handler

package
v0.13.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: AGPL-3.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseIntervalListQueryParam 

func ParseIntervalListQueryParam(intervalQuery string, def []time.Duration) ([]time.Duration, error)

func RegisterHandlers 

func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, services *APIServices)

Types

type APIServices added in v0.13.0 

type APIServices struct {
	EvidenceService      *evidencesvc.EvidenceService
	RiskEnqueuer         evidencesvc.RiskJobEnqueuer
	DigestService        *digest.Service
	WorkflowManager      *workflow.Manager
	NotificationEnqueuer workflow.NotificationEnqueuer
	DAGExecutor          *workflow.DAGExecutor
}

APIServices contains all services needed by API handlers

type DigestHandler added in v0.9.0 

type DigestHandler struct {
	// contains filtered or unexported fields
}

DigestHandler handles digest-related API endpoints

func NewDigestHandler added in v0.9.0 

func NewDigestHandler(digestService *digest.Service, logger *zap.SugaredLogger) *DigestHandler

NewDigestHandler creates a new digest handler

func (*DigestHandler) PreviewDigest added in v0.9.0 

func (h *DigestHandler) PreviewDigest(ctx echo.Context) error

PreviewDigest godoc 

@Summary		Preview evidence digest
@Description	Returns the current evidence summary that would be included in a digest email
@Tags			Digest
@Produce		json
@Success		200	{object}	GenericDataResponse[digest.EvidenceSummary]
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/digest/preview [get]

func (*DigestHandler) Register added in v0.9.0 

func (h *DigestHandler) Register(api *echo.Group)

Register registers the digest endpoints

func (*DigestHandler) TriggerDigest added in v0.9.0 

func (h *DigestHandler) TriggerDigest(ctx echo.Context) error

TriggerDigest godoc 

@Summary		Trigger evidence digest
@Description	Manually triggers the evidence digest job to send emails to all users
@Tags			Digest
@Produce		json
@Param			job	query		string	false	"Job name to trigger (default: global-evidence-digest)"
@Success		200	{object}	map[string]string
@Failure		400	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/digest/trigger [post]

type EvidenceActivity 

type EvidenceActivity struct {
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
	Steps       []EvidenceActivityStep
}

type EvidenceActivityStep 

type EvidenceActivityStep struct {
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type EvidenceComponent 

type EvidenceComponent struct {
	// components/common/ssh
	// components/common/github-repository
	// components/common/github-organisation
	// components/common/ubuntu-22
	// components/internal/auth-policy
	Identifier string

	// Software
	// Service
	Type        string
	Title       string
	Description string
	Remarks     string
	Purpose     string
	Protocols   []oscalTypes_1_1_3.Protocol
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type EvidenceCreateRequest 

type EvidenceCreateRequest struct {
	// UUID needs to remain consistent for a piece of evidence being collected periodically.
	// It represents the "stream" of the same observation being made over time.
	// For the same checks, performed on the same machine, the UUID for each check should remain the same.
	// For the same check, performed on two different machines, the UUID should differ.
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     *string

	// Assigning labels to Evidence makes it searchable and easily usable in the UI
	Labels map[string]string

	// When did we start collecting the evidence, and when did the process end, and how long is it valid for ?
	Start   time.Time
	End     time.Time
	Expires *time.Time

	Props      []oscalTypes_1_1_3.Property
	Links      []oscalTypes_1_1_3.Link
	BackMatter *oscalTypes_1_1_3.BackMatter `json:"back-matter,omitempty"`

	// Who or What is generating this evidence
	Origins []oscalTypes_1_1_3.Origin
	// What steps did we take to create this evidence
	Activities     []EvidenceActivity
	InventoryItems []EvidenceInventoryItem
	// Which components of the subject are being observed. A tool, user, policy etc.
	Components []EvidenceComponent
	// Who or What are we providing evidence for. What's under test.
	Subjects []EvidenceSubject
	// Did we satisfy what was being tested for, or did we fail ?
	Status oscalTypes_1_1_3.ObjectiveStatus
}

type EvidenceHandler 

type EvidenceHandler struct {
	// contains filtered or unexported fields
}

func NewEvidenceHandler 

func NewEvidenceHandler(sugar *zap.SugaredLogger, evidenceService *evidencesvc.EvidenceService) *EvidenceHandler

func (*EvidenceHandler) ComplianceByControl 

func (h *EvidenceHandler) ComplianceByControl(ctx echo.Context) error

ComplianceByControl godoc 

@Summary		Get compliance counts by control
@Description	Retrieves the count of evidence statuses for filters associated with a specific Control ID.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Control ID"
@Success		200	{object}	GenericDataListResponse[evidence.StatusCount]
@Failure		500	{object}	api.Error
@Router			/evidence/compliance-by-control/{id} [get]

func (*EvidenceHandler) ComplianceByFilter added in v0.5.0 

func (h *EvidenceHandler) ComplianceByFilter(ctx echo.Context) error

ComplianceByFilter godoc 

@Summary		Get compliance status counts by filter/dashboard ID
@Description	Retrieves the count of evidence statuses for a specific filter/dashboard.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Filter/Dashboard ID (UUID)"
@Success		200	{object}	GenericDataListResponse[evidence.StatusCount]
@Failure		400	{object}	api.Error	"Invalid UUID"
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/compliance-by-filter/{id} [get]

