First version

backend/routes/fetch.py

@@ -0,0 +1,40 @@
+from fastapi import APIRouter, HTTPException
+from pymongo import UpdateOne
+
+from database import events_collection
+from graph.audit_logs import fetch_audit_logs
+from sources.unified_audit import fetch_unified_audit
+from sources.intune_audit import fetch_intune_audit
+from models.event_model import normalize_event
+
+router = APIRouter()
+
+
+@router.get("/fetch-audit-logs")
+def fetch_logs(hours: int = 168):
+    window = max(1, min(hours, 720))  # cap to 30 days for sanity
+    logs = []
+    errors = []
+
+    def fetch_source(fn, label):
+        try:
+            return fn(hours=window)
+        except Exception as exc:
+            errors.append(f"{label}: {exc}")
+            return []
+
+    logs.extend(fetch_source(fetch_audit_logs, "Directory audit"))
+    logs.extend(fetch_source(fetch_unified_audit, "Unified audit (Exchange/SharePoint/Teams)"))
+    logs.extend(fetch_source(fetch_intune_audit, "Intune audit"))
+
+    normalized = [normalize_event(e) for e in logs]
+    if normalized:
+        ops = []
+        for doc in normalized:
+            key = doc.get("dedupe_key")
+            if key:
+                ops.append(UpdateOne({"dedupe_key": key}, {"$set": doc}, upsert=True))
+            else:
+                ops.append(UpdateOne({"id": doc.get("id"), "timestamp": doc.get("timestamp")}, {"$set": doc}, upsert=True))
+        events_collection.bulk_write(ops, ordered=False)
+    return {"stored_events": len(normalized), "errors": errors}