refactor(lightspeed): create permission middleware and update proxy passthrough

[Jdubrick]

Hey, I just made a Pull Request!

What was done

• Replaced the catch-all proxy middleware with explicit route definitions
  • Old router used a single router.use('/') catch-all that proxied any matching path through to LCORE, relying on an allowlist and a blocklist to decide what to proxy vs. skip
• Extracted a reusable createPermissionMiddleware
  • Permission checks were previously done inline via await authorizer.authorizeUser(...) with try/catch blocks duplicated across every route handler. Now a standalone Express middleware factory
• Moved proxy path-rewriting logic to utils.ts
  • The user_id and history_length query-param injection that was inline in the catch-all's pathRewrite callback is now the standalone rewriteLightspeedProxyPath function, independently testable
• Moved SKIP_USER_ID_ENDPOINTS and DEFAULT_HISTORY_LENGTH to constant.ts
  • These lived in router.ts and types.ts, now are with the other constants
• Added unit tests for the new createPermissionMiddleware and rewriteLightspeedProxyPath utility, and updated existing router tests for the new route structure

Why it was done

• Security
  • Explicit routes eliminate the risk of accidentally proxying unintended paths. Each route declares exactly which permission it requires
• Readability
  • The route table shows every endpoint, its HTTP method, and its required permission, rather than tracing through a catch-all with conditional logic
• Testability
  • Permission checking and path rewriting are now isolated units with their own tests
• Maintainability
  • Adding a new proxied endpoint is now a one liner (router.get('/path', requirePermission(...), apiProxy))

✔️ Checklist

• A changeset describing the change and affected packages. (more info)
• Added or Updated documentation
• Tests for new functionality and regression tests for bug fixes
• Screenshots attached (for UI changes)

[rhdh-gh-app]

Changed Packages

Package Name	Package Path	Changeset Bump	Current Version
@red-hat-developer-hub/backstage-plugin-lightspeed-backend	workspaces/lightspeed/plugins/lightspeed-backend	patch	v2.9.0

[codecov]

Codecov Report

❌ Patch coverage is 89.13043% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.94%. Comparing base (5c9083a) to head (98c7266).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3316      +/-   ##
==========================================
- Coverage   53.95%   53.94%   -0.01%     
==========================================
  Files        2379     2380       +1     
  Lines       86136    86115      -21     
  Branches    23893    23868      -25     
==========================================
- Hits        46472    46456      -16     
+ Misses      38069    38064       -5     
  Partials     1595     1595              

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.58% <ø> (ø)		Carriedforward from 5c9083a
ai-integrations	70.03% <ø> (ø)		Carriedforward from 5c9083a
app-defaults	69.60% <ø> (ø)		Carriedforward from 5c9083a
augment	46.39% <ø> (ø)		Carriedforward from 5c9083a
bulk-import	72.86% <ø> (ø)		Carriedforward from 5c9083a
cost-management	17.48% <ø> (ø)		Carriedforward from 5c9083a
dcm	59.64% <ø> (ø)		Carriedforward from 5c9083a
extensions	62.24% <ø> (ø)		Carriedforward from 5c9083a
global-floating-action-button	74.30% <ø> (ø)		Carriedforward from 5c9083a
global-header	61.63% <ø> (ø)		Carriedforward from 5c9083a
homepage	51.52% <ø> (ø)		Carriedforward from 5c9083a
konflux	91.01% <ø> (ø)		Carriedforward from 5c9083a
lightspeed	68.47% <89.13%> (-0.03%)	⬇️
mcp-integrations	85.46% <ø> (ø)		Carriedforward from 5c9083a
orchestrator	37.33% <ø> (ø)		Carriedforward from 5c9083a
quickstart	62.09% <ø> (ø)		Carriedforward from 5c9083a
sandbox	79.49% <ø> (ø)		Carriedforward from 5c9083a
scorecard	83.84% <ø> (ø)		Carriedforward from 5c9083a
theme	64.54% <ø> (ø)		Carriedforward from 5c9083a
translations	8.49% <ø> (ø)		Carriedforward from 5c9083a
x2a	78.79% <ø> (ø)		Carriedforward from 5c9083a

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c9083a...98c7266. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.2% Duplication on New Code

See analysis details on SonarQube Cloud

[Jdubrick]

/hold going to wait for #3296