middleware

package
v0.0.1-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package middleware exposes the chi-compatible middlewares used by the WebSec0 HTTP server: request-id, panic recovery, slog access log, and a CORS allowlist.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessLog 

func AccessLog(log *slog.Logger, logTargets bool) func(http.Handler) http.Handler

AccessLog logs one structured line per request. The target hostname is only logged when logTargets is true (privacy by design — see §9.4).

func CORS 

func CORS(opts CORSOptions) func(http.Handler) http.Handler

CORS returns a chi-compatible CORS middleware with sane defaults for an API + same-origin frontend deployment.

func JoinOriginList 

func JoinOriginList(s string) []string

JoinOriginList parses a comma-separated env-style origin list.

func Recover 

func Recover(log *slog.Logger) func(http.Handler) http.Handler

Recover wraps next so that any panic is logged with the stack trace and converted to a 500 JSON response. The request id is included in the log.

func RequestID 

func RequestID(next http.Handler) http.Handler

RequestID generates a 16-byte hex id for each incoming request, attaches it to the request context, and echoes it on the response via the X-Request-ID header. Any client-supplied X-Request-ID is honoured if it is short enough and only contains safe characters.

func RequestIDFromContext 

func RequestIDFromContext(ctx context.Context) string

RequestIDFromContext returns the request id assigned by RequestID middleware.

func SourceIP 

func SourceIP(next http.Handler) http.Handler

SourceIP wraps next so the handler can read the (single-hop XFF aware) source IP via SourceIPFromContext.

func SourceIPFromContext 

func SourceIPFromContext(ctx context.Context) string

SourceIPFromContext returns the IP captured by SourceIP middleware.

Types

type CORSOptions 

type CORSOptions struct {
	// AllowedOrigins is the explicit allowlist. "*" disables CORS protection
	// and is only acceptable for fully public read-only deployments.
	AllowedOrigins []string
}

CORSOptions configures the CORS middleware.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.