Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
952684fc256466e40b3f9f1bb1df6bb148b9ee85
SkyMoney/docs/api-phase8-move-log.md
Ricearoni1245 952684fc25
All checks were successful
Deploy / deploy (push) Successful in 1m32s
Details
Security Tests / security-non-db (push) Successful in 21s
Details
Security Tests / security-db (push) Successful in 27s
Details
phase 8: site-access and admin simplified and compacted
2026-03-18 06:43:19 -05:00

71 lines
3.3 KiB
Markdown
Raw Blame History

# API Phase 8 Move Log
Date: 2026-03-17
Scope: Move `admin` and `site-access` endpoints out of `api/src/server.ts` into dedicated route modules.
## Route Registration Changes
- Added site-access route import in [server.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/server.ts:24)
- Added admin route import in [server.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/server.ts:25)
- Registered site-access routes in [server.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/server.ts:946)
- Registered admin routes in [server.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/server.ts:960)
- New canonical route modules:
- [site-access.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/site-access.ts:29)
- [admin.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/admin.ts:10)
- Removed inline route blocks from `server.ts` to avoid duplicate registration:
- `GET /site-access/status`
- `POST /site-access/unlock`
- `POST /site-access/lock`
- `POST /admin/rollover`
## Endpoint Movements
1. `GET /site-access/status`
- Original: `server.ts` line 946
- Moved to [site-access.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/site-access.ts:30)
- References:
- [siteAccess.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/api/siteAccess.ts:10)
- [BetaGate.tsx](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/components/BetaGate.tsx:20)
- [BetaAccessPage.tsx](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/pages/BetaAccessPage.tsx:22)
2. `POST /site-access/unlock`
- Original: `server.ts` line 957
- Moved to [site-access.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/site-access.ts:41)
- References:
- [siteAccess.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/api/siteAccess.ts:14)
- [BetaAccessPage.tsx](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/pages/BetaAccessPage.tsx:40)
3. `POST /site-access/lock`
- Original: `server.ts` line 994
- Moved to [site-access.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/site-access.ts:78)
- References:
- [siteAccess.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/api/siteAccess.ts:18)
- [BetaAccessPage.tsx](/mnt/c/Users/jholt/clone-test/SkyMoney/web/src/pages/BetaAccessPage.tsx:59)
4. `POST /admin/rollover`
- Original: `server.ts` line 1045
- Moved to [admin.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/src/routes/admin.ts:11)
- References:
- [access-control.admin-rollover.test.ts](/mnt/c/Users/jholt/clone-test/SkyMoney/api/tests/access-control.admin-rollover.test.ts:44)
## Helper Ownership in Phase 8
- Shared helper injection from `server.ts`:
- `authRateLimit`
- `mutationRateLimit`
- `hasSiteAccessBypass`
- `safeEqual`
- `isInternalClientIp`
- runtime config flags and cookie settings (`UNDER_CONSTRUCTION`, break-glass, cookie domain/secure, etc.)
- Route-local helpers/schemas:
- `site-access.ts`: unlock payload schema
- `admin.ts`: rollover payload schema
- Retained in `server.ts` by design for global hook behavior:
- site-access bypass token derivation and onRequest maintenance-mode enforcement
## Verification
1. Build
- `cd api && npm run build`
2. Focused tests
- `cd api && npm run test -- tests/access-control.admin-rollover.test.ts tests/security-misconfiguration.test.ts`
- Result: blocked by local DB connectivity (`127.0.0.1:5432` unavailable), suite skipped/failed before endpoint assertions.
Reference in New Issue View Git Blame Copy Permalink