Merge branch 'main' into improve-about

Author: kasya

.github/workflows/run-code-ql.yaml

@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3
+        uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9
         with:
           languages: ${{ matrix.language }}
 
@@ -55,6 +55,6 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3
+        uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9
         with:
           category: /language:${{ matrix.language }}

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
         exclude: (.github|pnpm-lock.yaml)
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.0
+    rev: v0.13.2
     hooks:
       - id: ruff
         args:
@@ -38,7 +38,7 @@ repos:
         exclude: (.github|pnpm-lock.yaml)
 
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.18.1
+    rev: v1.18.2
     hooks:
       - id: mypy
         additional_dependencies:

backend/apps/api/rest/v0/README.md

@@ -0,0 +1,17 @@
+
+# OWASP API v0
+
+## Important points
+
+When working on this API, **always follow these rules** to avoid breaking clients:
+
+- The authentication class in `__init__.py` **must be named `ApiKey`**.
+  - The client’s `api_key` parameter is automatically derived from this name.
+  - **Do not rename this class**, only update its implementation if needed.
+
+- Each API endpoint must have a **unique `operationId`** in the OpenAPI specification.
+  - Duplicate `operationId`s will break client SDK generation and cause method conflicts.
+
+- Endpoint naming documentation:
+  - [Customize methods](https://www.speakeasy.com/docs/customize/methods)
+  - [Customize namespaces](https://www.speakeasy.com/docs/customize/structure/namespaces)

backend/apps/api/rest/v0/__init__.py

@@ -13,6 +13,7 @@
 from apps.api.rest.v0.project import router as project_router
 from apps.api.rest.v0.release import router as release_router
 from apps.api.rest.v0.repository import router as repository_router
+from apps.api.rest.v0.sponsor import router as sponsor_router
 
 from .chapter import router as chapter_router
 
@@ -34,6 +35,8 @@
     "/releases": release_router,
     # Repositories.
     "/repositories": repository_router,
+    # Sponsors.
+    "/sponsors": sponsor_router,
 }
 
 
@@ -43,7 +46,7 @@
     "docs": Swagger(settings={"persistAuthorization": True}),
     "throttle": [AuthRateThrottle("10/s")],
     "title": "OWASP Nest",
-    "version": "0.2.1",
+    "version": "0.2.3",
 }
 
 api_settings_customization = {}

backend/apps/api/rest/v0/sponsor.py

@@ -0,0 +1,99 @@
+"""Sponsor API."""
+
+from http import HTTPStatus
+from typing import Literal
+
+from django.conf import settings
+from django.http import HttpRequest
+from django.views.decorators.cache import cache_page
+from ninja import Field, FilterSchema, Path, Query, Router, Schema
+from ninja.decorators import decorate_view
+from ninja.pagination import PageNumberPagination, paginate
+from ninja.responses import Response
+
+from apps.owasp.models.sponsor import Sponsor
+
+router = Router()
+
+
+class SponsorErrorResponse(Schema):
+    """Sponsor error response schema."""
+
+    message: str
+
+
+class SponsorFilterSchema(FilterSchema):
+    """Filter schema for Sponsor."""
+
+    is_member: bool | None = Field(
+        None,
+        description="Member status of the sponsor",
+    )
+    member_type: Sponsor.MemberType | None = Field(
+        None,
+        description="Member type of the sponsor",
+    )
+
+    sponsor_type: str | None = Field(
+        None,
+        description="Filter by the type of sponsorship (e.g., Gold, Silver, Platinum).",
+        example="Silver",
+    )
+
+
+class SponsorSchema(Schema):
+    """Schema for Sponsor."""
+
+    description: str
+    image_url: str
+    is_member: bool
+    job_url: str
+    key: str
+    member_type: str
+    name: str
+    sponsor_type: str
+    url: str
+
+
+@router.get(
+    "/",
+    description="Retrieve a paginated list of OWASP sponsors.",
+    operation_id="list_sponsors",
+    response={HTTPStatus.OK: list[SponsorSchema]},
+    summary="List sponsors",
+    tags=["Sponsors"],
+)
+@decorate_view(cache_page(settings.API_CACHE_TIME_SECONDS))
+@paginate(PageNumberPagination, page_size=settings.API_PAGE_SIZE)
+def list_sponsors(
+    request: HttpRequest,
+    filters: SponsorFilterSchema = Query(...),
+    ordering: Literal["name", "-name"] | None = Query(
+        None,
+        description="Ordering field",
+    ),
+) -> list[SponsorSchema]:
+    """Get sponsors."""
+    return filters.filter(Sponsor.objects.order_by(ordering or "name"))
+
+
+@router.get(
+    "/{str:sponsor_key}",
+    description="Retrieve a sponsor details.",
+    operation_id="get_sponsor",
+    response={
+        HTTPStatus.NOT_FOUND: SponsorErrorResponse,
+        HTTPStatus.OK: SponsorSchema,
+    },
+    summary="Get sponsor",
+    tags=["Sponsors"],
+)
+def get_sponsor(
+    request: HttpRequest,
+    sponsor_key: str = Path(..., example="adobe"),
+) -> SponsorSchema | SponsorErrorResponse:
+    """Get sponsor."""
+    if sponsor := Sponsor.objects.filter(key__iexact=sponsor_key).first():
+        return sponsor
+
+    return Response({"message": "Sponsor not found"}, status=HTTPStatus.NOT_FOUND)

backend/apps/owasp/models/common.py

@@ -220,7 +220,7 @@ def get_leaders_emails(self):
         leaders = {}
         for line in content.split("\n"):
             matches = re.findall(
-                r"^[-*]\s*\[([^\]]+)\]\(mailto:([^)]+)(\)|([^[<\n]))", line.strip()
+                r"^[-*]\s*\[([^\]]+)\]\((?:mailto:)?([^)]+)(\)|([^[<\n]))", line.strip()
             )
 
             for match in matches: