mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
6669d373cf
* feat: convert 52 API endpoints from POST to GET for edge caching Convert all cacheable sebuf RPC endpoints to HTTP GET with query/path parameters, enabling CDN edge caching to reduce costs. Flatten nested request types (TimeRange, PaginationRequest, BoundingBox) into scalar query params. Add path params for resource lookups (GetFredSeries, GetHumanitarianSummary, GetCountryStockIndex, GetCountryIntelBrief, GetAircraftDetails). Rewrite router with hybrid static/dynamic matching for path param support. Kept as POST: SummarizeArticle, ClassifyEvent, RecordBaselineSnapshot, GetAircraftDetailsBatch, RegisterInterest. Generated with sebuf v0.9.0 (protoc-gen-ts-client, protoc-gen-ts-server). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add rate_limited field to market response protos The rateLimited field was hand-patched into generated files on main but never declared in the proto definitions. Regenerating wiped it out, breaking the build. Now properly defined in both ListEtfFlowsResponse and ListMarketQuotesResponse protos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: remove accidentally committed .planning files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
281 lines
12 KiB
YAML
281 lines
12 KiB
YAML
openapi: 3.1.0
|
|
info:
|
|
title: CyberService API
|
|
version: 1.0.0
|
|
paths:
|
|
/api/cyber/v1/list-cyber-threats:
|
|
get:
|
|
tags:
|
|
- CyberService
|
|
summary: ListCyberThreats
|
|
description: ListCyberThreats retrieves threat indicators from multiple intelligence sources.
|
|
operationId: ListCyberThreats
|
|
parameters:
|
|
- name: start
|
|
in: query
|
|
description: Start of time range (inclusive), Unix epoch milliseconds.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
format: int64
|
|
- name: end
|
|
in: query
|
|
description: End of time range (inclusive), Unix epoch milliseconds.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
format: int64
|
|
- name: page_size
|
|
in: query
|
|
description: Maximum items per page (1-100).
|
|
required: false
|
|
schema:
|
|
type: integer
|
|
format: int32
|
|
- name: cursor
|
|
in: query
|
|
description: Cursor for next page.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
- name: type
|
|
in: query
|
|
description: Optional threat type filter.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
- name: source
|
|
in: query
|
|
description: Optional source filter.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
- name: min_severity
|
|
in: query
|
|
description: Optional minimum criticality filter.
|
|
required: false
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Successful response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ListCyberThreatsResponse'
|
|
"400":
|
|
description: Validation error
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ValidationError'
|
|
default:
|
|
description: Error response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Error'
|
|
components:
|
|
schemas:
|
|
Error:
|
|
type: object
|
|
properties:
|
|
message:
|
|
type: string
|
|
description: Error message (e.g., 'user not found', 'database connection failed')
|
|
description: Error is returned when a handler encounters an error. It contains a simple error message that the developer can customize.
|
|
FieldViolation:
|
|
type: object
|
|
properties:
|
|
field:
|
|
type: string
|
|
description: The field path that failed validation (e.g., 'user.email' for nested fields). For header validation, this will be the header name (e.g., 'X-API-Key')
|
|
description:
|
|
type: string
|
|
description: Human-readable description of the validation violation (e.g., 'must be a valid email address', 'required field missing')
|
|
required:
|
|
- field
|
|
- description
|
|
description: FieldViolation describes a single validation error for a specific field.
|
|
ValidationError:
|
|
type: object
|
|
properties:
|
|
violations:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/FieldViolation'
|
|
description: List of validation violations
|
|
required:
|
|
- violations
|
|
description: ValidationError is returned when request validation fails. It contains a list of field violations describing what went wrong.
|
|
ListCyberThreatsRequest:
|
|
type: object
|
|
properties:
|
|
start:
|
|
type: integer
|
|
format: int64
|
|
description: 'Start of time range (inclusive), Unix epoch milliseconds.. Warning: Values > 2^53 may lose precision in JavaScript'
|
|
end:
|
|
type: integer
|
|
format: int64
|
|
description: 'End of time range (inclusive), Unix epoch milliseconds.. Warning: Values > 2^53 may lose precision in JavaScript'
|
|
pageSize:
|
|
type: integer
|
|
format: int32
|
|
description: Maximum items per page (1-100).
|
|
cursor:
|
|
type: string
|
|
description: Cursor for next page.
|
|
type:
|
|
type: string
|
|
enum:
|
|
- CYBER_THREAT_TYPE_UNSPECIFIED
|
|
- CYBER_THREAT_TYPE_C2_SERVER
|
|
- CYBER_THREAT_TYPE_MALWARE_HOST
|
|
- CYBER_THREAT_TYPE_PHISHING
|
|
- CYBER_THREAT_TYPE_MALICIOUS_URL
|
|
description: |-
|
|
CyberThreatType represents the classification of a cyber threat.
|
|
Maps to TS union: 'c2_server' | 'malware_host' | 'phishing' | 'malicious_url'.
|
|
source:
|
|
type: string
|
|
enum:
|
|
- CYBER_THREAT_SOURCE_UNSPECIFIED
|
|
- CYBER_THREAT_SOURCE_FEODO
|
|
- CYBER_THREAT_SOURCE_URLHAUS
|
|
- CYBER_THREAT_SOURCE_C2INTEL
|
|
- CYBER_THREAT_SOURCE_OTX
|
|
- CYBER_THREAT_SOURCE_ABUSEIPDB
|
|
description: |-
|
|
CyberThreatSource represents the intelligence source of a cyber threat.
|
|
Maps to TS union: 'feodo' | 'urlhaus' | 'c2intel' | 'otx' | 'abuseipdb'.
