kanboard-api/jsonrpc.go

package kanboard

import (
	"bytes"
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"math/rand/v2"
	"net/http"
	"strings"
)

// JSONRPCRequest represents a JSON-RPC 2.0 request.
type JSONRPCRequest struct {
	JSONRPC string      `json:"jsonrpc"`
	Method  string      `json:"method"`
	ID      int64       `json:"id"`
	Params  interface{} `json:"params,omitempty"`
}

// JSONRPCResponse represents a JSON-RPC 2.0 response.
type JSONRPCResponse struct {
	JSONRPC string          `json:"jsonrpc"`
	ID      int64           `json:"id"`
	Result  json.RawMessage `json:"result,omitempty"`
	Error   *JSONRPCError   `json:"error,omitempty"`
}

// JSONRPCError represents a JSON-RPC 2.0 error.
type JSONRPCError struct {
	Code    int    `json:"code"`
	Message string `json:"message"`
}

// Error implements the error interface.
func (e *JSONRPCError) Error() string {
	return fmt.Sprintf("JSON-RPC error (code %d): %s", e.Code, e.Message)
}

// nextRequestID returns a random request ID.
func nextRequestID() int64 {
	return rand.Int64()
}

// call sends a JSON-RPC request and parses the response.
// The result parameter should be a pointer to the expected result type.
func (c *Client) call(ctx context.Context, method string, params interface{}, result interface{}) error {
	req := JSONRPCRequest{
		JSONRPC: "2.0",
		Method:  method,
		ID:      nextRequestID(),
		Params:  params,
	}

	body, err := json.Marshal(req)
	if err != nil {
		return fmt.Errorf("failed to marshal request: %w", err)
	}

	if c.logger != nil {
		c.logger.Debug("JSON-RPC request", "method", method, "body", string(body))
	}

	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint, bytes.NewReader(body))
	if err != nil {
		return fmt.Errorf("failed to create request: %w", err)
	}

	httpReq.Header.Set("Content-Type", "application/json")

	if c.auth != nil {
		c.auth.Apply(httpReq)
	}

	resp, err := c.httpClient.Do(httpReq)
	if err != nil {
		// Preserve specific errors that shouldn't be wrapped as connection failures
		if errors.Is(err, ErrTooManyRedirects) {
			return ErrTooManyRedirects
		}
		return fmt.Errorf("%w: %v", ErrConnectionFailed, err)
	}
	defer resp.Body.Close()

	if resp.StatusCode == http.StatusUnauthorized {
		return ErrUnauthorized
	}
	if resp.StatusCode == http.StatusForbidden {
		return ErrForbidden
	}
	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("unexpected HTTP status: %d", resp.StatusCode)
	}

	// Check for HTML response (indicates redirect to login page or misconfiguration)
	contentType := resp.Header.Get("Content-Type")
	if strings.Contains(contentType, "text/html") {
		return fmt.Errorf("%w: received HTML instead of JSON (possible redirect to login page)", ErrUnauthorized)
	}

	respBody, err := io.ReadAll(resp.Body)
	if err != nil {
		return fmt.Errorf("failed to read response body: %w", err)
	}

	if c.logger != nil {
		c.logger.Debug("JSON-RPC response", "method", method, "body", string(respBody))
	}

	// Check if response body is HTML (backup check if Content-Type header is wrong/missing)
	if len(respBody) > 0 {
		trimmed := bytes.TrimLeft(respBody, " \t\n\r")
		if len(trimmed) > 0 && trimmed[0] == '<' {
			// Response is HTML, not JSON - extract a preview for debugging
			preview := string(respBody)
			if len(preview) > 200 {
				preview = preview[:200] + "..."
			}
			return fmt.Errorf("server returned HTML instead of JSON (possible auth error or server error): %s", preview)
		}
	}

	var rpcResp JSONRPCResponse
	if err := json.Unmarshal(respBody, &rpcResp); err != nil {
		return fmt.Errorf("failed to unmarshal response: %w", err)
	}

	if rpcResp.Error != nil {
		return &APIError{
			Code:    rpcResp.Error.Code,
			Message: rpcResp.Error.Message,
		}
	}

	if result != nil && rpcResp.Result != nil {
		if err := json.Unmarshal(rpcResp.Result, result); err != nil {
			return fmt.Errorf("failed to unmarshal result: %w", err)
		}
	}

	return nil
}
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`package kanboard`