func (*EvidenceHandler) Create 

func (h *EvidenceHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create new Evidence
@Description	Creates a new Evidence record including activities, inventory items, components, and subjects.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			evidence	body		EvidenceCreateRequest	true	"Evidence create request"
@Success		201			{object}	GenericDataResponse[relational.Evidence]
@Failure		400			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/evidence [post]

func (*EvidenceHandler) ForControl 

func (h *EvidenceHandler) ForControl(ctx echo.Context) error

ForControl godoc 

@Summary		List Evidence for a Control
@Description	Retrieves Evidence records associated with a specific Control ID, including related activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Control ID"
@Success		200	{object}	handler.ForControl.EvidenceDataListResponse
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/for-control/{id} [get]

func (*EvidenceHandler) Get 

func (h *EvidenceHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get Evidence by ID
@Description	Retrieves a single Evidence record by its unique ID, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence ID"
@Success		200	{object}	GenericDataResponse[OscalLikeEvidence]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/{id} [get]

func (*EvidenceHandler) History 

func (h *EvidenceHandler) History(ctx echo.Context) error

History godoc 

@Summary		Get Evidence history by UUID
@Description	Retrieves a the history for a Evidence record by its UUID, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence UUID"
@Success		200	{object}	GenericDataListResponse[OscalLikeEvidence]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/history/{id} [get]

func (*EvidenceHandler) Latest added in v0.13.0 

func (h *EvidenceHandler) Latest(ctx echo.Context) error

Latest godoc 

@Summary		Get latest Evidence by UUID
@Description	Retrieves the most recent Evidence record for a given UUID stream, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence UUID"
@Success		200	{object}	GenericDataResponse[OscalLikeEvidence]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/latest/{id} [get]

func (*EvidenceHandler) Register 

func (h *EvidenceHandler) Register(api *echo.Group)

func (*EvidenceHandler) Search 

func (h *EvidenceHandler) Search(ctx echo.Context) error

Search godoc 

@Summary		Search Evidence
@Description	Searches Evidence records by label filters.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			filter	body		labelfilter.Filter	true	"Label filter"
@Success		200		{object}	GenericDataListResponse[relational.Evidence]
@Failure		422		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/evidence/search [post]

func (*EvidenceHandler) StatusOverTime 

func (h *EvidenceHandler) StatusOverTime(ctx echo.Context) error

StatusOverTime godoc 

@Summary		Evidence status metrics over intervals
@Description	Retrieves counts of evidence statuses at various time intervals based on a label filter.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			filter		body		labelfilter.Filter	true	"Label filter"
@Param			intervals	query		string				false	"Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success		200			{object}	handler.GenericDataListResponse[StatusInterval]
@Failure		400			{object}	api.Error
@Failure		422			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/evidence/status-over-time [post]

func (*EvidenceHandler) StatusOverTimeByUUID 

func (h *EvidenceHandler) StatusOverTimeByUUID(ctx echo.Context) error

StatusOverTimeByUUID godoc 

@Summary		Evidence status metrics over intervals by UUID
@Description	Retrieves counts of evidence statuses at various time intervals for a specific evidence stream identified by UUID.
@Tags			Evidence
@Produce		json
@Param			id			path		string	true	"Evidence UUID"
@Param			intervals	query		string	false	"Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success		200			{object}	handler.GenericDataListResponse[StatusInterval]
@Failure		400			{object}	api.Error
@Failure		422			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/evidence/status-over-time/{id} [get]

type EvidenceInventoryItem 

type EvidenceInventoryItem struct {
	// user/chris@linguine.tech
	// operating-system/ubuntu/22.4
	// web-server/ec2/i-12345
	Identifier string

	// "operating-system"	description="System software that manages computer hardware, software resources, and provides common services for computer programs."
	// "database"			description="An electronic collection of data, or information, that is specially organized for rapid search and retrieval."
	// "web-server"			description="A system that delivers content or services to end users over the Internet or an intranet."
	// "dns-server"			description="A system that resolves domain names to internet protocol (IP) addresses."
	// "email-server"		description="A computer system that sends and receives electronic mail messages."
	// "directory-server"	description="A system that stores, organizes and provides access to directory information in order to unify network resources."
	// "pbx"				description="A private branch exchange (PBX) provides a a private telephone switchboard."
	// "firewall"			description="A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules."
	// "router"				description="A physical or virtual networking device that forwards data packets between computer networks."
	// "switch"				description="A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device."
	// "storage-array"		description="A consolidated, block-level data storage capability."
	// "appliance"			description="A physical or virtual machine that centralizes hardware, software, or services for a specific purpose."
	Type                  string
	Title                 string
	Description           string
	Remarks               string
	Props                 []oscalTypes_1_1_3.Property
	Links                 []oscalTypes_1_1_3.Link
	ImplementedComponents []struct {
		Identifier string
	}
}

type EvidenceSubject 

type EvidenceSubject struct {
	Identifier string

	// InventoryItem
	// Component
	Type string

	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type FilterHandler 

type FilterHandler struct {
	// contains filtered or unexported fields
}

FilterHandler handles CRUD operations for filters.

func NewFilterHandler 

func NewFilterHandler(sugar *zap.SugaredLogger, db *gorm.DB) *FilterHandler

func (*FilterHandler) Create 

func (h *FilterHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create a new filter
@Description	Creates a new filter.
@Tags			Filters
@Accept			json
@Produce		json
@Param			filter	body		createFilterRequest	true	"Filter to add"
@Success		201		{object}	GenericDataResponse[relational.Filter]
@Failure		400		{object}	api.Error
@Failure		422		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters [post]

func (*FilterHandler) Delete 

func (h *FilterHandler) Delete(ctx echo.Context) error

Delete godoc 

@Summary		Delete a filter
@Description	Deletes a filter.
@Tags			Filters
@Param			id	path	string	true	"Filter ID"
@Success		204	"No Content"
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/filters/{id} [delete]

func (*FilterHandler) Get 

func (h *FilterHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get a filter
@Description	Retrieves a single filter by its unique ID.
@Tags			Filters
@Produce		json
@Param			id	path		string	true	"Filter ID"
@Success		200	{object}	GenericDataResponse[FilterWithAssociations]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/filters/{id} [get]

func (*FilterHandler) ImportFilters added in v0.7.0 

func (h *FilterHandler) ImportFilters(ctx echo.Context) error

ImportFilters godoc 

@Summary		Import dashboard filters
@Description	Import multiple dashboard filter JSON files
@Tags			Filters
@Accept			multipart/form-data
@Produce		json
@Param			files	formData	file	true	"Dashboard filter JSON files to import"
@Success		200		{object}	GenericDataResponse[FilterImportResponse]
@Failure		400		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters/import [post]

func (*FilterHandler) List 

func (h *FilterHandler) List(ctx echo.Context) error

List godoc 

@Summary		List filters
@Description	Retrieves all filters, optionally filtered by controlId or componentId.
@Tags			Filters
@Produce		json
@Success		200	{object}	GenericDataListResponse[FilterWithAssociations]
@Failure		500	{object}	api.Error
@Router			/filters [get]

func (*FilterHandler) Register 

func (h *FilterHandler) Register(api *echo.Group)

Register registers the filter endpoints.

func (*FilterHandler) Update 

func (h *FilterHandler) Update(ctx echo.Context) error

Update godoc 

@Summary		Update a filter
@Description	Updates an existing filter.
@Tags			Filters
@Accept			json
@Produce		json
@Param			id		path		string				true	"Filter ID"
@Param			filter	body		createFilterRequest	true	"Filter to update"
@Success		200		{object}	GenericDataResponse[relational.Filter]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters/{id} [put]

type FilterImportFileResult added in v0.7.0 

type FilterImportFileResult struct {
	Filename string `json:"filename"`
	Success  bool   `json:"success"`
	Message  string `json:"message"`
	Count    int    `json:"count,omitempty"`
}

type FilterImportResponse added in v0.7.0 

type FilterImportResponse struct {
	TotalFiles      int                      `json:"total_files"`
	SuccessfulCount int                      `json:"successful_count"`
	FailedCount     int                      `json:"failed_count"`
	TotalDashboards int                      `json:"total_dashboards"`
	Results         []FilterImportFileResult `json:"results"`
}

type FilterWithAssociations added in v0.9.0 

type FilterWithAssociations struct {
	relational.Filter
	Controls   []oscalTypes_1_1_3.Control         `json:"controls"`
	Components []oscalTypes_1_1_3.SystemComponent `json:"components"`
}

type GenericDataListResponse 

type GenericDataListResponse[T any] struct {
	// Items from the list response
	Data []T `json:"data" yaml:"data"`
}

type GenericDataResponse 

type GenericDataResponse[T any] struct {
	// Items from the list response
	Data T `json:"data" yaml:"data"`
}

type HealthHandler added in v0.5.0 

type HealthHandler struct {
	// contains filtered or unexported fields
}

func NewHealthHandler added in v0.5.0 

func NewHealthHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HealthHandler

func (*HealthHandler) Health added in v0.5.0 

func (h *HealthHandler) Health(ctx echo.Context) error

func (*HealthHandler) Ready added in v0.5.0 

func (h *HealthHandler) Ready(ctx echo.Context) error

func (*HealthHandler) Register added in v0.5.0 

func (h *HealthHandler) Register(api *echo.Group)

type HeartbeatCreateRequest 

type HeartbeatCreateRequest struct {
	UUID      uuid.UUID `json:"uuid,omitempty" validate:"required"`
	CreatedAt time.Time `json:"created_at,omitempty" validate:"required"`
}

type HeartbeatHandler 

type HeartbeatHandler struct {
	// contains filtered or unexported fields
}

func NewHeartbeatHandler 

func NewHeartbeatHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HeartbeatHandler

func (*HeartbeatHandler) Create 

func (h *HeartbeatHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create Heartbeat
@Description	Creates a new heartbeat record for monitoring.
@Tags			Heartbeat
@Accept			json
@Produce		json
@Param			heartbeat	body	HeartbeatCreateRequest	true	"Heartbeat payload"
@Success		201			"Created"
@Failure		400			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/agent/heartbeat [post]

