middleware

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrMissingAuthToken = fmt.Errorf("authorization token not found in header or cookies")
	ErrInvalidToken     = fmt.Errorf("invalid authorization token format")
	ErrExpiredSession   = fmt.Errorf("session has expired")
	ErrInvalidSession   = fmt.Errorf("invalid session")
)

Middleware errors

Functions

func GetSessionToken 

func GetSessionToken(ctx context.Context) (string, error)

GetSessionToken retrieves the session token from the request context

func GetUserID 

func GetUserID(ctx context.Context) (string, error)

GetUserID retrieves the user ID from the request context

func HooksMiddleware 

func HooksMiddleware(config *domain.Config) func(http.Handler) http.Handler

HooksMiddleware wraps an http.Handler with before/after hooks from config. It provides a centralized way to execute custom logic before and after request processing. The middleware: - Calls config.Hooks.Before before processing the request with request context - Calls config.Hooks.After after processing the request with updated context - Returns 403 Forbidden if the Before hook returns an error - Silently handles After hook errors to avoid disrupting responses

Hooks receive a RequestContext and can return a HookResponse with modifications. The modified context is merged back into the request for processing.

func MustGetSessionToken 

func MustGetSessionToken(ctx context.Context) (string, error)

MustGetSessionToken retrieves the session token from context and panics if not found

func MustGetUserID 

func MustGetUserID(ctx context.Context) (string, error)

MustGetUserID retrieves the user ID from context and panics if not found Use this in handlers that are protected by AuthMiddleware

func RateLimitMiddleware 

func RateLimitMiddleware(config *domain.Config, limiter *ratelimit.Limiter) func(http.Handler) http.Handler

RateLimitMiddleware creates a middleware that enforces rate limiting

func SetSessionToken 

func SetSessionToken(ctx context.Context, token string) context.Context

SetSessionToken sets the session token in the request context

func SetUserID 

func SetUserID(ctx context.Context, userID string) context.Context

SetUserID sets the user ID in the request context

Types

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware validates the session token and extracts the user ID from the request It expects the token in either: 1. Authorization header (Bearer <token>) 2. Cookie with a configured name

On successful validation, it sets UserID and SessionToken in the request context If validation fails, it returns a 401 Unauthorized response

func NewAuthMiddleware 

func NewAuthMiddleware(service *auth.Service, cookieName string) *AuthMiddleware

NewAuthMiddleware creates a new auth middleware.

func (*AuthMiddleware) Handler 

func (m *AuthMiddleware) Handler(next http.Handler) http.Handler

func (*AuthMiddleware) HandlerFunc 

func (m *AuthMiddleware) HandlerFunc(next http.HandlerFunc) http.HandlerFunc

type AuthMiddlewareFactory 

type AuthMiddlewareFactory struct {
	// contains filtered or unexported fields
}

AuthMiddlewareFactory provides functions to create initialized middleware instances. This is useful for applications that want to defer middleware creation until after the library has been initialized, particularly when using dependency injection.

func NewAuthMiddlewareFactory 

func NewAuthMiddlewareFactory(service *auth.Service, cookieName string, logger *slog.Logger) *AuthMiddlewareFactory

NewAuthMiddlewareFactory creates a new factory with an auth service, cookie name, and logger.

func (*AuthMiddlewareFactory) AuthHandler 

func (f *AuthMiddlewareFactory) AuthHandler(next http.Handler) http.Handler

AuthHandler returns the auth middleware's Handler method bound to this factory's service.

func (*AuthMiddlewareFactory) AuthHandlerFunc 

func (f *AuthMiddlewareFactory) AuthHandlerFunc(next http.HandlerFunc) http.HandlerFunc

AuthHandlerFunc returns the auth middleware's HandlerFunc method bound to this factory's service.

func (*AuthMiddlewareFactory) OptionalAuthHandler 

func (f *AuthMiddlewareFactory) OptionalAuthHandler(next http.Handler) http.Handler

OptionalAuthHandler returns the optional auth middleware's Handler method bound to this factory's service.