			`import (`
			`"bytes"`
			`"context"`
			`"encoding/json"`
fix: add HTML response body validation before JSON parsing Adds a backup check that validates the response body starts with '{' before attempting JSON unmarshal. This catches cases where: - Server returns HTML with incorrect Content-Type header - Reverse proxy/load balancer modifies headers but not body - PHP error pages with HTTP 200 status Includes a preview of the HTML content (up to 200 chars) for debugging. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-26 20:35:21 +01:00			`"errors"`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`"fmt"`
			`"io"`
feat: use random request IDs instead of sequential counter Replace the atomic counter-based request ID generation with random int64 values using math/rand/v2. This improves unpredictability and avoids potential ID collisions across client instances or restarts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-27 10:21:14 +01:00			`"math/rand/v2"`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`"net/http"`
fix: add HTML response body validation before JSON parsing Adds a backup check that validates the response body starts with '{' before attempting JSON unmarshal. This catches cases where: - Server returns HTML with incorrect Content-Type header - Reverse proxy/load balancer modifies headers but not body - PHP error pages with HTTP 200 status Includes a preview of the HTML content (up to 200 chars) for debugging. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-26 20:35:21 +01:00			`"strings"`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`)`

			`// JSONRPCRequest represents a JSON-RPC 2.0 request.`
			`type JSONRPCRequest struct {`
			JSONRPC string `json:"jsonrpc"`
			Method string `json:"method"`
			ID int64 `json:"id"`
			Params interface{} `json:"params,omitempty"`
			`}`

			`// JSONRPCResponse represents a JSON-RPC 2.0 response.`
			`type JSONRPCResponse struct {`
			JSONRPC string `json:"jsonrpc"`
			ID int64 `json:"id"`
			Result json.RawMessage `json:"result,omitempty"`
			Error *JSONRPCError `json:"error,omitempty"`
			`}`

			`// JSONRPCError represents a JSON-RPC 2.0 error.`
			`type JSONRPCError struct {`
			Code int `json:"code"`
			Message string `json:"message"`
			`}`

			`// Error implements the error interface.`
			`func (e *JSONRPCError) Error() string {`
			`return fmt.Sprintf("JSON-RPC error (code %d): %s", e.Code, e.Message)`
			`}`

feat: use random request IDs instead of sequential counter Replace the atomic counter-based request ID generation with random int64 values using math/rand/v2. This improves unpredictability and avoids potential ID collisions across client instances or restarts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-27 10:21:14 +01:00			`// nextRequestID returns a random request ID.`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`func nextRequestID() int64 {`
feat: use random request IDs instead of sequential counter Replace the atomic counter-based request ID generation with random int64 values using math/rand/v2. This improves unpredictability and avoids potential ID collisions across client instances or restarts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-27 10:21:14 +01:00			`return rand.Int64()`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`}`

			`// call sends a JSON-RPC request and parses the response.`
			`// The result parameter should be a pointer to the expected result type.`
			`func (c *Client) call(ctx context.Context, method string, params interface{}, result interface{}) error {`
			`req := JSONRPCRequest{`
			`JSONRPC: "2.0",`
			`Method: method,`
			`ID: nextRequestID(),`
			`Params: params,`
			`}`

			`body, err := json.Marshal(req)`
			`if err != nil {`
			`return fmt.Errorf("failed to marshal request: %w", err)`
			`}`

Added debug output to jsonrpc.go 2026-01-23 11:42:11 +01:00			`if c.logger != nil {`
			`c.logger.Debug("JSON-RPC request", "method", method, "body", string(body))`
			`}`

Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint, bytes.NewReader(body))`
			`if err != nil {`
			`return fmt.Errorf("failed to create request: %w", err)`
			`}`

