refactor(api): restructured API for type safety, maintainability and docs generation

- These changes makes the API incombatible with previous versions - Added new types for error handling, success responses, and health checks. - Updated health check logic to utilize the new types for better clarity and structure. - Refactored existing handlers to improve response consistency and error handling. - Updated Makefile to include a new target for generating API types from Swagger. - Updated "new agent" API to respond an encrypted cert pair
2026-04-26 10:18:29 +02:00 · 2025-08-16 13:04:05 +08:00
parent fce9ce21c9
commit 35a3e3fef6
149 changed files with 13173 additions and 2173 deletions
--- a/internal/auth/userpass.go
+++ b/internal/auth/userpass.go
@@ -32,6 +32,8 @@ type (
 	}
 )

+var _ Provider = (*UserPassAuth)(nil)
+
 func NewUserPassAuth(username, password string, secret []byte, tokenTTL time.Duration) (*UserPassAuth, error) {
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
@@ -100,18 +102,21 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
 	return nil
 }

+type UserPassAuthCallbackRequest struct {
+	User string `json:"username"`
+	Pass string `json:"password"`
+}
+
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
-	var creds struct {
-		User string `json:"username"`
-		Pass string `json:"password"`
-	}
+	var creds UserPassAuthCallbackRequest
 	err := json.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
-		gphttp.Unauthorized(w, "invalid credentials")
+		http.Error(w, "invalid request", http.StatusBadRequest)
 		return
 	}
 	if err := auth.validatePassword(creds.User, creds.Pass); err != nil {
-		gphttp.Unauthorized(w, "invalid credentials")
+		// NOTE: do not include the actual error here
+		http.Error(w, "invalid credentials", http.StatusBadRequest)
 		return
 	}
 	token, err := auth.NewToken()