middleware

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2026 License: MIT Imports: 30 Imported by: 0

Documentation

Overview

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware functions

Package middleware provides HTTP middleware for the service layer

Package middleware provides HTTP middleware for the service layer

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer.

Package middleware provides HTTP middleware for the service layer

Package middleware provides HTTP middleware for the service layer.

Index

Constants

View Source 
const (
	// ServiceTokenHeader is the header name for service-to-service tokens.
	ServiceTokenHeader = serviceauth.ServiceTokenHeader

	// ServiceIDHeader is the header name for service identification.
	ServiceIDHeader = serviceauth.ServiceIDHeader

	// UserIDHeader is the header name for user identification.
	UserIDHeader = serviceauth.UserIDHeader

	// DefaultServiceTokenExpiry is the default expiration time for service tokens.
	DefaultServiceTokenExpiry = serviceauth.DefaultServiceTokenExpiry
)

Variables

View Source 
var (
	EmailRegex    = regexp.MustCompile(`^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`)
	UUIDRegex     = regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$`)
	HexRegex      = regexp.MustCompile(`^(0x)?[0-9a-fA-F]+$`)
	AlphaNumRegex = regexp.MustCompile(`^[a-zA-Z0-9]+$`)
)

Common validation patterns

Functions

func DefaultSecurityHeaders 

func DefaultSecurityHeaders() map[string]string

DefaultSecurityHeaders returns recommended security headers.

func GetServiceID 

func GetServiceID(ctx context.Context) string

GetServiceID extracts service ID from context.

func GetUserID 

func GetUserID(ctx context.Context) string

GetUserID extracts user ID from context.

Prefer using this helper over reaching into infrastructure/serviceauth directly so middleware consumers have a single import surface.

func GetUserIDFromContext 

func GetUserIDFromContext(ctx context.Context) string

GetUserIDFromContext extracts user ID from context.

func GetUserRole 

func GetUserRole(ctx context.Context) string

GetUserRole extracts the user role from context when present.

func HeaderGateMiddleware 

func HeaderGateMiddleware(sharedSecret string) func(http.Handler) http.Handler

func IsValidEmail 

func IsValidEmail(email string) bool

IsValidEmail checks if the input is a valid email address.

func IsValidHex 

func IsValidHex(hex string) bool

IsValidHex checks if the input is valid hexadecimal.

func IsValidUUID 

func IsValidUUID(uuid string) bool

IsValidUUID checks if the input is a valid UUID.

func LivenessHandler 

func LivenessHandler() http.HandlerFunc

LivenessHandler returns a simple liveness probe handler.

func LoggingMiddleware 

func LoggingMiddleware(logger *logging.Logger) mux.MiddlewareFunc

LoggingMiddleware logs HTTP requests with trace ID.

func MetricsMiddleware 

func MetricsMiddleware(serviceName string, m *metrics.Metrics) mux.MiddlewareFunc

MetricsMiddleware records HTTP metrics for each request

func NewServiceTokenRoundTripper 

func NewServiceTokenRoundTripper(base http.RoundTripper, generator *ServiceTokenGenerator) http.RoundTripper

NewServiceTokenRoundTripper wraps a base transport with service-token injection.

func ParseRSAPrivateKeyFromPEM 

func ParseRSAPrivateKeyFromPEM(pemBytes []byte) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromPEM parses an RSA private key from PEM bytes. Supported PEM types: RSA PRIVATE KEY (PKCS#1), PRIVATE KEY (PKCS#8).

func ParseRSAPublicKeyFromPEM 

func ParseRSAPublicKeyFromPEM(pemBytes []byte) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromPEM parses an RSA public key from PEM bytes. Supported PEM types: PUBLIC KEY (PKIX), RSA PUBLIC KEY (PKCS#1), CERTIFICATE.

func ReadinessHandler 

func ReadinessHandler(ready *bool) http.HandlerFunc

ReadinessHandler returns a readiness probe handler.

func RequireServiceAuth 

func RequireServiceAuth(next http.Handler) http.Handler

RequireServiceAuth is a simple middleware that requires service authentication. Use this for endpoints that must only be called by authenticated services.

func RequireUserIDHeader 

func RequireUserIDHeader(next http.Handler) http.Handler

RequireUserIDHeader is a middleware that requires X-User-ID header.

func RuntimeStats 

func RuntimeStats() map[string]interface{}

RuntimeStats returns runtime statistics.

func SanitizeInput 

func SanitizeInput(input string) string

SanitizeInput removes potentially dangerous characters from input.

func ValidateJSON 

func ValidateJSON(body io.Reader, maxSize int64, v interface{}) error

ValidateJSON validates JSON input and returns parsed data.

func WithServiceID 

func WithServiceID(ctx context.Context, serviceID string) context.Context

WithServiceID returns a new context with the service ID set. This is useful for propagating service identity through internal calls.

func WithUserID 

func WithUserID(ctx context.Context, userID string) context.Context

WithUserID returns a new context with the user ID set. This is useful for propagating user ID through service-to-service calls.

