rezidir/GeoShare
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Swagger UI docs, custom CORS middleware, and request logging

Browse Source 
- Add Swagger UI files and updated API spec for Family Safety Tracker
- Replace shelf_cors_headers with custom CORS middleware in server.dart
- Add request_logger middleware with timing for auth and geo routes
- Add REGISTRATION_SECRET_KEY to .env for registration validation
- Remove postgres port exposure from docker-compose.yml
- Update opencode.json model configuration
- Add crypto dependency and update Flutter web assets
This commit is contained in:
dmit.b
2026-05-15 17:43:53 +03:00
parent 6b4c599981
commit fde96c0197
25 changed files with 53278 additions and 49937 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/.env
+4 -2
View File
@@ -4,10 +4,12 @@ JWT_SECRET=your-super-secret-key-change-me
# Secret pepper added to passwords before hashing (should be random and kept secret)
PASSWORD_PEPPER=your-random-pepper-string-change-me
# Database connection settings
POSTGRES_HOST="db"
POSTGRES_HOST="localhost"
POSTGRES_PORT="5432"
POSTGRES_DB="family_safety"
POSTGRES_USER="postgres"
POSTGRES_PASSWORD="postgres"
# TOKEN_LIFETIME in minutes
TOKEN_LIFETIME=600
TOKEN_LIFETIME=600
# Secret key for registration (MD5 hash of this key must be sent by the user)
REGISTRATION_SECRET_KEY=FtracKer*1405.
bin/middleware/request_logger.dart
+26
View File
@@ -0,0 +1,26 @@
void logRequest({
required String method,
required String url,
required int status,
required Duration duration,
DateTime? startTime,
String? body,
Map<String, String>? responseHeaders,
}) {
final start = startTime ?? DateTime.now();
final timestamp = start.toIso8601String();
final durationMs = duration.inMilliseconds;
final bodyPreview = body != null && body.length > 500 ? '${body.substring(0, 500)}...' : body;
print('[$timestamp] $method $url -> $status (${durationMs}ms)');
if (bodyPreview != null && bodyPreview.isNotEmpty) {
print(' Body: $bodyPreview');
}
if (responseHeaders != null) {
final contentType = responseHeaders['content-type'];
if (contentType != null) {
print(' Content-Type: $contentType');
}
}
print('');
}
bin/routes/auth_routes.dart
+32 -7
View File
@@ -5,6 +5,7 @@ import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
import 'package:dotenv/dotenv.dart';
import '../database/database_provider.dart';
import '../middleware/auth_middleware.dart';
import '../middleware/request_logger.dart';
import 'dart:convert';
class AuthRoutes {
@@ -29,9 +30,13 @@ class AuthRoutes {
final user = await database.findUserByLogin(login);
final stopwatch = Stopwatch()..start();
if (user == null || !BCrypt.checkpw(password, user.pwdHash)) {
await database.createLog(login, 'Failed login attempt');
return Response(401, body: jsonEncode({'error': 'Invalid credentials'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(401, body: jsonEncode({'error': 'Invalid credentials'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'POST', url: '/login', status: 401, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);
return response;
}
// Генерация JWT токена
@@ -44,10 +49,14 @@ class AuthRoutes {
final token = jwt.sign(SecretKey(secret));
await database.createLog(login, 'Successful login');
return Response(200, body: jsonEncode({'token': token}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(200, body: jsonEncode({'token': token}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'POST', url: '/login', status: 200, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);
return response;
}
Future<Response> _register(Request request) async {
final stopwatch = Stopwatch()..start();
final body = await request.readAsString();
final data = jsonDecode(body);
@@ -56,35 +65,51 @@ class AuthRoutes {
await database.createUser(login, password);
await database.createLog(login, 'User registration');
return Response(201, body: jsonEncode({'message': 'User registered'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(201, body: jsonEncode({'message': 'User registered'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'POST', url: '/reg', status: 201, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);
return response;
}
Future<Response> _watch(Request request, String login) async {
final stopwatch = Stopwatch()..start();
final uniqueId = request.url.queryParameters['share_id'];
if (uniqueId == null) {
return Response(404, body: jsonEncode({'error': 'Share link not found'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(404, body: jsonEncode({'error': 'Share link not found'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'GET', url: '/watch', status: 404, duration: stopwatch.elapsed, responseHeaders: response.headers);
return response;
}
final geoId = database.getGeoIdByShareId(uniqueId);
