[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-2505a92e-1b83-472e-80cb-9e5ad11999bb":3,"$fN7YijNdqO-Ks366ZHXTjYO0L4-MLzXbVdFOL4UTemfM":42},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":33},"2505a92e-1b83-472e-80cb-9e5ad11999bb","api-endpoint-builder","构建具有验证、错误处理、身份验证和文档的REST API端点。遵循安全和可扩展性的最佳实践。","cat_coding_backend","mod_coding","sickn33,coding","---\nname: api-endpoint-builder\ndescription: \"Builds production-ready REST API endpoints with validation, error handling, authentication, and documentation. Follows best practices for security and scalability.\"\ncategory: development\nrisk: safe\nsource: community\ndate_added: \"2026-03-05\"\n---\n\n# API Endpoint Builder\n\nBuild complete, production-ready REST API endpoints with proper validation, error handling, authentication, and documentation.\n\n## When to Use This Skill\n\n- User asks to \"create an API endpoint\" or \"build a REST API\"\n- Building new backend features\n- Adding endpoints to existing APIs\n- User mentions \"API\", \"endpoint\", \"route\", or \"REST\"\n- Creating CRUD operations\n\n## What You'll Build\n\nFor each endpoint, you create:\n- Route handler with proper HTTP method\n- Input validation (request body, params, query)\n- Authentication\u002Fauthorization checks\n- Business logic\n- Error handling\n- Response formatting\n- API documentation\n- Tests (if requested)\n\n## Endpoint Structure\n\n### 1. Route Definition\n\n```javascript\n\u002F\u002F Express example\nrouter.post('\u002Fapi\u002Fusers', authenticate, validateUser, createUser);\n\n\u002F\u002F Fastify example\nfastify.post('\u002Fapi\u002Fusers', {\n  preHandler: [authenticate],\n  schema: userSchema\n}, createUser);\n```\n\n### 2. Input Validation\n\nAlways validate before processing:\n\n```javascript\nconst validateUser = (req, res, next) => {\n  const { email, name, password } = req.body;\n  \n  if (!email || !email.includes('@')) {\n    return res.status(400).json({ error: 'Valid email required' });\n  }\n  \n  if (!name || name.length \u003C 2) {\n    return res.status(400).json({ error: 'Name must be at least 2 characters' });\n  }\n  \n  if (!password || password.length \u003C 8) {\n    return res.status(400).json({ error: 'Password must be at least 8 characters' });\n  }\n  \n  next();\n};\n```\n\n### 3. Handler Implementation\n\n```javascript\nconst createUser = async (req, res) => {\n  try {\n    const { email, name, password } = req.body;\n    \n    \u002F\u002F Check if user exists\n    const existing = await db.users.findOne({ email });\n    if (existing) {\n      return res.status(409).json({ error: 'User already exists' });\n    }\n    \n    \u002F\u002F Hash password\n    const hashedPassword = await bcrypt.hash(password, 10);\n    \n    \u002F\u002F Create user\n    const user = await db.users.create({\n      email,\n      name,\n      password: hashedPassword,\n      createdAt: new Date()\n    });\n    \n    \u002F\u002F Don't return password\n    const { password: _, ...userWithoutPassword } = user;\n    \n    res.status(201).json({\n      success: true,\n      data: userWithoutPassword\n    });\n    \n  } catch (error) {\n    console.error('Create user error:', error);\n    res.status(500).json({ error: 'Internal server error' });\n  }\n};\n```\n\n## Best Practices\n\n### HTTP Status Codes\n- `200` - Success (GET, PUT, PATCH)\n- `201` - Created (POST)\n- `204` - No Content (DELETE)\n- `400` - Bad Request (validation failed)\n- `401` - Unauthorized (not authenticated)\n- `403` - Forbidden (not authorized)\n- `404` - Not Found\n- `409` - Conflict (duplicate)\n- `500` - Internal Server Error\n\n### Response Format\n\nConsistent structure:\n\n```javascript\n\u002F\u002F Success\n{\n  \"success\": true,\n  \"data\": { ... }\n}\n\n\u002F\u002F Error\n{\n  \"error\": \"Error message\",\n  \"details\": { ... } \u002F\u002F optional\n}\n\n\u002F\u002F List with pagination\n{\n  \"success\": true,\n  \"data\": [...],\n  \"pagination\": {\n    \"page\": 1,\n    \"limit\": 20,\n    \"total\": 100\n  }\n}\n```\n\n### Security Checklist\n\n- [ ] Authentication required for protected routes\n- [ ] Authorization checks (user owns resource)\n- [ ] Input validation on all fields\n- [ ] SQL injection prevention (use parameterized queries)\n- [ ] Rate limiting on public endpoints\n- [ ] No sensitive data in responses (passwords, tokens)\n- [ ] CORS configured properly\n- [ ] Request size limits set\n\n### Error Handling\n\n```javascript\n\u002F\u002F Centralized error handler\napp.use((err, req, res, next) => {\n  console.error(err.stack);\n  \n  \u002F\u002F Don't leak error details in production\n  const message = process.env.NODE_ENV === 'production' \n    ? 