@j3r3mcdev/oast-server 1.0.0

package/src/listeners/api/__tests__/api.listener.test.ts

@@ -0,0 +1,82 @@
+import http from "http";
+import { ApiListener } from "../api.listener";
+import { StorageManager } from "../../../core/storage";
+import { Logger } from "../../../core/logger";
+import { describe, test, beforeEach, afterEach, expect } from "@jest/globals";
+import { ApiController } from "../api.controllers";
+
+describe("ApiListener", () => {
+  let storage: StorageManager;
+  let api: ApiListener;
+
+  beforeEach(async () => {
+    storage = new StorageManager();
+
+    api = new ApiListener(storage, {
+      port: 9999,
+      logger: new Logger({ context: "ApiTest" }),
+    });
+
+    await api.start();
+  });
+
+  afterEach(async () => {
+    await api.stop();
+  });
+
+  test("GET /events returns empty list", async () => {
+    const res = await fetch("http://localhost:9999/events");
+    const json = await res.json();
+
+    expect(json.success).toBe(true);
+    expect(json.events).toEqual([]);
+  });
+
+  test("GET /stats returns correct structure", async () => {
+    const res = await fetch("http://localhost:9999/stats");
+    const json = await res.json();
+
+    expect(json.success).toBe(true);
+    expect(json.stats.total).toBe(0);
+    expect(json.stats.byType).toEqual({});
+  });
+
+  test("GET /events/:id returns 404 when not found", async () => {
+    const res = await fetch("http://localhost:9999/events/unknown");
+    const json = await res.json();
+
+    expect(res.status).toBe(404);
+    expect(json.success).toBe(false);
+  });
+
+  test("DELETE /events clears all events", async () => {
+    // On ajoute un event dans le storage
+    await storage.save({
+      id: "1",
+      type: "http",
+      timestamp: Date.now(),
+      sourceIp: "127.0.0.1",
+      request: {
+        method: "GET",
+        path: "/",
+        headers: {},
+        query: {},
+        body: "",
+      },
+    });
+
+    let events = await storage.listEvents({});
+    expect(events.length).toBe(1);
+
+    // On appelle l'API réelle
+    const res = await fetch("http://localhost:9999/events", {
+      method: "DELETE",
+    });
+
+    const json = await res.json();
+    expect(json.success).toBe(true);
+
+    events = await storage.listEvents({});
+    expect(events.length).toBe(0);
+  });
+});

