groombook/api

Fork 0

T

Flea Flicker c7007051d7

CI / Test (pull_request) Successful in 28s

Details

CI / Lint & Typecheck (pull_request) Successful in 34s

Details

CI / Build & Push Docker Images (pull_request) Successful in 1m28s

Details

GRO-2294: Route Optimization security hardening (LOW)

Two defense-in-depth fixes from the GRO-2162 feature-level security review:

1. Enforce the documented ?limit cap on POST /api/clients/geocode-batch.
   The handler now clamps limit to GEOCODE_BATCH_MAX_LIMIT (500) after the
   positive-integer check, bounding synchronous request duration and per-request
   external API cost when routeOptimizationProvider = "google".

2. Redact the encrypted googleMapsApiKey from GET /api/admin/settings on both
   the existing-row and auto-create branches. The ciphertext is never needed
   client-side and is now stripped via redactSettings().

Adds route-level tests for the limit clamp (default/passthrough/clamp/floor/
reject) and the settings redaction (both branches). Updates UAT_PLAYBOOK.md
TC-API-2.13a and TC-API-13.1.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-09 06:12:42 +00:00

.gitea/workflows

dev → uat: GRO-2154 geocoding endpoints (Phase 1.3) (#171 )

2026-06-08 12:06:43 +00:00

.github/workflows

fix(ci): build all service images + upgrade Node 22 + pin packageManager (GRO-1522)

2026-05-22 02:16:49 +00:00

apps/api

chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129) (#158 )

2026-06-04 12:44:46 +00:00

packages

uat→main (PROD): GRO-2157 nav export + GRO-2225/2235 (frozen @4868f18) (#192 )

2026-06-09 01:23:06 +00:00

src

GRO-2294: Route Optimization security hardening (LOW)

2026-06-09 06:12:42 +00:00

.ci-trigger

chore: direct push CI trigger for GRO-1757 (b61d899f) to include in dev image

2026-05-26 00:45:05 +00:00

.dockerignore

Initial extraction: groombook/api from groombook/app monorepo

2026-05-02 21:10:21 +00:00

.editorconfig

Initial extraction: groombook/api from groombook/app monorepo

2026-05-02 21:10:21 +00:00

.env.example

Initial extraction: groombook/api from groombook/app monorepo

2026-05-02 21:10:21 +00:00

.gitignore

Merge dev into gitea/migrate-workflows (allow-unrelated-histories)

2026-05-21 01:24:41 +00:00

.mcp.json

Add .mcp.json

2026-05-24 18:14:57 +00:00

Dockerfile

fix(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)

2026-06-01 14:02:38 +00:00

eslint.config.js

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

package.json

merge: resolve conflicts with dev (keep Node 22 + add Gitea CI images)

2026-05-22 02:58:11 +00:00

pnpm-lock.yaml

fix: add better-auth to pnpm-lock.yaml packages/db specifiers

2026-05-22 13:11:39 +00:00

pnpm-workspace.yaml

fix(docker): add missing pnpm-workspace.yaml COPY in deps and runner stages

2026-05-14 16:50:52 +00:00

README.md

Merge dev into gitea/migrate-workflows (allow-unrelated-histories)

2026-05-21 01:24:41 +00:00

renovate.json

chore: add Renovate config

2026-05-14 17:42:22 +00:00

trigger-uat-1779751324.txt

chore: trigger CI from uat for GRO-1754

2026-05-25 23:22:04 +00:00

tsconfig.json

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

UAT_PLAYBOOK.md

GRO-2294: Route Optimization security hardening (LOW)

2026-06-09 06:12:42 +00:00

vitest.config.ts

fix: correct vitest alias paths for workspace packages

2026-05-11 01:34:12 +00:00

README.md

GroomBook API

GroomBook API service — extracted from the groombook/app monorepo.

Overview

This repository contains the GroomBook API service, including:

REST API endpoints
Database schema and migrations (via Drizzle ORM)
Authentication (via Better Auth)
Background job handlers

Structure

src/             # API service source
packages/db/     # Database schema, migrations, and utilities
packages/types/  # Shared TypeScript types

Setup

pnpm install
cp .env.example .env  # Fill in required environment variables
pnpm --filter @groombook/api dev

Docker

docker build -t ghcr.io/groombook/api:latest .
docker run -p 3000:3000 ghcr.io/groombook/api:latest

License

AGPL-3.0-only