func (*AuthMiddlewareFactory) OptionalAuthHandlerFunc 

func (f *AuthMiddlewareFactory) OptionalAuthHandlerFunc(next http.HandlerFunc) http.HandlerFunc

OptionalAuthHandlerFunc returns the optional auth middleware's HandlerFunc method bound to this factory's service.

type CORSMiddleware 

type CORSMiddleware struct {
	// contains filtered or unexported fields
}

CORSMiddleware creates a CORS middleware that validates origins and sets appropriate headers. It supports the following features: - Static origin validation - Dynamic origin validation via callback - Wildcard pattern matching for origins - Preflight request (OPTIONS) handling - Configurable allowed methods and headers

func NewCORSMiddleware 

func NewCORSMiddleware(trustedOrigins *domain.TrustedOriginsConfig) *CORSMiddleware

NewCORSMiddleware creates a new CORS middleware with default settings. By default, it: - Allows GET, POST, PUT, DELETE, PATCH, OPTIONS methods - Allows common headers (Content-Type, Authorization, etc.) - Allows credentials (cookies, auth headers) - Sets max age to 3600 seconds (1 hour)

func (*CORSMiddleware) Handler 

func (c *CORSMiddleware) Handler(next http.Handler) http.Handler

Handler returns an http.HandlerFunc that wraps the given handler with CORS middleware.

func (*CORSMiddleware) WithAllowedHeaders 

func (c *CORSMiddleware) WithAllowedHeaders(headers []string) *CORSMiddleware

WithAllowedHeaders sets the allowed headers.

func (*CORSMiddleware) WithAllowedMethods 

func (c *CORSMiddleware) WithAllowedMethods(methods []string) *CORSMiddleware

WithAllowedMethods sets the allowed HTTP methods.

func (*CORSMiddleware) WithContinueOnMissing 

func (c *CORSMiddleware) WithContinueOnMissing(cont bool) *CORSMiddleware

WithContinueOnMissing sets whether to continue without CORS headers if origin is missing.

func (*CORSMiddleware) WithCredentials 

func (c *CORSMiddleware) WithCredentials(allow bool) *CORSMiddleware

WithCredentials enables or disables credentials (cookies, auth headers).

func (*CORSMiddleware) WithExposedHeaders 

func (c *CORSMiddleware) WithExposedHeaders(headers []string) *CORSMiddleware

WithExposedHeaders sets the exposed headers.

func (*CORSMiddleware) WithMaxAge 

func (c *CORSMiddleware) WithMaxAge(seconds int) *CORSMiddleware

WithMaxAge sets the max age for preflight requests in seconds.

type ContextKey 

type ContextKey string

Context keys for storing values in request context 

const (
	// UserIDKey is the context key for storing the authenticated user ID
	UserIDKey ContextKey = "user_id"

	// SessionTokenKey is the context key for storing the session token
	SessionTokenKey ContextKey = "session_token"

	// SessionKey is the context key for storing the full session object
	SessionKey ContextKey = "session"
)

type OptionalAuthMiddleware 

type OptionalAuthMiddleware struct {
	// contains filtered or unexported fields
}

OptionalAuthMiddleware is similar to AuthMiddleware but doesn't require authentication If a valid token is found, it sets UserID and SessionToken in context If not, it passes the request through without setting context values

func NewOptionalAuthMiddleware 

func NewOptionalAuthMiddleware(service *auth.Service, cookieName string) *OptionalAuthMiddleware

NewOptionalAuthMiddleware creates a new optional auth middleware.

func (*OptionalAuthMiddleware) Handler 

func (m *OptionalAuthMiddleware) Handler(next http.Handler) http.Handler

Handler returns an HTTP middleware function that can be used with net/http

func (*OptionalAuthMiddleware) HandlerFunc 

func (m *OptionalAuthMiddleware) HandlerFunc(next http.HandlerFunc) http.HandlerFunc

HandlerFunc returns an HTTP middleware function that works with http.HandlerFunc

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.