "security_severity_level";
+    public static final String SEVERITY_ADVISORY = "security_advisory";
+    public static final String RULE = "rule";
   }
 
   @NoArgsConstructor(access = AccessLevel.PRIVATE)
   public static class Url {
     private static final String BASE_URL = "https://api.github.com";
-    public static final String USER = BASE_URL + "/user";
+    public static final String REPO_DEPENDABOT_ALERTS_OPEN = BASE_URL + "/repos/%s/%s/dependabot/alerts?state=open";
+    public static final String REPO_SECRET_SCANNING_ALERTS_OPEN =
+        BASE_URL + "/repos/%s/%s/secret-scanning/alerts?state=open";
+    public static final String REPO_CODE_SCANNING_ALERTS_OPEN =
+        BASE_URL + "/repos/%s/%s/code-scanning/alerts?state=open";
   }
 }
diff --git a/marketplace-service/src/main/java/com/axonivy/market/constants/LoggingConstants.java b/marketplace-service/src/main/java/com/axonivy/market/constants/LoggingConstants.java
@@ -0,0 +1,22 @@
+package com.axonivy.market.constants;
+
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public class LoggingConstants {
+
+  public static final String ENTRY_FORMAT = "    <%s>%s</%s>%n";
+  public static final String ENTRY_START = "  <LogEntry>\n";
+  public static final String ENTRY_END = "  </LogEntry>\n";
+  public static final String DATE_FORMAT = "yyyy-MM-dd";
+  public static final String TIMESTAMP_FORMAT = "yyyy-MM-dd HH:mm:ss";
+  public static final String LOG_START = "<Logs>\n";
+  public static final String LOG_END = "</Logs>";
+  public static final String METHOD = "method";
+  public static final String ARGUMENTS = "arguments";
+  public static final String TIMESTAMP = "timestamp";
+  public static final String NO_ARGUMENTS = "No arguments";
+  public static final String MARKET_WEBSITE = "marketplace-website";
+
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/constants/RequestMappingConstants.java b/marketplace-service/src/main/java/com/axonivy/market/constants/RequestMappingConstants.java
@@ -13,7 +13,7 @@ public class RequestMappingConstants {
   public static final String FEEDBACK = API + "/feedback";
   public static final String IMAGE = API + "/image";
   public static final String SYNC = "sync";
-  public static final String SYNC_PRODUCT_VERSION = SYNC + "/product-version";
+  public static final String SYNC_FIRST_PUBLISHED_DATE_ALL_PRODUCTS = SYNC + "/first-published-date";
   public static final String SYNC_ONE_PRODUCT_BY_ID = "sync/{id}";
   public static final String SWAGGER_URL = "/swagger-ui/index.html";
   public static final String GIT_HUB_LOGIN = "/github/login";
@@ -32,4 +32,5 @@ public class RequestMappingConstants {
   public static final String LATEST_ARTIFACT_DOWNLOAD_URL_BY_ID = "/{id}/artifact";
   public static final String EXTERNAL_DOCUMENT = API + "/externaldocument";
   public static final String PRODUCT_MARKETPLACE_DATA = API + "/product-marketplace-data";
+  public static final String SECURITY_MONITOR = API + "/security-monitor";
 }
diff --git a/marketplace-service/src/main/java/com/axonivy/market/controller/ProductController.java b/marketplace-service/src/main/java/com/axonivy/market/controller/ProductController.java
@@ -145,6 +145,25 @@ public ResponseEntity<Message> syncOneProduct(
     return new ResponseEntity<>(message, HttpStatus.OK);
   }
 
+  @PutMapping(SYNC_FIRST_PUBLISHED_DATE_ALL_PRODUCTS)
+  @Operation(hidden = true)
+  public ResponseEntity<Message> syncFirstPublishedDateOfAllProducts(
+      @RequestHeader(value = AUTHORIZATION) String authorizationHeader) {
+    String token = AuthorizationUtils.getBearerToken(authorizationHeader);
+    gitHubService.validateUserInOrganizationAndTeam(token, GitHubConstants.AXONIVY_MARKET_ORGANIZATION_NAME,
+        GitHubConstants.AXONIVY_MARKET_TEAM_NAME);
+
+    var message = new Message();
+    var isSuccess = productService.syncFirstPublishedDateOfAllProducts();
+    if (isSuccess) {
+      message.setHelpCode(ErrorCode.SUCCESSFUL.getCode());
+      message.setMessageDetails("Sync successfully!");
+    } else {
+      message.setMessageDetails("Sync unsuccessfully!");
+    }
+    return new ResponseEntity<>(message, HttpStatus.OK);
+  }
+
   @SuppressWarnings("unchecked")
   private ResponseEntity<PagedModel<ProductModel>> generateEmptyPagedModel() {
     var emptyPagedModel = (PagedModel<ProductModel>) pagedResourcesAssembler.toEmptyModel(Page.empty(),

diff --git a/...service/src/main/java/com/axonivy/market/controller/ProductMarketplaceDataController.java b/...service/src/main/java/com/axonivy/market/controller/ProductMarketplaceDataController.java
@@ -3,13 +3,12 @@
 import com.axonivy.market.constants.GitHubConstants;
 import com.axonivy.market.enums.ErrorCode;
 import com.axonivy.market.github.service.GitHubService;
+import com.axonivy.market.logging.Loggable;
 import com.axonivy.market.model.Message;
 import com.axonivy.market.model.ProductCustomSortRequest;
 import com.axonivy.market.service.ProductMarketplaceDataService;
 import com.axonivy.market.util.AuthorizationUtils;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
-import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.AllArgsConstructor;
@@ -36,7 +35,7 @@
 public class ProductMarketplaceDataController {
   private final GitHubService gitHubService;
   private final ProductMarketplaceDataService productMarketplaceDataService;
-  
+
   @PostMapping(CUSTOM_SORT)
   @Operation(hidden = true)
   public ResponseEntity<Message> createCustomSortProducts(
@@ -51,15 +50,14 @@ public ResponseEntity<Message> createCustomSortProducts(
     return new ResponseEntity<>(message, HttpStatus.OK);
   }
 
+  @Loggable
+  @Operation(hidden = true)
   @PutMapping(INSTALLATION_COUNT_BY_ID)
-  @Operation(summary = "Update installation count of product",
-      description = "By default, increase installation count when click download product files by users")
   public ResponseEntity<Integer> syncInstallationCount(
-      @PathVariable(ID) @Parameter(description = "Product id (from meta.json)", example = "approval-decision-utils",
-          in = ParameterIn.PATH) String productId,
-      @RequestParam(name = DESIGNER_VERSION, required = false) @Parameter(in = ParameterIn.QUERY,
-          example = "v10.0.20") String designerVersion) {
+      @PathVariable(ID) String productId,
+      @RequestParam(name = DESIGNER_VERSION, required = false) String designerVersion) {
     int result = productMarketplaceDataService.updateInstallationCountForProduct(productId, designerVersion);
     return new ResponseEntity<>(result, HttpStatus.OK);
   }
+
 }
diff --git a/...tplace-service/src/main/java/com/axonivy/market/controller/SecurityMonitorController.java b/...tplace-service/src/main/java/com/axonivy/market/controller/SecurityMonitorController.java
@@ -0,0 +1,39 @@
+package com.axonivy.market.controller;
+
+import com.axonivy.market.constants.GitHubConstants;
+import com.axonivy.market.github.service.GitHubService;
+import com.axonivy.market.github.model.ProductSecurityInfo;
+import com.axonivy.market.util.AuthorizationUtils;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.AllArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+import static com.axonivy.market.constants.RequestMappingConstants.SECURITY_MONITOR;
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+
+@RestController
+@RequestMapping(SECURITY_MONITOR)
+@Tag(name = "Security Monitor Controllers", description = "API collection to get Github Marketplace security's detail.")
+@AllArgsConstructor
+public class SecurityMonitorController {
+  private final GitHubService gitHubService;
+
+  @GetMapping
+  @Operation(hidden = true)
+  public ResponseEntity<Object> getGitHubMarketplaceSecurity(
+      @RequestHeader(value = AUTHORIZATION) String authorizationHeader) {
+    String token = AuthorizationUtils.getBearerToken(authorizationHeader);
+    gitHubService.validateUserInOrganizationAndTeam(token, GitHubConstants.AXONIVY_MARKET_ORGANIZATION_NAME,
+        GitHubConstants.AXONIVY_MARKET_TEAM_NAME);
+    List<ProductSecurityInfo> securityInfoList = gitHubService.getSecurityDetailsForAllProducts(token,
+        GitHubConstants.AXONIVY_MARKET_ORGANIZATION_NAME);
+    return ResponseEntity.ok(securityInfoList);
+  }
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/entity/Product.java b/marketplace-service/src/main/java/com/axonivy/market/entity/Product.java
@@ -64,6 +64,7 @@ public class Product implements Serializable {
   @Transient
   private int installationCount;
   private Date newestPublishedDate;
+  private Date firstPublishedDate;
   private String newestReleaseVersion;
   @Transient
   private ProductModuleContent productModuleContent;