func (*HeartbeatHandler) OverTime 

func (h *HeartbeatHandler) OverTime(ctx echo.Context) error

OverTime godoc 

@Summary		Get Heartbeat Metrics Over Time
@Description	Retrieves heartbeat counts aggregated by 2-minute intervals.
@Tags			Heartbeat
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.OverTime.HeartbeatInterval]
@Failure		500	{object}	api.Error
@Router			/agent/heartbeat/over-time [get]

func (*HeartbeatHandler) Register 

func (h *HeartbeatHandler) Register(api *echo.Group)

type OscalLikeEvidence 

type OscalLikeEvidence struct {
	relational.Evidence
	BackMatter     *oscalTypes_1_1_3.BackMatter         `json:"back-matter,omitempty"`
	Props          []oscalTypes_1_1_3.Property          `json:"props"`
	Links          []oscalTypes_1_1_3.Link              `json:"links"`
	Origins        []oscalTypes_1_1_3.Origin            `json:"origins,omitempty"`
	Activities     []oscalTypes_1_1_3.Activity          `json:"activities,omitempty"`
	InventoryItems []oscalTypes_1_1_3.InventoryItem     `json:"inventory-items,omitempty"`
	Components     []oscalTypes_1_1_3.SystemComponent   `json:"components,omitempty"`
	Subjects       []oscalTypes_1_1_3.AssessmentSubject `json:"subjects,omitempty"`
	Status         oscalTypes_1_1_3.ObjectiveStatus     `json:"status"`
}

func (*OscalLikeEvidence) FromEvidence 

func (o *OscalLikeEvidence) FromEvidence(evidence *relational.Evidence) error

type PoamItemsHandler added in v0.13.0 

type PoamItemsHandler struct {
	// contains filtered or unexported fields
}

PoamItemsHandler handles all HTTP requests for POAM items and their sub-resources. It delegates all persistence to PoamService and never imports gorm directly for data access.

func NewPoamItemsHandler added in v0.13.0 

func NewPoamItemsHandler(svc *poamsvc.PoamService, sugar *zap.SugaredLogger) *PoamItemsHandler

NewPoamItemsHandler constructs a PoamItemsHandler. 

func (h *PoamItemsHandler) AddControlLink(c echo.Context) error

AddControlLink godoc 

@Summary	Add a control link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		poamControlRefRequest	true	"Control ref payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemControlLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls [post]

func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error

AddEvidenceLink godoc 

@Summary	Add an evidence link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Evidence ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemEvidenceLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence [post]

func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error

AddFindingLink godoc 

@Summary	Add a finding link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Finding ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemFindingLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings [post]

func (*PoamItemsHandler) AddMilestone added in v0.13.0 

func (h *PoamItemsHandler) AddMilestone(c echo.Context) error

AddMilestone godoc 

@Summary	Add a milestone to a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		createMilestoneRequest	true	"Milestone payload"
@Success	201		{object}	GenericDataResponse[milestoneResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones [post]

func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error

AddRiskLink godoc 

@Summary	Add a risk link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Risk ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemRiskLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks [post]

func (*PoamItemsHandler) Create added in v0.13.0 

func (h *PoamItemsHandler) Create(c echo.Context) error

Create godoc 

@Summary	Create a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		body	body		createPoamItemRequest	true	"POAM item payload"
@Success	201		{object}	GenericDataResponse[poamItemResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items [post]

func (*PoamItemsHandler) Delete added in v0.13.0 

func (h *PoamItemsHandler) Delete(c echo.Context) error

Delete godoc 

@Summary	Delete a POAM item
@Tags		POAM Items
@Param		id	path	string	true	"POAM item ID"
@Success	204	"No Content"
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [delete]

func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error

DeleteControlLink godoc 

@Summary	Delete a control link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		catalogId	path	string	true	"Catalog ID"
@Param		controlId	path	string	true	"Control ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls/{catalogId}/{controlId} [delete]

func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error

DeleteEvidenceLink godoc 

@Summary	Delete an evidence link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		evidenceId	path	string	true	"Evidence ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence/{evidenceId} [delete]

func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error

DeleteFindingLink godoc 

@Summary	Delete a finding link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		findingId	path	string	true	"Finding ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings/{findingId} [delete]

func (*PoamItemsHandler) DeleteMilestone added in v0.13.0 

func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error

DeleteMilestone godoc 

@Summary	Delete a milestone
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		milestoneId	path	string	true	"Milestone ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones/{milestoneId} [delete]

func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error

DeleteRiskLink godoc 

@Summary	Delete a risk link
@Tags		POAM Items
@Param		id		path	string	true	"POAM item ID"
@Param		riskId	path	string	true	"Risk ID"
@Success	204		"No Content"
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks/{riskId} [delete]

func (*PoamItemsHandler) Get added in v0.13.0 

func (h *PoamItemsHandler) Get(c echo.Context) error

Get godoc 

@Summary	Get a POAM item
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataResponse[poamItemResponse]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [get]

