@j3r3mcdev/oast-server 1.1.12 → 1.1.13

package/dist/listeners/api/api.routes.js

@@ -2,11 +2,41 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handleApiRequest = handleApiRequest;
 const api_controllers_1 = require("./api.controllers");
+const event_normalizer_1 = require("../../core/event.normalizer");
 async function handleApiRequest(req, res, storage, sse, logger) {
     try {
         const url = new URL(req.url ?? "", `http://${req.headers.host}`);
         const path = url.pathname;
         const method = req.method ?? "GET";
+        //
+        // ---------------------------
+        // POST /  (API EVENT)
+        // ---------------------------
+        //
+        if (method === "POST" && path === "/") {
+            let body = "";
+            req.on("data", (chunk) => (body += chunk));
+            req.on("end", async () => {
+                try {
+                    const parsed = JSON.parse(body);
+                    const normalized = event_normalizer_1.EventNormalizer.normalizeApi({
+                        ip: req.socket.remoteAddress ?? "",
+                        body: parsed,
+                        raw: parsed,
+                    });
+                    await storage.save(normalized);
+                    res.writeHead(200, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({ success: true }));
+                }
+                catch (err) {
+                    logger.error("API POST error", err);
+                    res.writeHead(400, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({ success: false, error: err.message }));
+                }
+            });
+            return;
+        }
+        //
         // ---------------------------
         // SSE STREAM
         // ---------------------------
@@ -14,32 +44,28 @@ async function handleApiRequest(req, res, storage, sse, logger) {
             await sse.handle(res);
             return;
         }
+        //
         // ---------------------------
         // ROUTES REST
         // ---------------------------
-        // GET /events
         if (method === "GET" && path === "/events") {
             await api_controllers_1.ApiController.listEvents(url, res, storage);
             return;
         }
-        // GET /events/:id
         if (method === "GET" && path.startsWith("/events/")) {
             const id = path.split("/")[2];
             await api_controllers_1.ApiController.getEvent(id, res, storage);
             return;
         }
-        // DELETE /events
         if (method === "DELETE" && path === "/events") {
             await api_controllers_1.ApiController.deleteAll(res, storage);
             return;
         }
-        // DELETE /events/:id
         if (method === "DELETE" && path.startsWith("/events/")) {
             const id = path.split("/")[2];
             await api_controllers_1.ApiController.deleteOne(id, res, storage);
             return;
         }
-        // GET /stats
         if (method === "GET" && path === "/stats") {
             await api_controllers_1.ApiController.stats(res, storage);
             return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@j3r3mcdev/oast-server",
-  "version": "1.1.12",
+  "version": "1.1.13",
   "description": "Modular OAST callback server for security auditing",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/listeners/api/api.routes.ts

@@ -3,6 +3,7 @@ import { Logger } from "../../core/logger";
 import { StorageManager } from "../../core/storage";
 import { ApiSse } from "./api.sse";
 import { ApiController } from "./api.controllers";
+import { EventNormalizer } from "../../core/event.normalizer";
 
 export async function handleApiRequest(
   req: IncomingMessage,
@@ -16,6 +17,38 @@ export async function handleApiRequest(
     const path = url.pathname;
     const method = req.method ?? "GET";
 
+    //
+    // ---------------------------
+    // POST /  (API EVENT)
+    // ---------------------------
+    //
+    if (method === "POST" && path === "/") {
+      let body = "";
+      req.on("data", (chunk) => (body += chunk));
+      req.on("end", async () => {
+        try {
+          const parsed = JSON.parse(body);
+
+          const normalized = EventNormalizer.normalizeApi({
+            ip: req.socket.remoteAddress ?? "",
+            body: parsed,
+            raw: parsed,
+          });
+
+          await storage.save(normalized);
+
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ success: true }));
+        } catch (err: any) {
+          logger.error("API POST error", err);
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ success: false, error: err.message }));
+        }
+      });
+      return;
+    }
+
+    //
     // ---------------------------
     // SSE STREAM
     // ---------------------------
@@ -24,37 +57,32 @@ export async function handleApiRequest(
       return;
     }
 
+    //
     // ---------------------------
     // ROUTES REST
     // ---------------------------
-
-    // GET /events
     if (method === "GET" && path === "/events") {
       await ApiController.listEvents(url, res, storage);
       return;
     }
 
-    // GET /events/:id
     if (method === "GET" && path.startsWith("/events/")) {
       const id = path.split("/")[2];
       await ApiController.getEvent(id, res, storage);
       return;
     }
 
-    // DELETE /events
     if (method === "DELETE" && path === "/events") {
       await ApiController.deleteAll(res, storage);
       return;
     }
 
-    // DELETE /events/:id
     if (method === "DELETE" && path.startsWith("/events/")) {
       const id = path.split("/")[2];
       await ApiController.deleteOne(id, res, storage);
       return;
     }
 
-    // GET /stats
     if (method === "GET" && path === "/stats") {
       await ApiController.stats(res, storage);
       return;