Adding Rest API documentation page with Swgger download on the /docs endpoint

server/index.js

@@ -13,6 +13,7 @@ import { createLogger } from './logger.js';
 import * as db from './db.js';
 import { router as authRouter, sessionMiddleware, requireAuth } from './auth.js';
 import { csrfMiddleware } from './middleware/csrf.js';
+import { buildOpenApiSpec } from './openapi.js';
 import * as googleCalendar from './services/google-calendar.js';
 import * as appleCalendar from './services/apple-calendar.js';
 import * as icsSubscription from './services/ics-subscription.js';
@@ -56,10 +57,10 @@ app.use(helmet({
         // Alpine.js CDN (optional, falls verwendet)
         'https://cdn.jsdelivr.net',
       ],
-      styleSrc: ["'self'", "'unsafe-inline'"],
+      styleSrc: ["'self'", "'unsafe-inline'", 'https://cdn.jsdelivr.net'],
       imgSrc: ["'self'", 'data:'],
       connectSrc: ["'self'"],
-      fontSrc: ["'self'"],
+      fontSrc: ["'self'", 'data:', 'https://cdn.jsdelivr.net'],
       objectSrc: ["'none'"],
       frameSrc: ["'none'"],
       // upgrade-insecure-requests nur mit HTTPS aktivieren
@@ -166,6 +167,19 @@ app.get('/api/v1/version', (req, res) => {
   res.json({ version: APP_VERSION });
 });
 
+function sendOpenApi(req, res) {
+  if (req.query.download === '1') {
+    res.setHeader('Content-Disposition', 'attachment; filename="openapi.json"');
+  }
+  res.json(buildOpenApiSpec(req, APP_VERSION));
+}
+
+app.get('/api/v1/openapi.json', sendOpenApi);
+app.get('/openapi.json', sendOpenApi);
+app.get('/docs', (_req, res) => {
+  res.sendFile(path.join(import.meta.dirname, '..', 'public', 'doc-assets', 'swagger.html'));
+});
+
 // Alle weiteren API-Routen erfordern Authentifizierung + CSRF-Schutz
 app.use('/api/v1', requireAuth);
 app.use('/api/v1', csrfMiddleware);