andrei/url_tracker_tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
459eda89fe3f47ee7c625c79c82d30e436909bd7
url_tracker_tool/apps/api/src/index.ts
Andrei 459eda89fe feat(phase-1): implement PostgreSQL + Prisma + Authentication system 
Core Features:
- Complete Prisma database schema with all entities (users, orgs, projects, checks, etc.)
- Production-grade authentication service with Argon2 password hashing
- JWT-based session management with HttpOnly cookies
- Comprehensive auth middleware with role-based access control
- RESTful auth API endpoints: register, login, logout, me, refresh
- Database seeding with demo data for development
- Rate limiting on auth endpoints (5 attempts/15min)

Technical Implementation:
- Type-safe authentication with Zod validation
- Proper error handling and logging throughout
- Secure password hashing with Argon2id
- JWT tokens with 7-day expiration
- Database transactions for atomic operations
- Comprehensive middleware for optional/required auth
- Role hierarchy system (MEMBER < ADMIN < OWNER)

Database Schema:
- Users with secure password storage
- Organizations with membership management
- Projects for organizing redirect checks
- Complete audit logging system
- API key management for programmatic access
- Bulk job tracking for future phases

Backward Compatibility:
- All existing endpoints preserved and functional
- No breaking changes to legacy API responses
- New auth system runs alongside existing functionality

Ready for Phase 2: Enhanced redirect tracking with database persistence
2025-08-18 07:25:45 +00:00

