Refactor/api routes

[chrismclarke]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant refactoring of the API's routing infrastructure, moving from inline request handling to a modular, router-based system. This change enhances the organization and scalability of the API by separating concerns into dedicated route handlers for public and administrative endpoints. Concurrently, it improves the development workflow by integrating a frontend utility for cache management and reorganizing core API files into more logical directories. The web application also sees a minor adjustment to its administrative level selection options.

Highlights

• API Route Refactoring: The API's main entry point (api/src/main.ts) has been refactored to delegate all request handling to a new appRouter, centralizing and streamlining route management.
• Structured Route Modules: New modules (admin.ts, index.ts, public.ts) have been introduced under api/src/routes to logically separate and organize API endpoints, improving maintainability.
• Development-Only Admin Cache Invalidation: The /admin/clear-cache endpoint is now handled within api/src/routes/admin.ts and is explicitly restricted to development environments, enhancing security and control.
• Frontend Admin Tool: A 'Clear Server Cache (Dev)' button has been added to the web application (web/src/App.tsx), providing a convenient way for developers to invalidate the server cache.
• File Organization: Several API-related files, including admin-boundaries.ts, overpass-mapping.ts, global.d.ts, and schema.ts, have been moved into new api/src/services and api/src/types directories for better project structure.
• Streamlined Admin Level Selection: The AdminLevelSelect component in the web application has been updated to offer a more focused set of administrative level options by removing levels 6 and 8.
• VSCode Settings: A .vscode/settings.json file was added to configure VSCode to ignore unknown CSS and SCSS at-rules, preventing linting warnings.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .vscode/settings.json
  • Added VSCode settings to ignore unknown CSS/SCSS at-rules.
• api/src/main.ts
  • Replaced direct route handling with an appRouter import.
  • Removed inline logic for CORS pre-flight, health checks, main API endpoint, and admin cache invalidation.
• api/src/routes/admin.ts
  • Added a new module to handle admin-specific routes, including /admin/clear-cache.
  • Restricted admin routes to development environments.
• api/src/routes/index.ts
  • Added a new module to serve as the main application router, dispatching requests to admin or public routes.
  • Included CORS pre-flight handling.
• api/src/routes/public.ts
  • Added a new module to handle public-facing routes, including health checks and the main API endpoint.
• api/src/services/admin-boundaries.test.ts
  • Renamed api/src/admin-boundaries.test.ts to api/src/services/admin-boundaries.test.ts.
• api/src/services/admin-boundaries.ts
  • Renamed api/src/admin-boundaries.ts to api/src/services/admin-boundaries.ts.
  • Updated import paths to reflect the new directory structure.
• api/src/services/overpass-mapping.ts
  • Renamed api/src/overpass-mapping.ts to api/src/services/overpass-mapping.ts.
• api/src/types/global.d.ts
  • Renamed api/src/global.d.ts to api/src/types/global.d.ts.
• api/src/types/schema.ts
  • Renamed api/src/schema.ts to api/src/types/schema.ts.
• web/src/App.tsx
  • Added TrashIcon import from @heroicons/react/20/solid.
  • Implemented a development-only 'Clear Server Cache' button.
• web/src/components/AdminLevelSelect.tsx
  • Removed admin levels 6 and 8 from the available options.

Activity

• No specific activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the API routing logic for better modularity and organization, extracting routing from main.ts into separate files and improving the file structure. It also introduces a new development-only admin feature to clear the server cache. While the refactoring is positive, a critical security concern exists: the new admin endpoint for clearing the server cache lacks proper authentication and is exposed to cross-origin requests due to permissive CORS settings. Furthermore, raw error messages are returned to the client, risking information disclosure. These vulnerabilities should be addressed immediately, especially if the application is deployed in a non-production environment accessible over the network. Additionally, improvements are needed for error handling in the new frontend feature and ensuring consistent CORS header behavior across all API endpoints.

[gemini-code-assist]

The error handling for the cache clearing functionality can be improved for better robustness and more informative error messages.

1. The catch block uses e: any, which is not type-safe. It's better to use e: unknown and then check its type with instanceof Error.
2. When the fetch request is not ok, a generic error 'Failed to clear cache' is thrown. The server provides a more specific error message in the JSON response, which would be more helpful to display to the user.

Here is a suggested implementation that addresses both points:

                try {
                  const baseUrl = API_URL.replace(/\/$/, '');
                  const res = await fetch(`${baseUrl}/admin/clear-cache`, { method: 'POST' });
                  if (!res.ok) {
                    const errorJson = await res.json().catch(() => null);
                    throw new Error(errorJson?.message || 'Failed to clear cache');
                  }
                  alert('Cache cleared successfully!');
                } catch (e) {
                  const message = e instanceof Error ? e.message : 'An unknown error occurred while clearing cache';
                  alert(message);
                }