package/src/listeners/api/__tests__/api.routes.test.ts

@@ -0,0 +1,155 @@
+import { handleApiRequest } from "../api.routes";
+import { StorageManager } from "../../../core/storage";
+import { ApiSse } from "../api.sse";
+import { ApiController } from "../api.controllers";
+import { Logger } from "../../../core/logger";
+import { IncomingMessage, ServerResponse } from "http";
+import { Socket } from "net";
+import { describe, it, expect, beforeEach, jest } from "@jest/globals";
+
+// Helpers pour mocker req/res
+function mockReq(method: string, url: string): IncomingMessage {
+  const socket = new Socket();
+  const req = new IncomingMessage(socket);
+  req.method = method;
+  req.url = url;
+  req.headers = { host: "localhost" };
+  return req;
+}
+
+function mockRes(): ServerResponse {
+  const socket = new Socket();
+  const req = new IncomingMessage(socket);
+  const res = new ServerResponse(req);
+
+  jest.spyOn(res, "writeHead");
+  jest.spyOn(res, "end");
+
+  return res;
+}
+
+describe("handleApiRequest", () => {
+  let storage: StorageManager;
+  let sse: ApiSse;
+  let logger: Logger;
+
+  beforeEach(() => {
+    storage = new StorageManager();
+    sse = new ApiSse(new Logger({ context: "SSETest" }));
+    logger = new Logger({ context: "ApiTest" });
+
+    jest.spyOn(ApiController, "listEvents").mockResolvedValue(undefined);
+    jest.spyOn(ApiController, "getEvent").mockResolvedValue(undefined);
+    jest.spyOn(ApiController, "deleteAll").mockResolvedValue(undefined);
+    jest.spyOn(ApiController, "deleteOne").mockResolvedValue(undefined);
+    jest.spyOn(ApiController, "stats").mockResolvedValue(undefined);
+
+    jest.spyOn(sse, "handle").mockReturnValue(undefined as any);
+  });
+
+  it("route GET /events → ApiController.listEvents", async () => {
+    const req = mockReq("GET", "/events");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(ApiController.listEvents).toHaveBeenCalled();
+  });
+
+  it("route GET /events/:id → ApiController.getEvent", async () => {
+    const req = mockReq("GET", "/events/123");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(ApiController.getEvent).toHaveBeenCalledWith("123", res, storage);
+  });
+
+  it("route DELETE /events → ApiController.deleteAll", async () => {
+    const req = mockReq("DELETE", "/events");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(ApiController.deleteAll).toHaveBeenCalled();
+  });
+
+  it("route DELETE /events/:id → ApiController.deleteOne", async () => {
+    const req = mockReq("DELETE", "/events/abc");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(ApiController.deleteOne).toHaveBeenCalledWith("abc", res, storage);
+  });
+
+  it("route GET /stats → ApiController.stats", async () => {
+    const req = mockReq("GET", "/stats");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(ApiController.stats).toHaveBeenCalled();
+  });
+
+  it("route GET /events/stream → SSE", async () => {
+    const req = mockReq("GET", "/events/stream");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(sse.handle).toHaveBeenCalledWith(res);
+  });
+
+  it("404 → renvoie Not found", async () => {
+    const req = mockReq("GET", "/unknown");
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(res.writeHead).toHaveBeenCalledWith(404, {
+      "Content-Type": "application/json",
+    });
+
+    const raw = String((res.end as jest.Mock).mock.calls[0][0]);
+    const body = JSON.parse(raw);
+    expect(body.success).toBe(false);
+  });
+
+  it("500 → renvoie Internal Server Error", async () => {
+    const req = mockReq("GET", "/events");
+
+    jest
+      .spyOn(ApiController, "listEvents")
+      .mockRejectedValue(new Error("Boom"));
+
+    const res = mockRes();
+
+    await expect(
+      handleApiRequest(req, res, storage, sse, logger),
+    ).resolves.toBeUndefined();
+
+    expect(res.writeHead).toHaveBeenCalledWith(500, {
+      "Content-Type": "application/json",
+    });
+
+    const raw = String((res.end as jest.Mock).mock.calls[0][0]);
+    const body = JSON.parse(raw);
+    expect(body.success).toBe(false);
+    expect(body.error).toBe("Boom");
+  });
+});

package/src/listeners/api/__tests__/api.sse.test.ts

@@ -0,0 +1,105 @@
+import { ApiSse } from "../api.sse";
+import { Logger } from "../../../core/logger";
+import { ServerResponse, IncomingMessage } from "http";
+import { Socket } from "net";
+import { describe, it, expect, jest } from "@jest/globals";
+
+function mockRes(): ServerResponse {
+  const socket = new Socket();
+  const req = new IncomingMessage(socket);
+  const res = new ServerResponse(req);
+  return res;
+}
+
+describe("ApiSse", () => {
+  it("connecte un client SSE", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+    const res = mockRes();
+
+    // On espionne writeHead et write
+    const writeHeadSpy = jest.spyOn(res, "writeHead");
+    const writeSpy = jest.spyOn(res, "write");
+
+    sse.handle(res);
+
+    expect(writeHeadSpy).toHaveBeenCalledWith(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      Connection: "keep-alive",
+    });
+
+    expect(writeSpy).toHaveBeenCalled();
+  });
+
+  it("broadcast un event à tous les clients", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+
+    const res1 = mockRes();
+    const res2 = mockRes();
+
+    const spy1 = jest.spyOn(res1, "write");
+    const spy2 = jest.spyOn(res2, "write");
+
+    sse.handle(res1);
+    sse.handle(res2);
+
+    sse.broadcast({ id: "123", type: "http" });
+
+    expect(spy1).toHaveBeenCalled();
+    expect(spy2).toHaveBeenCalled();
+
+    const payload = spy1.mock.calls[spy1.mock.calls.length - 1][0];
+    expect(payload).toContain("event: event");
+    expect(payload).toContain('"id":"123"');
+  });
+
+  it("supprime un client à la fermeture", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+    const res = mockRes();
+
+    sse.handle(res);
+
+    expect((sse as any).clients.size).toBe(1);
+
+    res.emit("close");
+
+    expect((sse as any).clients.size).toBe(0);
+  });
+
+  it("envoie un event SSE avec le bon format", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+    const res = mockRes();
+
+    const spy = jest.spyOn(res, "write");
+
+    sse.handle(res);
+    sse.broadcast({ id: "abc", type: "dns" });
+
+    const payload = spy.mock.calls[spy.mock.calls.length - 1][0];
+
+    expect(payload).toContain("event: event");
+    expect(payload).toContain("data:");
+    expect(payload).toContain('"id":"abc"');
+    expect(payload.endsWith("\n\n")).toBe(true);
+  });
+
+  it("broadcast ne plante pas s'il n'y a aucun client", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+
+    expect(() => {
+      sse.broadcast({ id: "x", type: "http" });
+    }).not.toThrow();
+  });
+
+  it("ne duplique pas un client déjà enregistré", () => {
+    const sse = new ApiSse(new Logger({ context: "Test" }));
+    const res = mockRes();
+
+    sse.handle(res);
+
+    // simulate duplicate registration attempt
+    (sse as any).clients.add(res);
+
+    expect((sse as any).clients.size).toBe(1);
+  });
+});

