Merge pull request #3736 from akto-api-security/feature/bulk_apis_demerge

added support for bulk de-merge

Author: notshivansh

apps/dashboard/src/main/java/com/akto/action/observe/InventoryAction.java

@@ -1170,6 +1170,69 @@ public String undoDemergedApis() {
         return SUCCESS.toUpperCase();
     }
 
+    private List<ApiInfo.ApiInfoKey> apiInfoKeyList;
+
+    public String bulkDeMergeApis() {
+        if (apiInfoKeyList == null || apiInfoKeyList.isEmpty()) {
+            addActionError("API list cannot be null or empty");
+            return ERROR.toUpperCase();
+        }
+
+        int successCount = 0;
+        int failureCount = 0;
+        List<String> errors = new ArrayList<>();
+
+        for (ApiInfo.ApiInfoKey apiInfoKey : apiInfoKeyList) {
+            try {
+                String apiUrl = apiInfoKey.getUrl();
+                String apiMethod = apiInfoKey.getMethod().name();
+                int collectionId = apiInfoKey.getApiCollectionId();
+
+                // Validate that this is a merged URL
+                if (!APICatalog.isTemplateUrl(apiUrl)) {
+                    errors.add("URL " + apiUrl + " is not a merged URL");
+                    failureCount++;
+                    continue;
+                }
+
+                // Set temporary values for single API de-merge
+                this.url = apiUrl;
+                this.method = apiMethod;
+                this.apiCollectionId = collectionId;
+
+                // Call the existing deMergeApi logic
+                String result = deMergeApi();
+
+                if (SUCCESS.toUpperCase().equals(result)) {
+                    successCount++;
+                } else {
+                    errors.add("Failed to de-merge: " + apiMethod + " " + apiUrl);
+                    failureCount++;
+                }
+            } catch (Exception e) {
+                loggerMaker.errorAndAddToDb("Error de-merging API: " + e.getMessage(), LogDb.DASHBOARD);
+                errors.add("Error de-merging API: " + e.getMessage());
+                failureCount++;
+            }
+        }
+
+        loggerMaker.infoAndAddToDb("Bulk de-merge completed. Success: " + successCount + ", Failed: " + failureCount, LogDb.DASHBOARD);
+
+        if (failureCount > 0) {
+            addActionError("Some APIs failed to de-merge. Success: " + successCount + ", Failed: " + failureCount);
+        }
+
+        return SUCCESS.toUpperCase();
+    }
+
+    public void setApiInfoKeyList(List<ApiInfo.ApiInfoKey> apiInfoKeyList) {
+        this.apiInfoKeyList = apiInfoKeyList;
+    }
+
+    public List<ApiInfo.ApiInfoKey> getApiInfoKeyList() {
+        return apiInfoKeyList;
+    }
+
     public String fetchNotTestedAPICount() {
         Bson filterQ = UsageMetricCalculator.excludeDemosAndDeactivated(ApiInfo.ID_API_COLLECTION_ID);
 

apps/dashboard/src/main/resources/struts.xml

@@ -8026,6 +8026,31 @@
                 <param name="includeProperties">^actionErrors.*</param>
             </result>
         </action>
+
+        <action name="api/bulkDeMergeApis" class="com.akto.action.observe.InventoryAction" method="bulkDeMergeApis">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <interceptor-ref name="roleAccessInterceptor">
+                <param name="featureLabel">API_COLLECTIONS</param>
+                <param name="accessType">READ_WRITE</param>
+                <param name="actionDescription">User bulk de-merged APIs</param>
+            </interceptor-ref>
+
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <result name="SUCCESS"  type="json">
+            </result>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
+
         <action name="tools/addLLmData" class="com.akto.action.ExportSampleDataAction" method="insertLlmData">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api.js

@@ -815,6 +815,13 @@ export default {
             data: {apiCollectionId, url, method}
         })
     },
+    async bulkDeMergeApis(apiInfoKeyList){
+        return await request({
+            url: '/api/bulkDeMergeApis',
+            method: 'post',
+            data: {apiInfoKeyList}
+        })
+    },
     async getUserEndpoints(){
         return await request({
             url: '/api/getCustomerEndpoints',

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api_collections/ApiEndpoints.jsx

@@ -1259,8 +1259,10 @@ function ApiEndpoints(props) {
 
     const [showDeleteApiModal, setShowDeleteApiModal] = useState(false)
     const [showApiGroupModal, setShowApiGroupModal] = useState(false)
+    const [showBulkDeMergeModal, setShowBulkDeMergeModal] = useState(false)
     const [apis, setApis] = useState([])
     const [actionOperation, setActionOperation] = useState(Operation.ADD)
+    const [deMergingInProgress, setDeMergingInProgress] = useState(false)
 
     function handleApiGroupAction(selectedResources, operation){
 
@@ -1273,6 +1275,49 @@ function ApiEndpoints(props) {
         setShowApiGroupModal(false);
     }
 
