feat: Added new package operation controller

GermanMT · GermanMT · commit 1561bc071c46 · 2025-09-10T19:22:08.000+02:00
diff --git a/app/controllers/file_operation_controller.py b/app/controllers/file_operation_controller.py
@@ -13,7 +13,7 @@
 )
 from app.services import (
     read_data_for_smt_transform,
-    read_graph_for_info_operation,
+    read_graph_for_req_file_info_operation,
     read_operation_result,
     read_requirement_file_moment,
     read_smt_text,
@@ -52,7 +52,7 @@ async def requirement_file_info(
     if operation_result is not None and operation_result["moment"].replace(tzinfo=UTC) > req_file_moment.replace(tzinfo=UTC):
         result = operation_result["result"]
     else:
-        result = await read_graph_for_info_operation(
+        result = await read_graph_for_req_file_info_operation(
             file_info_request.node_type.value,
             file_info_request.requirement_file_id,
             file_info_request.max_depth
diff --git a/app/controllers/package_operation_controller.py b/app/controllers/package_operation_controller.py
@@ -0,0 +1,76 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Body, Depends, Request, status
+from fastapi.responses import JSONResponse
+
+from app.limiter import limiter
+from app.schemas import PackageInfoRequest
+from app.services import (
+    read_graph_for_package_info_operation,
+    read_operation_result,
+    replace_operation_result,
+)
+from app.utils import (
+    JWTBearer,
+    filter_versions,
+    json_encoder,
+)
+
+router = APIRouter()
+
+@router.post(
+    "/operation/package/package_info",
+    summary="Get Package Information",
+    description="Retrieve information about dependnecy graph of a specific package.",
+    response_description="Package information.",
+    dependencies=[Depends(JWTBearer())],
+    tags=["Secure Chain Depex - Operation/Package"]
+)
+@limiter.limit("5/minute")
+async def package_info(
+    request: Request,
+    package_info_request: Annotated[PackageInfoRequest, Body()]
+) -> JSONResponse:
+    operation_result_id = f"{package_info_request.node_type.value}:{package_info_request.package_name}:{package_info_request.max_depth}"
+    operation_result = await read_operation_result(operation_result_id)
+    if operation_result is not None:
+        result = operation_result["result"]
+    else:
+        result = await read_graph_for_package_info_operation(
+            package_info_request.node_type.value,
+            package_info_request.package_name,
+            package_info_request.max_depth
+        )
+        if result["total_direct_dependencies"] != 0:
+            for direct_package in result["direct_dependencies"]:
+                direct_package["versions"] = await filter_versions(
+                    package_info_request.node_type.value,
+                    direct_package["versions"],
+                    direct_package["package_constraints"]
+                )
+            for _, indirect_packages in result["indirect_dependencies_by_depth"].items():
+                for indirect_package in indirect_packages:
+                    indirect_package["versions"] = await filter_versions(
+                        package_info_request.node_type.value,
+                        indirect_package["versions"],
+                        indirect_package["package_constraints"]
+                    )
+        else:
+            return JSONResponse(
+                status_code=status.HTTP_200_OK,
+                content= await json_encoder(
+                    {
+                        "detail": "no_dependencies",
+                    }
+                ),
+            )
+        await replace_operation_result(operation_result_id, result)
+    return JSONResponse(
+        status_code=status.HTTP_200_OK, content= await json_encoder(
+            {
+                "result": result,
+                "detail": "file_info_success",
+            }
+        )
+    )
+
diff --git a/app/router.py b/app/router.py
@@ -5,10 +5,12 @@
     file_operation_controller,
     graph_controller,
     health_controller,
+    package_operation_controller,
 )
 
 api_router = APIRouter()
 api_router.include_router(health_controller.router, tags=["Secure Chain Depex Health"])
 api_router.include_router(graph_controller.router, tags=["Secure Chain Depex - Graph"])
+api_router.include_router(package_operation_controller.router, tags=["Secure Chain Depex - Operation/Package"])
 api_router.include_router(file_operation_controller.router, tags=["Secure Chain Depex - Operation/File"])
 api_router.include_router(config_operation_controller.router, tags=["Secure Chain Depex - Operation/Config"])
diff --git a/app/schemas/__init__.py b/app/schemas/__init__.py
@@ -12,6 +12,7 @@
     FileInfoRequest,
     FilterConfigsRequest,
     MinMaxImpactRequest,
+    PackageInfoRequest,
     ValidConfigRequest,
     ValidGraphRequest,
 )
@@ -28,6 +29,7 @@
     "InitRepositoryRequest",
     "InitVersionRequest",
     "MinMaxImpactRequest",
+    "PackageInfoRequest",
     "ValidConfigRequest",
-    "ValidGraphRequest",
+    "ValidGraphRequest"
 ]
diff --git a/app/schemas/operations/__init__.py b/app/schemas/operations/__init__.py
@@ -3,6 +3,7 @@
 from .file_info_request import FileInfoRequest
 from .filter_configs_request import FilterConfigsRequest
 from .min_max_impact_request import MinMaxImpactRequest
+from .package_info_request import PackageInfoRequest
 from .valid_config_request import ValidConfigRequest
 from .valid_graph_request import ValidGraphRequest
 
@@ -12,6 +13,7 @@
     "FileInfoRequest",
     "FilterConfigsRequest",
     "MinMaxImpactRequest",
+    "PackageInfoRequest",
     "ValidConfigRequest",
     "ValidGraphRequest"
 ]
diff --git a/app/schemas/operations/package_info_request.py b/app/schemas/operations/package_info_request.py
@@ -0,0 +1,20 @@
+from pydantic import BaseModel, Field, field_validator, model_validator
+
+from app.schemas.enums import NodeType
+from app.schemas.validators import validate_max_depth
+
+
+class PackageInfoRequest(BaseModel):
+    package_name: str = Field(...)
+    max_depth: int = Field(...)
+    node_type: NodeType = Field(...)
+
+    @field_validator("max_depth")
+    def validate_max_depth(cls, value):
+        return validate_max_depth(value)
+
+    @model_validator(mode='before')
+    def set_max_depth_to_square(cls, values):
+        if values.get('max_depth') != -1:
+            values['max_depth'] = values.get('max_depth', 1) * 2
+        return values
diff --git a/app/services/__init__.py b/app/services/__init__.py
@@ -18,7 +18,8 @@
     create_repository,
     create_user_repository_rel,
     read_data_for_smt_transform,
-    read_graph_for_info_operation,
+    read_graph_for_package_info_operation,
+    read_graph_for_req_file_info_operation,
     read_repositories,
     read_repositories_by_user_id,
     read_repositories_update,
@@ -60,7 +61,8 @@
     "exists_package",
     "exists_version",
     "read_data_for_smt_transform",
-    "read_graph_for_info_operation",
+    "read_graph_for_package_info_operation",
+    "read_graph_for_req_file_info_operation",
     "read_operation_result",
     "read_package_by_name",
     "read_package_status_by_name",
diff --git a/app/services/repository_service.py b/app/services/repository_service.py
@@ -10,7 +10,7 @@
 
 
 @unit_of_work(timeout=3)
-async def read_graph(tx, query, requirement_file_id, max_depth):
+async def read_graph_req_file(tx, query, requirement_file_id, max_depth):
     result = await tx.run(
         query,
         requirement_file_id=requirement_file_id,
@@ -19,6 +19,16 @@ async def read_graph(tx, query, requirement_file_id, max_depth):
     return await result.single()
 
 
+@unit_of_work(timeout=3)
+async def read_graph_package(tx, query, package_name, max_depth):
+    result = await tx.run(
+        query,
+        package_name=package_name,
+        max_depth=max_depth
+    )
+    return await result.single()
+
+
 async def create_repository(repository: dict[str, Any]) -> str:
     query = """
     MATCH(u:User) WHERE u._id = $user_id
@@ -84,7 +94,7 @@ async def read_repository_by_id(repository_id: str) -> dict[str, str]:
     return record[0] if record else None
 
 
-async def read_graph_for_info_operation(
+async def read_graph_for_req_file_info_operation(
     node_type: str,
     requirement_file_id: str,
     max_depth: int
@@ -151,7 +161,7 @@ async def read_graph_for_info_operation(
     try:
         async with get_graph_db_driver().session() as session:
             record = await session.execute_read(
-                read_graph,
+                read_graph_req_file,
                 query,
                 requirement_file_id,
                 max_depth
@@ -167,6 +177,88 @@ async def read_graph_for_info_operation(
             raise MemoryOutException() from err
 
 
+async def read_graph_for_package_info_operation(
+    node_type: str,
+    package_name: str,
+    max_depth: int
+) -> dict[str, Any]:
+    query = f"""
+    MATCH (p:{node_type}{{name:$package_name}})
+    CALL apoc.path.expandConfig(
+        p,
+        {{
+            relationshipFilter: 'REQUIRE>|HAVE>',
+            labelFilter: 'Version|{node_type}',
+            maxLevel: $max_depth,
+            bfs: true,
+            uniqueness: 'NODE_GLOBAL'
+        }}
+    ) YIELD path
+    WITH
+        last(nodes(path)) AS pkg,
+        (length(path) - 1) / 2 AS depth,
+        last(relationships(path)) AS rel
+    WHERE '{node_type}' IN labels(pkg) AND type(rel) = 'REQUIRE'
+    OPTIONAL MATCH (pkg:{node_type})-[:HAVE]->(v:Version)
+    WITH
+        pkg,
+        depth,
+        collect(DISTINCT {{
+            name: v.name,
+            mean: v.mean,
+            serial_number: v.serial_number,
+            weighted_mean: v.weighted_mean,
+            vulnerability_count: v.vulnerabilities
+        }}) AS versions,
+        rel.constraints AS constraints
+    WITH {{
+        package_name: pkg.name,
+        package_vendor: pkg.vendor,
+        package_constraints: constraints,
+        versions: versions
+        }} AS enriched_pkg,
+        depth
+    WITH
+        collect(CASE WHEN depth = 0 THEN enriched_pkg END) AS direct_deps,
+        collect(CASE WHEN depth > 1 THEN {{node: enriched_pkg, depth: depth}} END) AS indirect_info
+    WITH
+        direct_deps,
+        indirect_info,
+        reduce(
+            map = {{}},
+            entry IN indirect_info |
+            apoc.map.setKey(
+            map,
+            toString(entry.depth),
+            coalesce(map[toString(entry.depth)], []) + entry.node
+            )
+        ) AS indirect_by_depth
+    RETURN {{
+        direct_dependencies: direct_deps,
+        total_direct_dependencies: size(direct_deps),
+        indirect_dependencies_by_depth: apoc.map.removeKey(indirect_by_depth, null),
+        total_indirect_dependencies: size(indirect_info)
+    }}
+    """
+    try:
+        async with get_graph_db_driver().session() as session:
+            record = await session.execute_read(
+                read_graph_package,
+                query,
+                package_name,
+                max_depth
+            )
+            return record[0] if record else None
+    except Neo4jError as err:
+        code = getattr(err, "code", "") or ""
+        if (
+            code == "Neo.TransientError.General.MemoryPoolOutOfMemoryError"
+            or code == "Neo.ClientError.Transaction.TransactionTimedOutClientConfiguration"
+            or code == "Neo.ClientError.Transaction.TransactionTimedOut"
+        ):
+            raise MemoryOutException() from err
+
+
 async def read_data_for_smt_transform(
     requirement_file_id: str,
     max_depth: int
@@ -205,7 +297,7 @@ async def read_data_for_smt_transform(
     try:
         async with get_graph_db_driver().session() as session:
             record = await session.execute_read(
-                read_graph,
+                read_graph_req_file,
                 query,
                 requirement_file_id,
                 max_depth