			`httpReq.Header.Set("Content-Type", "application/json")`

			`if c.auth != nil {`
			`c.auth.Apply(httpReq)`
			`}`

			`resp, err := c.httpClient.Do(httpReq)`
			`if err != nil {`
fix: add HTML response body validation before JSON parsing Adds a backup check that validates the response body starts with '{' before attempting JSON unmarshal. This catches cases where: - Server returns HTML with incorrect Content-Type header - Reverse proxy/load balancer modifies headers but not body - PHP error pages with HTTP 200 status Includes a preview of the HTML content (up to 200 chars) for debugging. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-26 20:35:21 +01:00			`// Preserve specific errors that shouldn't be wrapped as connection failures`
			`if errors.Is(err, ErrTooManyRedirects) {`
			`return ErrTooManyRedirects`
			`}`
Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`return fmt.Errorf("%w: %v", ErrConnectionFailed, err)`
			`}`
			`defer resp.Body.Close()`

			`if resp.StatusCode == http.StatusUnauthorized {`
			`return ErrUnauthorized`
			`}`
			`if resp.StatusCode == http.StatusForbidden {`
			`return ErrForbidden`
			`}`
			`if resp.StatusCode != http.StatusOK {`
			`return fmt.Errorf("unexpected HTTP status: %d", resp.StatusCode)`
			`}`

fix: add HTML response body validation before JSON parsing Adds a backup check that validates the response body starts with '{' before attempting JSON unmarshal. This catches cases where: - Server returns HTML with incorrect Content-Type header - Reverse proxy/load balancer modifies headers but not body - PHP error pages with HTTP 200 status Includes a preview of the HTML content (up to 200 chars) for debugging. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-26 20:35:21 +01:00			`// Check for HTML response (indicates redirect to login page or misconfiguration)`
			`contentType := resp.Header.Get("Content-Type")`
			`if strings.Contains(contentType, "text/html") {`
			`return fmt.Errorf("%w: received HTML instead of JSON (possible redirect to login page)", ErrUnauthorized)`
			`}`

Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`respBody, err := io.ReadAll(resp.Body)`
			`if err != nil {`
			`return fmt.Errorf("failed to read response body: %w", err)`
			`}`

Added debug output to jsonrpc.go 2026-01-23 11:42:11 +01:00			`if c.logger != nil {`
			`c.logger.Debug("JSON-RPC response", "method", method, "body", string(respBody))`
			`}`

fix: add HTML response body validation before JSON parsing Adds a backup check that validates the response body starts with '{' before attempting JSON unmarshal. This catches cases where: - Server returns HTML with incorrect Content-Type header - Reverse proxy/load balancer modifies headers but not body - PHP error pages with HTTP 200 status Includes a preview of the HTML content (up to 200 chars) for debugging. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-26 20:35:21 +01:00			`// Check if response body is HTML (backup check if Content-Type header is wrong/missing)`
			`if len(respBody) > 0 {`
			`trimmed := bytes.TrimLeft(respBody, " \t\n\r")`
			`if len(trimmed) > 0 && trimmed[0] == '<' {`
			`// Response is HTML, not JSON - extract a preview for debugging`
			`preview := string(respBody)`
			`if len(preview) > 200 {`
			`preview = preview[:200] + "..."`
			`}`
			`return fmt.Errorf("server returned HTML instead of JSON (possible auth error or server error): %s", preview)`
			`}`
			`}`

Implement JSON-RPC client foundation Add core JSON-RPC 2.0 protocol implementation for Kanboard API: - JSONRPCRequest/Response/Error structs with proper JSON tags - Generic call() method for sending requests and parsing responses - Thread-safe request ID generation using atomic.Int64 - Automatic /jsonrpc.php path appending to baseURL - Support for subdirectory installations - HTTP Basic Auth support (API token and username/password) - Error handling for unauthorized/forbidden responses Includes comprehensive tests with httptest mock server. Closes: kanboard-api-2g1 2026-01-15 18:10:35 +01:00			`var rpcResp JSONRPCResponse`
			`if err := json.Unmarshal(respBody, &rpcResp); err != nil {`
			`return fmt.Errorf("failed to unmarshal response: %w", err)`
			`}`

			`if rpcResp.Error != nil {`
			`return &APIError{`
			`Code: rpcResp.Error.Code,`
			`Message: rpcResp.Error.Message,`
			`}`
			`}`

			`if result != nil && rpcResp.Result != nil {`
			`if err := json.Unmarshal(rpcResp.Result, result); err != nil {`
			`return fmt.Errorf("failed to unmarshal result: %w", err)`
			`}`
			`}`

			`return nil`
			`}`