0328caa333
Endpoints (alle Pfade aus app-manifest.json):
- POST /api/v1/share/receive — User-JWT-Auth, ShareEnvelope-Strict-
Validation (cross-user-forbidden), Recipient-Match, Type-Accept-
Lookup über Manifest, Payload-Schema-Validation, Handler-Dispatch
- POST /api/v1/tools/:name — User-JWT, dispatch nach `cards.create`
und `cards.search` mit Tool-Schemas aus @cards/domain
- GET /api/v1/search — User-JWT, ILIKE auf cards.fields jsonb +
decks.name, baut SearchResultEnvelope für mana-search-Aggregator
- GET /api/v1/dsgvo/export?user_id=… — Service-Key, voll-Bundle aller
Cards-Daten des Users (decks, cards, reviews, study_sessions, tags,
media_refs, import_jobs)
- POST /api/v1/dsgvo/delete — Service-Key, kaskadiert via FK-Cascade
decks → cards → reviews/media_refs/card_tags/tags/study_sessions
plus separates Cleanup von import_jobs
Share-Handlers (apps/api/src/share-handlers/):
- create_card_from_quote (mana/quote → front=text, back=source)
- save_link_as_card (mana/url → front=title, back=url+description)
- create_card_from_text (mana/text → front=erste-zeile, back=rest)
Alle landen via ensureInboxDeck() in einem auto-erstellten "Inbox"-Deck
pro User, inklusive automatischer FSRS-Reviews-Init in Transaktion.
Lokales Protocol-Mirror in @cards/domain/src/protocol/ (envelope,
payloads, search): TEMPORARY-Markierung mit Swap-Plan auf
@mana/shared-share-protocol via Verdaccio sobald NPM_AUTH_TOKEN da ist.
Spec-strict — UUID für user_id, ULID für share_id, Crockford-Base32.
Service-Key-Middleware mit constant-time-Compare gegen
process.env.CARDS_DSGVO_SERVICE_KEY (Phase F-1: ersetzt durch
mana-auth.app_service_keys-Lookup).
Tests:
- 70 Vitest-Tests grün (27 cards-domain + 43 apps/api):
- share.test.ts: Auth-Gate, Cross-User-Sperre, User-Mismatch (403),
Wrong-Recipient (422), Unknown-Type (422), Invalid-Payload (422),
Wrapped { envelope, delivery_token }-Body akzeptiert
- tools.test.ts: Auth, Unknown-Tool (404), cards.create-Validation,
cards.search-Envelope-Shape
- search.test.ts: Auth, Missing-Query (422), Query-too-long (422),
Envelope-Version 0.1 + envelope-Felder
- dsgvo.test.ts: Service-Key-Gate (401), Missing-User-ID (400),
Export-Bundle-Shape, Delete-Counts, Key-not-configured (500)
- pnpm run type-check ✅ 4/4 packages
- E2E-Smoke gegen Postgres: Quote-Share→Inbox-Deck→Karte→Search-Hit→
DSGVO-Export+Delete-Roundtrip clean (alle 3 Tabellen 0 nach delete)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
119 lines
3.1 KiB
TypeScript
119 lines
3.1 KiB
TypeScript
import { Hono } from 'hono';
|
|
|
|
import { parseEnvelope, validatePayloadForType } from '@cards/domain';
|
|
|
|
import manifest from '../../../../app-manifest.json' with { type: 'json' };
|
|
|
|
import { getDb, type CardsDb } from '../db/connection.ts';
|
|
import { authMiddleware, type AuthVars } from '../middleware/auth.ts';
|
|
import { SHARE_HANDLERS, type ShareHandlerName } from '../share-handlers/index.ts';
|
|
|
|
export type ShareDeps = { db?: CardsDb };
|
|
|
|
/** Manifest-Lookup: Type → Handler-Name. */
|
|
const ACCEPTS_BY_TYPE = new Map(manifest.accepts.map((a) => [a.type, a.handler] as const));
|
|
|
|
export function shareRouter(deps: ShareDeps = {}): Hono<{ Variables: AuthVars }> {
|
|
const r = new Hono<{ Variables: AuthVars }>();
|
|
const dbOf = () => deps.db ?? getDb();
|
|
|
|
r.use('*', authMiddleware);
|
|
|
|
r.post('/receive', async (c) => {
|
|
const userId = c.get('userId');
|
|
|
|
// Body kann `{ envelope, delivery_token }` oder direkt der Envelope sein.
|
|
const body = await c.req.json().catch(() => null);
|
|
if (!body || typeof body !== 'object') {
|
|
return c.json({ accepted: false, reason: 'invalid_json' }, 400);
|
|
}
|
|
const wrapped = body as { envelope?: unknown; delivery_token?: string };
|
|
const rawEnvelope = wrapped.envelope ?? body;
|
|
// const deliveryToken = wrapped.delivery_token; // Phase F-1: validieren
|
|
|
|
// 1. Schema-Validierung (inkl. Cross-User-Sperre)
|
|
const parsed = parseEnvelope(rawEnvelope);
|
|
if (!parsed.success) {
|
|
return c.json(
|
|
{
|
|
accepted: false,
|
|
reason: 'envelope_invalid',
|
|
issues: parsed.error.issues.map(
|
|
(i) => `${i.path.join('.') || '<root>'}: ${i.message}`
|
|
),
|
|
},
|
|
422
|
|
);
|
|
}
|
|
const env = parsed.data;
|
|
|
|
// 2. User-Match
|
|
if (env.to.user_id !== userId) {
|
|
return c.json({ accepted: false, reason: 'user_id_mismatch' }, 403);
|
|
}
|
|
|
|
// 3. Empfänger-App-Match
|
|
if (env.to.app !== manifest.id) {
|
|
return c.json(
|
|
{
|
|
accepted: false,
|
|
reason: 'wrong_recipient',
|
|
expected: manifest.id,
|
|
actual: env.to.app,
|
|
},
|
|
422
|
|
);
|
|
}
|
|
|
|
// 4. Type akzeptiert?
|
|
const handlerName = ACCEPTS_BY_TYPE.get(env.type);
|
|
if (!handlerName) {
|
|
return c.json(
|
|
{ accepted: false, reason: 'type_not_accepted', type: env.type },
|
|
422
|
|
);
|
|
}
|
|
|
|
// 5. Payload validieren gegen sein eigenes Schema
|
|
const payloadCheck = validatePayloadForType(env.type, env.payload);
|
|
if (!payloadCheck.success) {
|
|
return c.json(
|
|
{
|
|
accepted: false,
|
|
reason: payloadCheck.error,
|
|
issues: 'issues' in payloadCheck ? payloadCheck.issues : undefined,
|
|
},
|
|
422
|
|
);
|
|
}
|
|
|
|
// 6. Handler holen + dispatchen
|
|
const handler = SHARE_HANDLERS[handlerName as ShareHandlerName];
|
|
if (!handler) {
|
|
return c.json(
|
|
{ accepted: false, reason: 'handler_not_registered', handler: handlerName },
|
|
501
|
|
);
|
|
}
|
|
|
|
try {
|
|
const result = await handler(dbOf(), userId, payloadCheck.data as never);
|
|
return c.json({
|
|
accepted: true,
|
|
target_link: result.target_link,
|
|
resulting_id: result.resulting_id,
|
|
});
|
|
} catch (e) {
|
|
return c.json(
|
|
{
|
|
accepted: false,
|
|
reason: 'handler_error',
|
|
message: (e as Error).message,
|
|
},
|
|
500
|
|
);
|
|
}
|
|
});
|
|
|
|
return r;
|
|
}
|