dd0c/products/05-aws-cost-anomaly/src/index.ts

import Fastify from 'fastify';
import cors from '@fastify/cors';
import rateLimit from '@fastify/rate-limit';
import pino from 'pino';
import { config } from './config/index.js';
import { getPoolForAuth } from './data/db.js';
import { authHook, decorateAuth, registerAuthRoutes, registerProtectedAuthRoutes } from './auth/middleware.js';
import { registerAnomalyRoutes } from './api/anomalies.js';
import { registerBaselineRoutes } from './api/baselines.js';
import { registerGovernanceRoutes } from './api/governance.js';
import { registerIngestionRoutes } from './api/ingestion.js';

const logger = pino({ name: 'dd0c-cost', level: config.LOG_LEVEL });

const app = Fastify({ logger: true });

await app.register(cors, { origin: config.CORS_ORIGIN });
await app.register(rateLimit, { max: 100, timeWindow: '1 minute' });

const pool = getPoolForAuth();
decorateAuth(app);

// Public routes (no auth)
app.get('/health', async () => ({ status: 'ok', service: 'dd0c-cost' }));
app.get('/version', async () => ({ version: process.env.BUILD_SHA || 'dev', built: process.env.BUILD_TIME || 'unknown' }));

// Auth routes (public - login/signup)
registerAuthRoutes(app, config.JWT_SECRET, pool);

// Protected routes (auth required)
app.register(async function protectedRoutes(protectedApp) {
  protectedApp.addHook('onRequest', authHook(config.JWT_SECRET, pool));
  registerProtectedAuthRoutes(protectedApp, config.JWT_SECRET, pool);
  registerIngestionRoutes(protectedApp);
  registerAnomalyRoutes(protectedApp);
  registerBaselineRoutes(protectedApp);
  registerGovernanceRoutes(protectedApp);
});

try {
  await app.listen({ port: config.PORT, host: '0.0.0.0' });
  logger.info({ port: config.PORT }, 'dd0c/cost started');
} catch (err) {
  logger.fatal(err, 'Failed to start');
  process.exit(1);
}