Commit Graph

31 Commits

Author SHA1 Message Date
kolaente e22e169fb9 feat(api/v2): report max_permission on label and project-view reads
Read/update use a per-resource struct that embeds the model by value and adds a
readOnly max_permission field (labelReadBody, projectViewReadBody); Go and Huma
promote the embedded fields, so the body stays flat with no custom marshaler and
nothing on the shared models. The handler passes the model's Updated and the
permission to conditionalReadResponse, which folds the permission into the ETag.
Adds a webtest asserting two callers with different permission on the same label
get different ETags, plus max_permission presence assertions.
2026-06-04 21:16:51 +00:00
kolaente 6836903c5f feat(api/v2): add shared conditional read helper and document list params
conditionalReadResponse applies the If-Match/If-None-Match/If-Modified-Since
precondition (304/412) and returns the shared read envelope. The caller's
permission is folded into the ETag so a share/role change invalidates the cache
even when the model's modified time is unchanged.

Also adds doc: tags to the shared ListParams (q/page/per_page).
2026-06-04 21:16:51 +00:00
kolaente 984a2633cc docs(task-comments): trim comments to the non-obvious why
Cut narration a reader can infer from the code (envelope element type,
path-param binding, per-case test descriptions). Keep the non-obvious
rationale: IDOR scoping, RFC 9110 etag quoting, why the feature gate sits
in the registrar, and the author-only fixture crux.
2026-06-03 19:57:26 +00:00
kolaente 3271a1e1af feat(api/v2): add nested task comment CRUD
Add TaskComment CRUD on /api/v2 under /tasks/{task}/comments, mirroring
the project_views nested-resource shape. The resource is feature-gated by
config.ServiceEnableTaskComments, checked inside the registrar so it runs
after config has loaded. Self-registers via init()+AddRouteRegistrar; no
routes.go change. ReadAll exposes the order_by (asc/desc) query param.

Adds doc:/readOnly: tags to the shared TaskComment model fields and a
TestHumaTaskComment webtest covering list/read/create/update/delete plus
negatives (non-author forbidden, comment under the wrong task -> 404).
2026-06-03 19:57:26 +00:00
kolaente dab6ac620d feat(api/v2): add team CRUD endpoints
Adds Team CRUD on /api/v2 mirroring the labels reference resource:
list, read, create, update, delete under /teams[/{id}].

- The list op exposes an include_public query param bound onto the
  model so Team.ReadAll can surface public teams (gated by the instance
  public-teams setting).
- Read ops emit an ETag and honor If-None-Match (304).
- Model fields gain doc: tags; server-controlled fields are marked
  readOnly:true.
- Self-registers via init()/AddRouteRegistrar; no routes.go change.
- New webtest TestHumaTeam (named to avoid clashing with the v1 model
  TestTeam) covers list/read/create/update/delete plus negatives
  (non-member 403, nonexistent 403/404) and ETag/304.
2026-06-03 18:56:12 +00:00
kolaente ceb2b4f161 docs(api/v2): keep registrar godoc attached; clarify registry concurrency + ordering
- Move each resource file's init() below its RegisterXRoutes func so the func doc
  comment stays attached (it was documenting init()).
- Note AddRouteRegistrar is init-only and not concurrency-safe.
- Reword RegisterAll: registrar order is unspecified and irrelevant.
2026-06-03 13:14:13 +00:00
kolaente b04d4d269c refactor(api/v2): self-register resource routes via init() registry
Previously every new v2 resource appended an explicit RegisterXRoutes call
(and the EnableAutoPatch line had to stay last) in registerAPIRoutesV2 in
routes.go, causing recurring merge conflicts across in-flight PRs.

Resources now self-register: each resource file calls AddRouteRegistrar from
an init(), and registerAPIRoutesV2 just calls apiv2.RegisterAll, which runs
every registrar and then EnableAutoPatch. New resources touch zero shared
lines.
2026-06-03 13:14:13 +00:00
kolaente 220af19a39 refactor(api/v2): register upload route as RegisterAvatarUploadRoutes
Avoids a duplicate RegisterAvatarRoutes declaration in package apiv2 now that
the avatar GET route (#2818) is on main; both routes are registered distinctly.
2026-06-02 11:55:25 +00:00
kolaente b18e051ab3 fix(api/v2): reject non-decodable images (e.g. SVG) on avatar upload with 400 2026-06-02 11:55:25 +00:00
kolaente d2319e1257 refactor(avatar): share avatar-upload logic between v1 and v2 handlers 2026-06-02 11:55:25 +00:00
kolaente 2f4e3ecb91 fix(api/v2): align avatar upload body limit with global overhead
MaxBodyBytes was set to exactly the configured max file size, but a
multipart request carries extra bytes (boundary, part headers) on top of
the file, so a file at the limit could be rejected by Huma before the
handler runs. Mirror the +2 MB overhead that Echo's global BodyLimit
middleware already allows so a max-sized avatar isn't rejected.
2026-06-02 11:55:25 +00:00
kolaente cfac0773d7 fix(api/v2): accept real image content-types on avatar upload
Browsers set a real image Content-Type (image/png, image/jpeg, ...) on
the multipart avatar part, while programmatic clients often send
application/octet-stream. The part contentType tag is an allow-list for
Huma's MimeTypeValidator, which runs before the handler; broaden it so
both cases are accepted instead of being rejected with a 422.