package/src/listeners/api/api.controllers.ts

@@ -0,0 +1,67 @@
+import { ServerResponse } from "http";
+import { StorageManager } from "../../core/storage";
+
+export class ApiController {
+  static async listEvents(
+    url: URL,
+    res: ServerResponse,
+    storage: StorageManager,
+  ): Promise<void> {
+    const type = url.searchParams.get("type") ?? undefined;
+    const page = Number(url.searchParams.get("page") ?? 1);
+    const limit = Number(url.searchParams.get("limit") ?? 50);
+
+    const events = await storage.listEvents({ type, page, limit });
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: true, events }));
+  }
+
+  static async getEvent(
+    id: string,
+    res: ServerResponse,
+    storage: StorageManager,
+  ): Promise<void> {
+    const event = await storage.getEvent(id);
+
+    if (!event) {
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ success: false, error: "Not found" }));
+      return;
+    }
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: true, event }));
+  }
+
+  static async deleteAll(
+    res: ServerResponse,
+    storage: StorageManager,
+  ): Promise<void> {
+    await storage.clearEvents();
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: true }));
+  }
+
+  static async deleteOne(
+    id: string,
+    res: ServerResponse,
+    storage: StorageManager,
+  ): Promise<void> {
+    const ok = await storage.deleteEvent(id);
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: ok }));
+  }
+
+  static async stats(
+    res: ServerResponse,
+    storage: StorageManager,
+  ): Promise<void> {
+    const stats = await storage.getStats();
+
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: true, stats }));
+  }
+}

package/src/listeners/api/api.extractor.ts

@@ -0,0 +1,43 @@
+import { IncomingMessage } from "http";
+import { RawEvent } from "../../types/event.types";
+
+export class ApiExtractor {
+  static async extract(req: IncomingMessage): Promise<RawEvent> {
+    const ip = req.socket.remoteAddress ?? "";
+    const method = req.method ?? "";
+    const url = new URL(req.url ?? "", `http://${req.headers.host}`);
+    const path = url.pathname;
+
+    const query: Record<string, string> = {};
+    for (const [key, value] of url.searchParams.entries()) {
+      query[key] = value;
+    }
+
+    // Lecture du body (si POST/PUT/PATCH)
+    let body: any = null;
+
+    if (method !== "GET" && method !== "HEAD") {
+      body = await new Promise((resolve) => {
+        let data = "";
+        req.on("data", (chunk) => (data += chunk));
+        req.on("end", () => {
+          try {
+            resolve(JSON.parse(data));
+          } catch {
+            resolve(data);
+          }
+        });
+      });
+    }
+
+    return {
+      ip,
+      method,
+      path,
+      headers: req.headers,
+      query,
+      body,
+      raw: req,
+    };
+  }
+}

