Documentation
¶
Overview ¶
Package middleware provides HTTP middleware for the platform abstraction layer.
Index ¶
Constants ¶
const (
// RoleContextKey is the context key for the TierRole extracted from the request.
RoleContextKey contextKey = "platform_role"
)
Variables ¶
This section is empty.
Functions ¶
func RoleFromContext ¶
RoleFromContext extracts the TierRole from the request context.
func TierFromPath ¶
TierFromPath extracts a Tier from a URL path. It looks for segments matching "tier1", "tier2", or "tier3" in paths like "/api/v1/platform/tier1/resources".
Types ¶
type TierBoundaryMiddleware ¶
type TierBoundaryMiddleware struct {
// contains filtered or unexported fields
}
TierBoundaryMiddleware enforces tier-based access control on HTTP requests. It extracts the role from the request context and the target tier from the URL path, then delegates authorization to a TierAuthorizer.
func NewTierBoundaryMiddleware ¶
func NewTierBoundaryMiddleware(authorizer platform.TierAuthorizer) *TierBoundaryMiddleware
NewTierBoundaryMiddleware creates a TierBoundaryMiddleware backed by the given TierAuthorizer.
func (*TierBoundaryMiddleware) Wrap ¶
func (m *TierBoundaryMiddleware) Wrap(next http.Handler) http.Handler
Wrap returns an http.Handler that performs tier boundary checks before delegating to next. If the request lacks a role in its context, a 401 response is returned. If authorization fails, a 403 response with a structured JSON error body is returned.
Source Files