The byte-level mimetype.DetectReader check in the handler remains the
real security gate and is unchanged.

Extend the webtest with a case that sends a part declared as image/png
and asserts it reaches the handler successfully.
2026-06-02 11:55:25 +00:00
kolaente 782c17c01d feat(api/v2): upload user avatar via multipart
Add PUT /api/v2/user/settings/avatar, the first multipart/form-data file
upload on the Huma-backed v2 API. Reuses v1's byte-level mime validation
(mimetype.DetectReader) and storage (upload.StoreAvatarFile), modeling the
request as a huma.MultipartFormFiles input so it renders as multipart/form-data
in the OpenAPI spec instead of being read off the raw echo context.

Flips the user's avatar provider to "upload" on success. Authenticated (JWT).
2026-06-02 11:55:25 +00:00
kolaente e81ccb3486 refactor(avatar): share avatar resolution between v1 and v2 handlers
Extract the duplicated user-lookup, provider-selection and size-clamping
logic from the v1 GetAvatar and v2 avatarGet handlers into a single
avatar.GetAvatarForUsername helper. Both handlers now call it and keep
only their transport-specific code (v1: echo size parse + c.Blob, v2:
huma input/response). Pure refactor, behavior is unchanged.
2026-06-02 08:17:00 +00:00
kolaente a4a0af91ff feat(api/v2): serve user avatars
Add GET /api/v2/avatar/{username}, the v2 reference for a binary response
modeled in the OpenAPI spec. Reuses the v1 avatar provider logic (provider
lookup, size clamp to config.ServiceMaxAvatarSize, runtime content-type) and
returns raw image bytes via Huma's []byte body + dynamic Content-Type header
idiom, advertised in the spec as application/octet-stream.

The endpoint is authenticated under the global security like every other v2
route (an anonymous request gets a 401); it is not public.
2026-06-02 08:17:00 +00:00
kolaente 774d884f5c test(api/v2): assert admin project id via structured json 2026-06-02 07:38:08 +00:00
kolaente 82ad23c135 feat(api/v2): gate admin routes by feature + instance admin
Add the admin + license gate for /api/v2 and ship the first gated
resource, GET /api/v2/admin/projects (AdminProjectList).

The gate reuses the existing v1 middleware functions unchanged —
RequireFeature(license.FeatureAdminPanel) and RequireInstanceAdmin(),
both of which serve 404 on failure. Rather than splitting the single
v2 Huma API into a separate gated sub-group (which would split the
OpenAPI spec and drop admin operations from /api/v2/openapi.json), the
gate is applied as a path-scoped Echo middleware on the shared /api/v2
group, firing only for /api/v2/admin/* and after the token middleware.
This preserves v1's 404-not-403 semantics and keeps admin routes in the
unified v2 spec and Scalar docs.

AdminProjectList lists every project on the instance (archived
included), behind the gate. Adds doc:/readOnly: tags to the shared
Project model so it documents correctly as a v2 schema.

Tests in pkg/webtests/huma_admin_test.go (TestHumaAdminProjects) cover
all three personas: non-admin -> 404, admin without feature -> 404,
admin with feature -> 200 list, plus unauthenticated -> 401.
2026-06-02 07:38:08 +00:00
kolaente 5ddc9d8ff0 feat(api/v2): add project view routes
Add ProjectView CRUD on /api/v2 under the nested path
/projects/{project}/views[/{view}], establishing the two-path-param
binding pattern for sub-resources. Mirrors the labels.go handler shape
and reuses handler.Do* so permission checks stay at the model layer.

Both {project} and {view} are bound on every operation; {project} is
threaded onto ProjectView.ProjectID (ReadOne resolves via
GetProjectViewByIDAndProject, which needs the parent id). List wraps the
[]*models.ProjectView slice in the shared Paginated envelope, read sends
an ETag for If-None-Match/304, and AutoPatch synthesises PATCH.

Also:
- Tag exposed ProjectView / ProjectViewBucketConfiguration / nested
  TaskCollection fields with doc: descriptions; mark server-controlled
  fields (id, project_id, created, updated) readOnly. Safe for v1.
- Give ProjectViewKind and BucketConfigurationModeKind a huma.SchemaProvider
  so the string-serialised enums reflect as string schemas instead of
  Huma's default integer schema (which rejected the string form with 422).

