feat(backend): init api scaffold

Author: tranhoangpich

apps/backend/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "verifyos-backend"
+version = "0.1.0"
+edition = "2021"
+publish = false
+
+[dependencies]
+axum = { version = "0.7", features = ["multipart"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+tempfile = "3.12"
+thiserror = "1.0"
+tokio = { version = "1.39", features = ["macros", "rt-multi-thread"] }
+tower-http = { version = "0.5", features = ["trace"] }
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+uuid = { version = "1.8", features = ["v4"] }
+
+verifyos-cli = { path = "../../" }

apps/backend/README.md

@@ -0,0 +1,17 @@
+# verifyOS Backend (Rust)
+
+This service provides a clean, versioned HTTP API that accepts an `.ipa` or `.app` upload and returns a normalized scan report.
+
+## API
+
+`POST /api/v1/scan`
+
+- multipart `bundle` file field (required)
+- `profile` form field: `basic` or `full` (optional)
+
+Response: JSON report (same shape as `voc --format json`).
+
+## Notes
+
+- This module depends on the root `verifyos-cli` crate.
+- It is initialized as a standalone crate for a future Cargo workspace split.

apps/backend/src/app/mod.rs

@@ -0,0 +1,3 @@
+mod scan;
+
+pub use scan::{ScanError, ScanService};

apps/backend/src/app/scan.rs

@@ -0,0 +1,50 @@
+use crate::domain::{ScanProfileInput, ScanRequest, ScanResponse};
+use std::path::Path;
+use std::time::Instant;
+use thiserror::Error;
+use verifyos_cli::core::engine::Engine;
+use verifyos_cli::profiles::{register_rules, RuleSelection, ScanProfile};
+use verifyos_cli::report::build_report;
+
+#[derive(Debug, Error)]
+pub enum ScanError {
+    #[error("scan failed: {0}")]
+    ScanFailed(String),
+}
+
+pub struct ScanService;
+
+impl ScanService {
+    pub fn new() -> Self {
+        Self
+    }
+
+    pub fn run_scan<P: AsRef<Path>>(
+        &self,
+        request: ScanRequest,
+        bundle_path: P,
+    ) -> Result<ScanResponse, ScanError> {
+        let started = Instant::now();
+        let profile = match request.profile {
+            Some(ScanProfileInput::Basic) => ScanProfile::Basic,
+            Some(ScanProfileInput::Full) | None => ScanProfile::Full,
+        };
+
+        let mut engine = Engine::new();
+        let selection = RuleSelection::default();
+        register_rules(&mut engine, profile, &selection);
+
+        let run = engine
+            .run(bundle_path)
+            .map_err(|err| ScanError::ScanFailed(err.to_string()))?;
+
+        let report = build_report(&run, None);
+        Ok(ScanResponse {
+            report,
+            warnings: vec![format!(
+                "scan completed in {duration}ms",
+                duration = started.elapsed().as_millis()
+            )],
+        })
+    }
+}

apps/backend/src/domain/mod.rs

@@ -0,0 +1,19 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum ScanProfileInput {
+    Basic,
+    Full,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct ScanRequest {
+    pub profile: Option<ScanProfileInput>,
+}
+
+#[derive(Debug, Serialize)]
+pub struct ScanResponse {
+    pub report: serde_json::Value,
+    pub warnings: Vec<String>,
+}

apps/backend/src/infra/http/handlers.rs

@@ -0,0 +1,76 @@
+use crate::app::{ScanError, ScanService};
+use crate::domain::{ScanProfileInput, ScanRequest};
+use axum::extract::{Multipart, State};
+use axum::http::StatusCode;
+use axum::response::IntoResponse;
+use serde_json::json;
+use std::io::Write;
+use tempfile::NamedTempFile;
+use tracing::info;
+
+pub async fn health() -> impl IntoResponse {
+    StatusCode::OK
+}
+
+pub async fn scan_bundle(
+    State(service): State<ScanService>,
+    mut multipart: Multipart,
+) -> impl IntoResponse {
+    let mut request = ScanRequest { profile: None };
+    let mut temp_file: Option<NamedTempFile> = None;
+
+    while let Ok(Some(field)) = multipart.next_field().await {
+        let name = field.name().unwrap_or_default().to_string();
+        if name == "profile" {
+            if let Ok(value) = field.text().await {
+                request.profile = match value.to_lowercase().as_str() {
+                    "basic" => Some(ScanProfileInput::Basic),
+                    "full" => Some(ScanProfileInput::Full),
+                    _ => None,
+                };
+            }
+            continue;
+        }
+
+        if name == "bundle" {
+            let mut file = match NamedTempFile::new() {
+                Ok(file) => file,
+                Err(err) => return to_error(err).into_response(),
+            };
+            let bytes = match field.bytes().await {
+                Ok(bytes) => bytes,
+                Err(err) => return to_error(err).into_response(),
+            };
+            if let Err(err) = file.write_all(&bytes) {
+                return to_error(err).into_response();
+            }
+            temp_file = Some(file);
+        }
+    }
+
+    let Some(bundle) = temp_file else {
+        return (
+            StatusCode::BAD_REQUEST,
+            json!({ "error": "missing bundle file field" }),
+        )
+            .into_response();
+    };
+
+    info!("running scan for uploaded bundle");
+    match service.run_scan(request, bundle.path()) {
+        Ok(result) => (
+            StatusCode::OK,
+            serde_json::to_value(result).unwrap_or_default(),
+        )
+            .into_response(),
+        Err(err) => (StatusCode::BAD_REQUEST, error_body(err)).into_response(),
+    }
+}
+
+fn error_body(err: ScanError) -> serde_json::Value {
+    json!({ "error": err.to_string() })
+}
+
+fn to_error(err: impl std::fmt::Display) -> (StatusCode, serde_json::Value) {
+    (StatusCode::BAD_REQUEST, json!({ "error": err.to_string() }))
+}

apps/backend/src/infra/http/mod.rs

@@ -0,0 +1,2 @@
+pub mod handlers;
+pub mod router;

apps/backend/src/infra/http/router.rs

@@ -0,0 +1,13 @@
+use crate::app::ScanService;
+use crate::infra::http::handlers::{health, scan_bundle};
+use axum::routing::{get, post};
+use axum::Router;
+use tower_http::trace::TraceLayer;
+
+pub fn build_router(scan_service: ScanService) -> Router {
+    Router::new()
+        .route("/healthz", get(health))
+        .route("/api/v1/scan", post(scan_bundle))
+        .with_state(scan_service)
+        .layer(TraceLayer::new_for_http())
+}

apps/backend/src/infra/mod.rs

@@ -0,0 +1,2 @@
+pub mod http;
+pub mod telemetry;

apps/backend/src/infra/telemetry.rs

@@ -0,0 +1,7 @@
+use tracing_subscriber::EnvFilter;
+
+pub fn init_tracing() {
+    let filter = EnvFilter::try_from_default_env()
+        .unwrap_or_else(|_| EnvFilter::new("verifyos_backend=info,tower_http=info"));
+    tracing_subscriber::fmt().with_env_filter(filter).init();
+}