Merge branch 'dev' into dependabot/npm_and_yarn/npm_and_yarn-ca90b5e8d5

Author: pradeeban

DEV-GUIDE.md

@@ -0,0 +1,10 @@
+# Dev Guide
+
+## File size limit used by file browser
+
+The file open size limit is configured in [src/toolbarActions/toolbarFunctions.js](src/toolbarActions/toolbarFunctions.js).
+
+- `MAX_FILE_SIZE_MB` controls the limit in MB.
+- `MAX_FILE_SIZE` is derived from it as bytes.
+
+To change the limit, update `MAX_FILE_SIZE_MB` only.

package-lock.json

@@ -1,11 +1,18 @@
-from model.workflows import *
+from model.workflows import WorkFlowModel
 from flask import request, make_response, Blueprint
 import defusedxml.ElementTree as ET
 
 workFlow = Blueprint('workflow', __name__)
 workFlowModel = WorkFlowModel()
 
 
+def isMissingWorkflow(graphml):
+    if graphml is None:
+        return True
+    # Backward-compatible guard for legacy model return type.
+    return isinstance(graphml, tuple) and len(graphml) > 0 and graphml[0] is False
+
+
 def getLasteshActionHash(root):
     xmlns = root.tag[root.tag.index('{')+1:root.tag.rindex('}')]
     return root.find(f'{{{xmlns}}}graph')\
@@ -23,7 +30,7 @@ def getAllActionHash(root):
 def postWorkflow():
     try:
         lastestHash = getLasteshActionHash(ET.fromstring(request.data))
-    except:
+    except Exception:
         return "Invalid GraphML", 400
     graphML = request.data.decode('utf')
     return workFlowModel.insert(graphML, lastestHash)
@@ -32,7 +39,7 @@ def postWorkflow():
 @workFlow.route("/<serverID>")
 def getWorkflow(serverID):
     graphml = workFlowModel.get(serverID)
-    if graphml is None:
+    if isMissingWorkflow(graphml):
         return "Not Found", 404
     if('X-Latest-Hash' in request.headers):
         latestHash = request.headers['X-Latest-Hash']
@@ -53,7 +60,7 @@ def updateWorkflow(serverID):
         latestHash = getLasteshActionHash(root)
         if(not forceUpdate):
             allHash = getAllActionHash(root)
-    except:
+    except Exception:
         return "Invalid GraphML", 400
     graphML = request.data.decode('utf')
     if(forceUpdate):

server/controller/workflow.py

@@ -1,11 +1,11 @@
 from pymongo import MongoClient
-from pymongo import MongoClient
+from pymongo.errors import DuplicateKeyError
 import time
 from bson.objectid import ObjectId
 from bson.errors import InvalidId
 import os
 import xml.etree.ElementTree as ET
-import random
+import secrets
 import string
 from dotenv import load_dotenv
 load_dotenv()
@@ -14,42 +14,42 @@ class WorkFlowModel:
     def __init__(self) -> None:
         self.collection = MongoClient(os.getenv('MongoURL'))[
             os.getenv('dbName')][os.getenv('tableName')]
+        self.collection.create_index('serverID', unique=True)
 
     def get_random_string(self, length):
         letters = string.ascii_letters+string.digits
-        return ''.join(random.choice(letters) for i in range(length))
+        return ''.join(secrets.choice(letters) for i in range(length))
 
     def insert(self, graphml, latestHash):
-        serverID = ""
         while(True):
             serverID = self.get_random_string(6)
-            if(not self.collection.find_one({'serverID': serverID})):
-                break
-        self.collection.insert_one(
-            {'graphml': graphml, 'latestHash': latestHash, 'serverID': serverID})
-        return serverID
+            try:
+                self.collection.insert_one(
+                    {'graphml': graphml, 'latestHash': latestHash, 'serverID': serverID})
+                return serverID
+            except DuplicateKeyError:
+                continue
 
     def get(self, serverID):
         cl = self.collection.find_one({'serverID': serverID})
         if not cl:
-            return False, 'Record Not Found'
+            return None
         return cl['graphml']
 
     def update(self, serverID, graphml, latestHash, allHash):
-        existingRecord = self.collection.find_one({'serverID': serverID})
+        existingRecord = self.collection.find_one_and_update(
+            {'serverID': serverID, 'latestHash': {'$in': allHash}},
+            {"$set": {'graphml': graphml, 'latestHash': latestHash}})
         if existingRecord is None:
-            return False, 'serverID do not exists.'
-        latestExistingHash = existingRecord['latestHash']
-        if latestExistingHash not in allHash:
+            if not self.collection.find_one({'serverID': serverID}):
+                return False, 'serverID do not exists.'
             return False, 'Can not update as provided graph do not has latest changes.'
-        self.collection.update_one({'serverID': serverID}, {
-                                   "$set": {'graphml': graphml, 'latestHash': latestHash}})
         return True, latestHash
 