package/src/listeners/api/api.listener.ts

@@ -0,0 +1,50 @@
+import { createServer, IncomingMessage, Server, ServerResponse } from "http";
+import { Logger } from "../../core/logger";
+import { StorageManager } from "../../core/storage";
+import { handleApiRequest } from "./api.routes";
+import { ApiSse } from "./api.sse";
+
+export interface ApiListenerOptions {
+  port: number;
+  logger?: Logger;
+}
+
+export class ApiListener {
+  private logger: Logger;
+  private server: Server | null = null;
+  private sse: ApiSse;
+
+  constructor(
+    private storage: StorageManager,
+    private options: ApiListenerOptions,
+  ) {
+    this.logger = options.logger ?? new Logger({ context: "ApiListener" });
+    this.sse = new ApiSse(this.logger);
+  }
+
+  async start() {
+    this.server = createServer((req: IncomingMessage, res: ServerResponse) => {
+      void handleApiRequest(req, res, this.storage, this.sse, this.logger);
+    });
+
+    this.server.listen(this.options.port, () => {
+      this.logger.info(`API Listener started on port ${this.options.port}`);
+    });
+  }
+
+  async stop() {
+    this.sse.closeAll();
+
+    if (this.server) {
+      this.server.close();
+      this.server = null;
+    }
+
+    this.logger.info("API Listener stopped");
+  }
+
+  // Méthode appelée par ton CoreRouter / CoreServer après chaque event
+  public broadcastEvent(event: any) {
+    this.sse.broadcast(event);
+  }
+}

package/src/listeners/api/api.routes.ts

@@ -0,0 +1,76 @@
+import { IncomingMessage, ServerResponse } from "http";
+import { Logger } from "../../core/logger";
+import { StorageManager } from "../../core/storage";
+import { ApiSse } from "./api.sse";
+import { ApiController } from "./api.controllers";
+
+export async function handleApiRequest(
+  req: IncomingMessage,
+  res: ServerResponse,
+  storage: StorageManager,
+  sse: ApiSse,
+  logger: Logger,
+): Promise<void> {
+  try {
+    const url = new URL(req.url ?? "", `http://${req.headers.host}`);
+    const path = url.pathname;
+    const method = req.method ?? "GET";
+
+    // ---------------------------
+    // SSE STREAM
+    // ---------------------------
+    if (method === "GET" && path === "/events/stream") {
+      await sse.handle(res);
+      return;
+    }
+
+    // ---------------------------
+    // ROUTES REST
+    // ---------------------------
+
+    // GET /events
+    if (method === "GET" && path === "/events") {
+      await ApiController.listEvents(url, res, storage);
+      return;
+    }
+
+    // GET /events/:id
+    if (method === "GET" && path.startsWith("/events/")) {
+      const id = path.split("/")[2];
+      await ApiController.getEvent(id, res, storage);
+      return;
+    }
+
+    // DELETE /events
+    if (method === "DELETE" && path === "/events") {
+      await ApiController.deleteAll(res, storage);
+      return;
+    }
+
+    // DELETE /events/:id
+    if (method === "DELETE" && path.startsWith("/events/")) {
+      const id = path.split("/")[2];
+      await ApiController.deleteOne(id, res, storage);
+      return;
+    }
+
+    // GET /stats
+    if (method === "GET" && path === "/stats") {
+      await ApiController.stats(res, storage);
+      return;
+    }
+
+    // 404
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: false, error: "Not found" }));
+  } catch (err: any) {
+    logger.error("API error", { error: err?.message ?? String(err) });
+    res.writeHead(500, { "Content-Type": "application/json" });
+    res.end(
+      JSON.stringify({
+        success: false,
+        error: err?.message ?? "Internal server error",
+      }),
+    );
+  }
+}

package/src/listeners/api/api.sse.ts

@@ -0,0 +1,38 @@
+import { ServerResponse } from "http";
+import { Logger } from "../../core/logger";
+
+export class ApiSse {
+  private clients: Set<ServerResponse> = new Set();
+
+  constructor(private logger: Logger) {}
+
+  handle(res: ServerResponse): void {
+    res.writeHead(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      Connection: "keep-alive",
+    });
+
+    this.clients.add(res);
+    res.write(`event: connected\ndata: "ok"\n\n`);
+
+    res.on("close", () => {
+      this.clients.delete(res);
+      this.logger.debug?.("SSE client disconnected");
+    });
+  }
+
+  broadcast(event: any): void {
+    const payload = `event: event\ndata: ${JSON.stringify(event)}\n\n`;
+    for (const client of this.clients) {
+      client.write(payload);
+    }
+  }
+
+  closeAll(): void {
+    for (const client of this.clients) {
+      client.end();
+    }
+    this.clients.clear();
+  }
+}