Documentation
¶
Index ¶
- Constants
- func Auth(cfg AuthConfig) func(http.Handler) http.Handler
- func BodyLimit(maxBytes int64) func(http.Handler) http.Handler
- func Chain(h http.Handler, mws ...Middleware) http.Handler
- func Handler(reg *prometheus.Registry) http.Handler
- func OTel(cfg OTelConfig) func(http.Handler) http.Handler
- func Recover(logger *wslog.Logger) func(http.Handler) http.Handler
- func RequestID() func(http.Handler) http.Handler
- func Tenant(cfg TenantConfig) func(http.Handler) http.Handler
- type AuthConfig
- type Metrics
- type MetricsConfig
- type Middleware
- type OTelConfig
- type TenantConfig
- type TenantMode
Constants ¶
View Source
const HeaderAuthorization = "Authorization"
View Source
const HeaderRequestID = "X-Request-ID"
View Source
const HeaderTenantID = "X-Tenant-ID"
Variables ¶
This section is empty.
Functions ¶
func Auth ¶
func Auth(cfg AuthConfig) func(http.Handler) http.Handler
Auth authenticates requests using JWT in Authorization header and enriches context with: subject_id (sub), tenant_id, and scopes.
It never leaks token verification details to clients. All failures map to standardized errors.
func BodyLimit ¶
BodyLimit limits the size of request body read by downstream handlers. It wraps r.Body with http.MaxBytesReader.
Panics if maxBytes <= 0.
func Chain ¶
func Chain(h http.Handler, mws ...Middleware) http.Handler
Chain applies middlewares to handler. Middlewares are applied in the order provided: Chain(h, A, B) => A(B(h))
func Handler ¶
func Handler(reg *prometheus.Registry) http.Handler
Handler returns a Prometheus scrape handler. If reg is nil, it uses the global default gatherer.
Types ¶
type AuthConfig ¶
type AuthConfig struct {
Verifier *auth.Verifier
// RequireScopes enforces that the authenticated principal has all listed scopes.
RequireScopes []auth.Scope
// Policy optionally performs an external policy check.
// If Policy is set, Action and Resource must be non-empty stable strings.
Policy auth.PolicyChecker
Action string
Resource string
}
type Metrics ¶
type Metrics struct {
RequestsTotal *prometheus.CounterVec
RequestDuration *prometheus.HistogramVec
// contains filtered or unexported fields
}
func NewMetrics ¶
func NewMetrics(cfg MetricsConfig) *Metrics
NewMetrics creates and registers HTTP metrics into cfg.Registry (or DefaultRegisterer if nil).
type MetricsConfig ¶
type MetricsConfig struct {
Namespace string
Subsystem string
Registry prometheus.Registerer
// If true, status will be grouped (2xx, 4xx, 5xx) instead of exact code.
GroupStatus bool
}
type Middleware ¶
Middleware represents an HTTP middleware function.
type OTelConfig ¶
type TenantConfig ¶
type TenantConfig struct {
Mode TenantMode
Required bool
Header string
// AllowHeaderWithoutAuth allows reading tenant_id from header even when subject_id is empty.
// Default false. Keep this disabled for public edge handlers.
AllowHeaderWithoutAuth bool
}
type TenantMode ¶
type TenantMode int
const ( // TenantFromContext uses tenant_id already present in request context (e.g. from JWT claims). TenantFromContext TenantMode = iota // TenantAllowHeader allows tenant_id override from a header (intended for internal calls only). TenantAllowHeader )
Source Files
Click to show internal directories.
Click to hide internal directories.