Routes registered in registerAPIRoutesV2 before EnableAutoPatch.
2026-06-01 13:04:34 +00:00
Tink 3d6608cac7
feat(api/v2): add task duplicate action (#2815) 2026-06-01 14:13:39 +02:00
kolaente 2488478f69
docs(api/v2): mark error code field read-only 2026-05-31 15:29:46 +02:00
kolaente 451bd5a8d6
feat(api-v2): vendor scalar api docs bundle 2026-05-31 15:23:32 +02:00
kolaente 2602f723c3 docs(api/v2): add field and operation descriptions for labels
v2's OpenAPI spec is generated from struct tags and Operation fields at
runtime; unlike swaggo (v1) it can't read Go doc comments, so v2 shipped
without the field/operation descriptions v1 has. Add doc: tags to the
Label model (kept in sync with the existing comments swaggo reads for
v1) and Summary/Description to each label operation. Makes labels a
complete reference for the pattern.
2026-05-31 12:56:57 +00:00
kolaente 3347180f31 fix(api/v2): don't leak internal error detail in 5xx responses
Huma's handler-error path wraps raw errors as NewErrorWithContext(ctx,
500, "unexpected error occurred", err), and since the humaecho5 adapter
writes Huma's response directly it bypasses Vikunja's
CreateHTTPErrorHandler — which returns a generic 500 with no detail for
non-domain errors. The huma.NewError override then copied err.Error()
(raw DB/driver messages, SQL, table/column names) into the problem+json
errors[], a regression vs v1.

Override huma.NewErrorWithContext to drop errs for status >= 500, log
the real cause server-side, and return a generic body. 4xx detail
(validation errors, domain messages) is unaffected.
2026-05-31 12:56:57 +00:00
kolaente 8532016a2d feat(api/v2): preserve Vikunja numeric error code in problem+json
translateDomainError discarded web.HTTPError.Code, so v2 error bodies
always read code 0 — losing the v1 contract the error docs key off.
Override huma.NewError with a VikunjaErrorModel that adds a code field,
so both the generated OpenAPI schema and runtime responses carry it.
Domain errors with a numeric code now surface it (e.g. 8002 for a
missing label, matching v1); errors without one omit it.
2026-05-31 12:56:57 +00:00
kolaente e257823cef fix(api/v2): return generic 401 instead of leaking internal auth error
authFromCtx surfaced the underlying GetAuthFromContext error message
(e.g. the internal 'no echo.Context' adapter detail) straight to the
client. Log the real error and return a generic 401 instead.
2026-05-31 12:56:57 +00:00
kolaente 057b2e5439 fix(api/v2): publish OpenAPI Servers and make schemas publicly fetchable
Huma's SchemaLinkTransformer (enabled by default) emits a `$schema`
field on every JSON response and an example URL in the spec. Both were
broken in our setup: the example URL used Huma's "https://example.com"
placeholder because no Servers were declared, and the runtime URL
pointed at /schemas/Label.json instead of /api/v2/schemas/Label.json
because Huma can't see the Echo group prefix.

Two changes:

- Set OpenAPI Servers to a list with the relative GroupPrefix first and,
  if service.publicurl is configured, the absolute deployment URL
  second. Servers[0] feeds Huma's getAPIPrefix / addSchemaField /
  Transform fallback; Servers[1] is informational metadata for SDK
  generators and docs UIs. Keeping the relative URL at index 0 dodges a
  Huma quirk that double-prefixes the runtime $schema URL when the
  index-0 server URL carries a path component.

- Add /api/v2/schemas/:schema to unauthenticatedAPIPaths so editors and
  SDK tooling can fetch schemas without a token, mirroring how the spec
  itself is reachable.
2026-05-31 12:56:57 +00:00
kolaente 00b42234e9 feat(api/v2): serve Scalar docs UI at /api/v2/docs 2026-05-31 12:56:57 +00:00
kolaente a2156e7231 feat(api/v2): port Label to per-operation Huma handlers
Wires five hand-written huma.Register calls for Label CRUD onto the
existing /api/v2 group: list, read, create, update, delete. Uses
concrete type cast on ReadAll to avoid the generic-any silent-empty
trap. The read operation exposes an ETag via a header-tagged output
struct field and honours conditional.Params so clients can get 304
Not Modified on subsequent reads.

Also closes a prior-phase gap: SetupTokenMiddleware was intended to
run on the /api/v2 group (per task B4 of the plan) but was never
wired. Attach it now and teach the skipper to consult
unauthenticatedAPIPaths so spec + docs remain public.
2026-05-31 12:56:57 +00:00
kolaente b52a451db4 feat(api/v2): enable AutoPatch for automatic JSON Merge Patch 2026-05-31 12:56:57 +00:00
kolaente 4125fd47c3 feat(api/v2): declare JWTKeyAuth security scheme 2026-05-31 12:56:57 +00:00
kolaente 5fefa88577 feat(routes): scaffold /api/v2 Echo group 2026-05-31 12:56:57 +00:00