340 lines
9.6 KiB
TypeScript
Raw Blame History

/**
* Redirect Intelligence v2 API Server
*
* This server maintains 100% backward compatibility with existing endpoints
* while providing a foundation for new v2 features.
*/
import 'dotenv/config';
import express from 'express';
import cors from 'cors';
import helmet from 'helmet';
import compression from 'compression';
import cookieParser from 'cookie-parser';
import rateLimit from 'express-rate-limit';
import path from 'path';
import { logger } from './lib/logger';
import { trackRedirects } from './services/redirect-legacy.service';
import authRoutes from './routes/auth.routes';
const app = express();
const PORT = process.env.PORT || 3333;
// Security middleware
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net"],
scriptSrc: ["'self'", "https://cdn.jsdelivr.net"],
imgSrc: ["'self'", "data:", "https:"],
},
},
}));
// Compression middleware
app.use(compression());
// CORS middleware
app.use(cors({
origin: process.env.WEB_URL || 'http://localhost:3000',
credentials: true,
optionsSuccessStatus: 200 // Some legacy browsers (IE11, various SmartTVs) choke on 204
}));
// Body parsing middleware
app.use(express.json({ limit: '10mb' }));
app.use(express.urlencoded({ extended: true, limit: '10mb' }));
app.use(cookieParser());
// Static files (preserve existing behavior)
app.use(express.static(path.join(__dirname, '../../../public')));
// Rate limiting (EXACT same configuration as before)
const apiLimiter = rateLimit({
windowMs: 60 * 60 * 1000, // 1 hour
max: 100, // limit each IP to 100 requests per windowMs
message: { error: 'Too many requests, please try again later.' },
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
});
// ============================================================================
// NEW V2 API ROUTES
// ============================================================================
// Authentication routes
app.use('/api/v1/auth', authRoutes);
// Health check endpoint
app.get('/health', (req, res) => {
res.json({
status: 'ok',
timestamp: new Date().toISOString(),
version: '2.0.0',
environment: process.env.NODE_ENV || 'development'
});
});
// ============================================================================
// LEGACY ENDPOINTS - EXACT SAME BEHAVIOR AS BEFORE
// ============================================================================
// Original endpoint (deprecated but maintained for backward compatibility)
app.post('/api/track', async (req, res) => {
const { url, method = 'GET', userAgent } = req.body;
if (!url) {
return res.status(400).json({ error: 'URL is required' });
}
try {
// Ensure URL has a protocol
let inputUrl = url;
if (!inputUrl.startsWith('http://') && !inputUrl.startsWith('https://')) {
inputUrl = 'http://' + inputUrl;
}
// Set up request options
const options = {
method: method.toUpperCase(),
userAgent
};
const redirectChain = await trackRedirects(inputUrl, [], options);
res.json({ redirects: redirectChain });
} catch (error) {
logger.error('Legacy /api/track error:', error);
res.status(500).json({ error: 'Failed to track redirects' });
}
});
// API v1 track endpoint (POST)
app.post('/api/v1/track', apiLimiter, async (req, res) => {
const { url, method = 'GET', userAgent } = req.body;
if (!url) {
return res.status(400).json({
error: 'URL is required',
status: 400,
success: false
});
}
try {
// Ensure URL has a protocol
let inputUrl = url;
if (!inputUrl.startsWith('http://') && !inputUrl.startsWith('https://')) {
inputUrl = 'http://' + inputUrl;
}
// Set up request options
const options = {
method: method.toUpperCase(),
userAgent
};
const redirectChain = await trackRedirects(inputUrl, [], options);
// Format the response in a more standardized API format
res.json({
success: true,
status: 200,
data: {
url: inputUrl,
method: options.method,
redirectCount: redirectChain.length - 1,
finalUrl: redirectChain[redirectChain.length - 1]?.url,
finalStatusCode: redirectChain[redirectChain.length - 1]?.statusCode,
redirects: redirectChain
}
});
} catch (error) {
logger.error('API v1 track error:', error);
res.status(500).json({
error: 'Failed to track redirects',
message: error instanceof Error ? error.message : 'Unknown error',
status: 500,
success: false
});
}
});
// API v1 track endpoint with GET method support (for easy browser/curl usage)
app.get('/api/v1/track', apiLimiter, async (req, res) => {
const { url, method = 'GET', userAgent } = req.query;
if (!url) {
return res.status(400).json({
error: 'URL parameter is required',
status: 400,
success: false
});
}
try {
// Ensure URL has a protocol
let inputUrl = url as string;
if (!inputUrl.startsWith('http://') && !inputUrl.startsWith('https://')) {
inputUrl = 'http://' + inputUrl;
}
// Set up request options
const options = {
method: ((method as string) || 'GET').toUpperCase(),
userAgent: userAgent as string
};
const redirectChain = await trackRedirects(inputUrl, [], options);
// Format the response in a more standardized API format
res.json({
success: true,
status: 200,
data: {
url: inputUrl,
method: options.method,
redirectCount: redirectChain.length - 1,
finalUrl: redirectChain[redirectChain.length - 1]?.url,
finalStatusCode: redirectChain[redirectChain.length - 1]?.statusCode,
redirects: redirectChain
}
});
} catch (error) {
logger.error('API v1 track GET error:', error);
res.status(500).json({
error: 'Failed to track redirects',
message: error instanceof Error ? error.message : 'Unknown error',
status: 500,
success: false
});
}
});
// API documentation endpoint (preserve existing)
app.get('/api/docs', (req, res) => {
const apiDocs = `
<!DOCTYPE html>
<html>
<head>
<title>URL Redirect Tracker API</title>
<style>
body { font-family: Arial, sans-serif; line-height: 1.6; max-width: 800px; margin: 0 auto; padding: 20px; }
pre { background: #f4f4f4; padding: 10px; border-radius: 5px; overflow-x: auto; }
table { border-collapse: collapse; width: 100%; }
th, td { text-align: left; padding: 8px; border: 1px solid #ddd; }
th { background-color: #f2f2f2; }
.method { display: inline-block; padding: 3px 8px; border-radius: 3px; color: white; font-weight: bold; }
.get { background-color: #61affe; }
.post { background-color: #49cc90; }
</style>
</head>
<body>
<h1>URL Redirect Tracker API Documentation</h1>
<p>This API allows you to programmatically track and analyze URL redirect chains with detailed information.</p>
<h2>Rate Limiting</h2>
<p>The API is limited to 100 requests per hour per IP address.</p>
<h2>Endpoints</h2>
<h3><span class="method post">POST</span> /api/v1/track</h3>
<p>Track a URL and get the full redirect chain using a POST request.</p>
<h4>Request Parameters (JSON Body)</h4>
<table>
<tr>
<th>Parameter</th>
<th>Type</th>
<th>Required</th>
<th>Description</th>
</tr>
<tr>
<td>url</td>
<td>string</td>
<td>Yes</td>
<td>The URL to track (e.g., "example.com")</td>
</tr>
<tr>
<td>method</td>
<td>string</td>
<td>No</td>
<td>HTTP method (GET, HEAD, POST). Default: "GET"</td>
</tr>
<tr>
<td>userAgent</td>
<td>string</td>
<td>No</td>
<td>Custom User-Agent header</td>
</tr>
</table>
<h4>Example Request</h4>
<pre>
curl -X POST http://localhost:${PORT}/api/v1/track \\
-H "Content-Type: application/json" \\
-d '{
"url": "github.com",
"method": "GET"
}'
</pre>
<h3><span class="method get">GET</span> /api/v1/track</h3>
<p>Track a URL and get the full redirect chain using a GET request with query parameters.</p>
<h4>Example Request</h4>
<pre>
curl "http://localhost:${PORT}/api/v1/track?url=github.com&method=GET"
</pre>
<p><a href="/">Back to URL Redirect Tracker</a></p>
</body>
</html>
`;
res.send(apiDocs);
});
// Catch-all for serving the frontend (preserve existing behavior)
app.get('/', (req, res) => {
res.sendFile(path.join(__dirname, '../../../public', 'index.html'));
});
// Global error handler
app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.error('Unhandled error:', err);
res.status(500).json({
success: false,
error: 'Internal server error',
message: process.env.NODE_ENV === 'development' ? err.message : 'Something went wrong'
});
});
// 404 handler
app.use((req, res) => {
res.status(404).json({
success: false,
error: 'Not found',
message: `Route ${req.method} ${req.path} not found`
});
});
// Graceful shutdown
process.on('SIGTERM', () => {
logger.info('SIGTERM received, shutting down gracefully');
process.exit(0);
});
process.on('SIGINT', () => {
logger.info('SIGINT received, shutting down gracefully');
process.exit(0);
});
app.listen(PORT, () => {
logger.info(`🚀 Redirect Intelligence v2 API Server running on http://localhost:${PORT}`);
logger.info(`📖 API Documentation: http://localhost:${PORT}/api/docs`);
logger.info(`🏥 Health Check: http://localhost:${PORT}/health`);
});
export default app;
Reference in New Issue View Git Blame Copy Permalink