|
|
minSeverity:
|
|
type: string
|
|
enum:
|
|
- CRITICALITY_LEVEL_UNSPECIFIED
|
|
- CRITICALITY_LEVEL_LOW
|
|
- CRITICALITY_LEVEL_MEDIUM
|
|
- CRITICALITY_LEVEL_HIGH
|
|
- CRITICALITY_LEVEL_CRITICAL
|
|
description: |-
|
|
CriticalityLevel represents a four-tier criticality classification for cyber and risk domains.
|
|
Maps to existing TS union: 'low' | 'medium' | 'high' | 'critical'.
|
|
description: ListCyberThreatsRequest specifies filters for retrieving cyber threat indicators.
|
|
ListCyberThreatsResponse:
|
|
type: object
|
|
properties:
|
|
threats:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/CyberThreat'
|
|
pagination:
|
|
$ref: '#/components/schemas/PaginationResponse'
|
|
description: ListCyberThreatsResponse contains cyber threats matching the request.
|
|
CyberThreat:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: string
|
|
minLength: 1
|
|
description: Unique threat identifier.
|
|
type:
|
|
type: string
|
|
enum:
|
|
- CYBER_THREAT_TYPE_UNSPECIFIED
|
|
- CYBER_THREAT_TYPE_C2_SERVER
|
|
- CYBER_THREAT_TYPE_MALWARE_HOST
|
|
- CYBER_THREAT_TYPE_PHISHING
|
|
- CYBER_THREAT_TYPE_MALICIOUS_URL
|
|
description: |-
|
|
CyberThreatType represents the classification of a cyber threat.
|
|
Maps to TS union: 'c2_server' | 'malware_host' | 'phishing' | 'malicious_url'.
|
|
source:
|
|
type: string
|
|
enum:
|
|
- CYBER_THREAT_SOURCE_UNSPECIFIED
|
|
- CYBER_THREAT_SOURCE_FEODO
|
|
- CYBER_THREAT_SOURCE_URLHAUS
|
|
- CYBER_THREAT_SOURCE_C2INTEL
|
|
- CYBER_THREAT_SOURCE_OTX
|
|
- CYBER_THREAT_SOURCE_ABUSEIPDB
|
|
description: |-
|
|
CyberThreatSource represents the intelligence source of a cyber threat.
|
|
Maps to TS union: 'feodo' | 'urlhaus' | 'c2intel' | 'otx' | 'abuseipdb'.
|
|
indicator:
|
|
type: string
|
|
description: Threat indicator value (IP, domain, or URL).
|
|
indicatorType:
|
|
type: string
|
|
enum:
|
|
- CYBER_THREAT_INDICATOR_TYPE_UNSPECIFIED
|
|
- CYBER_THREAT_INDICATOR_TYPE_IP
|
|
- CYBER_THREAT_INDICATOR_TYPE_DOMAIN
|
|
- CYBER_THREAT_INDICATOR_TYPE_URL
|
|
description: |-
|
|
CyberThreatIndicatorType represents the type of threat indicator.
|
|
Maps to TS union: 'ip' | 'domain' | 'url'.
|
|
location:
|
|
$ref: '#/components/schemas/GeoCoordinates'
|
|
country:
|
|
type: string
|
|
description: Country of origin (ISO 3166-1 alpha-2).
|
|
severity:
|
|
type: string
|
|
enum:
|
|
- CRITICALITY_LEVEL_UNSPECIFIED
|
|
- CRITICALITY_LEVEL_LOW
|
|
- CRITICALITY_LEVEL_MEDIUM
|
|
- CRITICALITY_LEVEL_HIGH
|
|
- CRITICALITY_LEVEL_CRITICAL
|
|
description: |-
|
|
CriticalityLevel represents a four-tier criticality classification for cyber and risk domains.
|
|
Maps to existing TS union: 'low' | 'medium' | 'high' | 'critical'.
|
|
malwareFamily:
|
|
type: string
|
|
description: Associated malware family, if known.
|
|
tags:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: Descriptive tags.
|
|
firstSeenAt:
|
|
type: integer
|
|
format: int64
|
|
description: 'First seen time, as Unix epoch milliseconds.. Warning: Values > 2^53 may lose precision in JavaScript'
|
|
lastSeenAt:
|
|
type: integer
|
|
format: int64
|
|
description: 'Last seen time, as Unix epoch milliseconds.. Warning: Values > 2^53 may lose precision in JavaScript'
|
|
required:
|
|
- id
|
|
description: |-
|
|
CyberThreat represents a cyber threat indicator aggregated from multiple sources.
|
|
Sources include Feodo Tracker, URLhaus, OTX, AbuseIPDB, and C2Intel.
|
|
GeoCoordinates:
|
|
type: object
|
|
properties:
|
|
latitude:
|
|
type: number
|
|
maximum: 90
|
|
minimum: -90
|
|
format: double
|
|
description: Latitude in decimal degrees (-90 to 90).
|
|
longitude:
|
|
type: number
|
|
maximum: 180
|
|
minimum: -180
|
|
format: double
|
|
description: Longitude in decimal degrees (-180 to 180).
|
|
description: GeoCoordinates represents a geographic location using WGS84 coordinates.
|
|
PaginationResponse:
|
|
type: object
|
|
properties:
|
|
nextCursor:
|
|
type: string
|
|
description: Cursor for fetching the next page. Empty string indicates no more pages.
|
|
totalCount:
|
|
type: integer
|
|
format: int32
|
|
description: Total count of items matching the query, if known. Zero if the total is unknown.
|
|
description: PaginationResponse contains pagination metadata returned alongside list results.
|