core/go-api
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
REST framework + OpenAPI SDK generation for the Lethean Go ecosystem
13 commits 1 branch 6 tags 654 KiB
Find a file
Snider 0d424903e6 docs: add Authentik integration guide to CLAUDE.md and README 
Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-20 16:45:26 +00:00
api.go feat: add Swagger UI endpoint with runtime spec serving 2026-02-20 15:56:29 +00:00
api_test.go feat: add Engine with Register, Handler, Serve, and graceful shutdown 2026-02-20 15:46:11 +00:00
authentik.go feat(authentik): add RequireAuth and RequireGroup middleware 2026-02-20 16:43:55 +00:00
authentik_test.go feat(authentik): add RequireAuth and RequireGroup middleware 2026-02-20 16:43:55 +00:00
CLAUDE.md docs: add Authentik integration guide to CLAUDE.md and README 2026-02-20 16:45:26 +00:00
go.mod feat(authentik): add OIDC JWT validation middleware 2026-02-20 16:42:23 +00:00
go.sum feat(authentik): add OIDC JWT validation middleware 2026-02-20 16:42:23 +00:00
group.go feat: add RouteGroup and StreamGroup interfaces 2026-02-20 15:44:58 +00:00
group_test.go feat: add RouteGroup and StreamGroup interfaces 2026-02-20 15:44:58 +00:00
LICENCE chore: scaffold go-api module 2026-02-20 15:42:16 +00:00
middleware.go feat: add bearer auth, request ID, and CORS middleware 2026-02-20 15:49:35 +00:00
middleware_test.go feat: add bearer auth, request ID, and CORS middleware 2026-02-20 15:49:35 +00:00
options.go feat(authentik): add header extraction middleware and WithAuthentik option 2026-02-20 16:38:13 +00:00
README.md docs: add Authentik integration guide to CLAUDE.md and README 2026-02-20 16:45:26 +00:00
response.go feat: add response envelope with OK, Fail, Paginated helpers 2026-02-20 15:44:17 +00:00
response_test.go feat: add response envelope with OK, Fail, Paginated helpers 2026-02-20 15:44:17 +00:00
swagger.go feat: add Swagger UI endpoint with runtime spec serving 2026-02-20 15:56:29 +00:00
swagger_test.go feat: add Swagger UI endpoint with runtime spec serving 2026-02-20 15:56:29 +00:00
websocket.go feat: add WebSocket endpoint and channel listing from StreamGroups 2026-02-20 15:53:10 +00:00
websocket_test.go feat: add WebSocket endpoint and channel listing from StreamGroups 2026-02-20 15:53:10 +00:00

README.md

go-api

REST framework + OpenAPI SDK generation for the Lethean Go ecosystem.

Overview

go-api provides a Gin-based HTTP engine that subsystems plug into via the RouteGroup interface. Each ecosystem package (go-ml, go-rag, go-agentic, etc.) registers its own route group, and go-api handles the HTTP plumbing, middleware, response envelopes, WebSocket integration, and OpenAPI spec generation.

Quick Start

import api "forge.lthn.ai/core/go-api"

engine, _ := api.New(
    api.WithAddr(":8080"),
    api.WithBearerAuth("my-token"),
    api.WithCORS("*"),
    api.WithRequestID(),
    api.WithSwagger("My API", "Description", "0.1.0"),
)

engine.Register(myRoutes)
engine.Serve(ctx)

Implementing a RouteGroup

type Routes struct{ service *mypackage.Service }

func (r *Routes) Name() string     { return "mypackage" }
func (r *Routes) BasePath() string { return "/v1/mypackage" }

func (r *Routes) RegisterRoutes(rg *gin.RouterGroup) {
    rg.GET("/items", r.ListItems)
    rg.POST("/items", r.CreateItem)
}

func (r *Routes) ListItems(c *gin.Context) {
    items, _ := r.service.List(c.Request.Context())
    c.JSON(200, api.OK(items))
}

Authentik Integration

engine, _ := api.New(
    api.WithAuthentik(api.AuthentikConfig{
        Issuer:       "https://auth.host.uk.com/application/o/core-api/",
        ClientID:     "core-api",
        TrustedProxy: true,  // Read X-authentik-* headers from Traefik
    }),
)

In handlers, use GetUser() to access the authenticated user:

func (r *Routes) ListItems(c *gin.Context) {
    user := api.GetUser(c)  // nil if unauthenticated
    if user != nil {
        // user.Username, user.Email, user.Groups, user.UID
    }
}

For protected routes, use RequireAuth() or RequireGroup():

func (r *Routes) RegisterRoutes(rg *gin.RouterGroup) {
    rg.GET("/public", r.PublicEndpoint)
    rg.GET("/private", api.RequireAuth(), r.PrivateEndpoint)
    rg.GET("/admin", api.RequireGroup("admins"), r.AdminEndpoint)
}

Features

  • Response envelopeapi.OK(), api.Fail(), api.Paginated() for consistent JSON responses
  • Middleware — Bearer auth, CORS, request ID generation, panic recovery
  • Authentik — Forward auth headers + OIDC JWT validation, RequireAuth() and RequireGroup() guards
  • WebSocketWithWSHandler() mounts any http.Handler at /ws
  • Swagger UIWithSwagger() serves interactive API docs at /swagger/
  • Health check — Built-in GET /health endpoint

Licence

EUPL-1.2