middleware

package
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdminMiddleware 

func AdminMiddleware(logger *slog.Logger) func(http.Handler) http.Handler

AdminMiddleware creates a middleware that requires admin permissions. Must be used after AuthMiddleware as it depends on the API key in context.

func AuthMiddleware 

func AuthMiddleware(verifier *auth.Verifier, logger *slog.Logger) func(http.Handler) http.Handler

AuthMiddleware creates an authentication middleware Authentication format: timestamp|nonce|method|path|sha256(body) Nonce is required when NonceRequired is configured (recommended for production)

func CheckChainPermission 

func CheckChainPermission(apiKey *types.APIKey, chainType types.ChainType) bool

CheckChainPermission checks if the API key is allowed to access the given chain type

func CheckSignerPermission 

func CheckSignerPermission(apiKey *types.APIKey, signerAddress string) bool

CheckSignerPermission checks if the API key is allowed to use the given signer

func CheckSignerPermissionWithHDWallets added in v0.1.0 

func CheckSignerPermissionWithHDWallets(apiKey *types.APIKey, signerAddress string, hdMgr HDWalletDerivedLister) bool

CheckSignerPermissionWithHDWallets checks allow_all_signers / AllowedSigners, then allow_all_hd_wallets / AllowedHDWallets (derived). hdMgr may be nil (treated as no HD wallet check).

func GetAPIKey 

func GetAPIKey(ctx context.Context) *types.APIKey

GetAPIKey retrieves the API key from the request context

func IPRateLimitMiddleware added in v0.1.0 

func IPRateLimitMiddleware(limiter *RateLimiter, ipWhitelist *IPWhitelist, limit int) func(http.Handler) http.Handler

IPRateLimitMiddleware creates a pre-auth rate limiting middleware based on client IP. Protects against unauthenticated flood attacks (e.g. brute-force with invalid API keys). If limit <= 0, IP rate limiting is disabled (pass-through).

func IPWhitelistMiddleware 

func IPWhitelistMiddleware(whitelist *IPWhitelist) func(http.Handler) http.Handler

IPWhitelistMiddleware creates an IP whitelist middleware This should be applied as the outermost middleware (before auth)

func LoggingMiddleware 

func LoggingMiddleware(logger *slog.Logger) func(http.Handler) http.Handler

LoggingMiddleware creates a request logging middleware

func PermissionMiddleware 

func PermissionMiddleware(logger *slog.Logger) func(http.Handler) http.Handler

PermissionMiddleware checks if the API key has permission for the request

func RateLimitMiddleware 

func RateLimitMiddleware(limiter *RateLimiter) func(http.Handler) http.Handler

RateLimitMiddleware creates a rate limiting middleware

func RecoveryMiddleware 

func RecoveryMiddleware(logger *slog.Logger) func(http.Handler) http.Handler

RecoveryMiddleware recovers from panics and logs them

func SecurityHeadersMiddleware 

func SecurityHeadersMiddleware() func(http.Handler) http.Handler

SecurityHeadersMiddleware adds standard security response headers to all responses. These headers protect against common web attacks:

  • X-Content-Type-Options: nosniff — prevents MIME type sniffing
  • X-Frame-Options: DENY — prevents clickjacking via iframe embedding
  • Cache-Control: no-store — prevents caching of sensitive API responses
  • Content-Security-Policy: default-src 'none' — restricts resource loading (API-only server)

Types

type ContextKey 

type ContextKey string

ContextKey is the type for context keys 

const (
	// APIKeyContextKey is the context key for the authenticated API key
	APIKeyContextKey ContextKey = "api_key"
)

type HDWalletDerivedLister added in v0.1.0 

type HDWalletDerivedLister interface {
	ListPrimaryAddresses() []string
	ListDerivedAddresses(primaryAddr string) ([]types.SignerInfo, error)
}

HDWalletDerivedLister can list primary HD wallet addresses and their derived addresses. Extracted to avoid importing the full evm package in middleware.

type IPWhitelist 

type IPWhitelist struct {
	// contains filtered or unexported fields
}

IPWhitelist holds the parsed IP whitelist configuration

func NewIPWhitelist 

func NewIPWhitelist(cfg config.IPWhitelistConfig, logger *slog.Logger) (*IPWhitelist, error)

NewIPWhitelist creates a new IP whitelist from configuration

func (*IPWhitelist) GetClientIP 

func (w *IPWhitelist) GetClientIP(r *http.Request) string

GetClientIP extracts the client IP from the request. If trustProxy is enabled AND the direct connection comes from a trusted proxy, it checks X-Forwarded-For and X-Real-IP headers. Otherwise, it uses RemoteAddr directly (fail-closed).

func (*IPWhitelist) IsAllowed 

func (w *IPWhitelist) IsAllowed(ipStr string) bool

IsAllowed checks if an IP address is in the whitelist

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter implements a simple sliding window rate limiter

func NewRateLimiter 

func NewRateLimiter(logger *slog.Logger) *RateLimiter

NewRateLimiter creates a new rate limiter

func (*RateLimiter) Allow 

func (r *RateLimiter) Allow(key string, limit int) bool

Allow checks if a request is allowed under the rate limit limit is requests per minute

func (*RateLimiter) Cleanup 

func (r *RateLimiter) Cleanup()

Cleanup removes expired windows (should be called periodically)

func (*RateLimiter) StartCleanupRoutine 

func (r *RateLimiter) StartCleanupRoutine(interval time.Duration, stop <-chan struct{})

StartCleanupRoutine starts a goroutine to periodically clean up expired windows

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.