Skip to content

docs(openapi): refresh the info block (description, contact) (#362) #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CryptoJones merged 1 commit into from
May 19, 2026
+27 −2
Merged

docs(openapi): refresh the info block (description, contact) (#362) #363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions app/config/openapi.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -428,10 +428,25 @@ const spec = {
title: 'TimeTrackerAPI',
version: pkg.version || '1.0.0',
description:
'Open-source Node.js + PostgreSQL TimeTrackerAPI. Customer and ' +
'time-entry records, scoped by company via an `authKey` header. ' +
'Open-source Node.js + PostgreSQL TimeTrackerAPI. 16 ' +
'company-scoped entities (Customer, TimeEntry, Worker, ' +
'BillingType, InventoryItem, Company, Job, Invoice, ' +
'CustomerPayment, InvoiceJob, ProductEntry, VersionInfo, ' +
'PurchaseOrderVendor, PurchaseOrderHeader, ' +
'PurchaseOrderLine, InventoryTransaction), Stripe-style ' +
'idempotency on every POST, RFC 5988 Link-header ' +
'pagination, Prometheus `/metrics`, CSV export with OWASP ' +
'formula-injection mitigation. Auth via `authKey` header. ' +
'Source: https://github.com/CryptoJones/TimeTrackerAPI / ' +
'https://codeberg.org/CryptoJones/TimeTrackerAPI.',
// Security-vulnerability reports route through the
// private channels in SECURITY.md — link surfaces in
// Swagger UI's info panel so docs consumers can find the
// policy without leaving the spec.
contact: {
name: 'Security policy (private vuln reports)',
url: 'https://github.com/CryptoJones/TimeTrackerAPI/security/policy',
},
license: {
name: 'Apache 2.0',
url: 'https://www.apache.org/licenses/LICENSE-2.0',
Expand Down
10 changes: 10 additions & 0 deletions tests/api/openapi.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,16 @@ describe('OpenAPI spec', () => {
expect(res.body.openapi).toMatch(/^3\./);
expect(res.body.info.title).toBe('TimeTrackerAPI');
expect(res.body.info.version).toBeDefined();
// license is required for downstream Apache-2.0 compliance
// tooling (e.g. SBOM scanners). Pin its presence and SPDX
// identifier so a future re-write can't silently drop it.
expect(res.body.info.license).toBeDefined();
expect(res.body.info.license.name).toBe('Apache 2.0');
// contact.url surfaces the security policy in Swagger UI's
// info panel — operators reading the docs find the
// vuln-report channel without leaving the spec page.
expect(res.body.info.contact).toBeDefined();
expect(res.body.info.contact.url).toMatch(/security/i);
});

test('spec includes all v1 paths', async () => {
Expand Down