Types

type BodyLimitMiddleware 

type BodyLimitMiddleware struct {
	// contains filtered or unexported fields
}

BodyLimitMiddleware caps request bodies to reduce memory/CPU DoS risk. It applies http.MaxBytesReader so downstream handlers/decoders cannot read beyond the configured limit.

func NewBodyLimitMiddleware 

func NewBodyLimitMiddleware(maxBytes int64) *BodyLimitMiddleware

NewBodyLimitMiddleware creates a request body limiting middleware. When maxBytes <= 0, a conservative default is applied.

func (*BodyLimitMiddleware) Handler 

func (m *BodyLimitMiddleware) Handler(next http.Handler) http.Handler

Handler returns the body limiting middleware handler.

type CORSConfig 

type CORSConfig struct {
	AllowedOrigins         []string
	AllowedMethods         []string
	AllowedHeaders         []string
	ExposedHeaders         []string
	AllowCredentials       bool
	MaxAgeSeconds          int
	PreflightStatus        int
	RejectDisallowedOrigin bool
}

CORSConfig configures CORS behavior.

type CORSMiddleware 

type CORSMiddleware struct {
	// contains filtered or unexported fields
}

CORSMiddleware handles Cross-Origin Resource Sharing

func NewCORSMiddleware 

func NewCORSMiddleware(cfg *CORSConfig) *CORSMiddleware

NewCORSMiddleware creates a new CORS middleware

func (*CORSMiddleware) Handler 

func (m *CORSMiddleware) Handler(next http.Handler) http.Handler

Handler returns the CORS middleware handler

type GracefulShutdown 

type GracefulShutdown struct {
	// contains filtered or unexported fields
}

GracefulShutdown manages graceful server shutdown.

func NewGracefulShutdown 

func NewGracefulShutdown(server *http.Server, timeout time.Duration) *GracefulShutdown

NewGracefulShutdown creates a new graceful shutdown manager.

func (*GracefulShutdown) ListenForSignals 

func (g *GracefulShutdown) ListenForSignals()

ListenForSignals starts listening for shutdown signals.

func (*GracefulShutdown) OnShutdown 

func (g *GracefulShutdown) OnShutdown(callback func())

OnShutdown registers a callback to run during shutdown.

func (*GracefulShutdown) Shutdown 

func (g *GracefulShutdown) Shutdown()

Shutdown initiates graceful shutdown.

func (*GracefulShutdown) Wait 

func (g *GracefulShutdown) Wait()

Wait blocks until shutdown is complete.

type HealthChecker 

type HealthChecker struct {
	// contains filtered or unexported fields
}

HealthChecker provides health check functionality.

func NewHealthChecker 

func NewHealthChecker(version string) *HealthChecker

NewHealthChecker creates a new health checker.

func (*HealthChecker) Handler 

func (h *HealthChecker) Handler() http.HandlerFunc

Handler returns the health check HTTP handler.

func (*HealthChecker) RegisterCheck 

func (h *HealthChecker) RegisterCheck(name string, check func() error)

RegisterCheck adds a health check function.

type HealthStatus 

type HealthStatus struct {
	Status    string            `json:"status"`
	Timestamp string            `json:"timestamp"`
	Version   string            `json:"version,omitempty"`
	Checks    map[string]string `json:"checks,omitempty"`
	Uptime    string            `json:"uptime,omitempty"`
}

HealthStatus represents the health check response.

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter provides rate limiting functionality

func NewRateLimiter 

func NewRateLimiter(requestsPerSecond, burst int, logger *logging.Logger) *RateLimiter

NewRateLimiter creates a new rate limiter

func NewRateLimiterWithWindow 

func NewRateLimiterWithWindow(limit int, window time.Duration, burst int, logger *logging.Logger) *RateLimiter

NewRateLimiterWithWindow creates a rate limiter configured by a fixed window and request budget, e.g. 100 requests per 1 minute.

func (*RateLimiter) Cleanup 

func (rl *RateLimiter) Cleanup()

Cleanup removes old limiters based on last seen time and max size. This should be called periodically via StartCleanup.

func (*RateLimiter) Handler 

func (rl *RateLimiter) Handler(next http.Handler) http.Handler

Handler returns the rate limiting middleware handler

func (*RateLimiter) LimiterCount 

func (rl *RateLimiter) LimiterCount() int

LimiterCount returns the number of active limiters.

func (*RateLimiter) SetLimiterTTL 

func (rl *RateLimiter) SetLimiterTTL(ttl time.Duration)

SetLimiterTTL sets the time-to-live for limiters.

func (*RateLimiter) SetMaxSize 

func (rl *RateLimiter) SetMaxSize(maxSize int)

SetMaxSize sets the maximum number of limiters to keep.

func (*RateLimiter) Size 

func (rl *RateLimiter) Size() int

Size returns the current number of active limiters.

func (*RateLimiter) StartCleanup 

func (rl *RateLimiter) StartCleanup(interval time.Duration) (stop func())

