Feature/Implement Companion Edition API and OpenCRE Endpoints

cornucopia.owasp.org/script/headers-stage.js

@@ -122,6 +122,16 @@ function main() {
   Access-Control-Allow-Origin: *
   ! Content-Type
   Content-Type: application/json
+/api/cre/companion/en
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
+/api/lang/companion/1.0
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
 `;
 
   const headersFile = path.join(buildDir, '_headers');

cornucopia.owasp.org/script/headers.js

@@ -93,7 +93,7 @@ function main() {
   Access-Control-Allow-Origin: *
   ! Content-Type
   Content-Type: application/json
-/api/lang/dbd/1.0
+/api/cre/companion/en
   ! Access-Control-Allow-Origin
   Access-Control-Allow-Origin: *
   ! Content-Type
@@ -103,6 +103,16 @@ function main() {
   Access-Control-Allow-Origin: *
   ! Content-Type
   Content-Type: application/json
+/api/lang/dbd/1.0
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
+/api/lang/companion/1.0
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
 /api/asvs/webapp/3.0
   ! Access-Control-Allow-Origin
   Access-Control-Allow-Origin: *

cornucopia.owasp.org/src/domain/cre/creController.ts

@@ -2,45 +2,47 @@
 import type { Card } from "../card/card";
 import type { MappingController } from "../mapping/mappingController";
 
-export type Cre  = 
-{
-    doctype: string; 
-    name: any; 
-    section: string; 
-    description: string; 
-    sectionID: string; 
-    hyperlink: string; 
-    links: CreLink[];
-    tags: never[];
-    tooltype: string;
-}
+export type Cre =
+    {
+        doctype: string;
+        name: any;
+        section: string;
+        description: string;
+        sectionID: string;
+        hyperlink: string;
+        links: CreLink[];
+        tags: never[];
+        tooltype: string;
+    }
 
-export type CreLink = 
-{
-    document: CreDocument;
-    ltype: string;
-}
+export type CreLink =
+    {
+        document: CreDocument;
+        ltype: string;
+    }
 
-export type CreDocument = 
-{
-    doctype: string;
-    id: string;
-}
+export type CreDocument =
+    {
+        doctype: string;
+        id: string;
+    }
 
 
 export class CreController {
     private deck: Map<string, Card>;
     private controller: MappingController;
 
-    private static editions: Map<string, string>  = new Map<string, string>( [
+    private static editions: Map<string, string> = new Map<string, string>([
         ['webapp', "OWASP Cornucopia Website App Edition"],
         ['mobileapp', "OWASP Cornucopia Mobile App Edition"],
+        ['companion', "OWASP Cornucopia Companion Edition"],
         ['dbd', "Cornucopia Digital Benefits and Disbenefits Edition"]
     ]);
 
-    private static category: Map<string, string>  = new Map<string, string>( [
+    private static category: Map<string, string> = new Map<string, string>([
         ['webapp', "Website Application"],
         ['mobileapp', "Mobile Application"],
+        ['companion', "Companion suits"],
         ['dbd', "Digital Benefits and Disbenefits"]
     ]);
 
@@ -57,8 +59,8 @@ export class CreController {
         if (!CreController.editions.has(edition)) return {"meta": {}, "standards": []};
         const standards: Cre[] = [];
         (this.deck || []).forEach(
-                (card: Card) => (card.edition == edition) && standards.push(this.generateDoc(card))
-            );
+            (card: Card) => (card.edition == edition) && standards.push(this.generateDoc(card))
+        );
         return {
             "meta": {
                 "edition": CreController.editions.get(edition),

cornucopia.owasp.org/src/lib/services/deckService.ts

@@ -124,20 +124,18 @@ export class DeckService {
                 let file: string;
                 try {
                     file = fs.readFileSync(path, 'utf8');
+                    const parsed = fm(file);
+                    cardObject.concept = parsed.body;
                 } catch (e) {
-                    console.error(
-                    `Error reading markdown file for card ${cardObject?.id || "unknown"} at ${path}`,e
-                    );
+                    console.error(`Error: Missing technical-note for ${cardObject.id || 'unknown'} at ${path}`, e);
                     continue;
                 }
-                const parsed = fm(file);
-                cardObject.concept = parsed.body;
+
                 const explanationPath = `./${base}${cardFolderPath}/explanation.md`;
                 try {
                     cardObject.summary = fm(fs.readFileSync(explanationPath, 'utf8')).body;
                 } catch (e) {
-                     console.error(
-                        `Missing explanation.md for card ${cardObject?.id || "unknown"} at ${explanationPath}`,e);
+                    console.error(`Error: Missing explanation for ${cardObject.id || 'unknown'} at ${explanationPath}`, e);
                     continue;
                 }
 

cornucopia.owasp.org/src/routes/api/cre/[edition]/[lang]/+server.ts

@@ -11,21 +11,21 @@ const _responseInit: ResponseInit = {
   },
 };
 
