openapi

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package openapi is part of the GoFastr framework. See https://github.com/DonaldMurillo/gofastr for documentation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FieldToSchema 

func FieldToSchema(field schema.Field) map[string]any

FieldToSchema converts a single schema.Field into an OpenAPI-compatible JSON Schema object.

func FieldsToSchema 

func FieldsToSchema(fields []schema.Field) map[string]any

FieldsToSchema converts a slice of Fields into a JSON Schema object suitable for use as an OpenAPI schema.

func GatedHandler 

func GatedHandler(spec *Spec, allow func(*http.Request) bool) http.Handler

GatedHandler wraps the OpenAPI spec handler in an authorisation predicate. Requests for which allow(r) returns false get 404 (not 401/403 — leaking that an OpenAPI endpoint exists is itself the disclosure we're trying to avoid). 404 keeps the existence of the endpoint indistinguishable from a vanilla missing route. The allow predicate is the only auth gate — the wrapped spec handler does NOT re-check the user context.

Typical use: 

openapi.GatedHandler(spec, func(r *http.Request) bool {
    u, ok := handler.GetUser(r.Context())
    return ok && u.(*MyUser).IsAdmin()
})

func Handler 

func Handler(spec *Spec) http.Handler

Handler returns an http.Handler that serves the OpenAPI spec as JSON at the root path (typically mounted at /openapi.json or /docs/openapi.json).

The spec lists every registered route, so by default the handler requires an authenticated context (the framework's auth chain must have called handler.SetUser). Apps that want a public OpenAPI spec can wrap PublicHandler around the same spec.

func PublicHandler 

func PublicHandler(spec *Spec) http.Handler

PublicHandler serves the spec without an auth check — use only when the spec is intentionally public. Most apps should prefer Handler (auth-gated) or GatedHandler (custom predicate).

func SwaggerUIHandler 

func SwaggerUIHandler(spec *Spec, basePath string) http.Handler

SwaggerUIHandler returns an http.Handler that serves a minimal, self-contained API spec landing page. The page links to the OpenAPI JSON; viewers like Swagger UI / Insomnia / Stoplight / Postman can load it. Earlier revisions embedded swagger-ui-dist via a public CDN — that pulled the docs page's supply chain into a third-party host (and broke offline / air-gapped deploys), so the CDN reference was removed. Hosts that want the interactive UI can vendor swagger-ui themselves and mount their own handler.

Types

type Operation 

type Operation struct {
	Summary     string
	Description string
	OperationID string
	Tags        []string
	Parameters  []map[string]any
	RequestBody *map[string]any
	Responses   map[int]map[string]any
}

Operation represents a single OpenAPI operation (e.g. GET /users).

func NewOperation 

func NewOperation() *Operation

NewOperation creates a blank Operation.

func (*Operation) AddParameter 

func (o *Operation) AddParameter(name, location, description string, required bool, schema map[string]any)

AddParameter appends a parameter to the operation. location is one of "path", "query", "header", "cookie".

func (*Operation) AddResponse 

func (o *Operation) AddResponse(status int, description string, schema map[string]any)

AddResponse registers a response for the given HTTP status code.

func (*Operation) SetRequestBody 

func (o *Operation) SetRequestBody(contentType string, schema map[string]any, required bool)

SetRequestBody sets the request body for the operation.

func (*Operation) ToMap 

func (o *Operation) ToMap() map[string]any

ToMap converts the Operation into a map suitable for inclusion in the OpenAPI paths object.

type Spec 

type Spec struct {
	// contains filtered or unexported fields
}

Spec is a builder for an OpenAPI 3.1 specification.

func NewSpec 

func NewSpec(title, version string) *Spec

NewSpec creates a new Spec with the given title and version.

func (*Spec) AddPath 

func (s *Spec) AddPath(method, path string, op Operation)

AddPath registers a path + method with an Operation. Path parameters in GoFastr format (/users/:id) are automatically converted to OpenAPI format (/users/{id}) and path parameters are added to the operation.

func (*Spec) AddSchema 

func (s *Spec) AddSchema(name string, schema map[string]any)

AddSchema registers a reusable schema component.

func (*Spec) AddSecurityRequirement 

func (s *Spec) AddSecurityRequirement(name string, scopes []string)

AddSecurityRequirement adds a global security requirement.

func (*Spec) AddServer 

func (s *Spec) AddServer(url, description string)

AddServer registers a server URL with an optional description. URLs that don't begin with a relative path ("/", "./") or one of http(s)/ ws(s) are dropped: a `javascript:`/`data:`/`file:` entry in a publicly served spec turns the docs page into a phishing platform when a viewer clicks the "Servers" picker.

func (*Spec) AddTag 

func (s *Spec) AddTag(name, description string)

AddTag registers a tag with a description.

func (*Spec) Build 

func (s *Spec) Build() map[string]any

Build produces the full OpenAPI 3.1 specification as a map.

func (*Spec) SetSecurityScheme 

func (s *Spec) SetSecurityScheme(name string, scheme map[string]any)

SetSecurityScheme registers a security scheme (e.g. bearerAuth).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.