Merge pull request #3766 from akto-api-security/feature/toggle-threat-archive-cron

add toggle for archive cron enable

Author: ayushaga14

apps/dashboard/src/main/java/com/akto/action/threat_detection/ThreatConfiguration.java

@@ -11,6 +11,7 @@ public class ThreatConfiguration {
     private Actor actor;
     private RatelimitConfig ratelimitConfig;
     private Integer archivalDays;
+    private Boolean archivalEnabled;
 
     @lombok.Getter
     @lombok.Setter

apps/dashboard/src/main/java/com/akto/action/threat_detection/ThreatConfigurationAction.java

@@ -18,6 +18,7 @@
 public class ThreatConfigurationAction extends AbstractThreatDetectionAction {
 
 private ThreatConfiguration threatConfiguration;
+private Boolean enabled;
 
 public ThreatConfiguration getThreatConfiguration() {
     return threatConfiguration;
@@ -26,6 +27,14 @@ public ThreatConfiguration getThreatConfiguration() {
 public void setThreatConfiguration(ThreatConfiguration threatConfiguration) {
     this.threatConfiguration = threatConfiguration;
 }
+
+public Boolean getEnabled() {
+    return enabled;
+}
+
+public void setEnabled(Boolean enabled) {
+    this.enabled = enabled;
+}
 // TODO: remove this, use API Executor.
   private final CloseableHttpClient httpClient;
 
@@ -85,4 +94,30 @@ public String modifyThreatConfiguration() {
       return ERROR.toUpperCase();
     }
   }
+
+  public String toggleArchivalEnabled() {
+    HttpPost post =
+        new HttpPost(
+            String.format("%s/api/dashboard/toggle_archival_enabled", this.getBackendUrl()));
+    post.addHeader("Authorization", "Bearer " + this.getApiToken());
+    post.addHeader("Content-Type", "application/json");
+    try {
+      String json = objectMapper.writeValueAsString(java.util.Collections.singletonMap("enabled", this.enabled));
+      post.setEntity(new StringEntity(json, ContentType.APPLICATION_JSON));
+    } catch (Exception e) {
+      e.printStackTrace();
+      loggerMaker.errorAndAddToDb("Error while toggling archival enabled" + e.getStackTrace());
+      return ERROR.toUpperCase();
+    }
+    try (CloseableHttpResponse resp = this.httpClient.execute(post)) {
+      String responseBody = EntityUtils.toString(resp.getEntity());
+      java.util.Map<String, Object> response = objectMapper.readValue(responseBody, java.util.Map.class);
+      this.enabled = (Boolean) response.get("enabled");
+      return SUCCESS.toUpperCase();
+    } catch (Exception e) {
+      e.printStackTrace();
+      loggerMaker.errorAndAddToDb("Error while toggling archival enabled" + e.getStackTrace());
+      return ERROR.toUpperCase();
+    }
+  }
 }

apps/dashboard/src/main/resources/struts.xml

@@ -9677,6 +9677,39 @@
             </result>
         </action>
 
+        <action name="api/toggleArchivalEnabled"
+            class="com.akto.action.threat_detection.ThreatConfigurationAction"
+            method="toggleArchivalEnabled">
+            <interceptor-ref name="json" />
+            <interceptor-ref name="defaultStack" />
+            <interceptor-ref name="usageInterceptor">
+                <param name="featureLabel">THREAT_DETECTION</param>
+            </interceptor-ref>
+            <result name="UNAUTHORIZED" type="json">
+                 <param name="statusCode">403</param>
+                 <param name="ignoreHierarchy">false</param>
+                 <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <interceptor-ref name="roleAccessInterceptor">
+                <param name="featureLabel">THREAT_PROTECTION</param>
+                <param name="accessType">READ_WRITE</param>
+                <param name="actionDescription">User toggled archival enabled</param>
+            </interceptor-ref>
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param
+                    name="includeProperties">^actionErrors.*</param>
+            </result>
+            <result name="SUCCESS" type="json"> </result>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param
+                    name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
         <action name="api/getActorsCountPerCounty"
             class="com.akto.action.threat_detection.ThreatActorAction"
             method="getActorsCountPerCounty">

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/threat_configuration/ArchivalConfigComponent.jsx

