Documentation
¶
Overview ¶
Package handlers implements the WebSec101 OpenAPI server interface generated by ogen. At Phase 3, only health/version/openapi are real — the rest delegates to client.UnimplementedHandler and returns 501 via the configured error handler.
Index ¶
- func ErrorHandler(_ context.Context, w http.ResponseWriter, _ *http.Request, err error)
- type Handler
- func (h *Handler) CreateScan(ctx context.Context, req *client.ScanRequest) (client.CreateScanRes, error)
- func (h *Handler) DeleteScan(ctx context.Context, params client.DeleteScanParams) (client.DeleteScanRes, error)
- func (h *Handler) GetCheck(_ context.Context, params client.GetCheckParams) (client.GetCheckRes, error)
- func (h *Handler) GetHealth(_ context.Context) (*client.Health, error)
- func (h *Handler) GetOpenAPI(_ context.Context) (client.GetOpenAPIOK, error)
- func (h *Handler) GetScan(ctx context.Context, params client.GetScanParams) (client.GetScanRes, error)
- func (h *Handler) GetScanMarkdown(ctx context.Context, params client.GetScanMarkdownParams) (client.GetScanMarkdownRes, error)
- func (h *Handler) GetScanSARIF(ctx context.Context, params client.GetScanSARIFParams) (client.GetScanSARIFRes, error)
- func (h *Handler) GetVersion(_ context.Context) (*client.Version, error)
- func (h *Handler) ListChecks(_ context.Context) ([]client.Check, error)
- func (h *Handler) SSEHandler(w http.ResponseWriter, r *http.Request)
- type Options
- type ScanService
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ErrorHandler ¶
ErrorHandler maps handler-returned errors to JSON envelopes. ogen's UnimplementedHandler returns ht.ErrNotImplemented; we surface that as 501. Decode failures (typed by ogenerrors) become 400. Anything else is a 500.
Types ¶
type Handler ¶
type Handler struct {
client.UnimplementedHandler
// contains filtered or unexported fields
}
Handler is the concrete ogen Handler implementation.
The embedded UnimplementedHandler causes any method we do not override to return ht.ErrNotImplemented, which the configured error handler translates to HTTP 501.
func (*Handler) CreateScan ¶
func (h *Handler) CreateScan(ctx context.Context, req *client.ScanRequest) (client.CreateScanRes, error)
CreateScan implements POST /api/v1/scans.
func (*Handler) DeleteScan ¶
func (h *Handler) DeleteScan(ctx context.Context, params client.DeleteScanParams) (client.DeleteScanRes, error)
DeleteScan implements DELETE /api/v1/scans/{guid}.
NOTE: ogen drops the Authorization header parameter from the OpenAPI spec because it conflicts with security-scheme handling. Private-mode auth is therefore deferred to Phase 13, which will introduce a dedicated header (e.g. X-Private-Token) on the spec.
func (*Handler) GetCheck ¶
func (h *Handler) GetCheck(_ context.Context, params client.GetCheckParams) (client.GetCheckRes, error)
GetCheck implements GET /api/v1/checks/{check_id}.
func (*Handler) GetOpenAPI ¶
GetOpenAPI implements GET /api/v1/openapi.json.
func (*Handler) GetScan ¶
func (h *Handler) GetScan(ctx context.Context, params client.GetScanParams) (client.GetScanRes, error)
GetScan implements GET /api/v1/scans/{guid} (always 200 if known).
func (*Handler) GetScanMarkdown ¶
func (h *Handler) GetScanMarkdown(ctx context.Context, params client.GetScanMarkdownParams) (client.GetScanMarkdownRes, error)
GetScanMarkdown implements GET /api/v1/scans/{guid}/markdown.
func (*Handler) GetScanSARIF ¶
func (h *Handler) GetScanSARIF(ctx context.Context, params client.GetScanSARIFParams) (client.GetScanSARIFRes, error)
GetScanSARIF implements GET /api/v1/scans/{guid}/sarif.
func (*Handler) GetVersion ¶
GetVersion implements GET /api/v1/version.
func (*Handler) ListChecks ¶
ListChecks implements GET /api/v1/checks.
func (*Handler) SSEHandler ¶
func (h *Handler) SSEHandler(w http.ResponseWriter, r *http.Request)
SSEHandler returns an http.HandlerFunc that streams scan events for the scan id taken from chi URL param "guid". It honours the spec contract: progress, finding, completed/failed events; retry hint; heartbeat.
Behaviour by current state:
- unknown id → 404 JSON
- already terminal → emit one synthetic completed/failed event from the stored Scan and close
- in flight → live-subscribe via the manager, stream until a terminal event arrives or the client drops
type Options ¶
type Options struct {
Store storage.ScanStore
Registry *checks.Registry
Scans ScanService
Policy *safety.Policy
Tracker *ratelimit.TargetTracker
AuditLog *audit.Logger
PerScanTimeout time.Duration
}
Options aggregates the dependencies of a Handler.
type ScanService ¶
type ScanService interface {
CreateScan(ctx context.Context, target *checks.Target, scanTimeout time.Duration) (*storage.Scan, error)
Subscribe(id string) (<-chan scanner.Event, func(), error)
}
ScanService is what the handler needs from the scanner package — kept as an interface so tests can swap it.
Source Files