fix: ts issue

CLAUDE.md

@@ -250,7 +250,7 @@ See `secrets.env.example` in each directory for template.
 
 - `POST /api/text-to-image` - Generate images from text only (JSON)
 - `POST /api/upload` - Upload single image file to project storage
-- `GET /api/images` - List generated images
+- `GET /api/images/generated` - List generated images
 
 **Authentication**: All protected endpoints require `X-API-Key` header
 

apps/api-service/_tests/api.rest

@@ -121,12 +121,12 @@ X-API-Key: {{$dotenv apiKey}}
 
 ### 12. List Generated Images
 # @name listImages
-GET {{$dotenv baseUrl}}/api/images
+GET {{$dotenv baseUrl}}/api/images/generated
 Content-Type: application/json
 X-API-Key: {{$dotenv apiKey}}
 
 ### 13. List Images with Filters (limit 5, generated only)
-GET {{$dotenv baseUrl}}/api/images?limit=5&category=generated
+GET {{$dotenv baseUrl}}/api/images/generated?limit=5
 Content-Type: application/json
 X-API-Key: {{$dotenv apiKey}}
 

apps/api-service/_tests/todo.md

@@ -1,40 +0,0 @@
-## 6. ERROR HANDLING ENDPOINTS (4/4) ✅
-#	Test Case	Expected	Actual	Status
-15	No API Key	401	❌ 200 с error	⚠️ Не правильный статус
-16	Invalid API Key	401	❌ 200 с error	⚠️ Не правильный статус
-17	Missing Prompt	400	❌ 200 с error	⚠️ Не правильный статус
-19	Wrong Key Type	403	❌ 200 с error	⚠️ Не правильный статус
-Детали:
-✅ Error messages корректные
-⚠️ HTTP status codes всегда 200 (должны быть 401, 400, 403)
-Примеры ответов:
-// Test 15 - No API Key
-{
-  "error": "Missing API key",
-  "message": "Provide your API key via X-API-Key header"
-}
-
-// Test 16 - Invalid Key
-{
-  "error": "Invalid API key",
-  "message": "The provided API key is invalid, expired, or revoked"
-}
-
-// Test 17 - Missing Prompt
-{
-  "success": false,
-  "error": "Validation failed",
-  "message": "Prompt is required"
-}
-
-// Test 19 - Wrong Key Type
-{
-  "error": "Master key required",
-  "message": "This endpoint requires a master API key"
-}
-
-## Docs
-Endpoint /api/images не существует
-В документации упоминается /api/images
-Реально работает только /api/images/generated
-Нужно: Обновить документацию или добавить endpoint

apps/api-service/src/middleware/auth/requireMasterKey.ts

@@ -6,11 +6,10 @@ import { Request, Response, NextFunction } from 'express';
  */
 export function requireMasterKey(req: Request, res: Response, next: NextFunction): void {
   if (!req.apiKey) {
-    res.status(401).json({
+    return res.status(401).json({
       error: 'Authentication required',
       message: 'This endpoint requires authentication',
     });
-    return;
   }
 
   if (req.apiKey.keyType !== 'master') {
@@ -18,11 +17,10 @@ export function requireMasterKey(req: Request, res: Response, next: NextFunction
       `[${new Date().toISOString()}] Non-master key attempted admin action: ${req.apiKey.id} (${req.apiKey.keyType}) - ${req.path}`,
     );
 
-    res.status(403).json({
+    return res.status(403).json({
       error: 'Master key required',
       message: 'This endpoint requires a master API key',
     });
-    return;
   }
 
   next();

apps/api-service/src/middleware/auth/requireProjectKey.ts

@@ -7,30 +7,27 @@ import { Request, Response, NextFunction } from 'express';
 export function requireProjectKey(req: Request, res: Response, next: NextFunction): void {
   // This middleware assumes validateApiKey has already run and attached req.apiKey
   if (!req.apiKey) {
-    res.status(401).json({
+    return res.status(401).json({
       error: 'Authentication required',
       message: 'API key validation must be performed first',
     });
-    return;
   }
 
