refactor(api): restructured API for type safety, maintainability and docs generation

- These changes makes the API incombatible with previous versions
- Added new types for error handling, success responses, and health checks.
- Updated health check logic to utilize the new types for better clarity and structure.
- Refactored existing handlers to improve response consistency and error handling.
- Updated Makefile to include a new target for generating API types from Swagger.
- Updated "new agent" API to respond an encrypted cert pair

internal/auth/auth.go

@@ -4,7 +4,6 @@ import (
 	"net/http"
 
 	"github.com/yusing/go-proxy/internal/common"
-	"github.com/yusing/go-proxy/internal/net/gphttp"
 )
 
 var defaultAuth Provider
@@ -42,19 +41,6 @@ type nextHandler struct{}
 
 var nextHandlerContextKey = nextHandler{}
 
-func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
-	if !IsEnabled() {
-		return next
-	}
-	return func(w http.ResponseWriter, r *http.Request) {
-		if err := defaultAuth.CheckToken(r); err != nil {
-			gphttp.Unauthorized(w, err.Error())
-			return
-		}
-		next(w, r)
-	}
-}
-
 func ProceedNext(w http.ResponseWriter, r *http.Request) {
 	next, ok := r.Context().Value(nextHandlerContextKey).(http.HandlerFunc)
 	if ok {
@@ -65,7 +51,8 @@ func ProceedNext(w http.ResponseWriter, r *http.Request) {
 }
 
 func AuthCheckHandler(w http.ResponseWriter, r *http.Request) {
-	if err := defaultAuth.CheckToken(r); err != nil {
+	err := defaultAuth.CheckToken(r)
+	if err != nil {
 		defaultAuth.LoginHandler(w, r)
 	} else {
 		w.WriteHeader(http.StatusOK)

internal/auth/oidc.go

@@ -37,6 +37,8 @@ type (
 	}
 )
 
+var _ Provider = (*OIDCProvider)(nil)
+
 const (
 	CookieOauthState        = "godoxy_oidc_state"
 	CookieOauthToken        = "godoxy_oauth_token"   //nolint:gosec
@@ -257,11 +259,11 @@ func (auth *OIDCProvider) PostAuthCallbackHandler(w http.ResponseWriter, r *http
 	// verify state
 	state, err := r.Cookie(CookieOauthState)
 	if err != nil {
-		gphttp.BadRequest(w, "missing state cookie")
+		http.Error(w, "missing state cookie", http.StatusBadRequest)
 		return
 	}
 	if r.URL.Query().Get("state") != state.Value {
-		gphttp.BadRequest(w, "invalid oauth state")
+		http.Error(w, "invalid oauth state", http.StatusBadRequest)
 		return
 	}
 
@@ -335,12 +337,12 @@ func (auth *OIDCProvider) clearCookie(w http.ResponseWriter, r *http.Request) {
 func (auth *OIDCProvider) handleTestCallback(w http.ResponseWriter, r *http.Request) {
 	state, err := r.Cookie(CookieOauthState)
 	if err != nil {
-		gphttp.BadRequest(w, "missing state cookie")
+		http.Error(w, "missing state cookie", http.StatusBadRequest)
 		return
 	}
 
 	if r.URL.Query().Get("state") != state.Value {
-		gphttp.BadRequest(w, "invalid oauth state")
+		http.Error(w, "invalid oauth state", http.StatusBadRequest)
 		return
 	}
 

internal/auth/userpass.go

@@ -32,6 +32,8 @@ type (
 	}
 )
 
+var _ Provider = (*UserPassAuth)(nil)
+
 func NewUserPassAuth(username, password string, secret []byte, tokenTTL time.Duration) (*UserPassAuth, error) {
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
@@ -100,18 +102,21 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
 	return nil
 }
 
+type UserPassAuthCallbackRequest struct {
+	User string `json:"username"`
+	Pass string `json:"password"`
+}
+
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
-	var creds struct {
-		User string `json:"username"`
-		Pass string `json:"password"`
-	}
+	var creds UserPassAuthCallbackRequest
 	err := json.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
-		gphttp.Unauthorized(w, "invalid credentials")
+		http.Error(w, "invalid request", http.StatusBadRequest)
 		return
 	}
 	if err := auth.validatePassword(creds.User, creds.Pass); err != nil {
-		gphttp.Unauthorized(w, "invalid credentials")
+		// NOTE: do not include the actual error here
+		http.Error(w, "invalid credentials", http.StatusBadRequest)
 		return
 	}
 	token, err := auth.NewToken()