Documentation
¶
Overview ¶
Package routers @APIVersion 1.503.0 @Title IAM RESTful API @Description Swagger Docs of IAM Backend API @Contact support@hanzo.ai @SecurityDefinition AccessToken apiKey Authorization header @Schemes https,http @ExternalDocs Find out more about IAM @ExternalDocsUrl https://github.com/hanzoai/iam
Index ¶
- func AfterRecordMessage(ctx *context.Context)
- func ApiFilter(ctx *context.Context)
- func AutoSigninFilter(ctx *context.Context)
- func CorsFilter(ctx *context.Context)
- func FieldValidationFilter(ctx *context.Context)
- func InitAPI()
- func PathRewriteFilter(ctx *context.Context)
- func PrometheusFilter(ctx *context.Context)
- func RecordMessage(ctx *context.Context)
- func SecureCookieFilter(ctx *context.Context)
- func StaticFilter(ctx *context.Context)
- func T(ctx *context.Context, error string) string
- func TimeoutFilter(ctx *context.Context)
- func VerificationRateLimitFilter(ctx *context.Context)
- type Object
- type ObjectWithOrg
- type OrganizationThemeCookie
- type Response
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AfterRecordMessage ¶
func AutoSigninFilter ¶
func CorsFilter ¶
func FieldValidationFilter ¶
func PathRewriteFilter ¶ added in v1.14.3
PathRewriteFilter normalizes legacy/alias URLs to the one canonical form recognized by router.go before Beego dispatches the request. Two flavors:
OAuth — every alias collapses to /v1/iam/oauth/<endpoint>, the canonical published form advertised by the OIDC discovery doc. Aliases: /oauth/*, /v1/iam/login/oauth/*, /api/iam/oauth/*, /api/iam/login/oauth/*. The legacy /login/oauth/* form is left UNCHANGED — direct routes still serve it for back-compat callers pinned to the OAuth2-spec literal path. New consumers must use /v1/iam/oauth/* per the discovery doc.
Legacy upstream-shape API — collapse /api/<endpoint> to /v1/iam/<endpoint>. Routes register only under /v1/iam/*, so an unrewritten /api/login falls through to the SPA static fallback and returns HTML — the silent-mux bug that broke every legacy /api/* client of hanzo.id. Rewrite is method-agnostic (POST, GET, DELETE — all the same).
New aliases go in this filter. New endpoints go in router.go. Single source of truth, both directions.
The filter runs BeforeRouter, ahead of StaticFilter, so the rewritten /v1/iam/* path matches StaticFilter's pass-through guard and lands at the Beego controller instead of the SPA.
func PrometheusFilter ¶
func RecordMessage ¶
func SecureCookieFilter ¶
SecureCookieFilter is a BeforeRouter filter that ensures session cookies are emitted with the Secure flag when the app runs behind a TLS-terminating proxy (e.g. Kubernetes ingress, Cloudflare, AWS ALB).
Beego v2's session manager determines the Secure flag via isSecure(req), which checks (1) ManagerConfig.Secure is true AND (2) req.URL.Scheme == "https" or req.TLS != nil. Behind a reverse proxy both conditions fail because EnableHTTPS is false and the Go process never sees TLS.
This filter solves it in two steps:
On the first request it calls GlobalSessions.SetSecure(true) so the session manager's config.Secure flag is enabled (one-time init).
On every request where X-Forwarded-Proto is "https", it sets req.URL.Scheme = "https" so isSecure(req) returns true and Beego natively adds "; Secure" to the session cookie.
func StaticFilter ¶
func TimeoutFilter ¶
func VerificationRateLimitFilter ¶ added in v1.2.12
VerificationRateLimitFilter is a beego BeforeRouter filter. It is a no-op for any path outside verifyRateLimitedPaths.
Source Files