npm - @open-skills-hub/api - Versions diffs - 1.0.0 - Mend

@open-skills-hub/api 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/dist/controllers/audit.d.ts +33 -0
package/dist/controllers/audit.d.ts.map +1 -0
package/dist/controllers/audit.js +122 -0
package/dist/controllers/audit.js.map +1 -0
package/dist/controllers/cache.d.ts +42 -0
package/dist/controllers/cache.d.ts.map +1 -0
package/dist/controllers/cache.js +247 -0
package/dist/controllers/cache.js.map +1 -0
package/dist/controllers/feedback.d.ts +44 -0
package/dist/controllers/feedback.d.ts.map +1 -0
package/dist/controllers/feedback.js +216 -0
package/dist/controllers/feedback.js.map +1 -0
package/dist/controllers/index.d.ts +9 -0
package/dist/controllers/index.d.ts.map +1 -0
package/dist/controllers/index.js +9 -0
package/dist/controllers/index.js.map +1 -0
package/dist/controllers/skills.d.ts +66 -0
package/dist/controllers/skills.d.ts.map +1 -0
package/dist/controllers/skills.js +355 -0
package/dist/controllers/skills.js.map +1 -0
package/dist/controllers/versions.d.ts +43 -0
package/dist/controllers/versions.d.ts.map +1 -0
package/dist/controllers/versions.js +298 -0
package/dist/controllers/versions.js.map +1 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +78 -0
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +34 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +148 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/error.d.ts +26 -0
package/dist/middleware/error.d.ts.map +1 -0
package/dist/middleware/error.js +102 -0
package/dist/middleware/error.js.map +1 -0
package/dist/middleware/index.d.ts +8 -0
package/dist/middleware/index.d.ts.map +1 -0
package/dist/middleware/index.js +8 -0
package/dist/middleware/index.js.map +1 -0
package/dist/middleware/logger.d.ts +19 -0
package/dist/middleware/logger.d.ts.map +1 -0
package/dist/middleware/logger.js +54 -0
package/dist/middleware/logger.js.map +1 -0
package/dist/middleware/validation.d.ts +671 -0
package/dist/middleware/validation.d.ts.map +1 -0
package/dist/middleware/validation.js +225 -0
package/dist/middleware/validation.js.map +1 -0
package/dist/routes/audit.d.ts +6 -0
package/dist/routes/audit.d.ts.map +1 -0
package/dist/routes/audit.js +54 -0
package/dist/routes/audit.js.map +1 -0
package/dist/routes/cache.d.ts +6 -0
package/dist/routes/cache.d.ts.map +1 -0
package/dist/routes/cache.js +70 -0
package/dist/routes/cache.js.map +1 -0
package/dist/routes/feedback.d.ts +6 -0
package/dist/routes/feedback.d.ts.map +1 -0
package/dist/routes/feedback.js +68 -0
package/dist/routes/feedback.js.map +1 -0
package/dist/routes/health.d.ts +6 -0
package/dist/routes/health.d.ts.map +1 -0
package/dist/routes/health.js +122 -0
package/dist/routes/health.js.map +1 -0
package/dist/routes/index.d.ts +12 -0
package/dist/routes/index.d.ts.map +1 -0
package/dist/routes/index.js +12 -0
package/dist/routes/index.js.map +1 -0
package/dist/routes/scan.d.ts +8 -0
package/dist/routes/scan.d.ts.map +1 -0
package/dist/routes/scan.js +315 -0
package/dist/routes/scan.js.map +1 -0
package/dist/routes/search.d.ts +6 -0
package/dist/routes/search.d.ts.map +1 -0
package/dist/routes/search.js +44 -0
package/dist/routes/search.js.map +1 -0
package/dist/routes/skills.d.ts +6 -0
package/dist/routes/skills.d.ts.map +1 -0
package/dist/routes/skills.js +74 -0
package/dist/routes/skills.js.map +1 -0
package/dist/routes/versions.d.ts +6 -0
package/dist/routes/versions.d.ts.map +1 -0
package/dist/routes/versions.js +66 -0
package/dist/routes/versions.js.map +1 -0
package/dist/server.d.ts +26 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +166 -0
package/dist/server.js.map +1 -0
package/package.json +42 -0
package/src/controllers/audit.ts +175 -0
package/src/controllers/cache.ts +344 -0
package/src/controllers/feedback.ts +309 -0
package/src/controllers/index.ts +9 -0
package/src/controllers/skills.ts +489 -0
package/src/controllers/versions.ts +427 -0