if (geoId == null) {
await database.createLog(login, 'Accessed invalid share link');
return Response(404, body: jsonEncode({'error': 'Share link not found'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(404, body: jsonEncode({'error': 'Share link not found'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'GET', url: '/watch', status: 404, duration: stopwatch.elapsed, responseHeaders: response.headers);
return response;
}
final position = await database.getPositionById(geoId);
if (position == null) {
await database.createLog(login, 'Accessed share link - no position');
return Response(404, body: jsonEncode({'error': 'No position available'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(404, body: jsonEncode({'error': 'No position available'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'GET', url: '/watch', status: 404, duration: stopwatch.elapsed, responseHeaders: response.headers);
return response;
}
await database.createLog(login, 'Accessed share link');
return Response(200, body: jsonEncode({
stopwatch.stop();
final response = Response(200, body: jsonEncode({
'x': position.xValue,
'y': position.yValue,
'last_update': position.lastUpdate.toIso8601String(),
'expires_at': position.expiresAt.toIso8601String(),
}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'GET', url: '/watch', status: 200, duration: stopwatch.elapsed, responseHeaders: response.headers);
return response;
}
}
bin/routes/geo_routes.dart
+11 -2
View File
@@ -2,6 +2,7 @@ import 'package:shelf/shelf.dart';
import 'package:shelf_router/shelf_router.dart';
import '../database/database_provider.dart';
import '../middleware/auth_middleware.dart';
import '../middleware/request_logger.dart';
import 'dart:convert';
class GeoRoutes {
@@ -17,6 +18,7 @@ class GeoRoutes {
}
Future<Response> _updatePosition(Request request, String login) async {
final stopwatch = Stopwatch()..start();
final id = request.url.queryParameters['id']!;
final body = await request.readAsString();
final data = jsonDecode(body);
@@ -26,10 +28,14 @@ class GeoRoutes {
await database.updatePosition(id, x, y);
await database.createLog(login, 'Updated position id=$id');
return Response(200, body: jsonEncode({'message': 'Position updated'}), headers: {'Content-Type': 'application/json'});
stopwatch.stop();
final response = Response(200, body: jsonEncode({'message': 'Position updated'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'PUT', url: '/geo', status: 200, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);
return response;
}
Future<Response> _createShare(Request request, String login) async {
final stopwatch = Stopwatch()..start();
final body = await request.readAsString();
final data = jsonDecode(body);
@@ -40,9 +46,12 @@ class GeoRoutes {
final shareId = database.createShareId(position.id);
await database.createLog(login, 'Created share link geo_id=${position.id}');
return Response(201, body: jsonEncode({
stopwatch.stop();
final response = Response(201, body: jsonEncode({
'geo_id': position.id,
'share_id': shareId
}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'POST', url: '/share', status: 201, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);
return response;
}
}
bin/server.dart
+21 -3
View File
@@ -4,13 +4,29 @@ import 'dart:async';
import 'package:shelf/shelf.dart';
import 'package:shelf/shelf_io.dart';
import 'package:shelf_router/shelf_router.dart';
import 'package:shelf_cors_headers/shelf_cors_headers.dart';
import 'package:shelf_static/shelf_static.dart';
import 'database/database_provider.dart';
import 'routes/auth_routes.dart';
import 'routes/geo_routes.dart';
Middleware _corsMiddleware = (Handler innerHandler) {
return (Request request) {
final headers = <String, String>{
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, Authorization',
'Access-Control-Max-Age': '86400',
};
if (request.method == 'OPTIONS') {
return Response.ok(null, headers: headers);
}
return Future.value(innerHandler(request)).then((response) => response.change(headers: headers));
};
};
void main(List<String> args) async {
final database = DatabaseProvider();
await database.initialize();
@@ -22,16 +38,18 @@ void main(List<String> args) async {
final authRoutes = AuthRoutes(database);
final geoRoutes = GeoRoutes(database);
final router = Router()
final router = Router()
..mount('/', authRoutes.routes.call)
..mount('/', geoRoutes.routes.call);
final staticHandler = createStaticHandler('web', defaultDocument: 'index.html');
final apiHandler = createStaticHandler('web/swagger', defaultDocument: 'index.html');
final handler = Pipeline()
.addMiddleware(corsHeaders())
.addMiddleware(_corsMiddleware)
.addMiddleware(logRequests())
.addHandler(Cascade()
.add(apiHandler)
.add(staticHandler)
.add(router.call)
.handler);