api

package
v0.0.1-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package api wires the chi router, middlewares, and the ogen-generated server into a single http.Handler.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewServer 

func NewServer(opts Options) (http.Handler, error)

NewServer returns the root http.Handler for the WebSec101 API.

Layout: 

chi.Router (request-id, recover, access-log, cors)
├── GET /api/v1/scans/{guid}/events  — explicit SSE route
├── /api/*                           — ogen.Server
└── /*                               — embedded Astro static frontend

The SSE endpoint is registered on chi directly (and matched first) because it does not fit the OpenAPI request/response model: streaming, long-lived, EventSource semantics.

Types

type Options 

type Options struct {
	Logger         *slog.Logger
	Store          storage.ScanStore
	Registry       *checks.Registry
	Scans          *scanner.Manager
	Policy         *safety.Policy
	IPLimiter      *ratelimit.IPLimiter     // optional; nil disables per-IP rate limiting
	Tracker        *ratelimit.TargetTracker // optional; nil disables cooldown/cache/abuse
	AuditLog       *audit.Logger            // optional; nil disables audit
	PerScanTimeout time.Duration
	LogTargets     bool     // honour logging.log_targets
	CORSOrigin     []string // CORS allowlist; nil → "https://*"
}

Options configures NewServer.

Source Files

View all Source files

Directories

Path Synopsis
Package handlers implements the WebSec101 OpenAPI server interface generated by ogen.
 Package handlers implements the WebSec101 OpenAPI server interface generated by ogen.
Package middleware exposes the chi-compatible middlewares used by the WebSec101 HTTP server: request-id, panic recovery, slog access log, and a CORS allowlist.
 Package middleware exposes the chi-compatible middlewares used by the WebSec101 HTTP server: request-id, panic recovery, slog access log, and a CORS allowlist.
Package spec embeds api/openapi.yaml at build time and exposes both the raw YAML bytes and a parsed JSON tree for serving on GET /api/v1/openapi.json.
 Package spec embeds api/openapi.yaml at build time and exposes both the raw YAML bytes and a parsed JSON tree for serving on GET /api/v1/openapi.json.
Package sse provides a small, dependency-free helper for writing Server-Sent Events that follows the WHATWG `text/event-stream` spec.
 Package sse provides a small, dependency-free helper for writing Server-Sent Events that follows the WHATWG `text/event-stream` spec.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.