StartCleanup starts a background goroutine to periodically cleanup old limiters

type RecoveryMiddleware 

type RecoveryMiddleware struct {
	// contains filtered or unexported fields
}

RecoveryMiddleware recovers from panics and logs them

func NewRecoveryMiddleware 

func NewRecoveryMiddleware(logger *logging.Logger) *RecoveryMiddleware

NewRecoveryMiddleware creates a new recovery middleware

func (*RecoveryMiddleware) Handler 

func (m *RecoveryMiddleware) Handler(next http.Handler) http.Handler

Handler returns the recovery middleware handler

type SecurityHeadersMiddleware 

type SecurityHeadersMiddleware struct {
	// contains filtered or unexported fields
}

SecurityHeadersMiddleware adds security headers to responses.

func NewSecurityHeadersMiddleware 

func NewSecurityHeadersMiddleware(headers map[string]string) *SecurityHeadersMiddleware

NewSecurityHeadersMiddleware creates security headers middleware.

func (*SecurityHeadersMiddleware) Handler 

func (m *SecurityHeadersMiddleware) Handler(next http.Handler) http.Handler

Handler returns the security headers middleware handler.

type ServiceAuthConfig 

type ServiceAuthConfig struct {
	PublicKey       *rsa.PublicKey
	Logger          *logging.Logger
	AllowedServices []string
	RequireUserID   bool
	SkipPaths       []string
}

ServiceAuthConfig configures the service authentication middleware.

type ServiceAuthMiddleware 

type ServiceAuthMiddleware struct {
	// contains filtered or unexported fields
}

ServiceAuthMiddleware provides service-to-service JWT authentication.

func NewServiceAuthMiddleware 

func NewServiceAuthMiddleware(cfg ServiceAuthConfig) *ServiceAuthMiddleware

NewServiceAuthMiddleware creates a new service authentication middleware.

func (*ServiceAuthMiddleware) Handler 

func (m *ServiceAuthMiddleware) Handler(next http.Handler) http.Handler

Handler returns the middleware handler function.

func (*ServiceAuthMiddleware) InvalidateCache 

func (m *ServiceAuthMiddleware) InvalidateCache()

InvalidateCache clears all cached tokens. This should be called when keys are rotated or when a security event requires cache invalidation.

func (*ServiceAuthMiddleware) StopCleanup 

func (m *ServiceAuthMiddleware) StopCleanup()

StopCleanup stops the background cleanup goroutine. This should be called when the middleware is no longer needed (e.g., during shutdown).

type ServiceClaims 

type ServiceClaims = serviceauth.ServiceClaims

ServiceClaims represents JWT claims for service-to-service authentication.

type ServiceTokenGenerator 

type ServiceTokenGenerator = serviceauth.ServiceTokenGenerator

ServiceTokenGenerator generates service-to-service JWT tokens.

func NewServiceTokenGenerator 

func NewServiceTokenGenerator(privateKey *rsa.PrivateKey, serviceID string, expiry time.Duration) *ServiceTokenGenerator

NewServiceTokenGenerator creates a new service token generator.

type ServiceTokenRoundTripper 

type ServiceTokenRoundTripper = serviceauth.ServiceTokenRoundTripper

ServiceTokenRoundTripper injects X-Service-Token (and optionally X-User-ID) into outgoing HTTP requests.

type TimeoutMiddleware 

type TimeoutMiddleware struct {
	// contains filtered or unexported fields
}

TimeoutMiddleware enforces request timeouts to prevent resource exhaustion.

func NewTimeoutMiddleware 

func NewTimeoutMiddleware(timeout time.Duration) *TimeoutMiddleware

NewTimeoutMiddleware creates a request timeout middleware. When timeout <= 0, a conservative default is applied.

func (*TimeoutMiddleware) Handler 

func (m *TimeoutMiddleware) Handler(next http.Handler) http.Handler

Handler returns the timeout middleware handler.

type TracingMiddleware 

type TracingMiddleware struct {
	// contains filtered or unexported fields
}

TracingMiddleware adds trace ID to all requests

func NewTracingMiddleware 

func NewTracingMiddleware(logger *logging.Logger) *TracingMiddleware

NewTracingMiddleware creates a new tracing middleware

func (*TracingMiddleware) Handler 

func (m *TracingMiddleware) Handler(next http.Handler) http.Handler

Handler returns the tracing middleware handler

type ValidationConfig 

type ValidationConfig struct {
	MaxBodySize     int64
	AllowedMethods  []string
	RequiredHeaders []string
	ContentTypes    []string
}

ValidationConfig holds configuration for input validation.

func DefaultValidationConfig 

func DefaultValidationConfig() ValidationConfig

DefaultValidationConfig returns sensible defaults for validation.

type ValidationMiddleware 

type ValidationMiddleware struct {
	// contains filtered or unexported fields
}

ValidationMiddleware validates incoming requests.

func NewValidationMiddleware 

func NewValidationMiddleware(config ValidationConfig) *ValidationMiddleware

NewValidationMiddleware creates a new validation middleware.

func (*ValidationMiddleware) Handler 

func (m *ValidationMiddleware) Handler(next http.Handler) http.Handler

Handler returns the validation middleware handler.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.