func (*PoamItemsHandler) List added in v0.13.0 

func (h *PoamItemsHandler) List(c echo.Context) error

List godoc 

@Summary	List POAM items
@Tags		POAM Items
@Produce	json
@Param		status			query		string	false	"Filter by status (open|in-progress|completed|overdue)"
@Param		sspId			query		string	false	"Filter by SSP UUID"
@Param		riskId			query		string	false	"Filter by linked risk UUID"
@Param		deadlineBefore	query		string	false	"Filter by planned_completion_date before (RFC3339)"
@Param		overdueOnly		query		bool	false	"Return only overdue items"
@Param		ownerRef		query		string	false	"Filter by primary_owner_user_id UUID"
@Success	200				{object}	GenericDataListResponse[poamItemResponse]
@Failure	400				{object}	api.Error
@Failure	500				{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items [get]

func (*PoamItemsHandler) ListControls added in v0.13.0 

func (h *PoamItemsHandler) ListControls(c echo.Context) error

ListControls godoc 

@Summary	List linked controls
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemControlLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls [get]

func (*PoamItemsHandler) ListEvidence added in v0.13.0 

func (h *PoamItemsHandler) ListEvidence(c echo.Context) error

ListEvidence godoc 

@Summary	List linked evidence
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemEvidenceLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence [get]

func (*PoamItemsHandler) ListFindings added in v0.13.0 

func (h *PoamItemsHandler) ListFindings(c echo.Context) error

ListFindings godoc 

@Summary	List linked findings
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemFindingLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings [get]

func (*PoamItemsHandler) ListMilestones added in v0.13.0 

func (h *PoamItemsHandler) ListMilestones(c echo.Context) error

ListMilestones godoc 

@Summary	List milestones for a POAM item
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[milestoneResponse]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones [get]

func (*PoamItemsHandler) ListRisks added in v0.13.0 

func (h *PoamItemsHandler) ListRisks(c echo.Context) error

ListRisks godoc 

@Summary	List linked risks
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemRiskLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks [get]

func (*PoamItemsHandler) Register added in v0.13.0 

func (h *PoamItemsHandler) Register(g *echo.Group)

Register mounts all POAM routes onto the given Echo group. JWT middleware is applied at the group level in api.go.

func (*PoamItemsHandler) RegisterSSPScoped added in v0.13.0 

func (h *PoamItemsHandler) RegisterSSPScoped(g *echo.Group)

RegisterSSPScoped mounts all POAM routes under an SSP-scoped group (e.g. /system-security-plans/:sspId/poam-items). The :sspId path param is extracted and injected into list/create filters automatically.

func (*PoamItemsHandler) Update added in v0.13.0 

func (h *PoamItemsHandler) Update(c echo.Context) error

Update godoc 

@Summary	Update a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		updatePoamItemRequest	true	"Update payload"
@Success	200		{object}	GenericDataResponse[poamItemResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [put]

func (*PoamItemsHandler) UpdateMilestone added in v0.13.0 

func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error

UpdateMilestone godoc 

@Summary	Update a milestone
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id			path		string					true	"POAM item ID"
@Param		milestoneId	path		string					true	"Milestone ID"
@Param		body		body		updateMilestoneRequest	true	"Milestone update payload"
@Success	200			{object}	GenericDataResponse[milestoneResponse]
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones/{milestoneId} [put]

type RiskHandler added in v0.13.0 

type RiskHandler struct {
	// contains filtered or unexported fields
}

func NewRiskHandler added in v0.13.0 

func NewRiskHandler(sugar *zap.SugaredLogger, db *gorm.DB) *RiskHandler

func (*RiskHandler) Accept added in v0.13.0 

func (h *RiskHandler) Accept(ctx echo.Context) error

Accept godoc 

@Summary		Accept risk
@Description	Accepts a risk with required justification and a future review deadline.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			body	body		acceptRiskRequest	true	"Accept payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/accept [post]

func (*RiskHandler) AcceptForSSP added in v0.13.0 

func (h *RiskHandler) AcceptForSSP(ctx echo.Context) error

AcceptForSSP godoc 

@Summary		Accept risk for SSP
@Description	Accepts a risk by ID scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			body	body		acceptRiskRequest	true	"Accept payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/accept [post]

func (h *RiskHandler) AddComponentLink(ctx echo.Context) error

AddComponentLink godoc 

@Summary		Link component to risk
@Description	Idempotently links a component to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addComponentLinkRequest	true	"Component link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components [post]

func (*RiskHandler) AddComponentLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddComponentLinkForSSP(ctx echo.Context) error

AddComponentLinkForSSP godoc 

@Summary		Link component to risk for SSP
@Description	Idempotently links a component to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addComponentLinkRequest	true	"Component link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components [post]

func (h *RiskHandler) AddControlLink(ctx echo.Context) error

AddControlLink godoc 

@Summary		Link control to risk
@Description	Idempotently links a control to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addControlLinkRequest	true	"Control link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls [post]

func (*RiskHandler) AddControlLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddControlLinkForSSP(ctx echo.Context) error

AddControlLinkForSSP godoc 

@Summary		Link control to risk for SSP
@Description	Idempotently links a control to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addControlLinkRequest	true	"Control link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls [post]

func (h *RiskHandler) AddEvidenceLink(ctx echo.Context) error

AddEvidenceLink godoc 

@Summary		Link evidence to risk
@Description	Idempotently links an evidence item to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addEvidenceLinkRequest	true	"Evidence link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskEvidenceLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence [post]

func (*RiskHandler) AddEvidenceLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddEvidenceLinkForSSP(ctx echo.Context) error

