Documentation
¶
Index ¶
- func AdminAuthMiddleware(next http.Handler) http.Handler
- func AuthAudienceMiddleware(next http.Handler) http.Handler
- func CORSMiddleware(next http.Handler) http.Handler
- func CSRFMiddleware(next http.Handler) http.Handler
- func CombineMiddlewares(middlewares []func(http.Handler) http.Handler) func(http.Handler) http.Handler
- func GetRequestID(ctx context.Context) string
- func LoggingMiddleware(next http.Handler) http.Handler
- func RateLimitMiddleware(store *ratelimit.Store) func(http.Handler) http.Handler
- func RequestIDMiddleware(next http.Handler) http.Handler
- func SecurityHeadersMiddleware(next http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdminAuthMiddleware ¶ added in v1.0.0
AdminAuthMiddleware verifies that the request has a valid JWT token with an admin role. Used to protect admin-only endpoints.
func AuthAudienceMiddleware ¶ added in v1.0.0
AuthAudienceMiddleware checks that the JWT token has the correct audience (aud claim)
func CORSMiddleware ¶
CORSMiddleware handles CORS based on the cors_allowed_origins runtime setting. When no origins are configured CORS headers are omitted entirely. A wildcard "*" origin sends Access-Control-Allow-Origin: *. Specific origins are reflected with Vary and Access-Control-Allow-Credentials.
func CombineMiddlewares ¶
func GetRequestID ¶ added in v1.1.2
GetRequestID retrieves the request ID from the context. Returns an empty string if no request ID is present.
func RateLimitMiddleware ¶ added in v1.0.8
RateLimitMiddleware returns a middleware that enforces per-IP rate limiting using the provided Store. Requests that exceed the limit receive a 429 with a Retry-After: 1 header and an OAuth-style JSON error body.
func RequestIDMiddleware ¶ added in v1.1.2
RequestIDMiddleware generates a unique request ID for each request, injects it into the context, and sets it on the X-Request-ID response header.
Types ¶
This section is empty.
Source Files