-const editions = ["webapp", "mobileapp", "dbd"]
+const editions = ["webapp", "mobileapp", "companion", "dbd"]
 
 export const GET: RequestHandler = ({ url }) => {
-    const params = url.pathname.split('/');
-    const edition =  params[params.length - 2] || 'webapp';
-    const lang =  params[params.length - 1] || 'en';
-    if (!(DeckService.getLanguages(edition)).includes(lang)) 
-  error(404, 'Language not found. Only: ' + DeckService.getLanguages(edition).join(', ') + ' are supported.');
-    if (!editions.includes(edition)) error(404, 'Edition not found. Only: ' + editions.join(', ') + ' are supported.');
-    const deckService = new DeckService();
-    const version = DeckService.getLatestVersion(edition);
-    const cards = deckService.getCardDataForEditionVersionLang(edition, version, lang);
-    
-    if (!cards) error(500, "No cards retrieved.")
-    const mappings = new MappingService().getCardMappingForLatestEdtions();
-    if (!mappings) error(500, "No mappings retrieved.")
-    return json((new CreController(cards, new MappingController(mappings.get(edition)))).getCreMapping(edition, lang));
+  const params = url.pathname.split('/');
+  const edition = params[params.length - 2] || 'webapp';
+  const lang = params[params.length - 1] || 'en';
+  if (!(DeckService.getLanguages(edition)).includes(lang))
+    error(404, 'Language not found. Only: ' + DeckService.getLanguages(edition).join(', ') + ' are supported.');
+  if (!editions.includes(edition)) error(404, 'Edition not found. Only: ' + editions.join(', ') + ' are supported.');
+  const deckService = new DeckService();
+  const version = DeckService.getLatestVersion(edition);
+  const cards = deckService.getCardDataForEditionVersionLang(edition, version, lang);
+
+  if (!cards) error(500, "No cards retrieved.")
+  const mappings = new MappingService().getCardMappingForLatestEdtions();
+  if (!mappings) error(500, "No mappings retrieved.")
+  return json((new CreController(cards, new MappingController(mappings.get(edition)))).getCreMapping(edition, lang));
 };

cornucopia.owasp.org/src/routes/api/cre/companion/+server.js

@@ -0,0 +1,13 @@
+import { json } from '@sveltejs/kit';
+
+export function GET() {
+    return json({
+        meta: {
+            edition: "OWASP Cornucopia Companion Edition",
+            component: "cards",
+            language: "en",
+            languages: ["en"],
+            version: "1.0"
+        }
+    });
+}

cornucopia.owasp.org/src/routes/api/lang/[edition]/[version]/+server.ts

@@ -30,4 +30,4 @@ export const GET: RequestHandler = ({ params }) => {
       }
     }
   );
-};
+};

cornucopia.owasp.org/static/api/openapi.yaml

@@ -404,6 +404,118 @@ paths:
                         cre:
                           - CRE-5
 
+  /cre/companion:
+    get:
+      summary: Get supported languages for Companion edition
+      description: |
+        Returns metadata about supported languages for the
+        OWASP Cornucopia Companion Edition (Companion suits).
+      responses:
+        '200':
+          description: Language metadata for Companion edition
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LanguageMetaCompanion'
+              examples:
+                example:
+                  summary: Example language metadata response
+                  value:
+                    meta:
+                      edition: OWASP Cornucopia Companion Edition
+                      component: cards
+                      language: all
+                      languages: [en]
+                      version: "1.0"
+
+  /cre/companion/{lang}:
+    get:
+      summary: Get Companion cards by language
+      description: |
+        Get the OWASP Cornucopia Companion Edition cards and
+        their corresponding Open CRE codes by language.
+        See Open CRE: https://www.opencre.org/
+      parameters:
+        - name: lang
+          in: path
+          required: true
+          schema:
+            type: string
+            enum: [en]
+      responses:
+        '200':
+          description: Companion edition cards and Open CRE mappings
+          content:
+            application/json:
+              schema:
+                type: object
+              examples:
+                example:
+                  summary: Example Companion response
+                  value:
+                    meta:
+                      edition: OWASP Cornucopia Companion Edition
+                      component: cards
+                      language: en
+                      version: "1.0"
+                    standards: []
+
+  /lang/{edition}/{version}:
+    get:
+      summary: Get language metadata for an edition version
+      description: |
+        Returns the list of supported languages for a given edition and version.
+        Works for all registered editions (webapp, mobileapp, companion).
+      parameters:
+        - name: edition
+          in: path
+          required: true
+          schema:
+            type: string
+            enum: [webapp, mobileapp, companion]
+        - name: version
+          in: path
+          required: true
+          schema:
+            type: string
+            example: "1.0"
+      responses:
+        '200':
+          description: Language metadata for the requested edition/version
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  meta:
+                    type: object
+                    properties:
+                      edition:
+                        type: string
+                        example: companion
+                      version:
+                        type: string
+                        example: "1.0"
+                      languages:
+                        type: array
+                        items:
+                          type: string
+                        example: [en]
+              examples:
+                example:
+                  summary: Companion edition language metadata
+                  value:
+                    meta:
+                      edition: companion
+                      version: "1.0"
+                      languages: [en]
+        '404':
+          description: Edition or version not found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+
 components:
 
   schemas:
@@ -483,3 +595,26 @@ components:
             version:
               type: string
               example: "1.0"
+LanguageMetaCompanion:
+          type: object
+          properties:
+            meta:
+              type: object
+              properties:
+                edition:
+                  type: string
+                  example: OWASP Cornucopia Companion Edition
+                component:
+                  type: string
+                  example: cards
+                language:
+                  type: string
+                  example: all
+                languages:
+                  type: array
+                  items:
+                    type: string
+                  example: [en]
+                version:
+                  type: string
+                  example: "1.0"

cornucopia.owasp.org/svelte.config.js

@@ -340,6 +340,8 @@ export default {
 				'/api/cre/webapp/pt_br',
 				'/api/cre/webapp/no_nb',
 				'/api/cre/mobileapp/en',
+				'/api/cre/companion/en',
+				'/api/lang/companion/1.0',
 				'/api/cre/dbd/en',
 				'/api/cre/mobileapp/hi',
                 '/api/cre/mobileapp/uk',