moxyloco

Moxyloco - API Proxy Service

A simple proxy service for Mux, TicketSource, Vimeo, Acast, and Cloudflare R2 APIs that securely stores credentials and forwards API requests. Also provides TypeScript types for TicketSource events and a fully generated, type-safe R2 API client.

🚀 OpenAPI-Driven Development Workflow

This project uses OpenAPI as the single source of truth for the R2 API. Everything is generated from static/r2_openapi.yaml:

• ✅ TypeScript types - Auto-generated from OpenAPI spec
• ✅ API client - Fully typed client for other teams to use
• ✅ Postman collection - Auto-generated for testing
• ✅ API documentation - Interactive docs with Scalar
• ✅ Tests - Validate API matches spec exactly

📚 API Documentation

Interactive API documentation is available at:

• Local: http://localhost:5173/api/docs
• Production: https://moxy.uilo.co/api/docs

The documentation is automatically generated from the OpenAPI spec and includes interactive endpoint testing, request/response examples, and authentication setup.

Quick Start

# 1. Edit the OpenAPI spec
vim static/r2_openapi.yaml

# 2. Validate and generate everything
bun run ci:validate

# 3. Commit (pre-commit hooks run automatically)
git commit -m "Add new endpoint"

Available Commands

# Validate OpenAPI spec
bun run validate:openapi

# Generate everything from spec
bun run generate:all

# Run full CI validation locally
bun run ci:validate

# Run tests
bun run test:run

# Run client tests
bun run test:client

# Generate individual components
bun run generate:types      # TypeScript types
bun run generate:client     # API client
bun run generate:postman    # Postman collection

Using the Generated R2 API Client

The generated client is available as an npm package:

import { R2 } from 'moxyloco/r2'

const client = new R2({
	token: 'your-token',
})

// List assets in a bucket (fully type-safe, no need to type the response)
const assets = await client.get_bucket('my-bucket')
console.log('Assets:', assets.data)
console.log('Folders:', assets.included)

// Upload an asset
const file = new File(['test content'], 'test.txt', { type: 'text/plain' })
const upload_result = await client.upload_asset('my-bucket', file)
console.log('Uploaded:', upload_result.data)

Package Exports

• moxyloco/r2 - Full client with methods and types

The Smart Workflow

• 🎯 Design First - Edit static/r2_openapi.yaml
• 🔄 Generate Everything - Run bun run ci:validate
• 🧪 Test - Pre-commit hooks validate everything
• 🚀 Deploy - CI/CD ensures spec stays in sync

Benefits:

• 🛡️ Bulletproof - CI/CD prevents broken code
• 🔄 Auto-sync - Everything stays in sync automatically
• ⚡ Fast feedback - Fail fast on any issues
• 📚 Auto-docs - Documentation always up-to-date
• 🧪 Test-driven - Tests validate against spec
• 👥 Team-friendly - Clear PR feedback and validation
• 📦 Client-ready - Generated TypeScript client for other teams

Overview

This service acts as a proxy for Mux, TicketSource, Vimeo, Acast, and Cloudflare R2 APIs, storing your credentials securely and allowing you to make API calls without exposing your tokens directly.

Security

Domain Restrictions

API access is restricted to the following domains only:

• storyblok.com
• *.storyblok.com (all subdomains)
• localhost (for development)

The service checks the Origin and Referer headers to validate domain access. Server-to-server calls (without these headers) are allowed by default.

Usage

Setting up credentials

• Navigate to the main page and choose which service you want to add credentials for
• For Mux: Go to /mux and enter your MUX_TOKEN_ID and MUX_TOKEN_SECRET
• For TicketSource: Go to /ticketsource and enter your TICKETSOURCE_TOKEN
• For Vimeo: Go to /vimeo and enter your VIMEO_ACCESS_TOKEN
• For R2: Go to /r2 and enter your R2_ACCOUNT_ID, R2_ACCESS_KEY_ID, and R2_SECRET_ACCESS_KEY
• For Acast: No credentials needed - uses public RSS feeds
• Submit the form and you'll receive a secret ID

Making API calls

Mux API

GET /api/mux/your/mux/endpoint
Authorization: Bearer YOUR_SECRET_ID

TicketSource API

GET /api/ticketsource/your/ticketsource/endpoint
Authorization: Bearer YOUR_SECRET_ID

Vimeo API

GET /api/vimeo/your/vimeo/endpoint
Authorization: Bearer YOUR_SECRET_ID

R2 API

The R2 API provides a database-backed folder structure for Cloudflare R2 storage. See the API Documentation for complete endpoint details and examples.

Key Features:

• Database-backed folder organization
• Flat R2 keys with logical folder structure
• JSON:API format responses
• Full CRUD operations for assets and folders

Acast API

GET /api/acastaway/{show_id}?page=1&limit=10

Note: Acast endpoints don't require authentication - they use public RSS feeds with smart caching and pagination.

📦 TypeScript Types

This package exports TypeScript types for multiple services:

R2 API Types & Client

import { R2 } from 'moxyloco/r2'

// Use the generated client
const client = new R2({ token: 'your-token' })
const assets = await client.get_bucket('my-bucket')

Other Service Types

import type { TicketsauceEvent } from 'moxyloco/ticketsauce-types'
import type { AcastawayShow } from 'moxyloco/acastaway-types'

Note: This package requires storyloco as a peer dependency for the underlying types. Make sure you have it installed:

npm install storyloco

API Endpoints

• GET /api/mux/* - Proxy to Mux API

• POST /api/mux/* - Proxy to Mux API

• PUT /api/mux/* - Proxy to Mux API

• DELETE /api/mux/* - Proxy to Mux API

• PATCH /api/mux/* - Proxy to Mux API

• GET /api/ticketsource/* - Proxy to TicketSource API

• POST /api/ticketsource/* - Proxy to TicketSource API

• PUT /api/ticketsource/* - Proxy to TicketSource API

• DELETE /api/ticketsource/* - Proxy to TicketSource API

• PATCH /api/ticketsource/* - Proxy to TicketSource API

• GET /api/vimeo/* - Proxy to Vimeo API

• POST /api/vimeo/* - Proxy to Vimeo API

• PUT /api/vimeo/* - Proxy to Vimeo API

• DELETE /api/vimeo/* - Proxy to Vimeo API

• PATCH /api/vimeo/* - Proxy to Vimeo API

• GET /api/r2/* - R2 Asset Management API (see API Documentation)

• GET /api/acastaway/{show_id} - Fetch Acast podcast show data with pagination

• POST /api/acastaway/{show_id} - Invalidate cache for specific show

• POST /api/acastaway - Webhook endpoint for cache invalidation

🛠️ Development

# Start development server
bun dev

# Run full validation (recommended before committing)
bun run ci:validate

# View API documentation
open http://localhost:5173/api/docs

🚀 Deployment

This is a Cloudflare Worker. Deploy to your Cloudflare account:

bun run deploy