diff --git a/marketplace-service/src/main/java/com/axonivy/market/enums/AccessLevel.java b/marketplace-service/src/main/java/com/axonivy/market/enums/AccessLevel.java
@@ -0,0 +1,10 @@
+package com.axonivy.market.enums;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public enum AccessLevel {
+  NO_PERMISSION, ENABLED, DISABLED
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/enums/SortOption.java b/marketplace-service/src/main/java/com/axonivy/market/enums/SortOption.java
@@ -11,7 +11,7 @@
 public enum SortOption {
   POPULARITY("popularity", "marketplaceData.installationCount", Sort.Direction.DESC),
   ALPHABETICALLY("alphabetically", "names", Sort.Direction.ASC),
-  RECENT("recent", "newestPublishedDate", Sort.Direction.DESC),
+  RECENT("recent", "firstPublishedDate", Sort.Direction.DESC),
   STANDARD("standard", "marketplaceData.customOrder", Sort.Direction.DESC),
   ID("id", "_id", Sort.Direction.ASC);
 

diff --git a/marketplace-service/src/main/java/com/axonivy/market/github/model/CodeScanning.java b/marketplace-service/src/main/java/com/axonivy/market/github/model/CodeScanning.java
@@ -0,0 +1,16 @@
+package com.axonivy.market.github.model;
+
+import com.axonivy.market.enums.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.Map;
+
+@Getter
+@Setter
+@NoArgsConstructor
+public class CodeScanning {
+  private Map<String, Integer> alerts;
+  private AccessLevel status;
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/github/model/Dependabot.java b/marketplace-service/src/main/java/com/axonivy/market/github/model/Dependabot.java
@@ -0,0 +1,16 @@
+package com.axonivy.market.github.model;
+
+import com.axonivy.market.enums.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.Map;
+
+@Getter
+@Setter
+@NoArgsConstructor
+public class Dependabot {
+  private Map<String, Integer> alerts;
+  private AccessLevel status;
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/github/model/ProductSecurityInfo.java b/marketplace-service/src/main/java/com/axonivy/market/github/model/ProductSecurityInfo.java
@@ -0,0 +1,24 @@
+package com.axonivy.market.github.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.Date;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class ProductSecurityInfo {
+  private String repoName;
+  private boolean isArchived;
+  private String visibility;
+  private boolean branchProtectionEnabled;
+  private Date lastCommitDate;
+  private String latestCommitSHA;
+  private Dependabot dependabot;
+  private SecretScanning secretScanning;
+  private CodeScanning codeScanning;
+}
diff --git a/marketplace-service/src/main/java/com/axonivy/market/github/model/SecretScanning.java b/marketplace-service/src/main/java/com/axonivy/market/github/model/SecretScanning.java
@@ -0,0 +1,14 @@
+package com.axonivy.market.github.model;
+
+import com.axonivy.market.enums.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor
+public class SecretScanning {
+  private Integer numberOfAlerts;
+  private AccessLevel status;
+}