@@ -7,32 +7,32 @@ import (
77 "github.com/getkin/kin-openapi/openapi3"
88)
99
10- // isReadOnlyEndpoint checks if an endpoint is marked as read-only in the OpenAPI spec
10+ // isReadOnlyEndpoint checks if an endpoint is marked as read-only in the OpenAPI spec.
1111func isReadOnlyEndpoint (operation * openapi3.Operation ) bool {
12- // Try to get the value directly from the map first
12+ // Try to get the value directly from the map first.
1313 if val , exists := operation .Extensions ["x-read-only" ]; exists {
14- // Handle json.RawMessage case
14+ // Handle json.RawMessage case.
1515 if rawMsg , ok := val .(json.RawMessage ); ok {
1616 return string (rawMsg ) == "true"
1717 }
1818
19- // Handle direct boolean case
19+ // Handle direct boolean case.
2020 if boolVal , ok := val .(bool ); ok {
2121 return boolVal
2222 }
2323 }
2424 return false
2525}
2626
27- // shouldEnableEndpoint determines if an endpoint should be accessible based on its type and configuration
27+ // shouldEnableEndpoint determines if an endpoint should be accessible based on its type and configuration.
2828func shouldEnableEndpoint (operation * openapi3.Operation , enableWriteOperations bool ) bool {
2929 if isReadOnlyEndpoint (operation ) {
3030 return true
3131 }
3232 return enableWriteOperations
3333}
3434
35- // findOperation looks up the OpenAPI operation for the given path and method
35+ // findOperation looks up the OpenAPI operation for the given path and method.
3636func findOperation (spec * openapi3.T , path string , method string ) * openapi3.Operation {
3737 pathItem := spec .Paths .Find (path )
3838 if pathItem == nil {
@@ -53,31 +53,31 @@ func findOperation(spec *openapi3.T, path string, method string) *openapi3.Opera
5353 }
5454}
5555
56- // ConfigMiddleware creates a middleware that controls endpoint access based on configuration
56+ // ConfigMiddleware creates a middleware that controls endpoint access based on configuration.
5757func ConfigMiddleware (enableWriteOperations bool ) MiddlewareFunc {
5858 return ConfigMiddlewareWithSpec (enableWriteOperations , GetSwagger )
5959}
6060
61- // ConfigMiddlewareWithSpec creates a middleware that controls endpoint access based on configuration
62- // This accepts a function to get the spec, making it more testable
61+ // ConfigMiddlewareWithSpec creates a middleware that controls endpoint access based on configuration.
62+ // This accepts a function to get the spec, making it more testable.
6363func ConfigMiddlewareWithSpec (enableWriteOperations bool , getSpec func () (* openapi3.T , error )) MiddlewareFunc {
6464 return func (next http.Handler ) http.Handler {
6565 return http .HandlerFunc (func (w http.ResponseWriter , r * http.Request ) {
66- // Load the OpenAPI specification
66+ // Load the OpenAPI specification.
6767 spec , err := getSpec ()
6868 if err != nil {
6969 http .Error (w , "Internal server error" , http .StatusInternalServerError )
7070 return
7171 }
7272
73- // Find the operation for this request
73+ // Find the operation for this request.
7474 operation := findOperation (spec , r .URL .Path , r .Method )
7575 if operation == nil {
7676 http .Error (w , "Endpoint not found" , http .StatusNotFound )
7777 return
7878 }
7979
80- // Check if the endpoint should be accessible
80+ // Check if the endpoint should be accessible.
8181 if ! shouldEnableEndpoint (operation , enableWriteOperations ) {
8282 http .Error (w , "Endpoint not enabled" , http .StatusForbidden )
8383 return
0 commit comments