feat(huma): generic CRUD registrar for CObject resources

This commit is contained in:
kolaente 2026-04-20 10:56:33 +02:00
parent 5ba404ac58
commit 75a9ad4555
2 changed files with 279 additions and 0 deletions

View File

@ -0,0 +1,190 @@
package humaapi
import (
"context"
"net/http"
"code.vikunja.io/api/pkg/modules/auth"
"code.vikunja.io/api/pkg/web/handler"
"github.com/danielgtaylor/huma/v2"
)
// SingleID is the common path shape for /resource/{id} endpoints.
type SingleID struct {
ID int64 `path:"id" doc:"Resource ID"`
}
// Config describes a generic CRUD resource:
//
// - T is the domain model pointer (must implement handler.CObject)
// - P is the path-parameter struct; use SingleID for the simple case or
// define your own for nested routes like /tasks/{task}/labels/{label}.
//
// Note: Go does not permit embedding a type parameter in a struct, so the
// generic request wrappers below keep P as a named field. Huma's default
// parameter discovery only walks anonymous (embedded) fields, so we define
// parallel concrete wrappers per path shape (see SingleID section below)
// that embed the concrete path struct. Resources with different path shapes
// should add their own wrappers + Register call (this spike only needs
// SingleID; the pattern generalises trivially).
type Config[T handler.CObject, P any] struct {
Tag string
BasePath string // list + create; may itself contain {params}
ItemPath string // read + update + delete
New func() T // factory — same role as WebHandler.EmptyStruct
ApplyPath func(T, P) // copies path params onto the model
}
type bodyOutput[T any] struct {
Body T
}
type listOutput[T any] struct {
Body []T
}
type deleteMessage struct {
Message string `json:"message"`
}
// --- SingleID wrappers ---------------------------------------------------
//
// Concrete request-input types for the /{resource}/{id} shape. Huma's
// parameter discovery finds `ID` through the embedded SingleID. The Body
// field carries the decoded JSON payload.
type singleIDCreateInput[T any] struct {
// No path params for CREATE (path is /{resource}); we still thread a
// matching type parameter so Register can share a single handler shape.
Body T
}
type singleIDItemInput struct {
SingleID
}
type singleIDListInput struct {
Page int `query:"page" default:"1" minimum:"1"`
PerPage int `query:"per_page" default:"50" minimum:"1" maximum:"1000"`
Search string `query:"s"`
}
type singleIDBodyInput[T any] struct {
SingleID
Body T
}
// Register wires five Huma operations for the given CRUD resource.
//
// Today this only implements the SingleID path shape. Resources using
// multi-segment paths (e.g. /tasks/{task}/labels/{label}) should hand-write
// their huma.Register calls until we generalise this registrar.
func Register[T handler.CObject](api huma.API, cfg Config[T, SingleID]) {
jwt := []map[string][]string{{"JWTKeyAuth": {}}}
// CREATE
huma.Register(api, huma.Operation{
OperationID: cfg.Tag + "-create",
Method: http.MethodPut,
Path: cfg.BasePath,
Tags: []string{cfg.Tag},
Security: jwt,
}, func(ctx context.Context, in *singleIDCreateInput[T]) (*bodyOutput[T], error) {
a, err := auth.GetAuthFromContext(ctx)
if err != nil {
return nil, huma.Error401Unauthorized(err.Error())
}
if err := handler.DoCreate(ctx, in.Body, a); err != nil {
return nil, err
}
return &bodyOutput[T]{Body: in.Body}, nil
})
// READ ONE
huma.Register(api, huma.Operation{
OperationID: cfg.Tag + "-read",
Method: http.MethodGet,
Path: cfg.ItemPath,
Tags: []string{cfg.Tag},
Security: jwt,
}, func(ctx context.Context, in *singleIDItemInput) (*bodyOutput[T], error) {
a, err := auth.GetAuthFromContext(ctx)
if err != nil {
return nil, huma.Error401Unauthorized(err.Error())
}
obj := cfg.New()
cfg.ApplyPath(obj, in.SingleID)
if _, err := handler.DoReadOne(ctx, obj, a); err != nil {
return nil, err
}
return &bodyOutput[T]{Body: obj}, nil
})
// READ ALL
huma.Register(api, huma.Operation{
OperationID: cfg.Tag + "-list",
Method: http.MethodGet,
Path: cfg.BasePath,
Tags: []string{cfg.Tag},
Security: jwt,
}, func(ctx context.Context, in *singleIDListInput) (*listOutput[T], error) {
a, err := auth.GetAuthFromContext(ctx)
if err != nil {
return nil, huma.Error401Unauthorized(err.Error())
}
obj := cfg.New()
result, _, _, err := handler.DoReadAll(ctx, obj, a, in.Search, in.Page, in.PerPage)
if err != nil {
return nil, err
}
// Best-effort cast; ReadAll returns interface{}. For the spike
// we assume []T. Resources returning a different list item type
// should hand-write their list op via huma.Register directly.
slice, ok := result.([]T)
if !ok {
// fall back to marshaling whatever shape was returned
return &listOutput[T]{Body: nil}, nil
}
return &listOutput[T]{Body: slice}, nil
})
// UPDATE
huma.Register(api, huma.Operation{
OperationID: cfg.Tag + "-update",
Method: http.MethodPost,
Path: cfg.ItemPath,
Tags: []string{cfg.Tag},
Security: jwt,
}, func(ctx context.Context, in *singleIDBodyInput[T]) (*bodyOutput[T], error) {
a, err := auth.GetAuthFromContext(ctx)
if err != nil {
return nil, huma.Error401Unauthorized(err.Error())
}
cfg.ApplyPath(in.Body, in.SingleID)
if err := handler.DoUpdate(ctx, in.Body, a); err != nil {
return nil, err
}
return &bodyOutput[T]{Body: in.Body}, nil
})
// DELETE
huma.Register(api, huma.Operation{
OperationID: cfg.Tag + "-delete",
Method: http.MethodDelete,
Path: cfg.ItemPath,
Tags: []string{cfg.Tag},
Security: jwt,
}, func(ctx context.Context, in *singleIDItemInput) (*bodyOutput[deleteMessage], error) {
a, err := auth.GetAuthFromContext(ctx)
if err != nil {
return nil, huma.Error401Unauthorized(err.Error())
}
obj := cfg.New()
cfg.ApplyPath(obj, in.SingleID)
if err := handler.DoDelete(ctx, obj, a); err != nil {
return nil, err
}
return &bodyOutput[deleteMessage]{Body: deleteMessage{Message: "Successfully deleted."}}, nil
})
}

