middleware

package

v2.0.1 Latest Latest Go to latest Published: Jun 7, 2026 License: BSD-3-Clause Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/getarcaneapp/arcane

Links

Open Source Insights

Documentation ¶

Index ¶

func NewEnvProxyMiddlewareWithParam(localID, paramName string, resolver EnvResolver, authValidator AuthValidator) echo.MiddlewareFunc
func NewEnvProxyMiddlewareWithParamAndRegistry(localID, paramName string, resolver EnvResolver, authValidator AuthValidator, ...) echo.MiddlewareFunc
func PerAgentTokenRateLimit(perMinute int, burst int) echo.MiddlewareFunc
func PerIPRateLimit(perMinute int, burst int) echo.MiddlewareFunc
func PerIPRateLimitForPaths(paths []string, perMinute int, burst int) echo.MiddlewareFunc
func RequirePermission(perm string) echo.MiddlewareFunc
type ApiKeyValidator
type AuthMiddleware
- func NewAuthMiddleware(authService *services.AuthService, cfg *config.Config) *AuthMiddleware
- func (m *AuthMiddleware) Add() echo.MiddlewareFunc
- func (m *AuthMiddleware) WithAdminNotRequired() *AuthMiddleware
- func (m *AuthMiddleware) WithAdminRequired() *AuthMiddleware
- func (m *AuthMiddleware) WithApiKeyValidator(validator ApiKeyValidator) *AuthMiddleware
- func (m *AuthMiddleware) WithEnvironmentAccessTokenResolver(resolver EnvironmentAccessTokenResolver) *AuthMiddleware
- func (m *AuthMiddleware) WithPermissionResolver(resolver PermissionResolver) *AuthMiddleware
type AuthOptions
type AuthValidator
type CORSMiddleware
- func NewCORSMiddleware(cfg *config.Config) *CORSMiddleware
- func (m *CORSMiddleware) Add() echo.MiddlewareFunc
type CSRFMiddleware
- func NewCSRFMiddleware(cfg *config.Config) *CSRFMiddleware
- func (m *CSRFMiddleware) Add() echo.MiddlewareFunc
type EnvResolver
type EnvironmentAccessTokenResolver
type EnvironmentMiddleware
- func (m *EnvironmentMiddleware) Handle(c echo.Context, next echo.HandlerFunc) error
type PermissionResolver

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewEnvProxyMiddlewareWithParam ¶

func NewEnvProxyMiddlewareWithParam(localID, paramName string, resolver EnvResolver, authValidator AuthValidator) echo.MiddlewareFunc

NewEnvProxyMiddlewareWithParam creates middleware that proxies requests to remote environments.

func NewEnvProxyMiddlewareWithParamAndRegistry ¶

func NewEnvProxyMiddlewareWithParamAndRegistry(
	localID,
	paramName string,
	resolver EnvResolver,
	authValidator AuthValidator,
	registry *edge.TunnelRegistry,
) echo.MiddlewareFunc

NewEnvProxyMiddlewareWithParamAndRegistry creates middleware with an injected tunnel registry.

func PerAgentTokenRateLimit ¶

func PerAgentTokenRateLimit(perMinute int, burst int) echo.MiddlewareFunc

PerAgentTokenRateLimit returns an Echo middleware that limits requests per edge agent token to the given rate and burst.

func PerIPRateLimit ¶

func PerIPRateLimit(perMinute int, burst int) echo.MiddlewareFunc

PerIPRateLimit returns an Echo middleware that limits requests per client IP to the given rate and burst. It responds with 429 when the limit is exceeded.

func PerIPRateLimitForPaths ¶

func PerIPRateLimitForPaths(paths []string, perMinute int, burst int) echo.MiddlewareFunc

PerIPRateLimitForPaths returns an Echo middleware that applies a per-IP rate limit only when c.Path() (the registered route pattern) is in paths. Each path gets its own independent token bucket, so traffic on one path does not deplete the budget for another (e.g. a login burst will not block a concurrent token refresh).

func RequirePermission ¶

func RequirePermission(perm string) echo.MiddlewareFunc

RequirePermission returns an Echo middleware that rejects callers lacking `perm` for the environment ID in the request path (or globally for org-level permissions). Use on streaming/WS routes that aren't served by Huma. Expects the caller's PermissionSet to already be on the Echo context via the AuthMiddleware (i.e., chain it AFTER auth).

