0328caa333
Endpoints (alle Pfade aus app-manifest.json):
- POST /api/v1/share/receive — User-JWT-Auth, ShareEnvelope-Strict-
Validation (cross-user-forbidden), Recipient-Match, Type-Accept-
Lookup über Manifest, Payload-Schema-Validation, Handler-Dispatch
- POST /api/v1/tools/:name — User-JWT, dispatch nach `cards.create`
und `cards.search` mit Tool-Schemas aus @cards/domain
- GET /api/v1/search — User-JWT, ILIKE auf cards.fields jsonb +
decks.name, baut SearchResultEnvelope für mana-search-Aggregator
- GET /api/v1/dsgvo/export?user_id=… — Service-Key, voll-Bundle aller
Cards-Daten des Users (decks, cards, reviews, study_sessions, tags,
media_refs, import_jobs)
- POST /api/v1/dsgvo/delete — Service-Key, kaskadiert via FK-Cascade
decks → cards → reviews/media_refs/card_tags/tags/study_sessions
plus separates Cleanup von import_jobs
Share-Handlers (apps/api/src/share-handlers/):
- create_card_from_quote (mana/quote → front=text, back=source)
- save_link_as_card (mana/url → front=title, back=url+description)
- create_card_from_text (mana/text → front=erste-zeile, back=rest)
Alle landen via ensureInboxDeck() in einem auto-erstellten "Inbox"-Deck
pro User, inklusive automatischer FSRS-Reviews-Init in Transaktion.
Lokales Protocol-Mirror in @cards/domain/src/protocol/ (envelope,
payloads, search): TEMPORARY-Markierung mit Swap-Plan auf
@mana/shared-share-protocol via Verdaccio sobald NPM_AUTH_TOKEN da ist.
Spec-strict — UUID für user_id, ULID für share_id, Crockford-Base32.
Service-Key-Middleware mit constant-time-Compare gegen
process.env.CARDS_DSGVO_SERVICE_KEY (Phase F-1: ersetzt durch
mana-auth.app_service_keys-Lookup).
Tests:
- 70 Vitest-Tests grün (27 cards-domain + 43 apps/api):
- share.test.ts: Auth-Gate, Cross-User-Sperre, User-Mismatch (403),
Wrong-Recipient (422), Unknown-Type (422), Invalid-Payload (422),
Wrapped { envelope, delivery_token }-Body akzeptiert
- tools.test.ts: Auth, Unknown-Tool (404), cards.create-Validation,
cards.search-Envelope-Shape
- search.test.ts: Auth, Missing-Query (422), Query-too-long (422),
Envelope-Version 0.1 + envelope-Felder
- dsgvo.test.ts: Service-Key-Gate (401), Missing-User-ID (400),
Export-Bundle-Shape, Delete-Counts, Key-not-configured (500)
- pnpm run type-check ✅ 4/4 packages
- E2E-Smoke gegen Postgres: Quote-Share→Inbox-Deck→Karte→Search-Hit→
DSGVO-Export+Delete-Roundtrip clean (alle 3 Tabellen 0 nach delete)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
69 lines
2.2 KiB
TypeScript
69 lines
2.2 KiB
TypeScript
// TEMPORARY MIRROR von @mana/shared-share-protocol/envelope.
|
|
//
|
|
// Solange `pkg.mana.how` für Cards nicht erreichbar ist (NPM_AUTH_TOKEN
|
|
// in `~/.npmrc` fehlt), halten wir die Schemas hier lokal. Sobald
|
|
// Verdaccio offen ist, wird diese Datei gegen einen Re-Export aus
|
|
// `@mana/shared-share-protocol` getauscht — alle Imports sind in der
|
|
// Form `import { ShareEnvelopeSchema } from '@cards/domain'` formuliert,
|
|
// damit der Swap eine reine 1-Liner-Edit-Aufgabe ist.
|
|
//
|
|
// Bei jedem Update der mana-Spec muss diese Datei nachgezogen werden,
|
|
// bis der Swap erfolgt. Stand: 2026-05-08, ENVELOPE_VERSION 0.1.
|
|
|
|
import { z } from 'zod';
|
|
|
|
export const ENVELOPE_VERSION = '0.1' as const;
|
|
|
|
const ULID_REGEX = /^[0-9A-HJKMNP-TV-Z]{26}$/;
|
|
const TYPE_NAME_REGEX = /^mana\/[a-z][a-z0-9-]+$/;
|
|
|
|
const SignatureSchema = z.object({
|
|
algorithm: z.literal('eddsa'),
|
|
key_id: z.string().min(1),
|
|
signature: z.string().min(1),
|
|
});
|
|
|
|
export const ShareEnvelopeSchema = z.object({
|
|
envelope_version: z.literal(ENVELOPE_VERSION),
|
|
share_id: z.string().regex(ULID_REGEX, 'must be ULID'),
|
|
|
|
from: z.object({
|
|
app: z.string().min(1),
|
|
app_version: z.string().min(1),
|
|
user_id: z.string().uuid(),
|
|
timestamp: z.string().datetime(),
|
|
instance_id: z.string().max(120).optional(),
|
|
}),
|
|
|
|
to: z.object({
|
|
app: z.string().min(1),
|
|
user_id: z.string().uuid(),
|
|
}),
|
|
|
|
type: z.string().regex(TYPE_NAME_REGEX, 'must be "mana/<kind>"'),
|
|
payload: z.unknown(),
|
|
|
|
source_link: z.string().max(2000).optional(),
|
|
user_note: z.string().max(500).optional(),
|
|
ttl_seconds: z.number().int().positive().optional(),
|
|
|
|
intent: z.enum(['user_action', 'automation', 'agent_tool']).default('user_action'),
|
|
consent_recorded_at: z.string().datetime(),
|
|
|
|
signature: SignatureSchema.optional(),
|
|
});
|
|
|
|
export type ShareEnvelope = z.infer<typeof ShareEnvelopeSchema>;
|
|
|
|
/** Strict-Variante: Cross-User-Shares hart verboten. */
|
|
export const ShareEnvelopeStrictSchema = ShareEnvelopeSchema.refine(
|
|
(env) => env.from.user_id === env.to.user_id,
|
|
{
|
|
message: 'cross-user shares forbidden — from.user_id must equal to.user_id',
|
|
path: ['to', 'user_id'],
|
|
}
|
|
);
|
|
|
|
export function parseEnvelope(raw: unknown) {
|
|
return ShareEnvelopeStrictSchema.safeParse(raw);
|
|
}
|