From 51c927394d131051656c8e94e273e068072056f8 Mon Sep 17 00:00:00 2001 From: Kitos Date: Wed, 18 Feb 2026 11:52:15 +0100 Subject: [PATCH] fix(models,db): delegate timestamps to DB server and configure connection pool - Replace default=datetime.utcnow with server_default=func.now() across all 16 models (17 columns) for consistent, timezone-aware timestamps from PostgreSQL - Upgrade DateTime columns to DateTime(timezone=True) for timestamptz storage - Configure SQLAlchemy engine pool: pool_size=20, max_overflow=10, pool_recycle=3600, pool_pre_ping=True - Remove unused datetime imports from model files --- backend/app/database.py | 8 +++++++- backend/app/models/audit.py | 6 ++---- backend/app/models/campaign.py | 6 ++---- backend/app/models/compliance.py | 6 ++---- backend/app/models/coverage_snapshot.py | 6 ++---- backend/app/models/data_source.py | 6 ++---- backend/app/models/defensive_technique.py | 6 ++---- backend/app/models/detection_rule.py | 6 ++---- backend/app/models/evidence.py | 6 ++---- backend/app/models/intel.py | 6 ++---- backend/app/models/jira_link.py | 8 +++----- backend/app/models/notification.py | 6 ++---- backend/app/models/osint_item.py | 6 ++---- backend/app/models/test.py | 6 ++---- backend/app/models/test_template.py | 6 ++---- backend/app/models/threat_actor.py | 6 ++---- backend/app/models/user.py | 6 ++---- backend/app/models/worklog.py | 6 ++---- 18 files changed, 42 insertions(+), 70 deletions(-) diff --git a/backend/app/database.py b/backend/app/database.py index 4fbe2b5..092302a 100644 --- a/backend/app/database.py +++ b/backend/app/database.py @@ -14,7 +14,13 @@ def _get_engine(): global _engine if _engine is None: from app.config import settings - _engine = create_engine(settings.DATABASE_URL) + _engine = create_engine( + settings.DATABASE_URL, + pool_size=20, + max_overflow=10, + pool_recycle=3600, + pool_pre_ping=True, + ) return _engine diff --git a/backend/app/models/audit.py b/backend/app/models/audit.py index 088ae9a..253ebb9 100644 --- a/backend/app/models/audit.py +++ b/backend/app/models/audit.py @@ -1,7 +1,5 @@ import uuid -from datetime import datetime - -from sqlalchemy import Column, String, DateTime, ForeignKey +from sqlalchemy import Column, String, DateTime, ForeignKey, func from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -22,7 +20,7 @@ class AuditLog(Base): action = Column(String, nullable=False) entity_type = Column(String, nullable=True) entity_id = Column(String, nullable=True) - timestamp = Column(DateTime, default=datetime.utcnow) + timestamp = Column(DateTime(timezone=True), server_default=func.now()) details = Column(JSONB, nullable=True) # Relationships diff --git a/backend/app/models/campaign.py b/backend/app/models/campaign.py index d24973e..062f0d7 100644 --- a/backend/app/models/campaign.py +++ b/backend/app/models/campaign.py @@ -5,11 +5,9 @@ enabling simulation of complete attack chains and APT emulations. """ import uuid -from datetime import datetime - from sqlalchemy import ( Column, String, Text, Integer, Boolean, DateTime, - ForeignKey, Index, + ForeignKey, Index, func, ) from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -54,7 +52,7 @@ class Campaign(Base): completed_at = Column(DateTime, nullable=True) target_platform = Column(String, nullable=True) tags = Column(JSONB, nullable=True, default=[]) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Recurring scheduling fields is_recurring = Column(Boolean, default=False) diff --git a/backend/app/models/compliance.py b/backend/app/models/compliance.py index 2cd0486..4ad2a8e 100644 --- a/backend/app/models/compliance.py +++ b/backend/app/models/compliance.py @@ -5,11 +5,9 @@ MITRE ATT&CK techniques, enabling compliance gap analysis. """ import uuid -from datetime import datetime - from sqlalchemy import ( Column, String, Text, Boolean, DateTime, - ForeignKey, Index, UniqueConstraint, + ForeignKey, Index, UniqueConstraint, func, ) from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -27,7 +25,7 @@ class ComplianceFramework(Base): description = Column(Text, nullable=True) url = Column(String, nullable=True) is_active = Column(Boolean, default=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Relationships controls = relationship( diff --git a/backend/app/models/coverage_snapshot.py b/backend/app/models/coverage_snapshot.py index 7744d30..ace97d9 100644 --- a/backend/app/models/coverage_snapshot.py +++ b/backend/app/models/coverage_snapshot.py @@ -6,11 +6,9 @@ per technique per snapshot) to avoid bloated JSONB fields. """ import uuid -from datetime import datetime - from sqlalchemy import ( Column, String, Float, Integer, DateTime, - ForeignKey, Index, + ForeignKey, Index, func, ) from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -37,7 +35,7 @@ class CoverageSnapshot(Base): ForeignKey("users.id", ondelete="SET NULL"), nullable=True, ) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Relationships creator = relationship("User", foreign_keys=[created_by]) diff --git a/backend/app/models/data_source.py b/backend/app/models/data_source.py index 13559c4..60e0da3 100644 --- a/backend/app/models/data_source.py +++ b/backend/app/models/data_source.py @@ -1,9 +1,7 @@ """DataSource model — registry of external data sources for import.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, DateTime, Index +from sqlalchemy import Column, String, Text, Boolean, DateTime, Index, func from sqlalchemy.dialects.postgresql import UUID, JSONB from app.database import Base @@ -31,7 +29,7 @@ class DataSource(Base): last_sync_stats = Column(JSONB, nullable=True) # {"imported": X, "updated": Y, ...} sync_frequency = Column(String, nullable=True) # daily / weekly / monthly / manual config = Column(JSONB, nullable=True) # source-specific configuration - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) __table_args__ = ( Index('ix_data_sources_type', 'type'), diff --git a/backend/app/models/defensive_technique.py b/backend/app/models/defensive_technique.py index 6e703c6..afff7b7 100644 --- a/backend/app/models/defensive_technique.py +++ b/backend/app/models/defensive_technique.py @@ -5,11 +5,9 @@ ATT&CK techniques, enabling recommended countermeasure lookups. """ import uuid -from datetime import datetime - from sqlalchemy import ( Column, String, Text, DateTime, - ForeignKey, Index, UniqueConstraint, + ForeignKey, Index, UniqueConstraint, func, ) from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -32,7 +30,7 @@ class DefensiveTechnique(Base): description = Column(Text, nullable=True) tactic = Column(String, nullable=True) # Detect, Isolate, Deceive, Evict, etc. d3fend_url = Column(String, nullable=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Relationships attack_mappings = relationship( diff --git a/backend/app/models/detection_rule.py b/backend/app/models/detection_rule.py index 5f34595..c411415 100644 --- a/backend/app/models/detection_rule.py +++ b/backend/app/models/detection_rule.py @@ -1,9 +1,7 @@ """DetectionRule model — detection rules from multiple sources.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, DateTime, Index +from sqlalchemy import Column, String, Text, Boolean, DateTime, Index, func from sqlalchemy.dialects.postgresql import UUID, JSONB from app.database import Base @@ -33,7 +31,7 @@ class DetectionRule(Base): log_sources = Column(JSONB, nullable=True) # e.g. {"product": "windows", "service": "sysmon"} false_positive_rate = Column(String, nullable=True) # low / medium / high is_active = Column(Boolean, default=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) __table_args__ = ( Index('ix_detection_rules_mitre_technique_id', 'mitre_technique_id'), diff --git a/backend/app/models/evidence.py b/backend/app/models/evidence.py index 685f34b..149fca9 100644 --- a/backend/app/models/evidence.py +++ b/backend/app/models/evidence.py @@ -1,7 +1,5 @@ import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, DateTime, ForeignKey, Enum +from sqlalchemy import Column, String, Text, DateTime, ForeignKey, Enum, func from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -27,7 +25,7 @@ class Evidence(Base): file_path = Column(String, nullable=False) # Path in MinIO sha256_hash = Column(String, nullable=False) uploaded_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True) - uploaded_at = Column(DateTime, default=datetime.utcnow) + uploaded_at = Column(DateTime(timezone=True), server_default=func.now()) team = Column(Enum(TeamSide, name="teamside"), nullable=False, default=TeamSide.red) notes = Column(Text, nullable=True) diff --git a/backend/app/models/intel.py b/backend/app/models/intel.py index 9e99a0a..69056a2 100644 --- a/backend/app/models/intel.py +++ b/backend/app/models/intel.py @@ -1,7 +1,5 @@ import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey +from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey, func from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -22,7 +20,7 @@ class IntelItem(Base): url = Column(String, nullable=False) title = Column(String, nullable=True) source = Column(String, nullable=True) - detected_at = Column(DateTime, default=datetime.utcnow) + detected_at = Column(DateTime(timezone=True), server_default=func.now()) reviewed = Column(Boolean, default=False) # Relationships diff --git a/backend/app/models/jira_link.py b/backend/app/models/jira_link.py index 4b69b7c..4f43728 100644 --- a/backend/app/models/jira_link.py +++ b/backend/app/models/jira_link.py @@ -2,9 +2,7 @@ import enum import uuid -from datetime import datetime - -from sqlalchemy import Column, String, DateTime, ForeignKey, Enum as SQLEnum, Index +from sqlalchemy import Column, String, DateTime, ForeignKey, Enum as SQLEnum, Index, func from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -45,8 +43,8 @@ class JiraLink(Base): last_synced_at = Column(DateTime) sync_metadata = Column(JSONB, default={}) created_by = Column(UUID(as_uuid=True), ForeignKey("users.id")) - created_at = Column(DateTime, default=datetime.utcnow) - updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) + updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now()) creator = relationship("User", foreign_keys=[created_by]) diff --git a/backend/app/models/notification.py b/backend/app/models/notification.py index c7c7961..17e30a3 100644 --- a/backend/app/models/notification.py +++ b/backend/app/models/notification.py @@ -1,9 +1,7 @@ """Notification model — in-app notifications for user actions.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey, Index +from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey, Index, func from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -27,7 +25,7 @@ class Notification(Base): entity_type = Column(String, nullable=True) entity_id = Column(UUID(as_uuid=True), nullable=True) read = Column(Boolean, default=False) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Relationships user = relationship("User") diff --git a/backend/app/models/osint_item.py b/backend/app/models/osint_item.py index 4ef0d87..b8cea0a 100644 --- a/backend/app/models/osint_item.py +++ b/backend/app/models/osint_item.py @@ -1,9 +1,7 @@ """OSINT enrichment items — CVEs, blogs, PoCs, and advisories linked to techniques.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey +from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey, func from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -32,7 +30,7 @@ class OsintItem(Base): title = Column(String(500), nullable=False) description = Column(Text, nullable=True) severity = Column(String(20), nullable=True) # CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN - discovered_at = Column(DateTime, default=datetime.utcnow, nullable=False) + discovered_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False) reviewed = Column(Boolean, default=False) metadata_ = Column("metadata", JSONB, default={}) diff --git a/backend/app/models/test.py b/backend/app/models/test.py index 5c423ff..0585cb8 100644 --- a/backend/app/models/test.py +++ b/backend/app/models/test.py @@ -1,7 +1,5 @@ import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, Integer, DateTime, ForeignKey, Enum +from sqlalchemy import Column, String, Text, Boolean, Integer, DateTime, ForeignKey, Enum, func from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship @@ -31,7 +29,7 @@ class Test(Base): created_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True) result = Column(Enum(TestResult, name="testresult"), nullable=True) state = Column(Enum(TestState, name="teststate"), default=TestState.draft) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # ── Red Team fields ───────────────────────────────────────────── red_summary = Column(Text, nullable=True) diff --git a/backend/app/models/test_template.py b/backend/app/models/test_template.py index 601bf0e..262034b 100644 --- a/backend/app/models/test_template.py +++ b/backend/app/models/test_template.py @@ -1,9 +1,7 @@ """TestTemplate model — predefined test catalog entries.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Text, Boolean, DateTime, Index +from sqlalchemy import Column, String, Text, Boolean, DateTime, Index, func from sqlalchemy.dialects.postgresql import UUID from app.database import Base @@ -36,7 +34,7 @@ class TestTemplate(Base): atomic_test_id = Column(String, nullable=True) # ID in Atomic Red Team repo suggested_remediation = Column(Text, nullable=True) is_active = Column(Boolean, default=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) __table_args__ = ( Index('ix_test_templates_mitre_technique_id', 'mitre_technique_id'), diff --git a/backend/app/models/threat_actor.py b/backend/app/models/threat_actor.py index ac5f60f..5e1b6cd 100644 --- a/backend/app/models/threat_actor.py +++ b/backend/app/models/threat_actor.py @@ -5,11 +5,9 @@ techniques, imported from MITRE CTI (STIX 2.0). """ import uuid -from datetime import datetime - from sqlalchemy import ( Column, String, Text, Boolean, DateTime, - ForeignKey, Index, UniqueConstraint, + ForeignKey, Index, UniqueConstraint, func, ) from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -40,7 +38,7 @@ class ThreatActor(Base): references = Column(JSONB, nullable=True, default=[]) # [{"url": "...", "description": "..."}] mitre_url = Column(String, nullable=True) is_active = Column(Boolean, default=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) # Relationships techniques = relationship( diff --git a/backend/app/models/user.py b/backend/app/models/user.py index ac91870..cb0324b 100644 --- a/backend/app/models/user.py +++ b/backend/app/models/user.py @@ -1,7 +1,5 @@ import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Boolean, DateTime +from sqlalchemy import Column, String, Boolean, DateTime, func from sqlalchemy.dialects.postgresql import UUID from app.database import Base @@ -28,5 +26,5 @@ class User(Base): role = Column(String, nullable=False, default="viewer") is_active = Column(Boolean, default=True) must_change_password = Column(Boolean, default=True) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) last_login = Column(DateTime, nullable=True) diff --git a/backend/app/models/worklog.py b/backend/app/models/worklog.py index e46f0a1..439b1d3 100644 --- a/backend/app/models/worklog.py +++ b/backend/app/models/worklog.py @@ -1,9 +1,7 @@ """Worklog model — immutable internal time-tracking records.""" import uuid -from datetime import datetime - -from sqlalchemy import Column, String, Integer, DateTime, ForeignKey, Text, Index +from sqlalchemy import Column, String, Integer, DateTime, ForeignKey, Text, Index, func from sqlalchemy.dialects.postgresql import UUID, JSONB from sqlalchemy.orm import relationship @@ -32,7 +30,7 @@ class Worklog(Base): tempo_synced = Column(DateTime) tempo_worklog_id = Column(String(100)) integrity_hash = Column(String(64)) - created_at = Column(DateTime, default=datetime.utcnow) + created_at = Column(DateTime(timezone=True), server_default=func.now()) extra_metadata = Column("metadata", JSONB, default={}) user = relationship("User", foreign_keys=[user_id])