gitcaddy/gitea
2
0
Fork 0
Code Issues Packages Releases 5 Wiki
Files
9094d8b503fc47f3df3f472b4eca0585ee692230
gitea/routers/api/v2/api.go
logikonline 9094d8b503 feat(api): add v2 API with AI-friendly features (Phase 2) 
This introduces a new v2 API at /api/v2/ with features designed for
AI agents and automation tools while maintaining full backward
compatibility with the existing v1 API.

New features:
- Structured error codes (70+ machine-readable codes) for precise
  error handling by automated tools
- Scalar API documentation at /api/v2/docs (modern replacement for
  Swagger UI)
- Batch operations for bulk file and repository fetching
- NDJSON streaming endpoints for files, commits, and issues
- AI context endpoints providing rich repository summaries,
  navigation hints, and issue context

Files added:
- modules/errors/codes.go - Error code definitions and catalog
- modules/errors/api_error.go - Rich API error response builder
- routers/api/v2/api.go - v2 router with auth middleware
- routers/api/v2/docs.go - Scalar docs and OpenAPI spec
- routers/api/v2/batch.go - Batch file/repo operations
- routers/api/v2/streaming.go - NDJSON streaming endpoints
- routers/api/v2/ai_context.go - AI context endpoints
- routers/api/v2/misc.go - Version and user endpoints

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 11:41:10 -05:00

152 lines
3.8 KiB
Go
Raw Blame History

// Copyright 2026 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
// Package v2 Gitea API v2
//
// This is the v2 API with improved error handling, batch operations,
// and AI-friendly endpoints. It uses structured error codes for
// machine-readable error handling.
//
// Schemes: https, http
// License: MIT http://opensource.org/licenses/MIT
//
// Consumes:
// - application/json
//
// Produces:
// - application/json
// - application/x-ndjson
//
// swagger:meta
package v2
import (
"net/http"
auth_model "code.gitea.io/gitea/models/auth"
apierrors "code.gitea.io/gitea/modules/errors"
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/routers/common"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/context"
"github.com/go-chi/cors"
)
// Routes registers all v2 API routes to web application.
func Routes() *web.Router {
m := web.NewRouter()
m.Use(middleware.RequestID())
m.Use(middleware.RateLimitInfo())
m.Use(securityHeaders())
if setting.CORSConfig.Enabled {
m.Use(cors.Handler(cors.Options{
AllowedOrigins: setting.CORSConfig.AllowDomain,
AllowedMethods: setting.CORSConfig.Methods,
AllowCredentials: setting.CORSConfig.AllowCredentials,
AllowedHeaders: append([]string{"Authorization", "X-Gitea-OTP"}, setting.CORSConfig.Headers...),
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
}))
}
m.Use(context.APIContexter())
// Get user from session if logged in
m.Use(apiAuth(buildAuthGroup()))
m.Group("", func() {
// Public endpoints (no auth required)
m.Get("/version", Version)
// API Documentation (Scalar)
m.Get("/docs", DocsScalar)
m.Get("/swagger.json", SwaggerJSON)
// Authenticated endpoints
m.Group("", func() {
// User info
m.Get("/user", GetAuthenticatedUser)
// Batch operations - efficient bulk requests
m.Group("/batch", func() {
m.Post("/files", BatchGetFiles)
m.Post("/repos", BatchGetRepos)
})
// Streaming endpoints - NDJSON responses
m.Group("/stream", func() {
m.Post("/files", StreamFiles)
m.Post("/commits", StreamCommits)
m.Post("/issues", StreamIssues)
})
// AI context endpoints - rich context for AI tools
m.Group("/ai", func() {
m.Post("/repo/summary", GetAIRepoSummary)
m.Post("/repo/navigation", GetAINavigation)
m.Post("/issue/context", GetAIIssueContext)
})
}, reqToken())
})
return m
}
func securityHeaders() func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
// CORS preflight
if req.Method == "OPTIONS" {
return
}
next.ServeHTTP(w, req)
})
}
}
func buildAuthGroup() *auth.Group {
group := auth.NewGroup(
&auth.OAuth2{},
&auth.HTTPSign{},
&auth.Basic{},
)
if setting.Service.EnableReverseProxyAuthAPI {
group.Add(&auth.ReverseProxy{})
}
if setting.IsWindows && auth_model.IsSSPIEnabled(graceful.GetManager().ShutdownContext()) {
group.Add(&auth.SSPI{})
}
return group
}
func apiAuth(authMethod auth.Method) func(*context.APIContext) {
return func(ctx *context.APIContext) {
ar, err := common.AuthShared(ctx.Base, nil, authMethod)
if err != nil {
msg, ok := auth.ErrAsUserAuthMessage(err)
msg = util.Iif(ok, msg, "invalid username, password or token")
ctx.APIErrorWithCodeAndMessage(apierrors.AuthInvalidCredentials, msg)
return
}
ctx.Doer = ar.Doer
ctx.IsSigned = ar.Doer != nil
ctx.IsBasicAuth = ar.IsBasicAuth
}
}
// reqToken requires authentication
func reqToken() func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
if !ctx.IsSigned {
ctx.APIErrorWithCode(apierrors.AuthTokenMissing)
return
}
}
}
Reference in New Issue View Git Blame Copy Permalink