linuxfoundation · ulemons · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
diff --git a/backend/src/api/index.ts b/backend/src/api/index.ts
@@ -147,6 +147,14 @@ setImmediate(async () => {
 
   app.use(bodyParser.urlencoded({ limit: '5mb', extended: true }))
 
+  app.use((err: any, req: any, res: any, next: any) => {
+    if (err.type === 'entity.parse.failed') {
+      res.status(400).json({ error: { code: 'BAD_REQUEST', message: 'Invalid JSON body' } })
+      return
+    }
+    next(err)
+  })
+
   app.use((req, res, next) => {
     // @ts-ignore
     req.userData = {

diff --git a/backend/src/api/public/index.ts b/backend/src/api/public/index.ts
@@ -1,18 +1,12 @@
 import { Router } from 'express'
 
-import { AUTH0_CONFIG } from '../../conf'
-
 import { errorHandler } from './middlewares/errorHandler'
-import { oauth2Middleware } from './middlewares/oauth2Middleware'
-import { staticApiKeyMiddleware } from './middlewares/staticApiKeyMiddleware'
 import { v1Router } from './v1'
-import { devStatsRouter } from './v1/dev-stats'
 
 export function publicRouter(): Router {
   const router = Router()
 
-  router.use('/v1/dev-stats', staticApiKeyMiddleware(), devStatsRouter())
-  router.use('/v1', oauth2Middleware(AUTH0_CONFIG), v1Router())
+  router.use('/v1', v1Router())
   router.use(errorHandler)
 
   return router

diff --git a/backend/src/api/public/middlewares/errorHandler.ts b/backend/src/api/public/middlewares/errorHandler.ts
@@ -35,7 +35,13 @@ export const errorHandler: ErrorRequestHandler = (
   }
 
   req.log.error(
-    { error, url: req.url, method: req.method, query: req.query, body: req.body },
+    {
+      error: { name: error?.name, message: error?.message, stack: error?.stack },
+      url: req.url,
+      method: req.method,
+      query: req.query,
+      body: req.body,
+    },
     'Unhandled error in public API',
   )
 

diff --git a/backend/src/api/public/v1/dev-stats/getAffiliations.ts b/backend/src/api/public/v1/dev-stats/getAffiliations.ts
@@ -0,0 +1,89 @@
+import type { Request, Response } from 'express'
+import { z } from 'zod'
+
+import {
+  findMembersByGithubHandles,
+  findVerifiedEmailsByMemberIds,
+  optionsQx,
+  resolveAffiliationsByMemberIds,
+} from '@crowd/data-access-layer'
+
+import { ok } from '@/utils/api'
+import { validateOrThrow } from '@/utils/validation'
+
+const MAX_HANDLES = 100
+const DEFAULT_PAGE_SIZE = 20
+
+const bodySchema = z.object({
+  githubHandles: z
+    .array(z.string().trim().min(1).toLowerCase())
+    .min(1)
+    .max(MAX_HANDLES, `Maximum ${MAX_HANDLES} handles per request`),
+})
+
+const querySchema = z.object({
+  page: z.coerce.number().int().min(1).default(1),
+  pageSize: z.coerce.number().int().min(1).max(MAX_HANDLES).default(DEFAULT_PAGE_SIZE),
+})
+
+export async function getAffiliations(req: Request, res: Response): Promise<void> {
+  const { githubHandles } = validateOrThrow(bodySchema, req.body)
+  const { page, pageSize } = validateOrThrow(querySchema, req.query)
+  const qx = optionsQx(req)
+
+  const offset = (page - 1) * pageSize
+
+  // Step 1: find all verified members across all handles
+  const allMemberRows = await findMembersByGithubHandles(qx, githubHandles)
+
+  const foundHandles = new Set(allMemberRows.map((r) => r.githubHandle.toLowerCase()))
+  const notFound = githubHandles.filter((h) => !foundHandles.has(h))
+
+  const pageMemberRows = allMemberRows.slice(offset, offset + pageSize)
+
+  if (pageMemberRows.length === 0) {
+    ok(res, {
+      total: githubHandles.length,
+      totalFound: allMemberRows.length,
+      page,
+      pageSize,
+      contributorsInPage: 0,
+      contributors: [],
+      notFound,
+    })
+    return
+  }
+
+  const memberIds = pageMemberRows.map((r) => r.memberId)
+
+  // Step 2: fetch verified emails for current page
+  const emailRows = await findVerifiedEmailsByMemberIds(qx, memberIds)
+
+  const emailsByMember = new Map<string, string[]>()
+  for (const row of emailRows) {
+    const list = emailsByMember.get(row.memberId) ?? []
+    list.push(row.email)
+    emailsByMember.set(row.memberId, list)
+  }
+
+  // Step 3: resolve affiliations for current page only
+  const affiliationsByMember = await resolveAffiliationsByMemberIds(qx, memberIds)
+
+  // Step 4: build response
+  const contributors = pageMemberRows.map((member) => ({
+    githubHandle: member.githubHandle,
+    name: member.displayName,
+    emails: emailsByMember.get(member.memberId) ?? [],
+    affiliations: affiliationsByMember.get(member.memberId) ?? [],
+  }))
+
+  ok(res, {
+    total: githubHandles.length,
+    totalFound: allMemberRows.length,
+    page,
+    pageSize,
+    contributorsInPage: contributors.length,
+    contributors,
+    notFound,
+  })
+}
diff --git a/backend/src/api/public/v1/dev-stats/index.ts b/backend/src/api/public/v1/dev-stats/index.ts
@@ -2,18 +2,19 @@ import { Router } from 'express'
 
 import { createRateLimiter } from '@/api/apiRateLimiter'
 import { requireScopes } from '@/api/public/middlewares/requireScopes'
+import { safeWrap } from '@/middlewares/errorMiddleware'
 import { SCOPES } from '@/security/scopes'
 
+import { getAffiliations } from './getAffiliations'
+
 const rateLimiter = createRateLimiter({ max: 60, windowMs: 60 * 1000 })
 
 export function devStatsRouter(): Router {
   const router = Router()
 
   router.use(rateLimiter)
 
-  router.post('/affiliations', requireScopes([SCOPES.READ_AFFILIATIONS]), (_req, res) => {
-    res.json({ status: 'ok' })
-  })
+  router.post('/', requireScopes([SCOPES.READ_AFFILIATIONS]), safeWrap(getAffiliations))
 
   return router
 }
diff --git a/backend/src/api/public/v1/index.ts b/backend/src/api/public/v1/index.ts
@@ -1,13 +1,25 @@
 import { Router } from 'express'
 
+import { NotFoundError } from '@crowd/common'
+
+import { AUTH0_CONFIG } from '../../../conf'
+import { oauth2Middleware } from '../middlewares/oauth2Middleware'
+import { staticApiKeyMiddleware } from '../middlewares/staticApiKeyMiddleware'
+
+import { devStatsRouter } from './dev-stats'
 import { membersRouter } from './members'
 import { organizationsRouter } from './organizations'
 
 export function v1Router(): Router {
   const router = Router()
 
-  router.use('/members', membersRouter())
-  router.use('/organizations', organizationsRouter())
+  router.use('/members', oauth2Middleware(AUTH0_CONFIG), membersRouter())
+  router.use('/organizations', oauth2Middleware(AUTH0_CONFIG), organizationsRouter())
+  router.use('/member-organization-affiliations', staticApiKeyMiddleware(), devStatsRouter())
+
+  router.use(() => {
+    throw new NotFoundError()
+  })
 
   return router
 }