Documentation
¶
Index ¶
- func AdminMiddleware(logger *slog.Logger) func(http.Handler) http.Handler
- func AuthMiddleware(verifier *auth.Verifier, logger *slog.Logger) func(http.Handler) http.Handler
- func CheckChainPermission(apiKey *types.APIKey, chainType types.ChainType) bool
- func CheckSignerPermission(apiKey *types.APIKey, signerAddress string) bool
- func GetAPIKey(ctx context.Context) *types.APIKey
- func IPWhitelistMiddleware(whitelist *IPWhitelist) func(http.Handler) http.Handler
- func LoggingMiddleware(logger *slog.Logger) func(http.Handler) http.Handler
- func PermissionMiddleware(logger *slog.Logger) func(http.Handler) http.Handler
- func RateLimitMiddleware(limiter *RateLimiter) func(http.Handler) http.Handler
- func RecoveryMiddleware(logger *slog.Logger) func(http.Handler) http.Handler
- func SecurityHeadersMiddleware() func(http.Handler) http.Handler
- type ContextKey
- type IPWhitelist
- type RateLimiter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdminMiddleware ¶
AdminMiddleware creates a middleware that requires admin permissions. Must be used after AuthMiddleware as it depends on the API key in context.
func AuthMiddleware ¶
AuthMiddleware creates an authentication middleware Supports multiple authentication formats: - Legacy: timestamp|method|path|sha256(body) - Nonce: timestamp|nonce|method|path|sha256(body)
func CheckChainPermission ¶
CheckChainPermission checks if the API key is allowed to access the given chain type
func CheckSignerPermission ¶
CheckSignerPermission checks if the API key is allowed to use the given signer
func IPWhitelistMiddleware ¶
func IPWhitelistMiddleware(whitelist *IPWhitelist) func(http.Handler) http.Handler
IPWhitelistMiddleware creates an IP whitelist middleware This should be applied as the outermost middleware (before auth)
func LoggingMiddleware ¶
LoggingMiddleware creates a request logging middleware
func PermissionMiddleware ¶
PermissionMiddleware checks if the API key has permission for the request
func RateLimitMiddleware ¶
func RateLimitMiddleware(limiter *RateLimiter) func(http.Handler) http.Handler
RateLimitMiddleware creates a rate limiting middleware
func RecoveryMiddleware ¶
RecoveryMiddleware recovers from panics and logs them
func SecurityHeadersMiddleware ¶
SecurityHeadersMiddleware adds standard security response headers to all responses. These headers protect against common web attacks:
- X-Content-Type-Options: nosniff — prevents MIME type sniffing
- X-Frame-Options: DENY — prevents clickjacking via iframe embedding
- Cache-Control: no-store — prevents caching of sensitive API responses
- Content-Security-Policy: default-src 'none' — restricts resource loading (API-only server)
Types ¶
type ContextKey ¶
type ContextKey string
ContextKey is the type for context keys
const ( // APIKeyContextKey is the context key for the authenticated API key APIKeyContextKey ContextKey = "api_key" )
type IPWhitelist ¶
type IPWhitelist struct {
// contains filtered or unexported fields
}
IPWhitelist holds the parsed IP whitelist configuration
func NewIPWhitelist ¶
func NewIPWhitelist(cfg config.IPWhitelistConfig, logger *slog.Logger) (*IPWhitelist, error)
NewIPWhitelist creates a new IP whitelist from configuration
func (*IPWhitelist) GetClientIP ¶
func (w *IPWhitelist) GetClientIP(r *http.Request) string
GetClientIP extracts the client IP from the request If trustProxy is enabled, it checks X-Forwarded-For and X-Real-IP headers
func (*IPWhitelist) IsAllowed ¶
func (w *IPWhitelist) IsAllowed(ipStr string) bool
IsAllowed checks if an IP address is in the whitelist
type RateLimiter ¶
type RateLimiter struct {
// contains filtered or unexported fields
}
RateLimiter implements a simple sliding window rate limiter
func NewRateLimiter ¶
func NewRateLimiter(logger *slog.Logger) *RateLimiter
NewRateLimiter creates a new rate limiter
func (*RateLimiter) Allow ¶
func (r *RateLimiter) Allow(key string, limit int) bool
Allow checks if a request is allowed under the rate limit limit is requests per minute
func (*RateLimiter) Cleanup ¶
func (r *RateLimiter) Cleanup()
Cleanup removes expired windows (should be called periodically)
func (*RateLimiter) StartCleanupRoutine ¶
func (r *RateLimiter) StartCleanupRoutine(interval time.Duration, stop <-chan struct{})
StartCleanupRoutine starts a goroutine to periodically clean up expired windows
Source Files