'Internal server error' \n    : err.message;\n  \n  res.status(err.status || 500).json({ error: message });\n});\n```\n\n## Common Patterns\n\n### CRUD Operations\n\n```javascript\n\u002F\u002F Create\nPOST \u002Fapi\u002Fresources\nBody: { name, description }\n\n\u002F\u002F Read (list)\nGET \u002Fapi\u002Fresources?page=1&limit=20\n\n\u002F\u002F Read (single)\nGET \u002Fapi\u002Fresources\u002F:id\n\n\u002F\u002F Update\nPUT \u002Fapi\u002Fresources\u002F:id\nBody: { name, description }\n\n\u002F\u002F Delete\nDELETE \u002Fapi\u002Fresources\u002F:id\n```\n\n### Pagination\n\n```javascript\nconst getResources = async (req, res) => {\n  const page = parseInt(req.query.page) || 1;\n  const limit = parseInt(req.query.limit) || 20;\n  const skip = (page - 1) * limit;\n  \n  const [resources, total] = await Promise.all([\n    db.resources.find().skip(skip).limit(limit),\n    db.resources.countDocuments()\n  ]);\n  \n  res.json({\n    success: true,\n    data: resources,\n    pagination: {\n      page,\n      limit,\n      total,\n      pages: Math.ceil(total \u002F limit)\n    }\n  });\n};\n```\n\n### Filtering & Sorting\n\n```javascript\nconst getResources = async (req, res) => {\n  const { status, sort = '-createdAt' } = req.query;\n  \n  const filter = {};\n  if (status) filter.status = status;\n  \n  const resources = await db.resources\n    .find(filter)\n    .sort(sort)\n    .limit(20);\n  \n  res.json({ success: true, data: resources });\n};\n```\n\n## Documentation Template\n\n```javascript\n\u002F**\n * @route POST \u002Fapi\u002Fusers\n * @desc Create a new user\n * @access Public\n * \n * @body {string} email - User email (required)\n * @body {string} name - User name (required)\n * @body {string} password - Password, min 8 chars (required)\n * \n * @returns {201} User created successfully\n * @returns {400} Validation error\n * @returns {409} User already exists\n * @returns {500} Server error\n * \n * @example\n * POST \u002Fapi\u002Fusers\n * {\n *   \"email\": \"user@example.com\",\n *   \"name\": \"John Doe\",\n *   \"password\": \"securepass123\"\n * }\n *\u002F\n```\n\n## Testing Example\n\n```javascript\ndescribe('POST \u002Fapi\u002Fusers', () => {\n  it('should create a new user', async () => {\n    const response = await request(app)\n      .post('\u002Fapi\u002Fusers')\n      .send({\n        email: 'test@example.com',\n        name: 'Test User',\n        password: 'password123'\n      });\n    \n    expect(response.status).toBe(201);\n    expect(response.body.success).toBe(true);\n    expect(response.body.data.email).toBe('test@example.com');\n    expect(response.body.data.password).toBeUndefined();\n  });\n  \n  it('should reject invalid email', async () => {\n    const response = await request(app)\n      .post('\u002Fapi\u002Fusers')\n      .send({\n        email: 'invalid',\n        name: 'Test User',\n        password: 'password123'\n      });\n    \n    expect(response.status).toBe(400);\n    expect(response.body.error).toContain('email');\n  });\n});\n```\n\n## Key Principles\n\n- Validate all inputs before processing\n- Use proper HTTP status codes\n- Handle errors gracefully\n- Never expose sensitive data\n- Keep responses consistent\n- Add authentication where needed\n- Document your endpoints\n- Write tests for critical paths\n\n## Related Skills\n\n- `@security-auditor` - Security review\n- `@test-driven-development` - Testing\n- `@database-design` - Data modeling\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,162,488,"2026-05-16 13:03:23",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":25,"skillCount":32,"createdAt":26},"后端开发","backend","mdi-server","API、数据库、服务端架构",296,[34],{"id":35,"skillId":4,"version":36,"fileName":37,"fileSize":38,"filePath":39,"fileHash":40,"manifest":41,"createdAt":19},"e33704cb-8768-4fe4-a1bc-477176179c6b","1.0.0","api-endpoint-builder.zip",3299,"uploads\u002Fskills\u002F2505a92e-1b83-472e-80cb-9e5ad11999bb\u002Fapi-endpoint-builder.zip","8e599337fde77308f6043d47cd50e18f054d188c30ce7cf1fa255fc084f00faa","[{\"path\":\"README.md\",\"isDirectory\":false,\"size\":757},{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":7407}]",{"code":43,"message":44,"data":45},200,"success",{"items":46,"stats":47,"page":50},[],{"averageRating":48,"totalRatings":48,"ratingCounts":49},0,[48,48,48,48,48],{"limit":51,"offset":48,"hasMore":52,"nextOffset":51,"ratedOnly":16},15,false]