v2

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2026 License: GPL-3.0 Imports: 19 Imported by: 0

Documentation

Overview

Package v2 is the oCMS REST API v2, served at /api/v2.

Every operation is registered via huma.Register with typed input and output structs. The OpenAPI 3.1 document served at /api/v2/openapi.json is derived from those types — by construction the spec and the handlers cannot drift.

This package MUST NOT import internal/handler/api (the v1 surface). v2 is a fresh rewrite; the old package will be deleted as each domain migrates.

Index

Constants

This section is empty.

Variables

View Source 
var (
	APIKeyAuthSecurity    = []map[string][]string{{"ApiKeyAuth": {}}}
	PagesWriteSecurity    = []map[string][]string{{"ApiKeyAuth": {"pages:write"}}}
	MediaWriteSecurity    = []map[string][]string{{"ApiKeyAuth": {"media:write"}}}
	TaxonomyWriteSecurity = []map[string][]string{{"ApiKeyAuth": {"taxonomy:write"}}}
)

APIKeyAuthSecurity is the base Security block for any operation that just needs a valid API key regardless of permission (e.g., /auth meta endpoint). Write operations should use the permission-scoped variants below so the runtime middleware can short-circuit a wrong-permission call BEFORE huma parses the request body — a read-only key sending `POST /media` is rejected with 403 without any multipart work. The scope string must match one of `model.Permission*` constants so services and the OpenAPI spec stay aligned.

Functions

func ToHuma 

func ToHuma(err error) error

ToHuma translates any error into a huma.StatusError with the project's ErrorBody envelope. Domain errors preserve their kind/fields; anything else becomes a 500 with a generic message so internals don't leak.

Types

type Actor 

type Actor struct {
	APIKey      *store.ApiKey
	Permissions []string
}

Actor describes the principal making a v2 request. APIKey is nil for unauthenticated callers; Permissions is parsed once so services can make authorization decisions without re-querying the key.

func ActorFromContext 

func ActorFromContext(ctx context.Context) Actor

ActorFromContext extracts the authenticated principal (if any) from a huma handler's request context. Returns a zero Actor for public callers.

func (Actor) HasPermission 

func (a Actor) HasPermission(perm string) bool

HasPermission reports whether the actor's API key grants a permission.

type AuthBody 

type AuthBody struct {
	KeyPrefix   string   `json:"key_prefix" doc:"Public prefix of the API key used for display and correlation."`
	Name        string   `json:"name" doc:"Human-readable name assigned to the key."`
	Permissions []string `json:"permissions" doc:"Permission scopes granted to the key."`
}

AuthBody describes the authenticated API key for GET /api/v2/auth.

type Deps 

type Deps struct {
	DB      *sql.DB
	Queries *store.Queries
	Cache   *cache.Manager
	Events  *service.EventService
}

Deps bundles dependencies that domain services may pick from.

type DocsServer 

type DocsServer struct {
	// contains filtered or unexported fields
}

DocsServer renders /api/v2/docs (Swagger UI) and serves /api/v2/openapi.json and /api/v2/openapi.yaml. The spec is pulled live from the huma API so it always matches the currently-registered operations.

func NewDocsServer 

func NewDocsServer(templatesFS fs.FS, h *Handler) (*DocsServer, error)

NewDocsServer parses the embedded Swagger UI template and binds it to the v2 huma handler.

func (*DocsServer) ServeDocs 

func (s *DocsServer) ServeDocs(w http.ResponseWriter, r *http.Request)

ServeDocs renders the Swagger UI page.

func (*DocsServer) ServeOpenAPIJSON 

func (s *DocsServer) ServeOpenAPIJSON(w http.ResponseWriter, _ *http.Request)

ServeOpenAPIJSON emits the live huma-built OpenAPI 3.1 document as JSON.

func (*DocsServer) ServeOpenAPIYAML 

func (s *DocsServer) ServeOpenAPIYAML(w http.ResponseWriter, _ *http.Request)

ServeOpenAPIYAML emits the same document as YAML, round-tripped through JSON so upstream types don't need YAML struct tags.

type Error 

type Error struct {
	Kind   ErrorKind
	Fields map[string]string // per-field validation errors, surfaced as error.details
	Msg    string
	Wrap   error
}

Error is the domain error type returned from services. Callers (v2 huma operation handlers) translate it via ToHuma.

func NewError 

func NewError(kind ErrorKind, msg string) *Error

NewError constructs a domain error with the given kind and message.

func NewValidationError 

func NewValidationError(fields map[string]string, msg string) *Error

NewValidationError constructs a validation error carrying per-field messages.

func (*Error) Error 

func (e *Error) Error() string

Error implements the error interface.

func (*Error) Unwrap 

func (e *Error) Unwrap() error

Unwrap exposes an underlying error for errors.Is / errors.As.

type ErrorBody 

type ErrorBody struct {
	Error ErrorDetail `json:"error"`
}

ErrorBody is the JSON envelope emitted for every error response. 

{"error": {"code": "...", "message": "...", "details": {"field": "msg"}}}

type ErrorDetail 

type ErrorDetail struct {
	Code    string            `json:"code"`
	Message string            `json:"message"`
	Details map[string]string `json:"details,omitempty"`
}

ErrorDetail is the inner error payload.

type ErrorKind 

type ErrorKind int

ErrorKind classifies domain errors so services can express semantic meaning without depending on HTTP. Huma adapters translate ErrorKind into status codes; the on-wire "code" string stays stable across transports. 

const (
	ErrValidation   ErrorKind = iota + 1 // 422
	ErrNotFound                          // 404
	ErrForbidden                         // 403
	ErrConflict                          // 409
	ErrUnauthorized                      // 401
	ErrInternal                          // 500
)

Error kinds in rough order of severity.

type Handler 

type Handler struct {
	API  huma.API
	Deps Deps
}

Handler holds the live huma.API plus shared deps.

func Register 

func Register(r chi.Router, deps Deps) *Handler

Register wires huma onto the given chi router and installs every v2 operation. Chi middleware already attached to the router (rate limiting, optional API key auth, …) still applies to huma-routed requests.

func (*Handler) OpenAPI 

func (h *Handler) OpenAPI() *huma.OpenAPI

OpenAPI returns the live OpenAPI 3.1 document built from registered operations.

type StatusBody 

type StatusBody struct {
	Status  string `json:"status" example:"ok" doc:"'ok' when the API is reachable."`
	Version string `json:"version" example:"v2" doc:"API major version."`
}

StatusBody is the API availability payload returned by GET /api/v2/status.

Source Files

View all Source files

Directories

Path Synopsis
Package media is the /api/v2/media domain.
 Package media is the /api/v2/media domain.
Package pages is the /api/v2/pages domain.
 Package pages is the /api/v2/pages domain.
Package taxonomy is the /api/v2/tags and /api/v2/categories domain.
 Package taxonomy is the /api/v2/tags and /api/v2/categories domain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.