@@ -1,33 +1,50 @@
 import { useState, useEffect } from "react";
 import func from "@/util/func"
-import { LegacyCard, VerticalStack, Divider, Text, Button, Box } from "@shopify/polaris";
+import { LegacyCard, VerticalStack, Divider, Text, Button, Box, Checkbox } from "@shopify/polaris";
 import api from "../../../pages/threat_detection/api.js";
 import Dropdown from "../../../components/layouts/Dropdown.jsx";
 
 const ArchivalConfigComponent = ({ title, description }) => {
     const [archivalDays, setArchivalDays] = useState(60);
+    const [archivalEnabled, setArchivalEnabled] = useState(false);
     const [isSaveDisabled, setIsSaveDisabled] = useState(true);
+    const [isToggleChanged, setIsToggleChanged] = useState(false);
+    const [isDaysChanged, setIsDaysChanged] = useState(false);
 
     const fetchData = async () => {
         const response = await api.fetchThreatConfiguration();
         const days = response?.threatConfiguration?.archivalDays;
         const value = days === 30 || days === 60 || days === 90 ? days : 60;
         setArchivalDays(value);
+
+        const enabled = response?.threatConfiguration?.archivalEnabled || false;
+        setArchivalEnabled(enabled);
+
         setIsSaveDisabled(true);
+        setIsToggleChanged(false);
+        setIsDaysChanged(false);
     };
 
     const onSave = async () => {
-        const payload = {
-            archivalDays: archivalDays
-        };
-        await api.modifyThreatConfiguration(payload).then(() => {
-            try {
-                func.setToast(true, false, "Archival time saved successfully");
-                fetchData()
-            } catch (error) {
-                func.setToast(true, true, "Error saving archival time");
+        try {
+            // Save archival days if changed
+            if (isDaysChanged) {
+                const payload = {
+                    archivalDays: archivalDays
+                };
+                await api.modifyThreatConfiguration(payload);
+            }
+
+            // Toggle archival enabled if changed
+            if (isToggleChanged) {
+                await api.toggleArchivalEnabled(archivalEnabled);
             }
-        });
+
+            func.setToast(true, false, "Archival configuration saved successfully");
+            fetchData();
+        } catch (error) {
+            func.setToast(true, true, "Error saving archival configuration");
+        }
     };
 
     useEffect(() => {
@@ -53,6 +70,13 @@ const ArchivalConfigComponent = ({ title, description }) => {
 
     const onChange = (val) => {
         setArchivalDays(val);
+        setIsDaysChanged(true);
+        setIsSaveDisabled(false);
+    };
+
+    const onToggleEnabled = (val) => {
+        setArchivalEnabled(val);
+        setIsToggleChanged(true);
         setIsSaveDisabled(false);
     };
 
@@ -68,6 +92,12 @@ const ArchivalConfigComponent = ({ title, description }) => {
             <Divider />
             <LegacyCard.Section>
                 <VerticalStack gap="4">
+                    <Checkbox
+                        label="Enable archival cron"
+                        checked={archivalEnabled}
+                        onChange={onToggleEnabled}
+                        helpText="When enabled, malicious events older than the configured archival time will be automatically archived."
+                    />
                     <Box width="200px">
                         <Dropdown
                             menuItems={options}

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/threat_detection/api.js

@@ -101,6 +101,13 @@ const threatDetectionRequests = {
             data: { threatConfiguration: data}
         })
     },
+    toggleArchivalEnabled(enabled) {
+        return request({
+            url: '/api/toggleArchivalEnabled',
+            method: 'post',
+            data: { enabled: enabled }
+        })
+    },
     fetchThreatCategoryCount(startTs, endTs) {
         return request({
             url: '/api/fetchThreatCategoryCount',

apps/threat-detection-backend/src/main/java/com/akto/threat/backend/Main.java

@@ -83,9 +83,8 @@ public static void main(String[] args) throws Exception {
 
     new BackendVerticle(maliciousEventService, threatActorService, threatApiService, apiDistributionDataService).start();
 
-    // ArchiveOldMaliciousEventsCron cron = new ArchiveOldMaliciousEventsCron(threatProtectionMongo);
-    // cron.runOnce();
-    // cron.cron();
+    ArchiveOldMaliciousEventsCron cron = new ArchiveOldMaliciousEventsCron(threatProtectionMongo);
+    cron.cron();
   }
 
