api

package
v0.19.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2026 License: MIT Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func APIKeyAuth 

func APIKeyAuth(apiKey string) func(http.Handler) http.Handler

APIKeyAuth returns middleware that validates a Bearer token against the given API key. If apiKey is empty, all requests are allowed (auth disabled). Uses constant-time comparison to prevent timing side-channel attacks.

func DecompressRequest 

func DecompressRequest(maxDecompressedBytes int64) func(http.Handler) http.Handler

DecompressRequest transparently decompresses gzip-encoded request bodies. It limits the decompressed output to maxDecompressedBytes to prevent zip bombs.

func MaxBodySize 

func MaxBodySize(maxBytes int64) func(http.Handler) http.Handler

MaxBodySize limits the request body to the given number of bytes.

func PrometheusMiddleware 

func PrometheusMiddleware(next http.Handler) http.Handler

PrometheusMiddleware records HTTP request counts and duration as Prometheus metrics.

func RequireAdmin 

func RequireAdmin(next http.Handler) http.Handler

RequireAdmin returns 403 if the user is not an admin.

func RequireAdminAPI 

func RequireAdminAPI(next http.Handler) http.Handler

RequireAdminAPI returns 403 JSON if the user is not an admin (for API endpoints).

func RequireAuthAPI 

func RequireAuthAPI(next http.Handler) http.Handler

RequireAuthAPI returns 401 JSON if no user is in the context (for API endpoints).

func SessionFromContext 

func SessionFromContext(ctx context.Context) *store.Session

SessionFromContext returns the session from the request context, or nil.

func UserFromContext 

func UserFromContext(ctx context.Context) *store.User

UserFromContext returns the authenticated user from the request context, or nil.

Types

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter provides per-IP rate limiting.

func NewRateLimiter 

func NewRateLimiter(limit int, window time.Duration, trusted []string) *RateLimiter

NewRateLimiter creates a rate limiter allowing limit requests per window per IP. It starts a background goroutine that evicts expired entries every 5 minutes. Call Stop() to terminate the background goroutine. The trusted parameter lists proxy IPs whose X-Forwarded-For header should be trusted.

func (*RateLimiter) Middleware 

func (rl *RateLimiter) Middleware(next http.Handler) http.Handler

Middleware returns an HTTP middleware that enforces the rate limit.

func (*RateLimiter) Stop 

func (rl *RateLimiter) Stop()

Stop terminates the background cleanup goroutine.

type ReliabilityProvider 

type ReliabilityProvider interface {
	Reliability(checkID string) float64
}

ReliabilityProvider returns recent reliability data for health checks. Implemented by healthcheck.Scheduler.

type Server 

type Server struct {
	Router chi.Router

	// Handler is the top-level http.Handler (wraps Router with SSE mux)
	Handler http.Handler
	// contains filtered or unexported fields
}

Server holds the HTTP server and its dependencies.

func NewServer 

func NewServer(dsStore store.DataSourceStore, logStore store.LogStore, registry *connector.Registry, cfg *config.Config) *Server

NewServer creates a new Server with the given dependencies and sets up routes.

func NewServerWithDeps 

func NewServerWithDeps(deps ServerDeps) *Server

NewServerWithDeps creates a new Server using the ServerDeps struct.

func (*Server) DynamicAPIKeyAuth 

func (s *Server) DynamicAPIKeyAuth(next http.Handler) http.Handler

DynamicAPIKeyAuth resolves the API key per-request (env var or DB) and validates the Bearer token. If no key is configured, all requests pass. Uses constant-time comparison to prevent timing side-channel attacks.

func (*Server) DynamicCORSMiddleware 

func (s *Server) DynamicCORSMiddleware(next http.Handler) http.Handler

DynamicCORSMiddleware resolves CORS allowed origins per-request (env var or DB) and sets appropriate CORS headers. If no origins are configured, CORS headers are not set (same-origin only).

func (*Server) IngestHandler 

func (s *Server) IngestHandler() *ingest.Handler

IngestHandler returns the log ingestion handler so it can be reused by non-HTTP transports (e.g. Unix socket listener).

func (*Server) MCPTokenAuth 

func (s *Server) MCPTokenAuth(next http.Handler) http.Handler

MCPTokenAuth is middleware that authenticates requests using a Bearer token validated against the user's MCP token in the database. It sets the authenticated user in the request context.

func (*Server) ProxyAuth 

func (s *Server) ProxyAuth(next http.Handler) http.Handler

ProxyAuth trusts X-Forwarded-User and X-Forwarded-User-Role headers from the platform reverse proxy. Only active when OPENTRACE_TRUST_PROXY_AUTH=true.

func (*Server) Shutdown 

func (s *Server) Shutdown(ctx context.Context) error

Shutdown gracefully shuts down SSE connections and other resources.

type ServerDeps 

type ServerDeps struct {
	Ctx    context.Context // app lifecycle context; nil defaults to Background
	DB     *sql.DB
	Stores store.Stores

	Registry             *connector.Registry
	Cfg                  *config.Config
	WatchStreamEvaluator *watcher.WatchStreamEvaluator
	WatchMetrics         *watcher.WatchMetrics
	IngestQueue          *ingest.Queue
	ReliabilityProvider  ReliabilityProvider
	SharedDeps           *server.Deps
	Modules              []server.Module
}

ServerDeps holds all dependencies for the web server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.