Replace Hibernate with JDBI

commons-persistence/pom.xml

@@ -68,6 +68,19 @@
             <artifactId>commons-lang3</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>io.quarkiverse.jdbi</groupId>
+            <artifactId>quarkus-jdbi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.jdbi</groupId>
+            <artifactId>jdbi3-jackson2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.jdbi</groupId>
+            <artifactId>jdbi3-postgres</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-junit5</artifactId>

commons-persistence/src/main/java/org/dependencytrack/persistence/ClusterInfoProducer.java

@@ -19,15 +19,15 @@
 package org.dependencytrack.persistence;
 
 import io.quarkus.runtime.Startup;
+import jakarta.enterprise.inject.Produces;
+import jakarta.inject.Singleton;
 import org.dependencytrack.common.ClusterInfo;
-import org.dependencytrack.persistence.model.ConfigProperty;
-import org.dependencytrack.persistence.model.ConfigPropertyConstants;
-import org.dependencytrack.persistence.repository.ConfigPropertyRepository;
+import org.dependencytrack.persistence.dao.ConfigPropertyDao;
+import org.jdbi.v3.core.Jdbi;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import jakarta.enterprise.inject.Produces;
-import jakarta.inject.Singleton;
+import static org.dependencytrack.persistence.model.ConfigProperties.PROPERTY_CLUSTER_ID;
 
 class ClusterInfoProducer {
 
@@ -36,20 +36,13 @@ class ClusterInfoProducer {
     @Startup
     @Produces
     @Singleton
-    ClusterInfo clusterInfo(final ConfigPropertyRepository configPropertyRepository) {
-        final ConfigProperty clusterIdProperty = configPropertyRepository.findByGroupAndName(
-                ConfigPropertyConstants.INTERNAL_CLUSTER_ID.getGroupName(),
-                ConfigPropertyConstants.INTERNAL_CLUSTER_ID.getPropertyName()
-        );
-        if (clusterIdProperty == null
-            || clusterIdProperty.getPropertyValue() == null
-            || clusterIdProperty.getPropertyValue().isBlank()) {
-            throw new IllegalStateException("""
-                    Cluster ID not found in database. The cluster ID is populated upon first launch \
-                    of the API server, please confirm whether it started successfully.""");
-        }
+    ClusterInfo clusterInfo(final Jdbi jdbi) {
+        final String clusterId = jdbi.withExtension(ConfigPropertyDao.class, dao -> dao.getValue(PROPERTY_CLUSTER_ID))
+                .orElseThrow(() -> new IllegalStateException("""
+                        Cluster ID not found in database. The cluster ID is populated upon first launch \
+                        of the API server, please confirm whether it started successfully."""));
 
-        final var clusterInfo = new ClusterInfo(clusterIdProperty.getPropertyValue());
+        final var clusterInfo = new ClusterInfo(clusterId);
         LOGGER.info("Initialized from database: {}", clusterInfo);
         return clusterInfo;
     }

commons-persistence/src/main/java/org/dependencytrack/persistence/JdbiProducer.java

@@ -0,0 +1,45 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.persistence;
+
+import io.agroal.api.AgroalDataSource;
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import jakarta.enterprise.inject.Produces;
+import jakarta.inject.Singleton;
+import org.jdbi.v3.core.Jdbi;
+import org.jdbi.v3.jackson2.Jackson2Plugin;
+import org.jdbi.v3.postgres.PostgresPlugin;
+import org.jdbi.v3.sqlobject.SqlObjectPlugin;
+
+@RegisterForReflection(targets = {
+        org.jdbi.v3.json.JsonConfig.class,
+        org.jdbi.v3.jackson2.Jackson2Config.class
+})
+class JdbiProducer {
+
+    @Produces
+    @Singleton
+    Jdbi jdbi(final AgroalDataSource dataSource) {
+        return Jdbi.create(dataSource)
+                .installPlugin(new Jackson2Plugin())
+                .installPlugin(new PostgresPlugin())
+                .installPlugin(new SqlObjectPlugin());
+    }
+
+}

commons-persistence/src/main/java/org/dependencytrack/persistence/dao/ConfigPropertyDao.java

