Documentation
¶
Index ¶
- func AdminOnly() gin.HandlerFunc
- func AuthMiddleware() gin.HandlerFunc
- func CORS(configs ...CORSConfig) gin.HandlerFunc
- func CSRFMiddleware() gin.HandlerFunc
- func ErrorHandler() gin.HandlerFunc
- func RateLimitMiddleware() gin.HandlerFunc
- func Recovery() gin.HandlerFunc
- func RegisterAlias(name string, handler gin.HandlerFunc)
- func RegisterGroup(name string, handlers ...gin.HandlerFunc)
- func RequestID() gin.HandlerFunc
- func ResetRegistry()
- func Resolve(name string) gin.HandlerFunc
- func ResolveGroup(name string) []gin.HandlerFunc
- func SessionMiddleware(mgr *session.Manager) gin.HandlerFunc
- type CORSConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdminOnly ¶
func AdminOnly() gin.HandlerFunc
AdminOnly returns a Gin middleware that restricts access to admin users. It reads the "role" value from the Gin context and aborts with 403 if the role is not "admin". Must be used after a middleware that sets c.Set("role", ...). Note: the built-in AuthMiddleware only sets "user_id"; you must add your own middleware to load and set the user's role.
func AuthMiddleware ¶
func AuthMiddleware() gin.HandlerFunc
AuthMiddleware validates JWT Bearer tokens on protected routes. On success, sets "user_id" in the Gin context.
func CORS ¶
func CORS(configs ...CORSConfig) gin.HandlerFunc
CORS returns middleware that handles cross-origin requests. If no config is provided, sensible defaults are used.
func CSRFMiddleware ¶
func CSRFMiddleware() gin.HandlerFunc
CSRFMiddleware generates and validates per-session CSRF tokens. Safe methods (GET, HEAD, OPTIONS) are skipped. State-changing methods require a valid token in the _csrf_token form field or X-CSRF-Token header.
func ErrorHandler ¶
func ErrorHandler() gin.HandlerFunc
ErrorHandler returns middleware that processes errors added to the Gin context. If an error is an *errors.AppError, it uses the status code and ErrorResponse(). Other errors are treated as 500 Internal Server Error.
func RateLimitMiddleware ¶
func RateLimitMiddleware() gin.HandlerFunc
func Recovery ¶
func Recovery() gin.HandlerFunc
Recovery returns middleware that catches panics and returns a 500 error.
func RegisterAlias ¶
func RegisterAlias(name string, handler gin.HandlerFunc)
RegisterAlias registers a named middleware that can be referenced by string.
func RegisterGroup ¶
func RegisterGroup(name string, handlers ...gin.HandlerFunc)
RegisterGroup registers a named group of middleware.
func RequestID ¶
func RequestID() gin.HandlerFunc
RequestID returns middleware that assigns a unique ID to each request. If the request already has an X-Request-ID header, it is preserved.
func ResetRegistry ¶
func ResetRegistry()
ResetRegistry clears all registered aliases and groups. For testing only.
func Resolve ¶
func Resolve(name string) gin.HandlerFunc
Resolve returns a middleware handler by alias name. Panics if the alias is not registered.
func ResolveGroup ¶
func ResolveGroup(name string) []gin.HandlerFunc
ResolveGroup returns all middleware in a named group. Returns nil if the group is not registered.
func SessionMiddleware ¶
func SessionMiddleware(mgr *session.Manager) gin.HandlerFunc
SessionMiddleware automatically loads/saves sessions per request.
Types ¶
type CORSConfig ¶
type CORSConfig struct {
AllowOrigins []string // Default: from CORS_ALLOWED_ORIGINS env, or ["*"]
AllowMethods []string // Default: ["GET","POST","PUT","DELETE","PATCH","OPTIONS"]
AllowHeaders []string // Default: ["Origin","Content-Type","Accept","Authorization","X-Request-ID","X-CSRF-Token"]
ExposeHeaders []string // Default: ["Content-Length","X-Request-ID"]
AllowCredentials bool // Default: true
MaxAge int // Default: 43200 (12 hours), in seconds
}
CORSConfig holds configuration for the CORS middleware.
Source Files