chore(release): bump version to 1.7.0
Docs Check / Markdown lint (push) Failing after 25s
Build and Push Docker Image / build (push) Successful in 1m22s
Licence Check / Licence compatibility and copyright header verification (push) Failing after 1m8s
CI / Swagger Validation & Coverage (push) Successful in 1m51s
CI / Security audit (push) Successful in 2m2s
Docs Check / Mermaid diagram parse check (push) Successful in 2m11s
CI / Tests & coverage (push) Failing after 2m17s
Docs Check / Markdown lint (push) Failing after 25s
Build and Push Docker Image / build (push) Successful in 1m22s
Licence Check / Licence compatibility and copyright header verification (push) Failing after 1m8s
CI / Swagger Validation & Coverage (push) Successful in 1m51s
CI / Security audit (push) Successful in 2m2s
Docs Check / Mermaid diagram parse check (push) Successful in 2m11s
CI / Tests & coverage (push) Failing after 2m17s
- Increment version from 1.6.0 to 1.7.0 in package.json - Add detailed CHANGELOG.md entry for Swagger UI & OpenAPI 3.1 documentation - Update README.md version highlight to mention Swagger UI - Add API Documentation System section (7.4) to ARCHITECTURE.md - Add swagger-ui-express, swagger-jsdoc, yamljs, spectral-cli to Technology Stack - Update High-Level Architecture diagram with Swagger UI node - Update Request routing summary to include /api/swagger - Update SECURITY.md: Threat Model, Rate Limits, and Supported Versions tables
This commit is contained in:
@@ -52,6 +52,7 @@ flowchart TB
|
||||
status["Status Panel\n(Admin only)"]
|
||||
history["History Tab"]
|
||||
webhooks["Webhook Config"]
|
||||
swagger["Swagger UI\n/api/swagger"]
|
||||
end
|
||||
|
||||
subgraph Server["Express Server (:3001)"]
|
||||
@@ -122,6 +123,7 @@ Express Server (:3001)
|
||||
├── cookie-parser (HMAC-signed session cookie)
|
||||
├── verifyCsrf (double-submit cookie, all state-changing /api routes except auth + webhook)
|
||||
│
|
||||
├── /api/swagger → Swagger UI (public, auth banner for testing)
|
||||
├── /api/auth → login, logout, me, csrf
|
||||
├── /api/webhook → [rate-limit] → [secret validation] → [payload validation]
|
||||
│ → [replay check] → updateWebhookMetrics → processWebhookEvent
|
||||
@@ -826,6 +828,72 @@ Related functions in `filters.js`:
|
||||
|
||||
Downloads are sorted by client order (matching the configuration order) and filtered by the selected client IDs.
|
||||
|
||||
### 7.4 API Documentation System
|
||||
|
||||
sofarr exposes interactive API documentation via **Swagger UI** at `/api/swagger`, using a hybrid documentation model that balances maintainability with consistency.
|
||||
|
||||
#### Architecture
|
||||
|
||||
```
|
||||
server/openapi.yaml Central spec: base metadata, security schemes, reusable schemas
|
||||
│
|
||||
│ merge at runtime (swagger-jsdoc)
|
||||
▼
|
||||
server/routes/*.js JSDoc @openapi comments per endpoint
|
||||
│
|
||||
│ serve (swagger-ui-express)
|
||||
▼
|
||||
GET /api/swagger Swagger UI HTML (public, auth banner)
|
||||
GET /api/swagger.json Merged OpenAPI 3.1 spec JSON
|
||||
```
|
||||
|
||||
#### Central OpenAPI Specification (`server/openapi.yaml`)
|
||||
|
||||
The YAML file defines:
|
||||
- **Base metadata** — `openapi: 3.1.0`, info, server URL, contact
|
||||
- **Security schemes** — `CookieAuth` (`emby_user` cookie), `CsrfToken` (`X-CSRF-Token` header)
|
||||
- **Component schemas** — `NormalizedDownload`, `DashboardPayload`, `ErrorResponse`, `BlocklistSearchRequest`, `WebhookPayload`, `HistoryItem`, `StatusResponse`
|
||||
- **Path placeholders** — stub entries for every endpoint so JSDoc comments have a merge target
|
||||
|
||||
#### JSDoc `@openapi` Comments
|
||||
|
||||
Every route handler file contains JSDoc comments above each Express route definition:
|
||||
|
||||
```javascript
|
||||
/**
|
||||
* @openapi
|
||||
* /api/auth/login:
|
||||
* post:
|
||||
* tags: [Authentication]
|
||||
* summary: Authenticate with Emby
|
||||
* ...
|
||||
*/
|
||||
router.post('/login', ...)
|
||||
```
|
||||
|
||||
`swagger-jsdoc` scans `server/routes/**/*.js` and merges the YAML from these comments into the central spec at runtime.
|
||||
|
||||
#### Machine-Usable Extensions
|
||||
|
||||
For AI agents and automated tooling, every endpoint includes:
|
||||
- **`x-code-samples`** — cURL, JavaScript fetch, and TypeScript examples
|
||||
- **`x-integration-notes`** — Human-readable integration guidance embedded in descriptions
|
||||
|
||||
#### Coverage Validation
|
||||
|
||||
`tests/integration/swagger-coverage.test.js` (22 tests) validates:
|
||||
- The YAML spec parses without errors
|
||||
- Every Express route appears in the merged spec
|
||||
- All examples are valid JSON
|
||||
- Security schemes are correctly referenced (`CookieAuth`, `CsrfToken`)
|
||||
- The Swagger UI endpoint returns `200`
|
||||
|
||||
#### CI/CD Integration
|
||||
|
||||
`.gitea/workflows/ci.yml` includes a "Swagger Validation & Coverage" job that:
|
||||
- Lints `server/openapi.yaml` with `@stoplight/spectral-cli`
|
||||
- Runs the coverage test suite on every push
|
||||
|
||||
---
|
||||
|
||||
## 8. Directory Structure
|
||||
@@ -1056,6 +1124,15 @@ Each instance receives an `id` derived from `name` (or index if unnamed), used a
|
||||
| `express-rate-limit` | 7.x | General, login, and webhook rate limiters |
|
||||
| `cookie-parser` | 1.x | Signed cookie support (HMAC via `COOKIE_SECRET`) |
|
||||
|
||||
### API Documentation
|
||||
|
||||
| Package | Version | Purpose |
|
||||
|---------|---------|---------|
|
||||
| `swagger-ui-express` | 5.x | Serve interactive Swagger UI at `/api/swagger` |
|
||||
| `swagger-jsdoc` | 6.x | Merge JSDoc `@openapi` comments with central YAML spec |
|
||||
| `yamljs` | 0.3.x | Parse `server/openapi.yaml` at runtime for swagger-jsdoc |
|
||||
| `@stoplight/spectral-cli` | 6.x (dev) | Lint OpenAPI spec for correctness in CI |
|
||||
|
||||
### Auth and Session
|
||||
|
||||
| Component | Technology | Details |
|
||||
|
||||
Reference in New Issue
Block a user