Merge branch 'main' into feature/iac-scaffolding

Author: nishkersh

.dockerignore

@@ -1,4 +1,3 @@
-__pycache__
 .ash_history
 .bash_history
 .cache
@@ -17,6 +16,7 @@ __pycache__
 .vscode
 *.log
 *.pem
+**/__pycache__
 backend/data
 backend/staticfiles
 build

.github/workflows/check-pr-issue.yaml

@@ -0,0 +1,28 @@
+name: Check PR linked issue and assignee
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  check-pr-issue:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Check PR linked issue and assignee
+        uses: arkid15r/check-pr-issue-action@a3635191c798f111aae577759b579dc37bb13e02
+        with:
+          close_pr_on_failure: 'false'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          no_assignee_message: 'Test: The linked issue must be assigned to the PR author.'
+          no_issue_message: 'Test: This PR must be linked to an issue.'
+          require_assignee: 'true'

.github/workflows/run-ci-cd.yaml

@@ -71,13 +71,13 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
         with:
           version: 10
           run_install: true
 
       - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version: 22
           cache: 'pnpm'
@@ -557,13 +557,13 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
         with:
           run_install: true
           version: 10
 
       - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           cache-dependency-path: frontend/pnpm-lock.yaml
           cache: 'pnpm'

.github/workflows/run-code-ql.yaml

@@ -31,19 +31,19 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93
+        uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5
         with:
           languages: ${{ matrix.language }}
 
       - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061
         with:
           version: 10
           run_install: false
 
       - name: Set up Node
         if: matrix.language == 'javascript-typescript'
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
           node-version: 22
           cache: 'pnpm'
@@ -55,6 +55,6 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93
+        uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5
         with:
           category: /language:${{ matrix.language }}

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
         exclude: (.github|pnpm-lock.yaml)
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.2
+    rev: v0.14.0
     hooks:
       - id: ruff
         args:
@@ -83,7 +83,7 @@ repos:
         exclude: pnpm-lock.yaml
 
   - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.7.0
+    rev: v2.11.0
     hooks:
       - id: pyproject-fmt
 

LEARN.md

@@ -7,11 +7,11 @@
 
 # [OWASP Nest](https://nest.owasp.org/)
 
-[![OWASP](https://img.shields.io/badge/OWASP-Incubator-blue?style=for-the-badge)](https://owasp.org/www-project-nest/) [![OWASP](https://img.shields.io/badge/OWASP-Code-blue?style=for-the-badge)](https://owasp.org/www-project-nest/) [![project-nest](https://img.shields.io/badge/OWASP-%23project--nest-blue?logo=slack&logoColor=white&style=for-the-badge)](https://owasp.slack.com/messages/project-nest)
+[![OWASP](https://img.shields.io/badge/Lab-blue?&label=owasp%20level&style=for-the-badge)](https://owasp.org/www-project-nest/) [![OWASP](https://img.shields.io/badge/Code-blue?label=OWASP%20Type&style=for-the-badge)](https://owasp.org/www-project-nest/) [![project-nest](https://img.shields.io/badge/%23project--nest-blue?label=OWASP%20Slack&logoColor=white&style=for-the-badge)](https://owasp.slack.com/messages/project-nest)
 
-[![License](https://img.shields.io/github/license/owasp/nest?color=41BE4A&label=License&style=for-the-badge)](https://github.com/OWASP/Nest/blob/main/LICENSE) [![Last Commit](https://img.shields.io/github/last-commit/owasp/nest/main?style=for-the-badge&label=Last%20commit)](https://github.com/OWASP/Nest/commits/main/) [![Contributors](https://img.shields.io/github/contributors/owasp/nest?style=for-the-badge&label=Contributors)](https://github.com/OWASP/Nest/graphs/contributors)
+[![License](https://img.shields.io/github/license/owasp/nest?color=blue&label=License&style=for-the-badge)](https://github.com/OWASP/Nest/blob/main/LICENSE) [![Last Commit](https://img.shields.io/github/last-commit/owasp/nest/main?color=blue&style=for-the-badge&label=Last%20commit)](https://github.com/OWASP/Nest/commits/main/) [![Contributors](https://img.shields.io/github/contributors/owasp/nest?style=for-the-badge&label=Contributors&color=blue)](https://github.com/OWASP/Nest/graphs/contributors)
 
-[![CI/CD](https://img.shields.io/github/actions/workflow/status/owasp/nest/run-ci-cd.yaml?branch=main&label=Build&style=for-the-badge)](https://github.com/owasp/nest/actions/workflows/run-ci-cd.yaml?query=branch%3Amain) [![CodeQL](https://img.shields.io/github/actions/workflow/status/owasp/nest/run-code-ql.yaml?branch=main&label=CodeQL&style=for-the-badge)](https://github.com/owasp/nest/actions/workflows/run-code-ql.yaml?query=branch%3Amain) [![Sonarqube](https://img.shields.io/sonar/quality_gate/OWASP_Nest?server=https://sonarcloud.io&style=for-the-badge&label=Sonarqube)](https://sonarcloud.io/summary/new_code?id=OWASP_Nest&branch=main)
+[![CI/CD](https://img.shields.io/github/actions/workflow/status/owasp/nest/run-ci-cd.yaml?branch=main&color=blue&label=Build&style=for-the-badge)](https://github.com/owasp/nest/actions/workflows/run-ci-cd.yaml?query=branch%3Amain) [![CodeQL](https://img.shields.io/github/actions/workflow/status/owasp/nest/run-code-ql.yaml?branch=main&color=blue&label=CodeQL&style=for-the-badge)](https://github.com/owasp/nest/actions/workflows/run-code-ql.yaml?query=branch%3Amain) [![Sonarqube](https://img.shields.io/sonar/quality_gate/OWASP_Nest?color=blue&server=https://sonarcloud.io&style=for-the-badge&label=Sonarqube)](https://sonarcloud.io/summary/new_code?id=OWASP_Nest&branch=main)
 
 [![Issues](https://img.shields.io/github/issues/owasp/nest?color=blue&style=for-the-badge&label=Issues)](https://github.com/OWASP/Nest/issues) [![Pull Requests](https://img.shields.io/github/issues-pr/owasp/nest?color=blue&style=for-the-badge&label=Pull%20Requests)](https://github.com/OWASP/Nest/pulls)
 

README.md

@@ -0,0 +1,56 @@
+"""Decorator for API Cache."""
+
+from functools import wraps
+from http import HTTPStatus
+
+from django.conf import settings
+from django.core.cache import cache
+from django.http import HttpRequest
+
+
+def generate_key(
+    request: HttpRequest,
+    prefix: str,
+):
+    """Generate a cache key for a request."""
+    return f"{prefix}:{request.get_full_path()}"
+
+
+def cache_response(
+    ttl: int | None = None,
+    prefix: str | None = None,
+):
+    """Cache API responses for GET and HEAD requests.
+
+    Args:
+        ttl (int): The time-to-live for the cache entry in seconds.
+        prefix (str): A prefix for the cache key.
+
+    """
+    if ttl is None:
+        ttl = settings.API_CACHE_TIME_SECONDS
+
+    if prefix is None:
+        prefix = settings.API_CACHE_PREFIX
+
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapper(request, *args, **kwargs):
+            if request.method not in ("GET", "HEAD"):
+                return view_func(request, *args, **kwargs)
+
+            cache_key = generate_key(
+                request=request,
+                prefix=prefix,
+            )
+            if response := cache.get(cache_key):
+                return response
+
+            response = view_func(request, *args, **kwargs)
+            if response.status_code == HTTPStatus.OK:
+                cache.set(cache_key, response, timeout=ttl)
+            return response
+
+        return _wrapper
+
+    return decorator

backend/apps/api/decorators/__init__.py

@@ -2,9 +2,11 @@
 
 from django.conf import settings
 from ninja import NinjaAPI, Swagger
+from ninja.pagination import RouterPaginated
 from ninja.throttling import AuthRateThrottle
 
 from apps.api.rest.auth.api_key import ApiKey as ApiKey
+from apps.api.rest.v0.chapter import router as chapter_router
 from apps.api.rest.v0.committee import router as committee_router
 from apps.api.rest.v0.event import router as event_router
 from apps.api.rest.v0.issue import router as issue_router
@@ -15,8 +17,6 @@
 from apps.api.rest.v0.repository import router as repository_router
 from apps.api.rest.v0.sponsor import router as sponsor_router
 
-from .chapter import router as chapter_router
-
 ROUTERS = {
     # Chapters.
     "/chapters": chapter_router,
@@ -42,11 +42,12 @@
 
 api_settings = {
     "auth": ApiKey(),  # The `api_key` param name is based on the ApiKey class name.
+    "default_router": RouterPaginated(),
     "description": "Open Worldwide Application Security Project API",
     "docs": Swagger(settings={"persistAuthorization": True}),
     "throttle": [AuthRateThrottle("10/s")],
     "title": "OWASP Nest",
-    "version": "0.2.3",
+    "version": "0.2.4",
 }
 
 api_settings_customization = {}