 }

apps/threat-detection-backend/src/main/java/com/akto/threat/backend/cron/ArchiveOldMaliciousEventsCron.java

@@ -97,6 +97,12 @@ private boolean shouldSkipDatabase(String dbName) {
     private void archiveOldMaliciousEvents(String dbName, long nowSeconds) {
         String accountId = dbName;
 
+        // Check if archival is enabled for this account
+        if (!isArchivalEnabled(accountId)) {
+            logger.infoAndAddToDb("Archival is disabled for account " + accountId + ", skipping", LoggerMaker.LogDb.RUNTIME);
+            return;
+        }
+
         long retentionDays = fetchRetentionDays(accountId);
         long threshold = nowSeconds - (retentionDays * 24 * 60 * 60);
 
@@ -161,6 +167,20 @@ private void archiveOldMaliciousEvents(String dbName, long nowSeconds) {
         }
     }
 
+    private boolean isArchivalEnabled(String accountId) {
+        try {
+            Document doc = ThreatConfigurationDao.instance.getCollection(accountId).find().first();
+            if (doc == null) return false; // disabled by default
+            Object val = doc.get("archivalEnabled");
+            if (val instanceof Boolean) {
+                return (Boolean) val;
+            }
+        } catch (Exception e) {
+            logger.errorAndAddToDb("Failed fetching archivalEnabled from threat_configuration for account " + accountId + ": " + e.getMessage(), LoggerMaker.LogDb.RUNTIME);
+        }
+        return false; // disabled by default
+    }
+
     private long fetchRetentionDays(String accountId) {
         try {
             Document doc = ThreatConfigurationDao.instance.getCollection(accountId).find().first();

apps/threat-detection-backend/src/main/java/com/akto/threat/backend/router/DashboardRouter.java

@@ -20,6 +20,8 @@
 import com.akto.proto.generated.threat_detection.service.dashboard_service.v1.DeleteMaliciousEventsRequest;
 import com.akto.proto.generated.threat_detection.service.dashboard_service.v1.DeleteMaliciousEventsResponse;
 import com.akto.proto.generated.threat_detection.service.dashboard_service.v1.FetchTopNDataRequest;
+import com.akto.proto.generated.threat_detection.service.dashboard_service.v1.ToggleArchivalEnabledRequest;
+import com.akto.proto.generated.threat_detection.service.dashboard_service.v1.ToggleArchivalEnabledResponse;
 import com.akto.threat.backend.service.MaliciousEventService;
 import com.akto.threat.backend.service.ThreatActorService;
 import com.akto.threat.backend.service.ThreatApiService;
@@ -232,6 +234,30 @@ public Router setup(Vertx vertx) {
                     )
                 ).ifPresent(s -> ctx.response().setStatusCode(200).end(s));
             });
+
+        router
+            .post("/toggle_archival_enabled")
+            .blockingHandler(ctx -> {
+                RequestBody reqBody = ctx.body();
+                ToggleArchivalEnabledRequest req = ProtoMessageUtils.<
+                    ToggleArchivalEnabledRequest
+                >toProtoMessage(
+                    ToggleArchivalEnabledRequest.class,
+                    reqBody.asString()
+                ).orElse(null);
+
+                if (req == null) {
+                    ctx.response().setStatusCode(400).end("Invalid request");
+                    return;
+                }
+                ProtoMessageUtils.toString(
+                    threatActorService.toggleArchivalEnabled(
+                        ctx.get("accountId"),
+                        req
+                    )
+                ).ifPresent(s -> ctx.response().setStatusCode(200).end(s));
+            });
+
         router
             .get("/fetch_filters_for_threat_actors")
             .blockingHandler(ctx -> {

apps/threat-detection-backend/src/main/java/com/akto/threat/backend/service/ThreatActorService.java