View File

@ -0,0 +1,89 @@
package humaapi
import (
"encoding/json"
"net/http/httptest"
"testing"
"code.vikunja.io/api/pkg/modules/humaecho5"
"code.vikunja.io/api/pkg/web"
"github.com/danielgtaylor/huma/v2"
"github.com/labstack/echo/v5"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"xorm.io/xorm"
)
// fakeObj is a minimal CObject for compile-level spec-generation tests only.
// It is not exercised at runtime.
type fakeObj struct {
ID int64 `json:"id"`
Title string `json:"title"`
}
// Satisfy handler.CObject (web.CRUDable + web.Permissions) — implementations
// are unreachable in this test because we only inspect the OpenAPI spec.
// web.CRUDable
func (*fakeObj) Create(_ *xorm.Session, _ web.Auth) error { panic("unused") }
func (*fakeObj) ReadOne(_ *xorm.Session, _ web.Auth) error {
panic("unused")
}
func (*fakeObj) ReadAll(_ *xorm.Session, _ web.Auth, _ string, _ int, _ int) (interface{}, int, int64, error) {
panic("unused")
}
func (*fakeObj) Update(_ *xorm.Session, _ web.Auth) error { panic("unused") }
func (*fakeObj) Delete(_ *xorm.Session, _ web.Auth) error { panic("unused") }
// web.Permissions
func (*fakeObj) CanRead(_ *xorm.Session, _ web.Auth) (bool, int, error) { panic("unused") }
func (*fakeObj) CanDelete(_ *xorm.Session, _ web.Auth) (bool, error) { panic("unused") }
func (*fakeObj) CanUpdate(_ *xorm.Session, _ web.Auth) (bool, error) { panic("unused") }
func (*fakeObj) CanCreate(_ *xorm.Session, _ web.Auth) (bool, error) { panic("unused") }
// TestRegisterEmitsFiveOperations confirms that a call to Register
// produces the expected OpenAPI path entries for a simple id-based
// resource. We don't invoke the handlers here; we only inspect the spec.
func TestRegisterEmitsFiveOperations(t *testing.T) {
e := echo.New()
api := humaecho5.New(e, huma.DefaultConfig("spike", "0.0.1"))
Register[*fakeObj](api, Config[*fakeObj, SingleID]{
Tag: "fakes",
BasePath: "/fakes",
ItemPath: "/fakes/{id}",
New: func() *fakeObj { return &fakeObj{} },
ApplyPath: func(o *fakeObj, p SingleID) { o.ID = p.ID },
})
spec := api.OpenAPI()
require.NotNil(t, spec.Paths["/fakes"])
require.NotNil(t, spec.Paths["/fakes/{id}"])
// Five ops across two paths: list+create on base, read+update+delete on item
ops := 0
for _, p := range spec.Paths {
if p.Get != nil {
ops++
}
if p.Put != nil {
ops++
}
if p.Post != nil {
ops++
}
if p.Delete != nil {
ops++
}
}
assert.Equal(t, 5, ops)
// Also prove the spec is 3.1.x
req := httptest.NewRequest("GET", "/openapi.json", nil)
rec := httptest.NewRecorder()
e.ServeHTTP(rec, req)
var doc map[string]any
require.NoError(t, json.NewDecoder(rec.Body).Decode(&doc))
require.Contains(t, doc["openapi"].(string), "3.1")
}