refactor: replace hardcoded mabase_prod DB prefix with configurable settings

Replace all hardcoded 'mabase_prod.' table prefixes in dashboard route SQL queries with configurable database names from settings: - http_logs, http_logs_raw → settings.CLICKHOUSE_DB_LOGS - All other tables → settings.CLICKHOUSE_DB_PROCESSING Also qualify previously unqualified table references (bare FROM/JOIN table_name) with the appropriate database prefix for consistency. Each route file now imports 'from ..config import settings' and uses f-strings with {settings.CLICKHOUSE_DB_PROCESSING} or {settings.CLICKHOUSE_DB_LOGS} for database-qualified table names. Files updated: analysis, attributes, audit, botnets, bruteforce, clustering, detections, entities, fingerprints, header_fingerprint, heatmap, incidents, investigation_summary, metrics, ml_features, rotation, search, tcp_spoofing, variability (19 files). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-07 19:03:05 +02:00
parent dba2676fa7
commit b6391afbeb
19 changed files with 225 additions and 206 deletions
--- a/services/dashboard/backend/routes/search.py
+++ b/services/dashboard/backend/routes/search.py
@ -3,6 +3,7 @@ Endpoint de recherche globale rapide — utilisé par la barre Cmd+K
 """
 from fastapi import APIRouter, Query
 from ..database import db
+from ..config import settings

 router = APIRouter(prefix="/api/search", tags=["search"])

@ -21,13 +22,13 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):

    # ── IPs ──────────────────────────────────────────────────────────────────
    ip_rows = db.query(
-        """
+        f"""
        SELECT
            replaceRegexpAll(toString(src_ip), '^::ffff:', '') AS clean_ip,
            count()          AS hits,
            max(detected_at) AS last_seen,
            any(threat_level) AS threat_level
-        FROM ml_detected_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies
        WHERE ilike(toString(src_ip), %(p)s)
          AND detected_at >= now() - INTERVAL 24 HOUR
        GROUP BY clean_ip
@ -48,12 +49,12 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):

    # ── JA4 fingerprints ─────────────────────────────────────────────────────
    ja4_rows = db.query(
-        """
+        f"""
        SELECT
            ja4,
            count()          AS hits,
            uniq(src_ip)     AS unique_ips
-        FROM ml_detected_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies
        WHERE ilike(ja4, %(p)s)
          AND ja4 != ''
          AND detected_at >= now() - INTERVAL 24 HOUR
@ -73,12 +74,12 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):

    # ── Hosts ─────────────────────────────────────────────────────────────────
    host_rows = db.query(
-        """
+        f"""
        SELECT
            host,
            count()      AS hits,
            uniq(src_ip) AS unique_ips
-        FROM ml_detected_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies
        WHERE ilike(host, %(p)s)
          AND host != ''
          AND detected_at >= now() - INTERVAL 24 HOUR
@ -98,13 +99,13 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):

    # ── ASN ───────────────────────────────────────────────────────────────────
    asn_rows = db.query(
-        """
+        f"""
        SELECT
            asn_org,
            asn_number,
            count()                       AS hits,
            uniq(src_ip)                  AS unique_ips
-        FROM ml_detected_anomalies
+        FROM {settings.CLICKHOUSE_DB_PROCESSING}.ml_detected_anomalies
        WHERE (ilike(asn_org, %(p)s) OR ilike(asn_number, %(p)s))
          AND asn_org != '' AND asn_number != ''
          AND detected_at >= now() - INTERVAL 24 HOUR