mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
9ccd309dbc
New leads/v1 sebuf service with two POST RPCs:
- SubmitContact → /api/leads/v1/submit-contact
- RegisterInterest → /api/leads/v1/register-interest
Handler logic ported 1:1 from api/contact.js + api/register-interest.js:
- Turnstile verification (desktop sources bypass, preserved)
- Honeypot (website field) silently accepts without upstream calls
- Free-email-domain gate on SubmitContact (422 ApiError)
- validateEmail (disposable/offensive/typo-TLD/MX) on RegisterInterest
- Convex writes via ConvexHttpClient (contactMessages:submit, registerInterest:register)
- Resend notification + confirmation emails (HTML templates unchanged)
Shared helpers moved to server/_shared/:
- turnstile.ts (getClientIp + verifyTurnstile)
- email-validation.ts (disposable/offensive/MX checks)
Rate limits preserved via ENDPOINT_RATE_POLICIES:
- submit-contact: 3/hour per IP (was in-memory 3/hr)
- register-interest: 5/hour per IP (was in-memory 5/hr; desktop
sources previously capped at 2/hr via shared in-memory map —
now 5/hr like everyone else, accepting the small regression in
exchange for Upstash-backed global limiting)
Callers updated:
- pro-test/src/App.tsx contact form → new submit-contact path
- src-tauri/sidecar/local-api-server.mjs cloud-fallback rewrites
/api/register-interest → /api/leads/v1/register-interest when
proxying; keeps local path for older desktop builds
- src/services/runtime.ts isKeyFreeApiTarget allows both old and
new paths through the WORLDMONITOR_API_KEY-optional gate
Tests:
- tests/contact-handler.test.mjs rewritten to call submitContact
handler directly; asserts on ValidationError / ApiError
- tests/email-validation.test.mjs + tests/turnstile.test.mjs
point at the new server/_shared/ modules
Deleted: api/contact.js, api/register-interest.js, api/_ip-rate-limit.js,
api/_turnstile.js, api/_email-validation.js, api/_turnstile.test.mjs.
Manifest entries removed (58 → 56). Docs updated (api-platform,
api-commerce, usage-rate-limits).
Verified: npm run typecheck + typecheck:api + lint:api-contract
(88 files / 56 entries) + lint:boundaries pass; full test:data
(5852 tests) passes; make generate is zero-diff.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
174 lines
7.2 KiB
YAML
174 lines
7.2 KiB
YAML
openapi: 3.1.0
|
|
info:
|
|
title: LeadsService API
|
|
version: 1.0.0
|
|
paths:
|
|
/api/leads/v1/submit-contact:
|
|
post:
|
|
tags:
|
|
- LeadsService
|
|
summary: SubmitContact
|
|
description: SubmitContact stores an enterprise contact submission in Convex and emails ops.
|
|
operationId: SubmitContact
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/SubmitContactRequest'
|
|
required: true
|
|
responses:
|
|
"200":
|
|
description: Successful response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/SubmitContactResponse'
|
|
"400":
|
|
description: Validation error
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ValidationError'
|
|
default:
|
|
description: Error response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Error'
|
|
/api/leads/v1/register-interest:
|
|
post:
|
|
tags:
|
|
- LeadsService
|
|
summary: RegisterInterest
|
|
description: RegisterInterest adds an email to the Pro waitlist and sends a confirmation email.
|
|
operationId: RegisterInterest
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/RegisterInterestRequest'
|
|
required: true
|
|
responses:
|
|
"200":
|
|
description: Successful response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/RegisterInterestResponse'
|
|
"400":
|
|
description: Validation error
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ValidationError'
|
|
default:
|
|
description: Error response
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Error'
|
|
components:
|
|
schemas:
|
|
Error:
|
|
type: object
|
|
properties:
|
|
message:
|
|
type: string
|
|
description: Error message (e.g., 'user not found', 'database connection failed')
|
|
description: Error is returned when a handler encounters an error. It contains a simple error message that the developer can customize.
|
|
FieldViolation:
|
|
type: object
|
|
properties:
|
|
field:
|
|
type: string
|
|
description: The field path that failed validation (e.g., 'user.email' for nested fields). For header validation, this will be the header name (e.g., 'X-API-Key')
|
|
description:
|
|
type: string
|
|
description: Human-readable description of the validation violation (e.g., 'must be a valid email address', 'required field missing')
|
|
required:
|
|
- field
|
|
- description
|
|
description: FieldViolation describes a single validation error for a specific field.
|
|
ValidationError:
|
|
type: object
|
|
properties:
|
|
violations:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/FieldViolation'
|
|
description: List of validation violations
|
|
required:
|
|
- violations
|
|
description: ValidationError is returned when request validation fails. It contains a list of field violations describing what went wrong.
|
|
SubmitContactRequest:
|
|
type: object
|
|
properties:
|
|
email:
|
|
type: string
|
|
name:
|
|
type: string
|
|
organization:
|
|
type: string
|
|
phone:
|
|
type: string
|
|
message:
|
|
type: string
|
|
source:
|
|
type: string
|
|
website:
|
|
type: string
|
|
description: Honeypot — bots auto-fill this hidden field; real submissions leave it empty.
|
|
turnstileToken:
|
|
type: string
|
|
description: Cloudflare Turnstile token proving the submitter is human.
|
|
description: SubmitContactRequest carries an enterprise contact form submission.
|
|
SubmitContactResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
description: Always "sent" on success.
|
|
emailSent:
|
|
type: boolean
|
|
description: True when the Resend notification to ops was delivered.
|
|
description: SubmitContactResponse reports the outcome of storing the lead and notifying ops.
|
|
RegisterInterestRequest:
|
|
type: object
|
|
properties:
|
|
email:
|
|
type: string
|
|
source:
|
|
type: string
|
|
appVersion:
|
|
type: string
|
|
referredBy:
|
|
type: string
|
|
website:
|
|
type: string
|
|
description: Honeypot — bots auto-fill this hidden field; real submissions leave it empty.
|
|
turnstileToken:
|
|
type: string
|
|
description: Cloudflare Turnstile token. Desktop sources bypass Turnstile; see handler.
|
|
description: RegisterInterestRequest carries a Pro-waitlist signup.
|
|
RegisterInterestResponse:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
description: '"registered" for a new signup; "already_registered" for a returning email.'
|
|
referralCode:
|
|
type: string
|
|
description: Stable referral code for this email.
|
|
referralCount:
|
|
type: integer
|
|
format: int32
|
|
description: Number of signups credited to this email.
|
|
position:
|
|
type: integer
|
|
format: int32
|
|
description: Waitlist position at registration time. Present only when status == "registered".
|
|
emailSuppressed:
|
|
type: boolean
|
|
description: True when the email is on the suppression list (prior bounce) and no confirmation was sent.
|
|
description: RegisterInterestResponse mirrors the Convex registerInterest:register return shape.
|