Types ¶

type ApiKeyValidator ¶

type ApiKeyValidator interface {
	ValidateApiKeyWithID(ctx context.Context, rawKey string) (*models.User, string, error)
}

type AuthMiddleware ¶

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

func NewAuthMiddleware ¶

func NewAuthMiddleware(authService *services.AuthService, cfg *config.Config) *AuthMiddleware

func (*AuthMiddleware) Add ¶

func (m *AuthMiddleware) Add() echo.MiddlewareFunc

func (*AuthMiddleware) WithAdminNotRequired ¶

func (m *AuthMiddleware) WithAdminNotRequired() *AuthMiddleware

func (*AuthMiddleware) WithAdminRequired ¶

func (m *AuthMiddleware) WithAdminRequired() *AuthMiddleware

func (*AuthMiddleware) WithApiKeyValidator ¶

func (m *AuthMiddleware) WithApiKeyValidator(validator ApiKeyValidator) *AuthMiddleware

func (*AuthMiddleware) WithEnvironmentAccessTokenResolver ¶

func (m *AuthMiddleware) WithEnvironmentAccessTokenResolver(resolver EnvironmentAccessTokenResolver) *AuthMiddleware

func (*AuthMiddleware) WithPermissionResolver ¶

func (m *AuthMiddleware) WithPermissionResolver(resolver PermissionResolver) *AuthMiddleware

type AuthOptions ¶

type AuthOptions struct {
	AdminRequired   bool
	SuccessOptional bool
}

type AuthValidator ¶

type AuthValidator func(ctx context.Context, c echo.Context) bool

AuthValidator validates authentication for a request. Returns true if the request is authenticated, false otherwise.

type CORSMiddleware ¶

type CORSMiddleware struct {
	// contains filtered or unexported fields
}

func NewCORSMiddleware ¶

func NewCORSMiddleware(cfg *config.Config) *CORSMiddleware

func (*CORSMiddleware) Add ¶

func (m *CORSMiddleware) Add() echo.MiddlewareFunc

type CSRFMiddleware ¶

type CSRFMiddleware struct {
	// contains filtered or unexported fields
}

CSRFMiddleware rejects cross-origin state-changing requests to the cookie-backed API. It complements the SameSite=Lax session cookie with server-side origin verification (Sec-Fetch-Site, with an Origin/Host fallback) via the standard library's net/http.CrossOriginProtection.

Header-credentialed requests (Bearer / X-API-Key / agent token) are not CSRF-able — a browser cannot attach those headers to a forged cross-origin request — so they are left untouched, as are non-browser clients that send no Origin header.

func NewCSRFMiddleware ¶

func NewCSRFMiddleware(cfg *config.Config) *CSRFMiddleware

func (*CSRFMiddleware) Add ¶

func (m *CSRFMiddleware) Add() echo.MiddlewareFunc

type EnvResolver ¶

type EnvResolver func(ctx context.Context, id string) (string, *string, bool, error)

EnvResolver resolves an environment ID to its connection details. Returns: apiURL, accessToken, enabled, error

type EnvironmentAccessTokenResolver ¶

type EnvironmentAccessTokenResolver interface {
	ResolveEnvironmentByAccessToken(ctx context.Context, token string) (*models.Environment, error)
}

type EnvironmentMiddleware ¶

type EnvironmentMiddleware struct {
	// contains filtered or unexported fields
}

EnvironmentMiddleware proxies requests for remote environments to their respective agents.

func (*EnvironmentMiddleware) Handle ¶

func (m *EnvironmentMiddleware) Handle(c echo.Context, next echo.HandlerFunc) error

Handle is the main middleware handler.

type PermissionResolver ¶

type PermissionResolver interface {
	ResolvePermissions(ctx context.Context, user *models.User) (*authz.PermissionSet, error)
	ResolveApiKeyPermissions(ctx context.Context, apiKeyID string) (*authz.PermissionSet, error)
}

PermissionResolver resolves a caller's effective permission set. Implemented by services.RoleService; kept as an interface so tests can stub it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL