diff --git a/server/api_server/api_server_start.py b/server/api_server/api_server_start.py index 582ef2d1..579878b0 100755 --- a/server/api_server/api_server_start.py +++ b/server/api_server/api_server_start.py @@ -4,7 +4,7 @@ from flask_cors import CORS from .graphql_endpoint import devicesSchema from .device_endpoint import get_device_data, set_device_data, delete_device, delete_device_events, reset_device_props, copy_device, update_device_column from .devices_endpoint import get_all_devices, delete_unknown_devices, delete_all_with_empty_macs, delete_devices, export_devices, import_csv, devices_totals, devices_by_status -from .events_endpoint import delete_events, delete_events_30, get_events, create_event +from .events_endpoint import delete_events, delete_events_older_than, get_events, create_event from .history_endpoint import delete_online_history from .prometheus_endpoint import get_metric_stats from .sessions_endpoint import get_sessions, delete_session, create_session, get_sessions_calendar @@ -315,11 +315,16 @@ def api_get_events(): mac = request.args.get("mac") return get_events(mac) -@app.route("/events/30days", methods=["DELETE"]) -def api_delete_old_events(): +@app.route("/events/", methods=["DELETE"]) +def api_delete_old_events(days: int): + """ + Delete events older than days. + Example: DELETE /events/30 + """ if not is_authorized(): return jsonify({"error": "Forbidden"}), 403 - return delete_events_30() + + return delete_events_older_than(days) # -------------------------- # Sessions diff --git a/server/api_server/events_endpoint.py b/server/api_server/events_endpoint.py index d884e226..0d8fe44d 100755 --- a/server/api_server/events_endpoint.py +++ b/server/api_server/events_endpoint.py @@ -75,18 +75,23 @@ def get_events(mac=None): conn.close() return jsonify({"success": True, "events": events}) -def delete_events_30(): - """Delete all events older than 30 days""" +def delete_events_older_than(days): + """Delete all events older than a specified number of days""" conn = get_temp_db_connection() cur = conn.cursor() - sql = "DELETE FROM Events WHERE eve_DateTime <= date('now', '-30 days')" - cur.execute(sql) + # Use a parameterized query with sqlite date function + sql = "DELETE FROM Events WHERE eve_DateTime <= date('now', ?)" + cur.execute(sql, [f'-{days} days']) + conn.commit() conn.close() - return jsonify({"success": True, "message": "Deleted events older than 30 days"}) + return jsonify({ + "success": True, + "message": f"Deleted events older than {days} days" + }) def delete_events(): """Delete all events""" diff --git a/test/test_events_endpoints.py b/test/test_events_endpoints.py index d3d7ffa9..316ee4d8 100755 --- a/test/test_events_endpoints.py +++ b/test/test_events_endpoints.py @@ -99,7 +99,7 @@ def test_delete_all_events(client, api_token, test_mac): assert len(resp.json.get("events", [])) == 0 -def test_delete_events_30days(client, api_token, test_mac): +def test_delete_events_dynamic_days(client, api_token, test_mac): # create old + new events create_event(client, api_token, test_mac, days_old=40) # should be deleted create_event(client, api_token, test_mac, days_old=5) # should remain @@ -108,9 +108,10 @@ def test_delete_events_30days(client, api_token, test_mac): assert len(resp.json) == 2 # delete events older than 30 days - resp = client.delete("/events/30days", headers=auth_headers(api_token)) + resp = client.delete("/events/30", headers=auth_headers(api_token)) assert resp.status_code == 200 assert resp.json.get("success") is True + assert "Deleted events older than 30 days" in resp.json.get("message", "") # confirm only recent remains resp = list_events(client, api_token, test_mac) @@ -118,3 +119,4 @@ def test_delete_events_30days(client, api_token, test_mac): mac_events = [ev for ev in events if ev.get("eve_MAC") == test_mac] assert len(mac_events) == 1 + diff --git a/test/test_graphq_endpoints.py b/test/test_graphq_endpoints.py index 506ec99d..8aec402b 100755 --- a/test/test_graphq_endpoints.py +++ b/test/test_graphq_endpoints.py @@ -65,7 +65,6 @@ def test_graphql_post_devices(client, api_token): assert resp.status_code == 200 body = resp.get_json() - # print("FULL RESPONSE:", body) # GraphQL spec: response always under "data" assert "data" in body