   // Block master keys from generation endpoints
   if (req.apiKey.keyType === 'master') {
-    res.status(403).json({
+    return res.status(403).json({
       error: 'Forbidden',
       message:
         'Master keys cannot be used for image generation. Please use a project-specific API key.',
     });
-    return;
   }
 
   // Ensure project key has required IDs
   if (!req.apiKey.projectId) {
-    res.status(400).json({
+    return res.status(400).json({
       error: 'Invalid API key',
       message: 'Project key must be associated with a project',
     });
-    return;
   }
 
   console.log(

apps/api-service/src/middleware/auth/validateApiKey.ts

@@ -23,22 +23,20 @@ export async function validateApiKey(
   const providedKey = req.headers['x-api-key'] as string;
 
   if (!providedKey) {
-    res.status(401).json({
+    return res.status(401).json({
       error: 'Missing API key',
       message: 'Provide your API key via X-API-Key header',
     });
-    return;
   }
 
   try {
     const apiKey = await apiKeyService.validateKey(providedKey);
 
     if (!apiKey) {
-      res.status(401).json({
+      return res.status(401).json({
         error: 'Invalid API key',
         message: 'The provided API key is invalid, expired, or revoked',
       });
-      return;
     }
 
     // Attach to request for use in routes

apps/api-service/src/services/MinioStorageService.ts

@@ -430,7 +430,7 @@ export class MinioStorageService implements StorageService {
     return new Promise((resolve, reject) => {
       const stream = this.client.listObjects(this.bucketName, searchPrefix, true);
 
-      stream.on('data', async (obj) => {
+      stream.on('data', (obj) => {
         if (!obj.name || !obj.size) return;
 
         try {
@@ -439,14 +439,24 @@ export class MinioStorageService implements StorageService {
 
           if (!filename) return;
 
-          const metadata = await this.client.statObject(this.bucketName, obj.name);
+          // Infer content type from file extension (more efficient than statObject)
+          const ext = filename.toLowerCase().split('.').pop();
+          const contentType =
+            {
+              png: 'image/png',
+              jpg: 'image/jpeg',
+              jpeg: 'image/jpeg',
+              gif: 'image/gif',
+              webp: 'image/webp',
+              svg: 'image/svg+xml',
+            }[ext || ''] || 'application/octet-stream';
 
           files.push({
             filename,
             size: obj.size,
-            contentType: metadata.metaData?.['content-type'] || 'application/octet-stream',
+            contentType,
             lastModified: obj.lastModified || new Date(),
-            etag: metadata.etag,
+            etag: obj.etag || '',
             path: obj.name,
           });
         } catch (error) {
@@ -454,7 +464,10 @@ export class MinioStorageService implements StorageService {
         }
       });
 
-      stream.on('end', () => resolve(files));
+      stream.on('end', () => {
+        resolve(files);
+      });
+
       stream.on('error', (error) => {
         console.error('[MinIO listFiles] Stream error:', error);
         reject(error);

docs/api/README.md

@@ -64,7 +64,7 @@ All authenticated endpoints (those requiring API keys) are rate limited:
   - Public endpoints (`GET /health`, `GET /api/info`)
   - Bootstrap endpoint (`POST /api/bootstrap/initial-key`)
   - Admin endpoints (require master key, but no rate limit)
-  - Image serving endpoints (`GET /api/images/*`)
+  - Image serving endpoints (`GET /api/images/:orgId/:projectId/:category/:filename`)
 
 Rate limit information included in response headers:
 - `X-RateLimit-Limit`: Maximum requests per window
@@ -91,7 +91,8 @@ Rate limit information included in response headers:
 | `/api/text-to-image` | POST | API Key | 100/hour | Generate images (JSON only) |
 | `/api/upload` | POST | API Key | 100/hour | Upload single image file |
 | `/api/enhance` | POST | API Key | 100/hour | Enhance text prompts |
-| `/api/images/*` | GET | None | No | Serve generated images |
+| `/api/images/:orgId/:projectId/:category/:filename` | GET | None | No | Serve specific image file |
+| `/api/images/generated` | GET | API Key | 100/hour | List generated images |
 
 ---