+    function handleBulkDeMerge(selectedResources){
+        // Filter only merged APIs (those containing INTEGER, STRING, OBJECT_ID, or VERSIONED)
+        const mergedApis = selectedResources.filter(resource => {
+            const parts = resource.split('###')
+            const endpoint = parts[1]
+            return endpoint && (endpoint.includes("STRING") || endpoint.includes("INTEGER") || endpoint.includes("FLOAT") || endpoint.includes("OBJECT_ID") || endpoint.includes("VERSIONED"))
+        })
+
+        if (mergedApis.length === 0) {
+            func.setToast(true, true, "No merged APIs selected. Only merged APIs can be de-merged.")
+            return
+        }
+
+        setApis(mergedApis)
+        setShowBulkDeMergeModal(true)
+    }
+
+    function deMergeBulkApisAction(){
+        setShowBulkDeMergeModal(false)
+        setDeMergingInProgress(true)
+
+        const apiObjects = apis.map((x) => {
+            let tmp = x.split("###")
+            return {
+                method: tmp[0],
+                url: tmp[1],
+                apiCollectionId: parseInt(tmp[2])
+            }
+        })
+
+        api.bulkDeMergeApis(apiObjects).then(resp => {
+            setDeMergingInProgress(false)
+            func.setToast(true, false, `Successfully de-merged ${apiObjects.length} API(s). Refresh to see the changes.`)
+            // Optionally refresh the data
+            setTimeout(() => {
+                fetchData()
+            }, 1000)
+        }).catch(err => {
+            setDeMergingInProgress(false)
+            func.setToast(true, true, "There was an error de-merging the APIs. Please try again or contact [email protected]")
+        })
+    }
+
     const promotedBulkActions = (selectedResources) => {
 
         let ret = [
@@ -1295,6 +1340,12 @@ function ApiEndpoints(props) {
             })
         }
 
+        // Add bulk de-merge option
+        ret.push({
+            content: 'De-merge ' + mapLabel('APIs', getDashboardCategory()),
+            onAction: () => handleBulkDeMerge(selectedResources)
+        })
+
         if (window.USER_NAME && window.USER_NAME.endsWith("@akto.io")) {
             ret.push({
                 content: 'Delete ' + mapLabel('APIs', getDashboardCategory()),
@@ -1325,7 +1376,7 @@ function ApiEndpoints(props) {
     let deleteApiModal = (
         <Modal
             open={showDeleteApiModal}
-            onClose={() => setShowApiGroupModal(false)}
+            onClose={() => setShowDeleteApiModal(false)}
             title="Confirm"
             primaryAction={{
                 content: 'Yes',
@@ -1339,6 +1390,39 @@ function ApiEndpoints(props) {
         </Modal>
     )
 
+    let bulkDeMergeModal = (
+        <Modal
+            open={showBulkDeMergeModal}
+            onClose={() => setShowBulkDeMergeModal(false)}
+            title="Confirm Bulk De-merge"
+            primaryAction={{
+                content: 'De-merge',
+                onAction: deMergeBulkApisAction,
+                loading: deMergingInProgress
+            }}
+            secondaryActions={[
+                {
+                    content: 'Cancel',
+                    onAction: () => setShowBulkDeMergeModal(false)
+                }
+            ]}
+            key="bulk-demerge-modal"
+        >
+            <Modal.Section>
+                <VerticalStack gap="4">
+                    <Text>Are you sure you want to de-merge {(apis || []).length} merged API(s)?</Text>
+                    <Text variant="bodyMd" color="subdued">
+                        This will split the merged endpoints back into their original forms. For example,
+                        <Text as="span" fontWeight="semibold"> /api/products/INTEGER/reviews </Text>
+                        will be split into individual endpoints like
+                        <Text as="span" fontWeight="semibold"> /api/products/24/reviews</Text>,
+                        <Text as="span" fontWeight="semibold"> /api/products/53/reviews</Text>, etc.
+                    </Text>
+                </VerticalStack>
+            </Modal.Section>
+        </Modal>
+    )
+
     const canShowTags = () => {
         return isApiGroup || isQueryPage;
     }
@@ -1436,7 +1520,8 @@ function ApiEndpoints(props) {
                       fetchData={fetchData}
                   />,
                   modal,
-                  deleteApiModal
+                  deleteApiModal,
+                  bulkDeMergeModal
             ]
         )
       ]