core/php-api
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
12 commits 2 branches 0 tags 307 KiB
Commit graph

12 commits

This branch
This branch
All branches
Author SHA1 Message Date
Snider
2fe92e3709 test(api): add comprehensive OpenAPI documentation tests (P2-009) 
Covers schema generation, attribute parsing, and extension system:
- OpenApiBuilder controller scanning and path generation
- ApiParameter attribute parsing with all parameter types
- ApiResponse attribute rendering with status code descriptions
- ApiSecurity authentication requirements
- ApiHidden endpoint filtering
- Extension system (WorkspaceHeader, RateLimit, ApiKeyAuth)
- Error response documentation (401, 403, 429)
- Request/response examples validation
- Caching behaviour and route exclusion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:46:49 +00:00
Snider
82b1f1312a test(ratelimit): add comprehensive rate limiting tests (P2-007) 
Add extensive test coverage for the API rate limiting middleware:

- Rate limit enforcement: request blocking, window expiration, disable flag
- Rate limit headers: X-RateLimit-Limit/Remaining/Reset, Retry-After
- Tier-based limits: free/starter/pro/agency/enterprise with correct limits
- Workspace-scoped limits: isolation between workspaces
- Burst allowance: effective limits with burst multiplier
- Quota exceeded responses: 429 status, JSON error format, retry info
- API key-based limiting: isolation between keys
- IP-based limiting: for unauthenticated requests
- Per-endpoint limits: config-based endpoint-specific limits
- Rate limit bypass: when disabled globally

Uses Pest syntax with describe/it blocks and MockTieredWorkspace
class for testing tier-based rate limits.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:43:28 +00:00
Snider
97d0b32ed5 test(scopes): add comprehensive API scope enforcement tests (P2-008) 
- Implement wildcard scope matching in ApiKey::hasScope():
  - Resource wildcards (posts:*) grant all actions on resource
  - Action wildcards (*:read) grant action on all resources
  - Full wildcard (*) grants universal access
- Add hasAnyScope() method for OR-style scope checking
- Add extensive tests for:
  - EnforceApiScope middleware validation
  - CheckApiScope middleware with explicit requirements
  - Wildcard scope matching (posts:*, *:read, *)
  - Scope inheritance and hierarchy
  - Error response formatting with required/provided scopes
  - Edge cases (null scopes, case sensitivity, nested colons)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:34:40 +00:00
Snider
49c862b6c1 feat(security): add API key IP whitelisting with CIDR support (P1-004) 
- P1-002: API key security tests verified (bcrypt, rotation)
- P1-003: Webhook signature tests verified (HMAC-SHA256)
- P1-004: IP whitelisting with IPv4/IPv6 CIDR support

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:20:58 +00:00
Snider
919f7e1fc1 docs: add package documentation 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 10:47:51 +00:00
Snider
1da124a92a docs: rewrite CLAUDE.md for core-api package specifics 
Replace generic monorepo instructions with package-specific guidance:
- Document actual src/ structure with Core\Api and Core\Website\Api namespaces
- Add package-relevant commands (pest, pint)
- Document key middleware components and OpenAPI attributes
- Remove irrelevant app/Mod/ module structure references

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 14:06:13 +00:00
Snider
d77ebdf69e refactor: update namespaces for L1 package convention 
- Mod\Api -> Core\Api
- Mod\Tenant -> Core\Tenant

Part of namespace restructure to align with L1/L2 module conventions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 17:34:34 +00:00
Snider
058d65252d docs: add API documentation plan and module code review 
Add comprehensive API documentation strategy for api.host.uk.com including
OpenAPI/Scramble setup, SDK generation configs for 11 languages, and
multi-registry publishing workflow.

Include updated code review documenting Wave 2 improvements bringing the
Api module to 92/100 production readiness with all P1 issues resolved.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:21:41 +00:00
Snider
57fa0d6727 refactor(api): relocate API module to Core\Api namespace 
Move API module from src/Mod/Api/ to src/Api/ and update namespace
from Core\Mod\Api\ to Core\Api\ as part of monorepo separation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:14:36 +00:00
Snider
9cc9e4a178 feat(api): add webhook template manager and secret rotation 
- Add WebhookPayloadTemplate model with builtin template support
- Add WebhookTemplateService for template rendering (Mustache, JSON)
- Add WebhookSecretRotationService with grace period handling
- Add WebhookTemplateController and WebhookSecretController API endpoints
- Add WebhookTemplateManager Livewire component for admin UI
- Add CleanupExpiredSecrets console command
- Add BuiltinTemplateType and WebhookTemplateFormat enums
- Add migrations for api tables and secret rotation fields

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 10:17:54 +00:00
Snider
931974645b monorepo sepration 2026-01-26 20:57:08 +00:00
Snider
3265159fdc
Initial commit 2026-01-26 20:47:46 +00:00