03117d5869
Neuer User-JWT-Pfad GET/POST /api/v1/me/{export,delete} — gespiegelte
DSGVO-Logik aus dem Service-Key-Pfad, aber gegen die eigene User-ID
gated. buildUserExport extrahiert in dsgvo.ts und wird von beiden
Routern geteilt.
/account-Page zeigt User-ID, Logout, JSON-Daten-Export (Download als
Blob), und einen rot-markierten Account-Delete-Knopf mit "LÖSCHEN"-
Confirmation. Logout im Header verlinkt jetzt auf /account statt
direkt clear() — der User sieht zuerst, was an seinem Account hängt.
Andere mana-Apps werden nicht mit gelöscht — der UI-Hinweistext zeigt
auf die spätere Verein-DSGVO-Sammelanfrage über mana-admin.
48 API-Tests grün (+2 neue auth-gate-Tests für /me), web type-check
374 files 0 errors.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
60 lines
1.8 KiB
TypeScript
60 lines
1.8 KiB
TypeScript
import { Hono } from 'hono';
|
|
import { cors } from 'hono/cors';
|
|
|
|
import { manifestRoute } from './routes/manifest.ts';
|
|
import { healthRoute } from './routes/health.ts';
|
|
import { decksRouter } from './routes/decks.ts';
|
|
import { cardsRouter } from './routes/cards.ts';
|
|
import { reviewsRouter } from './routes/reviews.ts';
|
|
import { shareRouter } from './routes/share.ts';
|
|
import { toolsRouter } from './routes/tools.ts';
|
|
import { searchRouter } from './routes/search.ts';
|
|
import { dsgvoRouter } from './routes/dsgvo.ts';
|
|
import { meRouter } from './routes/me.ts';
|
|
|
|
const app = new Hono();
|
|
|
|
app.use(
|
|
'*',
|
|
cors({
|
|
origin: (origin) => {
|
|
if (!origin) return origin;
|
|
// Dev: localhost-Ports erlaubt. Prod: explizite Whitelist.
|
|
if (/^https?:\/\/localhost(:\d+)?$/.test(origin)) return origin;
|
|
if (/^https?:\/\/127\.0\.0\.1(:\d+)?$/.test(origin)) return origin;
|
|
if (origin === 'https://cardecky.mana.how') return origin;
|
|
return null;
|
|
},
|
|
allowHeaders: ['Content-Type', 'X-User-Id', 'Authorization', 'X-Service-Key'],
|
|
allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],
|
|
credentials: true,
|
|
})
|
|
);
|
|
|
|
app.route('/', healthRoute);
|
|
app.route('/.well-known/mana-app.json', manifestRoute);
|
|
app.route('/api/v1/decks', decksRouter());
|
|
app.route('/api/v1/cards', cardsRouter());
|
|
app.route('/api/v1/reviews', reviewsRouter());
|
|
app.route('/api/v1/share', shareRouter());
|
|
app.route('/api/v1/tools', toolsRouter());
|
|
app.route('/api/v1/search', searchRouter());
|
|
app.route('/api/v1/dsgvo', dsgvoRouter());
|
|
app.route('/api/v1/me', meRouter());
|
|
|
|
app.get('/', (c) =>
|
|
c.json({
|
|
app: 'cards',
|
|
version: process.env.CARDS_API_VERSION ?? '0.0.0',
|
|
see: '/.well-known/mana-app.json',
|
|
})
|
|
);
|
|
|
|
const port = Number(process.env.CARDS_API_PORT ?? 3081);
|
|
|
|
console.log(`[cards-api] listening on http://localhost:${port}`);
|
|
|
|
export default {
|
|
port,
|
|
fetch: app.fetch,
|
|
};
|