package/src/index.ts +87 -0
package/src/middleware/auth.ts +219 -0
package/src/middleware/error.ts +180 -0
package/src/middleware/index.ts +8 -0
package/src/middleware/logger.ts +71 -0
package/src/middleware/validation.ts +270 -0
package/src/routes/audit.ts +74 -0
package/src/routes/cache.ts +93 -0
package/src/routes/feedback.ts +93 -0
package/src/routes/health.ts +151 -0
package/src/routes/index.ts +12 -0
package/src/routes/scan.ts +428 -0
package/src/routes/search.ts +51 -0
package/src/routes/skills.ts +102 -0
package/src/routes/versions.ts +91 -0
package/src/server.ts +205 -0
package/tsconfig.json +13 -0

package/src/middleware/auth.ts ADDED Viewed

@@ -0,0 +1,219 @@
+/**
+ * Open Skills Hub - Authentication Middleware
+ */
+import type { FastifyRequest, FastifyReply, HookHandlerDoneFunction } from 'fastify';
+import * as crypto from 'crypto';
+import {
+  getConfig,
+  AppError,
+  ErrorCodes,
+} from '@open-skills-hub/core';
+import { logger } from './logger.js';
+export interface AuthUser {
+  id: string;
+  username?: string;
+  type: 'user' | 'api' | 'system';
+  permissions: string[];
+}
+// Extend FastifyRequest to include user
+declare module 'fastify' {
+  interface FastifyRequest {
+    user?: AuthUser;
+  }
+}
+/**
+ * Extract Bearer token from Authorization header
+ */
+function extractBearerToken(request: FastifyRequest): string | null {
+  const authHeader = request.headers.authorization;
+  if (!authHeader) return null;
+  const parts = authHeader.split(' ');
+  if (parts.length !== 2 || parts[0]?.toLowerCase() !== 'bearer') {
+    return null;
+  }
+  return parts[1] ?? null;
+}
+/**
+ * Verify JWT token (simplified - in production use jsonwebtoken library)
+ */
+function verifyToken(token: string, secret: string): AuthUser | null {
+  try {
+    // Simple JWT verification (header.payload.signature)
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const [headerB64, payloadB64, signatureB64] = parts;
+    // Verify signature
+    const data = `${headerB64}.${payloadB64}`;
+    const expectedSignature = crypto
+      .createHmac('sha256', secret)
+      .update(data)
+      .digest('base64url');
+    if (signatureB64 !== expectedSignature) {
+      return null;
+    }
+    // Decode payload
+    const payload = JSON.parse(Buffer.from(payloadB64!, 'base64url').toString());
+    // Check expiration
+    if (payload.exp && Date.now() / 1000 > payload.exp) {
+      return null;
+    }
+    return {
+      id: payload.sub,
+      username: payload.username,
+      type: payload.type || 'user',
+      permissions: payload.permissions || [],
+    };
+  } catch {
+    return null;
+  }
+}
+/**
+ * Authentication middleware - requires valid token
+ */
+export async function requireAuth(
+  request: FastifyRequest,
+  reply: FastifyReply
+): Promise<void> {
+  const config = getConfig().get();
+  // Skip auth if not required
+  if (!config.auth.requireAuth) {
+    // Set a default system user for unauthenticated requests
+    request.user = {
+      id: 'anonymous',
+      type: 'user',
+      permissions: ['read'],
+    };
+    return;
+  }
+  const token = extractBearerToken(request);
+  if (!token) {
+    throw new AppError(
+      ErrorCodes.UNAUTHORIZED,
+      'Authentication required',
+      401
+    );
+  }
+  const secret = config.auth.jwtSecret;
+  if (!secret) {
+    logger.error('JWT secret not configured');
+    throw new AppError(
+      ErrorCodes.INTERNAL_ERROR,
+      'Authentication not configured',
+      500
+    );
+  }
+  const user = verifyToken(token, secret);
+  if (!user) {
+    throw new AppError(
+      ErrorCodes.TOKEN_INVALID,
+      'Invalid or expired token',
+      401
+    );
+  }
+  request.user = user;
+}
+/**
+ * Optional authentication - attaches user if token provided
+ */
+export async function optionalAuth(
+  request: FastifyRequest,
+  _reply: FastifyReply
+): Promise<void> {
+  const config = getConfig().get();
+  const token = extractBearerToken(request);
+  if (!token) {
+    request.user = {
+      id: 'anonymous',
+      type: 'user',
+      permissions: ['read'],
+    };
+    return;
+  }
+  const secret = config.auth.jwtSecret;
+  if (!secret) {
+    request.user = {
+      id: 'anonymous',
+      type: 'user',
+      permissions: ['read'],
+    };
+    return;
+  }
+  const user = verifyToken(token, secret);
+  request.user = user ?? {
+    id: 'anonymous',
+    type: 'user',
+    permissions: ['read'],
+  };
+}
+/**
+ * Permission check middleware
+ */
+export function requirePermission(permission: string) {
+  return async function(
+    request: FastifyRequest,
+    _reply: FastifyReply
+  ): Promise<void> {
+    if (!request.user) {
+      throw new AppError(
+        ErrorCodes.UNAUTHORIZED,
+        'Authentication required',
+        401
+      );
+    }
+    if (!request.user.permissions.includes(permission) && !request.user.permissions.includes('admin')) {
+      throw new AppError(
+        ErrorCodes.INSUFFICIENT_PERMISSIONS,
+        `Permission '${permission}' required`,
+        403
+      );
+    }
+  };
+}
+/**
+ * Generate a simple JWT token (for testing)
+ */
+export function generateToken(user: Omit<AuthUser, 'permissions'> & { permissions?: string[] }, secret: string, expiresIn: number = 86400): string {
+  const header = Buffer.from(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).toString('base64url');
+  const payload = Buffer.from(JSON.stringify({
+    sub: user.id,
+    username: user.username,
+    type: user.type,
+    permissions: user.permissions || [],
+    iat: Math.floor(Date.now() / 1000),
+    exp: Math.floor(Date.now() / 1000) + expiresIn,
+  })).toString('base64url');
+  const signature = crypto
+    .createHmac('sha256', secret)
+    .update(`${header}.${payload}`)
+    .digest('base64url');
+  return `${header}.${payload}.${signature}`;
+}

package/src/middleware/error.ts ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * Open Skills Hub - Error Handling Middleware
+ */
+import type { FastifyRequest, FastifyReply, FastifyError } from 'fastify';
+import { ZodError } from 'zod';
+import {
+  AppError,
+  ErrorCodes,
+  generateShortId,
+  now,
+} from '@open-skills-hub/core';
+import type { ApiResponse, ApiError } from '@open-skills-hub/core';
+import { logger } from './logger.js';
+/**
+ * Build standard API response
+ */
+export function buildApiResponse<T>(
+  request: FastifyRequest,
+  data?: T,
+  error?: ApiError,
+  pagination?: ApiResponse['pagination']
+): ApiResponse<T> {
+  return {
+    success: !error,
+    data,
+    error,
+    pagination,
+    meta: {
+      requestId: request.id as string,
+      timestamp: now(),
+    },
+  };
+}
+/**
+ * Send success response
+ */
+export function sendSuccess<T>(
+  request: FastifyRequest,
+  reply: FastifyReply,
+  data: T,
+  statusCode: number = 200,
+  pagination?: ApiResponse['pagination']
+): void {
+  reply.status(statusCode).send(buildApiResponse(request, data, undefined, pagination));
+}
+/**
+ * Send error response
+ */
+export function sendError(
+  request: FastifyRequest,
+  reply: FastifyReply,
+  code: string,
+  message: string,
+  statusCode: number = 500,
+  details?: Record<string, unknown>
+): void {
+  reply.status(statusCode).send(
+    buildApiResponse(request, undefined, { code, message, details })
+  );
+}
+/**
+ * Convert Zod validation error to API error format
+ */
+function formatZodError(error: ZodError): { message: string; details: Record<string, unknown> } {
+  const issues = error.issues.map(issue => ({
+    path: issue.path.join('.'),
+    message: issue.message,
+    code: issue.code,
+  }));
+  return {
+    message: 'Validation failed',
+    details: {
+      issues,
+      issueCount: issues.length,
+    },
+  };
+}
+/**
+ * Global error handler
+ */
+export function errorHandler(
+  error: FastifyError | Error,
+  request: FastifyRequest,
+  reply: FastifyReply
+): void {
+  // Log the error
+  logger.error('Request error', {
+    error: {
+      name: error.name,
+      message: error.message,
+      stack: error.stack,
+    },
+    requestId: request.id,
+    url: request.url,
+    method: request.method,
+  });
+  // Handle Zod validation errors
+  if (error instanceof ZodError) {
+    const { message, details } = formatZodError(error);
+    sendError(request, reply, ErrorCodes.VALIDATION_FAILED, message, 422, details);
+    return;
+  }
+  // Handle AppError
+  if (error instanceof AppError) {
+    sendError(
+      request,
+      reply,
+      error.code,
+      error.message,
+      error.statusCode,
+      error.details
+    );
+    return;
+  }
+  // Handle Fastify errors
+  if ('statusCode' in error) {
+    const fastifyError = error as FastifyError;
+    // Rate limit exceeded
+    if (fastifyError.statusCode === 429) {
+      sendError(
+        request,
+        reply,
+        ErrorCodes.RATE_LIMITED,
+        'Too many requests, please try again later',
+        429
+      );
+      return;
+    }
+    // Bad request
+    if (fastifyError.statusCode === 400) {
+      sendError(
+        request,
+        reply,
+        ErrorCodes.INVALID_REQUEST,
+        fastifyError.message || 'Bad request',
+        400
+      );
+      return;
+    }
+  }
+  // Generic internal server error
+  sendError(
+    request,
+    reply,
+    ErrorCodes.INTERNAL_ERROR,
+    process.env['NODE_ENV'] === 'production'
+      ? 'An internal error occurred'
+      : error.message,
+    500
+  );
+}
+/**
+ * Not found handler
+ */
+export function notFoundHandler(
+  request: FastifyRequest,
+  reply: FastifyReply
+): void {
+  sendError(
+    request,
+    reply,
+    'NOT_FOUND',
+    `Route ${request.method} ${request.url} not found`,
+    404
+  );
+}

package/src/middleware/index.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Open Skills Hub - Middleware Exports
+ */
+export * from './error.js';
+export * from './logger.js';
+export * from './auth.js';
+export * from './validation.js';

package/src/middleware/logger.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Open Skills Hub - Request Logger Middleware
+ */
+import type { FastifyRequest, FastifyReply } from 'fastify';
+import { logger as baseLogger } from '@open-skills-hub/core';
+import pino from 'pino';
+// Create API-specific logger
+export const logger = baseLogger.child({ module: 'api' });
+/**
+ * Request logging hook
+ */
+export async function requestLogger(
+  request: FastifyRequest,
+  _reply: FastifyReply
+): Promise<void> {
+  // Skip health check logging to reduce noise
+  if (request.url === '/health' || request.url === '/ready') {
+    return;
+  }
+  logger.info('Incoming request', {
+    requestId: request.id,
+    method: request.method,
+    url: request.url,
+    query: request.query,
+    userAgent: request.headers['user-agent'],
+    ip: request.ip,
+    contentLength: request.headers['content-length'],
+  });
+}
+/**
+ * Response logging hook
+ */
+export async function responseLogger(
+  request: FastifyRequest,
+  reply: FastifyReply,
+  payload: unknown
+): Promise<unknown> {
+  // Skip health check logging
+  if (request.url === '/health' || request.url === '/ready') {
+    return payload;
+  }
+  const duration = request.startTime ? Date.now() - request.startTime : 0;
+  logger.info('Request completed', {
+    requestId: request.id,
+    method: request.method,
+    url: request.url,
+    statusCode: reply.statusCode,
+    duration: `${duration}ms`,
+    contentLength: reply.getHeader('content-length'),
+  });
+  return payload;
+}
+/**
+ * Create a child logger with request context
+ */
+export function createRequestLogger(request: FastifyRequest): pino.Logger {
+  return logger.child({
+    requestId: request.id,
+    method: request.method,
+    url: request.url,
+  });
+}