@@ -96,6 +96,13 @@ public ThreatConfiguration fetchThreatConfiguration(String accountId) {
             int archivalDays = ((Number) archivalDaysObj).intValue();
             builder.setArchivalDays(archivalDays);
         }
+
+        // Handle archivalEnabled
+        Object archivalEnabledObj = doc.get("archivalEnabled");
+        if (archivalEnabledObj instanceof Boolean) {
+            boolean archivalEnabled = (Boolean) archivalEnabledObj;
+            builder.setArchivalEnabled(archivalEnabled);
+        }
     }
     return builder.build();
 }
@@ -105,7 +112,7 @@ public ThreatConfiguration modifyThreatConfiguration(String accountId, ThreatCon
     MongoCollection<Document> coll = this.threatConfigurationDao.getCollection(accountId);
 
     Document newDoc = new Document();
-    
+
     // Prepare a list of actorId documents
     if (updatedConfig.hasActor()) {
         List<Document> actorIdDocs = new ArrayList<>();
@@ -120,20 +127,23 @@ public ThreatConfiguration modifyThreatConfiguration(String accountId, ThreatCon
         }
         newDoc.append("actor", actorIdDocs);
     }
-    
+
     // Prepare rate limit config documents using DTO
     if (updatedConfig.hasRatelimitConfig()) {
         Document ratelimitConfigDoc = RateLimitConfigDTO.toDocument(updatedConfig.getRatelimitConfig());
         if (ratelimitConfigDoc != null) {
             newDoc.append("ratelimitConfig", ratelimitConfigDoc.get("ratelimitConfig"));
         }
     }
-    
-    // Handle archivalDays
+
+    // Handle archivalDays - only update if explicitly set (> 0)
     if (updatedConfig.getArchivalDays() > 0) {
         newDoc.append("archivalDays", updatedConfig.getArchivalDays());
     }
-    
+
+    // Note: archivalEnabled is now handled by separate endpoint /toggle_archival_enabled
+    // This prevents other config updates from accidentally resetting it
+
     Document existingDoc = coll.find().first();
 
     if (existingDoc != null) {
@@ -158,10 +168,39 @@ public ThreatConfiguration modifyThreatConfiguration(String accountId, ThreatCon
             int archivalDays = ((Number) archivalDaysObj).intValue();
             builder.setArchivalDays(archivalDays);
         }
+        // archivalEnabled is handled by separate endpoint, but include in response for frontend
+        Object archivalEnabledObj = savedDoc.get("archivalEnabled");
+        if (archivalEnabledObj instanceof Boolean) {
+            boolean archivalEnabled = (Boolean) archivalEnabledObj;
+            builder.setArchivalEnabled(archivalEnabled);
+        }
     }
     return builder.build();
 }
 
+  public com.akto.proto.generated.threat_detection.service.dashboard_service.v1.ToggleArchivalEnabledResponse toggleArchivalEnabled(
+      String accountId,
+      com.akto.proto.generated.threat_detection.service.dashboard_service.v1.ToggleArchivalEnabledRequest request) {
+
+    MongoCollection<Document> coll = this.threatConfigurationDao.getCollection(accountId);
+    boolean enabled = request.getEnabled();
+
+    Document existingDoc = coll.find().first();
+    Document updateDoc = new Document("$set", new Document("archivalEnabled", enabled));
+
+    if (existingDoc != null) {
+        coll.updateOne(new Document("_id", existingDoc.getObjectId("_id")), updateDoc);
+    } else {
+        // Create new document with just archivalEnabled
+        Document newDoc = new Document("archivalEnabled", enabled);
+        coll.insertOne(newDoc);
+    }
+
+    return com.akto.proto.generated.threat_detection.service.dashboard_service.v1.ToggleArchivalEnabledResponse.newBuilder()
+        .setEnabled(enabled)
+        .build();
+  }
+
     public void deleteAllMaliciousEvents(String accountId) {
         loggerMaker.infoAndAddToDb("Deleting all malicious events for accountId: " + accountId);
         maliciousEventDao.getCollection(accountId).drop();

protobuf/threat_detection/service/dashboard_service/v1/service.proto

@@ -343,6 +343,15 @@ message ThreatConfiguration {
   Actor actor = 1;
   RatelimitConfig ratelimit_config = 2;
   int32 archival_days = 3;
+  bool archival_enabled = 4;
+}
+
+message ToggleArchivalEnabledRequest {
+  bool enabled = 1;
+}
+
+message ToggleArchivalEnabledResponse {
+  bool enabled = 1;
 }
 
 message ApiDistributionDataRequestPayload {