feat: store more BOM artifacts

functions/cdx/upload.js

@@ -1,4 +1,4 @@
-import { AuthResult, ensureStrReqBody, hex, isCDX, OSV, Server } from "@/utils";
+import { AuthResult, ensureStrReqBody, hex, isCDX, OSV, saveArtifact, Server } from "@/utils";
 import { PrismaD1 } from '@prisma/adapter-d1';
 import { PrismaClient } from '@prisma/client';
 
@@ -34,11 +34,25 @@ export async function onRequestPost(context) {
             if (!isCDX(cdx)) {
                 return Response.json({ ok: false, error: { message: 'CDX is missing necessary fields.' } })
             }
-            // const cdxStr = JSON.stringify(cdx) //TODO: Add to TEA
             const componentsJSON = JSON.stringify(cdx.components)
             const cdxId = await hex(cdx.metadata?.component?.name + componentsJSON)
+
+            const originalCdx = await prisma.CycloneDXInfo.findFirst({
+                where: {
+                    cdxId,
+                    orgId: verificationResult.session.orgId,
+                }
+            })
+            let artifact;
+            const artifactUuid = originalCdx?.artifactUuid || cdx.serialNumber.startsWith('urn:uuid:') ? cdx.serialNumber.substring(9) : crypto.randomUUID()
+            if (!originalCdx) {
+                const cdxStr = JSON.stringify(cdx)
+                artifact = await saveArtifact(prisma, env.r2artifacts, cdxStr, artifactUuid, `cyclonedx`)
+            }
+
             const cdxData = {
                 cdxId,
+                artifactUuid,
                 source: 'upload',
                 orgId: verificationResult.session.orgId,
                 memberEmail: verificationResult.session.memberEmail,

functions/spdx/upload.js

@@ -1,4 +1,4 @@
-import { AuthResult, OSV, Server, ensureStrReqBody, hex, isSPDX } from "@/utils";
+import { AuthResult, OSV, Server, ensureStrReqBody, hex, isSPDX, saveArtifact } from "@/utils";
 import { PrismaD1 } from '@prisma/adapter-d1';
 import { PrismaClient } from '@prisma/client';
 
@@ -33,10 +33,22 @@ export async function onRequestPost(context) {
             if (!isSPDX(spdx)) {
                 return Response.json({ ok: false, error: { message: 'SPDX is missing necessary fields.' } })
             }
-            const spdxStr = JSON.stringify(spdx)
-            const spdxId = await hex(spdxStr)
+            const spdxId = await makeId(spdx)
+            const originalSpdx = await prisma.SPDXInfo.findFirst({
+                where: {
+                    spdxId,
+                    orgId: verificationResult.session.orgId,
+                }
+            })
+            let artifact;
+            if (!originalSpdx) {
+                const spdxStr = JSON.stringify(spdx)
+                artifact = await saveArtifact(prisma, env.r2artifacts, spdxStr, crypto.randomUUID(), `spdx`)
+            }
+            const artifactUuid = originalSpdx?.artifactUuid || artifact?.uuid
             const spdxData = {
                 spdxId,
+                artifactUuid,
                 source: 'upload',
                 orgId: verificationResult.session.orgId,
                 memberEmail: verificationResult.session.memberEmail,
@@ -168,3 +180,8 @@ export async function onRequestPost(context) {
 
     return Response.json({ ok: true, files, error: { message: errors } })
 }
+
+const makeId = async spdx => {
+    const packages = JSON.stringify(spdx.packages)
+    return hex(spdx.name + packages)
+}

src/pages/CycloneDXManager.vue

@@ -61,7 +61,7 @@ class Controller {
           }
           break
         }
-        if (data.spdx.length < pageSize) {
+        if (data.cdx.length < pageSize) {
           hasMore = false
           if (initial !== true) {
             state.info = "Refreshed CycloneDX"