AddEvidenceLinkForSSP godoc 

@Summary		Link evidence to risk for SSP
@Description	Idempotently links an evidence item to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addEvidenceLinkRequest	true	"Evidence link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskEvidenceLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence [post]

func (h *RiskHandler) AddSubjectLink(ctx echo.Context) error

AddSubjectLink godoc 

@Summary		Link subject to risk
@Description	Idempotently links a subject to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addSubjectLinkRequest	true	"Subject link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskSubjectLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/subjects [post]

func (*RiskHandler) Create added in v0.13.0 

func (h *RiskHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create risk
@Description	Creates a risk register entry.
@Tags			Risks
@Accept			json
@Produce		json
@Param			risk	body		createRiskRequest	true	"Risk payload"
@Success		201		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks [post]

func (*RiskHandler) CreateForSSP added in v0.13.0 

func (h *RiskHandler) CreateForSSP(ctx echo.Context) error

CreateForSSP godoc 

@Summary		Create risk for SSP
@Description	Creates a risk register entry scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			risk	body		createRiskRequest	true	"Risk payload"
@Success		201		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks [post]

func (*RiskHandler) Delete added in v0.13.0 

func (h *RiskHandler) Delete(ctx echo.Context) error

Delete godoc 

@Summary		Delete risk
@Description	Deletes a risk register entry and link rows by ID.
@Tags			Risks
@Param			id	path	string	true	"Risk ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [delete]

func (h *RiskHandler) DeleteComponentLink(ctx echo.Context) error

DeleteComponentLink godoc 

@Summary		Delete risk component link
@Description	Deletes the link between a risk and component.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			componentId	path	string	true	"Component ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components/{componentId} [delete]

func (*RiskHandler) DeleteComponentLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteComponentLinkForSSP(ctx echo.Context) error

DeleteComponentLinkForSSP godoc 

@Summary		Delete risk component link for SSP
@Description	Deletes the link between a risk and component scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			componentId	path	string	true	"Component ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components/{componentId} [delete]

func (h *RiskHandler) DeleteControlLink(ctx echo.Context) error

DeleteControlLink godoc 

@Summary		Delete risk control link
@Description	Deletes the link between a risk and control.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			catalogId	path	string	true	"Catalog ID"
@Param			controlId	path	string	true	"Control ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls/{catalogId}/{controlId} [delete]

func (*RiskHandler) DeleteControlLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteControlLinkForSSP(ctx echo.Context) error

DeleteControlLinkForSSP godoc 

@Summary		Delete risk control link for SSP
@Description	Deletes the link between a risk and control scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			catalogId	path	string	true	"Catalog ID"
@Param			controlId	path	string	true	"Control ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls/{catalogId}/{controlId} [delete]

func (h *RiskHandler) DeleteEvidenceLink(ctx echo.Context) error

DeleteEvidenceLink godoc 

@Summary		Delete risk evidence link
@Description	Deletes the link between a risk and evidence item.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			evidenceId	path	string	true	"Evidence ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence/{evidenceId} [delete]

func (*RiskHandler) DeleteEvidenceLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteEvidenceLinkForSSP(ctx echo.Context) error

DeleteEvidenceLinkForSSP godoc 

@Summary		Delete risk evidence link for SSP
@Description	Deletes the link between a risk and evidence item scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			evidenceId	path	string	true	"Evidence ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence/{evidenceId} [delete]

func (*RiskHandler) DeleteForSSP added in v0.13.0 

func (h *RiskHandler) DeleteForSSP(ctx echo.Context) error

DeleteForSSP godoc 

@Summary		Delete risk for SSP
@Description	Deletes a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Param			sspId	path	string	true	"SSP ID"
@Param			id		path	string	true	"Risk ID"
@Success		204		"No Content"
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [delete]

func (*RiskHandler) Get added in v0.13.0 

func (h *RiskHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get risk
@Description	Retrieves a risk register entry by ID.
@Tags			Risks
@Produce		json
@Param			id	path		string	true	"Risk ID"
@Success		200	{object}	GenericDataResponse[riskResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [get]

func (h *RiskHandler) GetComponentLinks(ctx echo.Context) error

GetComponentLinks godoc 

@Summary		List risk component links
@Description	Lists components linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components [get]

func (*RiskHandler) GetComponentLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetComponentLinksForSSP(ctx echo.Context) error

GetComponentLinksForSSP godoc 

@Summary		List risk component links for SSP
@Description	Lists components linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components [get]

func (h *RiskHandler) GetControlLinks(ctx echo.Context) error

GetControlLinks godoc 

@Summary		List risk control links
@Description	Lists controls linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls [get]

func (*RiskHandler) GetControlLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetControlLinksForSSP(ctx echo.Context) error

GetControlLinksForSSP godoc 

@Summary		List risk control links for SSP
@Description	Lists controls linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls [get]

func (h *RiskHandler) GetEvidenceLinks(ctx echo.Context) error

GetEvidenceLinks godoc 

@Summary		List risk evidence links
@Description	Lists evidence IDs linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[uuid.UUID]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence [get]

func (*RiskHandler) GetEvidenceLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetEvidenceLinksForSSP(ctx echo.Context) error

