middleware

package
v1.42.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

Package middleware provides HTTP middleware for the Commerce API.

This file implements Cloudflare-aware HTTP cache control middleware. Routes served via api.hanzo.ai sit behind CF; correct Cache-Control headers are the only lever we have to control what CF caches.

Strategy:

  • All authenticated routes: Cache-Control: private, no-store (CF must not cache these — they carry per-user data)
  • Public read-only routes (billing plans, product catalog): Cache-Control: public with a TTL appropriate to how often the data changes.
  • All mutation routes (POST/PUT/PATCH/DELETE): Cache-Control: no-store regardless of the route's other classification.

CF Cache-Tag headers allow targeted cache purging when data changes. Add tags in individual handlers via SetCFCacheTags(c, "plans", "org:xyz").

Index

Constants

View Source 
const HeaderMethodOverride = "X-HTTP-Method-Override"

HeaderMethodOverride is a commonly used Http header to override the method.

View Source 
const ParamMethodOverride = "_method"

ParamMethodOverride is a commonly used HTML form parameter to override the method.

Variables

View Source 
var AppEngine = RequestContext

AppEngine is a legacy alias for RequestContext. Deprecated: use RequestContext instead.

View Source 
var ErrInvalidOverrideMethod = errors.New("invalid override method")

ErrInvalidOverrideMethod is returned when an invalid http method was given to OverrideRequestMethod.

View Source 
var GetAppEngine = GetContext

GetAppEngine is a legacy alias for GetContext. Deprecated: use GetContext instead.

View Source 
var HttpMethods = []string{"PUT", "PATCH", "DELETE"}

Functions

func AccessControl 

func AccessControl(allowOrigin string) gin.HandlerFunc

func AccountRequired 

func AccountRequired() gin.HandlerFunc

func AcquireOrganization 

func AcquireOrganization(moduleName string) gin.HandlerFunc

func AcquireUser 

func AcquireUser(moduleName string) gin.HandlerFunc

func AddHost 

func AddHost() gin.HandlerFunc

Automatically get the Host header so we can decide what to do with a given request.

func BasicAuth 

func BasicAuth() gin.HandlerFunc

func CFCacheTags added in v1.36.4 

func CFCacheTags(tags ...string) gin.HandlerFunc

CFCacheTags returns middleware that sets Cache-Tag header(s). Use on route groups whose entries should be purgeable as a unit.

func CacheNoStore added in v1.36.4 

func CacheNoStore() gin.HandlerFunc

CacheNoStore disables all caching unconditionally. Use on auth flows, checkout, and payment callbacks.

func CachePrivate added in v1.36.4 

func CachePrivate() gin.HandlerFunc

CachePrivate sets Cache-Control: private, no-store. Use on all authenticated per-user or per-org routes. CF will not cache these responses.

func CachePublic added in v1.36.4 

func CachePublic(ttl int) gin.HandlerFunc

CachePublic returns middleware that sets public cache headers with the given TTL.

CF caches for ttl seconds (s-maxage). Browsers cache for ttl/2 seconds to ensure fresh content at browser re-visits. stale-while-revalidate allows CF to serve stale content while fetching fresh in background.

Mutations (POST/PUT/PATCH/DELETE) are always no-store regardless.

func CachePublicTTL added in v1.36.4 

func CachePublicTTL(ttl time.Duration) gin.HandlerFunc

CachePublicTTL is CachePublic accepting a time.Duration.

func CheckLogin 

func CheckLogin() gin.HandlerFunc

Updates session with login information, does not require it

func DetectOverrides 

func DetectOverrides() gin.HandlerFunc

Check query for special config override params and update session.

func DetectTest 

func DetectTest(query *url.Values) bool

func DetectVerbose 

func DetectVerbose(query *url.Values) bool

Try and detect verbose flag set on request, we only log DEBUG level in production if verbose=1 is added as a query param.

func ErrorHTML 

func ErrorHTML(c *gin.Context, stack string, err error)

Display errors in HTML

func ErrorHTMLDev 

func ErrorHTMLDev(c *gin.Context, stack string, err error)

func ErrorHandler 

func ErrorHandler() gin.HandlerFunc

Error middleware

func ErrorHandlerJSON 

func ErrorHandlerJSON() gin.HandlerFunc

func ErrorJSON 

func ErrorJSON(c *gin.Context, stack string, err error)

Display errors in JSON

func ErrorJSONDev 

func ErrorJSONDev(c *gin.Context, stack string, err error)

func ErrorLogger 

func ErrorLogger() gin.HandlerFunc

func ErrorLoggerT 

func ErrorLoggerT(typ gin.ErrorType) gin.HandlerFunc

func GetAccessToken 

func GetAccessToken(c *gin.Context) string

func GetContext added in v1.35.2 

func GetContext(c *gin.Context) context.Context

GetContext retrieves the request context from the Gin context.

func GetCurrentUser 

func GetCurrentUser(c *gin.Context) *user.User

func GetNamespace 

func GetNamespace(c *gin.Context) context.Context

func GetOrganization 

func GetOrganization(c *gin.Context) *organization.Organization

func GetPermissions 

func GetPermissions(c *gin.Context) bit.Field

func GetToken 

func GetToken(c *gin.Context) *accesstoken.AccessToken

func GetUser 

func GetUser(c *gin.Context) *user.User

func IsValidMethodOverride 

func IsValidMethodOverride(method string) bool

func LiveReload 

func LiveReload() gin.HandlerFunc

func Log 

func Log(c *gin.Context)

func Logger 

func Logger() gin.HandlerFunc

func LoginRequired 

func LoginRequired(moduleName string) gin.HandlerFunc

Require login to view route

func LogoutRequired 

func LogoutRequired(moduleName string) gin.HandlerFunc

Required to be logged out to view

func MethodOverride 

func MethodOverride() gin.HandlerFunc

func Namespace 

func Namespace() gin.HandlerFunc

Namespace applies the organization's namespace to the request context.

func NotFoundHandler 

func NotFoundHandler() gin.HandlerFunc

Serve custom 404 page.

func OverrideRequestMethod 

func OverrideRequestMethod(c *gin.Context, method string) error

OverrideRequestMethod overrides the http request's method with the specified method.

func ParseToken 

func ParseToken(c *gin.Context)

func RequestContext added in v1.35.2 

func RequestContext() gin.HandlerFunc

RequestContext extracts the standard Go context from the HTTP request and stores it in the Gin context for downstream handlers.

func SetCFCacheTags added in v1.36.4 

func SetCFCacheTags(c *gin.Context, tags ...string)

SetCFCacheTags adds Cloudflare Cache-Tag header values to the response. Tags are used for targeted cache purging (e.g. purge all "plans" entries). Multiple calls accumulate; tags are comma-joined as CF requires.

Example: SetCFCacheTags(c, "plans", "org:hanzo")

func Static 

func Static(urlRoot string) gin.HandlerFunc

func TokenPermits 

func TokenPermits(masks ...bit.Mask) gin.HandlerFunc

Permissions required to access route

func TokenRequired 

func TokenRequired(masks ...bit.Mask) gin.HandlerFunc

Parses token, default permissions check

func UnavailableHandler 

func UnavailableHandler() gin.HandlerFunc

Serve custom 503 page.

Types

type ErrorDisplayer 

type ErrorDisplayer func(c *gin.Context, message string, err error)

Source Files

View all Source files

Directories

Path Synopsis
Package iammiddleware is the gateway-trust shim for legacy call sites.
 Package iammiddleware is the gateway-trust shim for legacy call sites.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.