anti
dc3d08dd41
Second of the five-step identity-resolution substrate. Ships the API
surface against the empty AttackerIdentity table from commit 1 — every
endpoint returns empty/404 cleanly until the clusterer populates rows.
Routes (auth-gated, viewer role):
* GET /api/v1/identities — paginated list, excludes merged-out rows
* GET /api/v1/identities/{uuid} — detail; transparently follows
merged_into_uuid to surface the canonical winner
* GET /api/v1/identities/{uuid}/observations — Attacker rows FK'd
to the (resolved) identity uuid
Repository (BaseRepository abstract + SQLModelRepository concrete):
* get_identity_by_uuid (with merge-chain following, hop-bounded)
* list_identities / count_identities (excluding merged-out)
* list_observations_for_identity / count_observations_for_identity
Tests: 12 new (empty-table behavior, seeded data, merge-chain
resolution, repo-level smoke against real SQLite). Also fixes the
pre-existing test_base_repo_coverage failure (DEBT-041 added abstract
methods without updating the DummyRepo stub) — included here because
this PR adds 5 more abstract methods, fixing it as a bonus.
474 db/web/profiler/correlation tests green.
45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
"""GET /api/v1/identities/{uuid} — single identity row.
|
|
|
|
Soft-merge handling: if the requested UUID has merged_into_uuid set,
|
|
the repository follows the chain and returns the winner. Callers always
|
|
receive the canonical identity for any UUID that has ever been part of
|
|
the merge tree.
|
|
|
|
Returns 404 against an empty/unknown UUID — expected response while the
|
|
clusterer hasn't run yet.
|
|
"""
|
|
from typing import Any
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException
|
|
|
|
from decnet.telemetry import traced as _traced
|
|
from decnet.web.dependencies import repo, require_viewer
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get(
|
|
"/identities/{uuid}",
|
|
tags=["Identity Resolution"],
|
|
responses={
|
|
401: {"description": "Could not validate credentials"},
|
|
403: {"description": "Insufficient permissions"},
|
|
404: {"description": "Identity not found"},
|
|
},
|
|
)
|
|
@_traced("api.get_identity_detail")
|
|
async def get_identity_detail(
|
|
uuid: str,
|
|
user: dict = Depends(require_viewer),
|
|
) -> dict[str, Any]:
|
|
identity = await repo.get_identity_by_uuid(uuid)
|
|
if not identity:
|
|
raise HTTPException(status_code=404, detail="Identity not found")
|
|
# Cheap aggregates the IdentityDetail page surfaces. Counted off the
|
|
# FK rather than maintained in observation_count so the answer is
|
|
# always live (the denormalized field can lag the clusterer briefly).
|
|
identity["observation_count_live"] = await repo.count_observations_for_identity(
|
|
identity["uuid"]
|
|
)
|
|
return identity
|