GetEvidenceLinksForSSP godoc 

@Summary		List risk evidence links for SSP
@Description	Lists evidence IDs linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[uuid.UUID]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence [get]

func (*RiskHandler) GetForSSP added in v0.13.0 

func (h *RiskHandler) GetForSSP(ctx echo.Context) error

GetForSSP godoc 

@Summary		Get risk for SSP
@Description	Retrieves a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [get]

func (h *RiskHandler) GetSubjectLinks(ctx echo.Context) error

GetSubjectLinks godoc 

@Summary		List risk subject links
@Description	Lists subjects linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskSubjectLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/subjects [get]

func (*RiskHandler) List added in v0.13.0 

func (h *RiskHandler) List(ctx echo.Context) error

List godoc 

@Summary		List risks
@Description	Lists risk register entries with filtering, sorting, and pagination.
@Tags			Risks
@Produce		json
@Param			status					query		string	false	"Risk status"
@Param			likelihood				query		string	false	"Risk likelihood"
@Param			impact					query		string	false	"Risk impact"
@Param			sspId					query		string	false	"SSP ID"
@Param			controlId				query		string	false	"Control ID"
@Param			componentId				query		string	false	"Component ID"
@Param			evidenceId				query		string	false	"Evidence ID"
@Param			ownerKind				query		string	false	"Owner kind"
@Param			ownerRef				query		string	false	"Owner reference"
@Param			reviewDeadlineBefore	query		string	false	"Review deadline upper bound (RFC3339)"
@Param			page					query		int		false	"Page number"
@Param			limit					query		int		false	"Page size"
@Param			sort					query		string	false	"Sort field"
@Param			order					query		string	false	"Sort order (asc|desc)"
@Success		200						{object}	svc.ListResponse[riskResponse]
@Failure		400						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/risks [get]

func (*RiskHandler) ListForSSP added in v0.13.0 

func (h *RiskHandler) ListForSSP(ctx echo.Context) error

ListForSSP godoc 

@Summary		List risks for SSP
@Description	Lists risk register entries scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId					path		string	true	"SSP ID"
@Param			status					query		string	false	"Risk status"
@Param			likelihood				query		string	false	"Risk likelihood"
@Param			impact					query		string	false	"Risk impact"
@Param			controlId				query		string	false	"Control ID"
@Param			componentId				query		string	false	"Component ID"
@Param			evidenceId				query		string	false	"Evidence ID"
@Param			ownerKind				query		string	false	"Owner kind"
@Param			ownerRef				query		string	false	"Owner reference"
@Param			reviewDeadlineBefore	query		string	false	"Review deadline upper bound (RFC3339)"
@Param			page					query		int		false	"Page number"
@Param			limit					query		int		false	"Page size"
@Param			sort					query		string	false	"Sort field"
@Param			order					query		string	false	"Sort order (asc|desc)"
@Success		200						{object}	svc.ListResponse[riskResponse]
@Failure		400						{object}	api.Error
@Failure		404						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks [get]

func (*RiskHandler) Register added in v0.13.0 

func (h *RiskHandler) Register(api *echo.Group)

func (*RiskHandler) RegisterSSPScoped added in v0.13.0 

func (h *RiskHandler) RegisterSSPScoped(api *echo.Group)

func (*RiskHandler) Review added in v0.13.0 

func (h *RiskHandler) Review(ctx echo.Context) error

Review godoc 

@Summary		Review risk
@Description	Records a structured review for an accepted risk. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			body	body		reviewRiskRequest	true	"Review payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/review [post]

func (*RiskHandler) ReviewForSSP added in v0.13.0 

func (h *RiskHandler) ReviewForSSP(ctx echo.Context) error

ReviewForSSP godoc 

@Summary		Review risk for SSP
@Description	Records a risk review by ID scoped to an SSP. nextReviewDeadline is required for decision=extend and must be omitted for decision=reopen.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			body	body		reviewRiskRequest	true	"Review payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/review [post]

func (*RiskHandler) Update added in v0.13.0 

func (h *RiskHandler) Update(ctx echo.Context) error

Update godoc 

@Summary		Update risk
@Description	Updates a risk register entry by ID.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			risk	body		updateRiskRequest	true	"Risk payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [put]

func (*RiskHandler) UpdateForSSP added in v0.13.0 

func (h *RiskHandler) UpdateForSSP(ctx echo.Context) error

UpdateForSSP godoc 

@Summary		Update risk for SSP
@Description	Updates a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			risk	body		updateRiskRequest	true	"Risk payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [put]

type StatusInterval 

type StatusInterval struct {
	Interval time.Time                 `json:"interval"`
	Statuses []evidencesvc.StatusCount `json:"statuses"`
}

type SubscriptionsResponse added in v0.12.0 

type SubscriptionsResponse struct {
	Subscribed                   bool `json:"subscribed"`
	TaskAvailableEmailSubscribed bool `json:"taskAvailableEmailSubscribed"`
	TaskDailyDigestSubscribed    bool `json:"taskDailyDigestSubscribed"`
	RiskNotificationsSubscribed  bool `json:"riskNotificationsSubscribed"`
}

type UpdateSubscriptionsRequest added in v0.12.0 

type UpdateSubscriptionsRequest struct {
	Subscribed                   *bool `json:"subscribed"`
	TaskAvailableEmailSubscribed *bool `json:"taskAvailableEmailSubscribed"`
	TaskDailyDigestSubscribed    *bool `json:"taskDailyDigestSubscribed"`
	RiskNotificationsSubscribed  *bool `json:"riskNotificationsSubscribed"`
}

type UserHandler added in v0.4.2 

type UserHandler struct {
	// contains filtered or unexported fields
}

func NewUserHandler added in v0.4.2 

func NewUserHandler(sugar *zap.SugaredLogger, db *gorm.DB) *UserHandler

func (*UserHandler) ChangeLoggedInUserPassword added in v0.4.2 

func (h *UserHandler) ChangeLoggedInUserPassword(ctx echo.Context) error

ChangeLoggedInUserPassword godoc 

@Summary		Change password for logged-in user
@Description	Changes the password for the currently logged-in user
@Tags			Users
@Accept			json
@Produce		json
@Param			changePasswordRequest	body		handler.UserHandler.ChangeLoggedInUserPassword.changePasswordRequest	true	"Change Password Request"
@Success		204						{object}	nil
@Failure		400						{object}	api.Error
@Failure		401						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/change-password [post]

func (*UserHandler) ChangePassword added in v0.4.2 

func (h *UserHandler) ChangePassword(ctx echo.Context) error

ChangePassword godoc 

@Summary		Change password for a specific user
@Description	Changes the password for a user by ID
@Tags			Users
@Accept			json
@Produce		json
@Param			id						path		string														true	"User ID"
@Param			changePasswordRequest	body		handler.UserHandler.ChangePassword.changePasswordRequest	true	"Change Password Request"
@Success		204						{object}	nil
@Failure		400						{object}	api.Error
@Failure		401						{object}	api.Error
@Failure		404						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/users/{id}/change-password [post]

func (*UserHandler) CreateUser added in v0.4.2 

func (h *UserHandler) CreateUser(ctx echo.Context) error

CreateUser godoc 

@Summary		Create a new user
@Description	Creates a new user in the system
@Tags			Users
@Accept			json
@Produce		json
@Param			user	body		handler.UserHandler.CreateUser.createUserRequest	true	"User details"
@Success		201		{object}	handler.GenericDataResponse[relational.User]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		409		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users [post]

func (*UserHandler) DeleteUser added in v0.4.2 

func (h *UserHandler) DeleteUser(ctx echo.Context) error

DeleteUser godoc 

@Summary		Delete a user
@Description	Deletes a user from the system
@Tags			Users
@Param			id	path		string	true	"User ID"
@Success		204	{object}	nil
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [delete]

func (*UserHandler) GetMe added in v0.4.2 

func (h *UserHandler) GetMe(ctx echo.Context) error

GetMe godoc 

@Summary		Get logged-in user details
@Description	Retrieves the details of the currently logged-in user
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataResponse[relational.User]
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/users/me [get]

func (*UserHandler) GetSubscriptions added in v0.12.0 

func (h *UserHandler) GetSubscriptions(ctx echo.Context) error

GetSubscriptions godoc 

@Summary		Get notification preferences
@Description	Gets the current user's digest and workflow notification email preferences
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/subscriptions [get]

func (*UserHandler) GetUser added in v0.4.2 

func (h *UserHandler) GetUser(ctx echo.Context) error

GetUser godoc 

@Summary		Get user by ID
@Description	Get user details by user ID
@Tags			Users
@Produce		json
@Param			id	path		string	true	"User ID"
@Success		200	{object}	handler.GenericDataResponse[relational.User]
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [get]

func (*UserHandler) ListUsers added in v0.4.2 

func (h *UserHandler) ListUsers(ctx echo.Context) error

ListUsers godoc 

@Summary		List all users
@Description	Lists all users in the system
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[relational.User]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users [get]

func (*UserHandler) Register added in v0.4.2 

func (h *UserHandler) Register(api *echo.Group)

func (*UserHandler) RegisterSelfRoutes added in v0.5.0 

func (h *UserHandler) RegisterSelfRoutes(api *echo.Group)

func (*UserHandler) UpdateSubscriptions added in v0.12.0 

func (h *UserHandler) UpdateSubscriptions(ctx echo.Context) error

UpdateSubscriptions godoc 

@Summary		Update notification preferences
@Description	Updates the current user's digest and workflow notification email preferences
@Tags			Users
@Accept			json
@Produce		json
@Param			subscription	body		handler.UpdateSubscriptionsRequest	true	"Notification preferences"
@Success		200				{object}	handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure		400				{object}	api.Error
@Failure		401				{object}	api.Error
@Failure		404				{object}	api.Error
@Failure		500				{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/subscriptions [put]

func (*UserHandler) UpdateUser added in v0.4.2 

func (h *UserHandler) UpdateUser(ctx echo.Context) error

UpdateUser godoc 

@Summary		Update user details
@Description	Updates the details of an existing user
@Tags			Users
@Accept			json
@Produce		json
@Param			id		path		string												true	"User ID"
@Param			user	body		handler.UserHandler.UpdateUser.updateUserRequest	true	"User details"
@Success		200		{object}	handler.GenericDataResponse[relational.User]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [put]

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.