refactor: replace hardcoded mabase_prod DB prefix with configurable settings

Replace all hardcoded 'mabase_prod.' table prefixes in dashboard route SQL queries with configurable database names from settings: - http_logs, http_logs_raw → settings.CLICKHOUSE_DB_LOGS - All other tables → settings.CLICKHOUSE_DB_PROCESSING Also qualify previously unqualified table references (bare FROM/JOIN table_name) with the appropriate database prefix for consistency. Each route file now imports 'from ..config import settings' and uses f-strings with {settings.CLICKHOUSE_DB_PROCESSING} or {settings.CLICKHOUSE_DB_LOGS} for database-qualified table names. Files updated: analysis, attributes, audit, botnets, bruteforce, clustering, detections, entities, fingerprints, header_fingerprint, heatmap, incidents, investigation_summary, metrics, ml_features, rotation, search, tcp_spoofing, variability (19 files). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-07 19:03:05 +02:00
parent dba2676fa7
commit b6391afbeb
19 changed files with 225 additions and 206 deletions
--- a/services/dashboard/backend/routes/clustering.py
+++ b/services/dashboard/backend/routes/clustering.py
@ -24,6 +24,7 @@ from ..services.clustering_engine import (
    name_cluster, risk_score_from_centroid, standardize,
    risk_to_gradient_color,
 )
+from ..config import settings

 log = logging.getLogger(__name__)
 router = APIRouter(prefix="/api/clustering", tags=["clustering"])
@ -47,7 +48,7 @@ _EXECUTOR = ThreadPoolExecutor(max_workers=1, thread_name_prefix="clustering")


 # ─── SQL : TOUTES les IPs sans LIMIT ─────────────────────────────────────────
-_SQL_ALL_IPS = """
+_SQL_ALL_IPS = f"""
 SELECT
    replaceRegexpAll(toString(t.src_ip), '^::ffff:', '') AS ip,
    t.ja4,
@ -96,8 +97,8 @@ SELECT
    -- Cookie et Referer issus de la table dédiée aux empreintes
    any(hfp.hfp_cookie)                  AS hfp_cookie,
    any(hfp.hfp_referer)                 AS hfp_referer
-FROM mabase_prod.agg_host_ip_ja4_1h t
-LEFT JOIN mabase_prod.ml_detected_anomalies ml
+FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_host_ip_ja4_1h t
+LEFT JOIN {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies ml
    ON t.src_ip = ml.src_ip AND t.ja4 = ml.ja4
   AND ml.detected_at >= now() - INTERVAL %(hours)s HOUR
 LEFT JOIN (
@ -107,7 +108,7 @@ LEFT JOIN (
        any(arrayExists(x -> x LIKE '%%Accept-Encoding%%', client_headers)) AS hdr_enc,
        any(arrayExists(x -> x LIKE '%%Sec-Fetch%%', client_headers))        AS hdr_sec_fetch,
        any(length(splitByChar(',', client_headers[1])))                    AS hdr_count
-    FROM mabase_prod.view_dashboard_entities
+    FROM {settings.CLICKHOUSE_DB_PROCESSING}.view_dashboard_entities
    WHERE length(client_headers) > 0
      AND log_date >= today() - 2
    GROUP BY src_ip_v6, ja4
@ -117,7 +118,7 @@ LEFT JOIN (
        src_ip,
        avg(has_cookie)  AS hfp_cookie,
        avg(has_referer) AS hfp_referer
-    FROM mabase_prod.agg_header_fingerprint_1h
+    FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_header_fingerprint_1h
    WHERE window_start >= now() - INTERVAL %(hours)s HOUR
    GROUP BY src_ip
 ) hfp ON t.src_ip = hfp.src_ip
@ -515,8 +516,8 @@ async def get_cluster_ips(
        any(ml.asn_org)                                 AS asn_org,
        round(avg(ml.fuzzing_index), 2)                 AS fuzzing,
        round(avg(ml.hit_velocity), 2)                  AS velocity
-    FROM mabase_prod.agg_host_ip_ja4_1h t
-    LEFT JOIN mabase_prod.ml_detected_anomalies ml
+    FROM {settings.CLICKHOUSE_DB_PROCESSING}.agg_host_ip_ja4_1h t
+    LEFT JOIN {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies ml
        ON t.src_ip = ml.src_ip AND t.ja4 = ml.ja4
       AND ml.detected_at >= now() - INTERVAL 24 HOUR
    WHERE t.window_start >= now() - INTERVAL 24 HOUR