@@ -0,0 +1,48 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.persistence.dao;
+
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import org.dependencytrack.persistence.model.ConfigProperty;
+import org.jdbi.v3.sqlobject.customizer.BindMethods;
+import org.jdbi.v3.sqlobject.statement.SqlQuery;
+
+import java.util.Optional;
+
+@RegisterForReflection
+public interface ConfigPropertyDao {
+
+    @SqlQuery("""
+            SELECT NULLIF(TRIM("PROPERTYVALUE"), '')
+              FROM "CONFIGPROPERTY"
+             WHERE "GROUPNAME" = :group
+               AND "PROPERTYNAME" = :name
+            """)
+    Optional<String> getValue(@BindMethods ConfigProperty property);
+
+    @SqlQuery("""
+            SELECT "PROPERTYVALUE"::BOOLEAN
+              FROM "CONFIGPROPERTY"
+             WHERE "GROUPNAME" = :group
+               AND "PROPERTYNAME" = :name
+               AND "PROPERTYTYPE" = 'BOOLEAN'
+            """)
+    Optional<Boolean> isEnabled(@BindMethods ConfigProperty property);
+
+}

commons-persistence/src/main/java/org/dependencytrack/persistence/dao/NotificationDao.java

@@ -0,0 +1,41 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.persistence.dao;
+
+import org.dependencytrack.persistence.model.Team;
+import org.jdbi.v3.sqlobject.config.RegisterConstructorMapper;
+import org.jdbi.v3.sqlobject.customizer.Bind;
+import org.jdbi.v3.sqlobject.statement.SqlQuery;
+
+import java.util.List;
+
+public interface NotificationDao {
+
+    @SqlQuery("""
+            SELECT "ID"
+                 , "NAME"
+              FROM "TEAM" AS "T"
+             INNER JOIN "NOTIFICATIONRULE_TEAMS" AS "NT"
+                ON "NT"."TEAM_ID" = "T"."ID"
+             WHERE "NT"."NOTIFICATIONRULE_ID" = :ruleId
+            """)
+    @RegisterConstructorMapper(Team.class)
+    List<Team> getTeamsByRuleId(@Bind long ruleId);
+
+}

commons-persistence/src/main/java/org/dependencytrack/persistence/dao/UserDao.java

@@ -0,0 +1,80 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.persistence.dao;
+
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import org.dependencytrack.persistence.mapping.MultiValueMapRowReducer;
+import org.jdbi.v3.core.result.RowView;
+import org.jdbi.v3.sqlobject.customizer.Bind;
+import org.jdbi.v3.sqlobject.statement.SqlQuery;
+import org.jdbi.v3.sqlobject.statement.UseRowReducer;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+@RegisterForReflection
+public interface UserDao {
+
+    @SqlQuery("""
+            SELECT "MU"."EMAIL" AS "EMAIL"
+                 , "MUT"."TEAM_ID" AS "TEAM_ID"
+              FROM "MANAGEDUSER" AS "MU"
+             INNER JOIN "MANAGEDUSERS_TEAMS" AS "MUT"
+                ON "MUT"."MANAGEDUSER_ID" = "MU"."ID"
+             WHERE "MUT"."TEAM_ID" = ANY(:teamIds)
+               AND "MU"."EMAIL" IS NOT NULL
+             UNION
+            SELECT "LU"."EMAIL" AS "EMAIL"
+                 , "LUT"."TEAM_ID" AS "TEAM_ID"
+              FROM "LDAPUSER" AS "LU"
+             INNER JOIN "LDAPUSERS_TEAMS" AS "LUT"
+                ON "LUT"."LDAPUSER_ID" = "LU"."ID"
+             WHERE "LUT"."TEAM_ID" = ANY(:teamIds)
+               AND "LU"."EMAIL" IS NOT NULL
+             UNION
+            SELECT "OU"."EMAIL" AS "EMAIL"
+                 , "OUT"."TEAM_ID" AS "TEAM_ID"
+              FROM "OIDCUSER" AS "OU"
+             INNER JOIN "OIDCUSERS_TEAMS" AS "OUT"
+                ON "OUT"."OIDCUSERS_ID" = "OU"."ID"
+             WHERE "OUT"."TEAM_ID" = ANY(:teamIds)
+               AND "OU"."EMAIL" IS NOT NULL
+            """)
+    @UseRowReducer(EmailsByTeamIdRowReducer.class)
+    Map<Long, Set<String>> getEmailsByTeamIdAnyOf(@Bind Collection<Long> teamIds);
+
+    class EmailsByTeamIdRowReducer extends MultiValueMapRowReducer<Long, String> {
+
+        @Override
+        protected Long extractKey(final RowView rowView) {
+            return rowView.getColumn("TEAM_ID", Long.class);
+        }
+
+        @Override
+        protected Set<String> mapValues(final RowView rowView, final Long key, final Set<String> values) {
+            final Set<String> mutableValues = values == null ? new HashSet<>() : values;
+            mutableValues.add(rowView.getColumn("EMAIL", String.class));
+            return mutableValues;
+        }
+
+    }
+
+}