Merge pull request #1310 from CVEProject/dr-577

Closes issue 577 - Automatic reservation of new year within 90 days
CVEProject · Dec 27, 2024 · 51795ec · 51795ec
2 parents d4fb734 + 6c85e8d
commit 51795ec
Showing 1 changed file with 78 additions and 9 deletions.
diff --git a/src/controller/cve-id.controller/cve-id.controller.js b/src/controller/cve-id.controller/cve-id.controller.js
@@ -455,9 +455,22 @@ async function priorityReservation (year, amount, shortName, orgShortName, reque
 
   // Cve Id Range for 'year' does not exists
   if (!result) {
-    logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
-    res.header(CONSTANTS.QUOTA_HEADER, availableIds)
-    return res.status(403).json(error.cannotReserveForYear(year))
+    // If there are less than or equal to 90 days until the end of the year, auto reserve it and move on.
+    // Otherwise throw failure
+    if (daysUntilYear(year) <= 90) {
+      // Auto reserve the year
+      const successfullyReservedYear = await reserveYear(year, req)
+      if (!successfullyReservedYear) {
+        logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' failed to be automatically reserved at this time.' })
+        res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+        return res.status(403).json(error.cannotReserveForYear(year))
+      }
+      result = await cveIdRangeRepo.findOne({ cve_year: year })
+    } else {
+      logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
+      res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+      return res.status(403).json(error.cannotReserveForYear(year))
+    }
   }
 
   const endRange = parseInt(result.ranges.priority.end)
@@ -531,9 +544,22 @@ async function sequentialReservation (year, amount, shortName, orgShortName, req
 
   // Cve Id Range for 'year' does not exists
   if (!result) {
-    logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
-    res.header(CONSTANTS.QUOTA_HEADER, availableIds)
-    return res.status(403).json(error.cannotReserveForYear(year))
+    // If there are less than or equal to 90 days until the end of the year, auto reserve it and move on.
+    // Otherwise throw failure
+    if (daysUntilYear(year) <= 90) {
+      // Auto reserve the year
+      const successfullyReservedYear = await reserveYear(year, req)
+      if (!successfullyReservedYear) {
+        logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' failed to be automatically reserved at this time.' })
+        res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+        return res.status(403).json(error.cannotReserveForYear(year))
+      }
+      result = await cveIdRangeRepo.findOne({ cve_year: year })
+    } else {
+      logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
+      res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+      return res.status(403).json(error.cannotReserveForYear(year))
+    }
   }
 
   const topId = parseInt(result.ranges.general.top_id)
@@ -627,9 +653,22 @@ async function nonSequentialReservation (year, amount, shortName, orgShortName,
 
   // Cve Id Range for 'year' does not exists
   if (!result) {
-    logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
-    res.header(CONSTANTS.QUOTA_HEADER, availableIds)
-    return res.status(403).json(error.cannotReserveForYear(year))
+    // If there are less than or equal to 90 days until the end of the year, auto reserve it and move on.
+    // Otherwise throw failure
+    if (daysUntilYear(year) <= 90) {
+      // Auto reserve the year
+      const successfullyReservedYear = await reserveYear(year, req)
+      if (!successfullyReservedYear) {
+        logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' failed to be automatically reserved at this time.' })
+        res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+        return res.status(403).json(error.cannotReserveForYear(year))
+      }
+      result = await cveIdRangeRepo.findOne({ cve_year: year })
+    } else {
+      logger.info({ uuid: req.ctx.uuid, message: 'CVE IDs for year ' + year + ' cannot be reserved at this time.' })
+      res.header(CONSTANTS.QUOTA_HEADER, availableIds)
+      return res.status(403).json(error.cannotReserveForYear(year))
+    }
   }
 
   available = await cveIdRepo.find({ cve_year: year, state: 'AVAILABLE' }, { limit: availableLimit }) // get available ids
@@ -944,6 +983,36 @@ function setMinAggregateObj (query) {
   ]
 }
 
+function daysUntilYear (targetYear) {
+  // Get today's date
+  const today = new Date()
+
+  // Create a date object for January 1st of the target year
+  const targetDate = new Date(targetYear, 0, 1) // Month is 0-indexed, so 0 is January
+
+  // Calculate the difference in milliseconds
+  const differenceInMilliseconds = targetDate - today
+
+  // Convert milliseconds to days
+  const millisecondsPerDay = 1000 * 60 * 60 * 24
+  const differenceInDays = Math.ceil(differenceInMilliseconds / millisecondsPerDay)
+
+  return differenceInDays
+}
+
+async function reserveYear (targetYear, req) {
+  try {
+    const CONSTANTS = getConstants()
+    const cveIdRangeRepo = req.ctx.repositories.getCveIdRangeRepository()
+    const defaultDoc = CONSTANTS.DEFAULT_CVE_ID_RANGE
+    defaultDoc.cve_year = targetYear
+    await cveIdRangeRepo.findOneAndUpdate({ cve_year: targetYear }, defaultDoc, { upsert: true })
+    return true
+  } catch (err) {
+    return false
+  }
+}
+
 module.exports = {
   CVEID_GET_FILTER: getFilteredCveId,
   CVEID_RESERVE: reserveCveId,