2026-05-19 00:24:47 +02:00
|
|
|
import Fastify from 'fastify';
|
|
|
|
|
import cors from '@fastify/cors';
|
|
|
|
|
import cookie from '@fastify/cookie';
|
|
|
|
|
import websocket from '@fastify/websocket';
|
|
|
|
|
import { config } from './config.js';
|
|
|
|
|
import { authRoutes } from './routes/auth.js';
|
|
|
|
|
import { serverRoutes } from './routes/servers.js';
|
|
|
|
|
import { oauthRoutes } from './routes/oauth.js';
|
feat(api,generator): preview endpoint + spec cache + audit-log writes
- POST /v1/servers/preview runs Claude synchronously, validates output, caches spec
in Redis under preview:<id> with 5min TTL, returns previewId+spec+detectedSecrets.
- POST /v1/servers accepts optional previewId; worker reuses the cached spec if
the entry is still present, otherwise regenerates fresh. Skips the second
Claude round-trip (~30s saved on the demoable path).
- audit() helper writes auth.login, auth.logout, server.create, server.iterate,
server.delete to audit_log with ip, metadata, resourceId.
- GET /v1/me/org returns organization + members list for the settings page.
- GET /v1/audit?limit=&action=&resourceType= returns scoped audit entries.
2026-05-19 18:08:29 +02:00
|
|
|
import { settingsRoutes } from './routes/settings.js';
|
2026-05-19 00:24:47 +02:00
|
|
|
|
|
|
|
|
const app = Fastify({
|
|
|
|
|
logger: {
|
|
|
|
|
level: config.NODE_ENV === 'production' ? 'info' : 'debug',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await app.register(cors, {
|
|
|
|
|
origin: [config.NEXT_PUBLIC_APP_URL],
|
|
|
|
|
credentials: true,
|
|
|
|
|
});
|
|
|
|
|
await app.register(cookie);
|
|
|
|
|
await app.register(websocket, { options: { maxPayload: 1024 * 1024 } });
|
|
|
|
|
|
|
|
|
|
app.get('/health', async () => ({ ok: true, ts: Date.now() }));
|
|
|
|
|
|
|
|
|
|
await app.register(authRoutes);
|
|
|
|
|
await app.register(serverRoutes);
|
|
|
|
|
await app.register(oauthRoutes);
|
feat(api,generator): preview endpoint + spec cache + audit-log writes
- POST /v1/servers/preview runs Claude synchronously, validates output, caches spec
in Redis under preview:<id> with 5min TTL, returns previewId+spec+detectedSecrets.
- POST /v1/servers accepts optional previewId; worker reuses the cached spec if
the entry is still present, otherwise regenerates fresh. Skips the second
Claude round-trip (~30s saved on the demoable path).
- audit() helper writes auth.login, auth.logout, server.create, server.iterate,
server.delete to audit_log with ip, metadata, resourceId.
- GET /v1/me/org returns organization + members list for the settings page.
- GET /v1/audit?limit=&action=&resourceType= returns scoped audit entries.
2026-05-19 18:08:29 +02:00
|
|
|
await app.register(settingsRoutes);
|
2026-05-19 00:24:47 +02:00
|
|
|
|
|
|
|
|
app.setErrorHandler((err, _req, reply) => {
|
|
|
|
|
app.log.error(err);
|
|
|
|
|
if (!reply.sent) {
|
|
|
|
|
reply.code(err.statusCode ?? 500).send({ error: err.message ?? 'internal_error' });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await app.listen({ port: config.PORT, host: '0.0.0.0' });
|
|
|
|
|
app.log.info(`api listening on http://localhost:${config.PORT}`);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
app.log.error(err);
|
|
|
|
|
process.exit(1);
|
|
|
|
|
}
|