     def forceUpdate(self, serverID, graphml, latestHash):
-        existingRecord = self.collection.find_one({'serverID': serverID})
+        existingRecord = self.collection.find_one_and_update(
+            {'serverID': serverID},
+            {"$set": {'graphml': graphml, 'latestHash': latestHash}})
         if existingRecord is None:
             return False, 'serverID do not exists.'
-        self.collection.update_one({'serverID': serverID},
-                                   {"$set": {'graphml': graphml, 'latestHash': latestHash}})
         return True, latestHash

server/model/workflows.py

@@ -1,5 +1,5 @@
 dnspython==2.6.1
-Flask==2.2.5
+Flask==3.1.3
 python-dotenv==0.19.0
 pymongo==4.6.3
 gunicorn==23.0.0

server/requirements.txt

@@ -6,6 +6,7 @@
 load_dotenv()
 
 app = Flask(__name__)
+app.config['MAX_CONTENT_LENGTH'] = 2 * 1024 * 1024
 CORS(app)
 
 app.register_blueprint(workFlow, url_prefix='/workflow')

server/server.py

@@ -0,0 +1,122 @@
+import importlib
+import pathlib
+import sys
+import types
+import unittest
+
+from flask import Flask
+
+VALID_GRAPHML = (
+    '<graphml xmlns="http://graphml.graphdrawing.org/xmlns">'
+    '<graph edgedefault="directed">'
+    '<actionHistory><hash>hash-1</hash></actionHistory>'
+    '</graph>'
+    '</graphml>'
+)
+
+
+class FakeWorkFlowModel:
+    def __init__(self, graph_response):
+        self.graph_response = graph_response
+
+    def get(self, _server_id):
+        return self.graph_response
+
+    def insert(self, graphml, latestHash):
+        return 'test01'
+
+    def update(self, serverID, graphml, latestHash, allHash):
+        return (True, latestHash)
+
+    def forceUpdate(self, serverID, graphml, latestHash):
+        return (True, latestHash)
+
+
+class WorkflowControllerTests(unittest.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        server_root = pathlib.Path(__file__).resolve().parents[1]
+        if str(server_root) not in sys.path:
+            sys.path.insert(0, str(server_root))
+
+        fake_model_pkg = types.ModuleType('model')
+        fake_model_workflows = types.ModuleType('model.workflows')
+
+        class StubWorkFlowModel:
+            def get(self, _server_id):
+                return None
+
+        fake_model_workflows.WorkFlowModel = StubWorkFlowModel
+        fake_model_pkg.workflows = fake_model_workflows
+
+        sys.modules['model'] = fake_model_pkg
+        sys.modules['model.workflows'] = fake_model_workflows
+
+        if 'controller.workflow' in sys.modules:
+            del sys.modules['controller.workflow']
+        cls.workflow_module = importlib.import_module('controller.workflow')
+
+    def make_client(self, graph_response):
+        self.workflow_module.workFlowModel = FakeWorkFlowModel(graph_response)
+        app = Flask(__name__)
+        app.register_blueprint(self.workflow_module.workFlow, url_prefix='/workflow')
+        return app.test_client()
+
+    def test_missing_workflow_returns_404_for_none(self):
+        client = self.make_client(None)
+        response = client.get('/workflow/missing-id')
+        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.get_data(as_text=True), 'Not Found')
+
+    def test_missing_workflow_returns_404_for_legacy_tuple(self):
+        client = self.make_client((False, 'Record Not Found'))
+        response = client.get('/workflow/missing-id')
+        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.get_data(as_text=True), 'Not Found')
+
+    def test_hash_header_returns_400_for_different_history(self):
+        client = self.make_client(VALID_GRAPHML)
+        response = client.get('/workflow/existing-id', headers={'X-Latest-Hash': 'unknown-hash'})
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.get_data(as_text=True), 'Different History')
+
+    def test_hash_header_returns_200_for_matching_history(self):
+        client = self.make_client(VALID_GRAPHML)
+        response = client.get('/workflow/existing-id', headers={'X-Latest-Hash': 'hash-1'})
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.get_data(as_text=True), VALID_GRAPHML)
+
+    def test_post_workflow_returns_server_id(self):
+        client = self.make_client(None)
+        response = client.post('/workflow/', data=VALID_GRAPHML,
+                               content_type='application/xml')
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.get_data(as_text=True), 'test01')
+
+    def test_post_workflow_invalid_xml_returns_400(self):
+        client = self.make_client(None)
+        response = client.post('/workflow/', data=b'not xml',
+                               content_type='application/xml')
+        self.assertEqual(response.status_code, 400)
+
+    def test_update_workflow_returns_200(self):
+        client = self.make_client(None)
+        response = client.post('/workflow/test01', data=VALID_GRAPHML,
+                               content_type='application/xml')
+        self.assertEqual(response.status_code, 200)
+
+    def test_update_workflow_invalid_xml_returns_400(self):
+        client = self.make_client(None)
+        response = client.post('/workflow/test01', data=b'not xml',
+                               content_type='application/xml')
+        self.assertEqual(response.status_code, 400)
+
+    def test_force_update_workflow_returns_200(self):
+        client = self.make_client(None)
+        response = client.post('/workflow/test01?force=true', data=VALID_GRAPHML,
+                               content_type='application/xml')
+        self.assertEqual(response.status_code, 200)
+
+
+if __name__ == '__main__':
+    unittest.main()