middleware

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ABACMiddleware 

func ABACMiddleware(checker ABACChecker, cfg *ABACConfig) func(http.Handler) http.Handler

ABACMiddleware evaluates dynamic policy constraints after DataScope.

func ColoredLoggingMiddleware 

func ColoredLoggingMiddleware(cfg *LoggingConfig) func(next http.Handler) http.Handler

ColoredLoggingMiddleware logs HTTP requests with colored terminal output. Output format: [HTTP] 2024/01/15 - 10:30:45 | 200 | 1.23ms | 127.0.0.1 | GET /api/v1/users

func DataScopeMiddleware 

func DataScopeMiddleware(scopeService *datascope.Service, resolver *RoutePermissionResolver) func(http.Handler) http.Handler

DataScopeMiddleware resolves and injects data-scope filter into request context.

func DomainMembershipMiddleware 

func DomainMembershipMiddleware(cfg *DomainMembershipConfig) func(http.Handler) http.Handler

DomainMembershipMiddleware validates that the user is a member of the acting domain. Skips for platform:root domain with super_admin, and when DomainService is nil.

func DomainResolverMiddleware 

func DomainResolverMiddleware(cfg *DomainResolverConfig) func(http.Handler) http.Handler

DomainResolverMiddleware resolves acting domain with protocol support.

Resolution priority:

  1. X-Domain-Type + X-Domain-Key headers (new protocol)
  2. X-Tenant-ID header (backward compat, maps to tenant:<value>)
  3. Token defaultDomain from DomainMembership (is_default=true)
  4. Platform fallback for super admins

func LoggingMiddleware 

func LoggingMiddleware(logger *zap.Logger) func(next http.Handler) http.Handler

LoggingMiddleware logs incoming requests and outgoing responses using provided logger.

func RBACMiddleware 

func RBACMiddleware(
	checker PermissionChecker,
	resolver *RoutePermissionResolver,
	logger logging.Logger,
) func(http.Handler) http.Handler

RBACMiddleware enforces domain-aware RBAC from request ActingContext.

func RecoveryMiddleware 

func RecoveryMiddleware(logger *zap.Logger) func(next http.Handler) http.Handler

RecoveryMiddleware recovers from panics and logs them using provided logger.

func TraceIDMiddleware 

func TraceIDMiddleware() func(next http.Handler) http.Handler

TraceIDMiddleware adds a trace ID to each request It retrieves the trace ID from the X-Trace-ID header, or generates a new one if not present

Types

type ABACChecker 

type ABACChecker interface {
	CheckABACPermission(
		ctx context.Context,
		userAttrs map[string]any,
		resourceAttrs map[string]any,
		action string,
		contextAttrs map[string]any,
	) (bool, error)
}

ABACChecker abstracts ABAC permission checks.

type ABACConfig 

type ABACConfig struct {
	Enabled bool
}

ABACConfig controls ABAC middleware behavior.

func DefaultABACConfig 

func DefaultABACConfig() *ABACConfig

DefaultABACConfig returns default ABAC config.

type DomainMembershipConfig 

type DomainMembershipConfig struct {
	Logger        logging.Logger
	DomainService core.DomainResolver
}

DomainMembershipConfig configures domain membership validation.

type DomainResolverConfig 

type DomainResolverConfig struct {
	Logger        logging.Logger
	DomainService core.DomainResolver
}

DomainResolverConfig configures the domain resolver middleware.

type LoggingConfig 

type LoggingConfig struct {
	// TimeFormat is the format for timestamps (default: "2006/01/02 - 15:04:05").
	TimeFormat string
	// Prefix is the log line prefix (default: "[HTTP]").
	Prefix string
	// SkipPaths is a list of paths to skip logging for (e.g., health checks).
	SkipPaths []string
	// ColorScheme is the color scheme to use (default: NewBackgroundColorScheme()).
	ColorScheme logging.ColorScheme
	// DisableColors disables colored output. Default false (colors enabled).
	DisableColors bool
}

LoggingConfig holds configuration for the colored logging middleware.

func DefaultLoggingConfig 

func DefaultLoggingConfig() *LoggingConfig

DefaultLoggingConfig returns a LoggingConfig with sensible defaults.

type PermissionChecker 

type PermissionChecker interface {
	CheckUserPermission(ctx context.Context, userUUID, domain, resource, action string) (bool, error)
}

PermissionChecker validates domain-aware permission codes.

type QueryFilter 

type QueryFilter struct {
	// contains filtered or unexported fields
}

QueryFilter 查询过滤器

func NewQueryFilter 

func NewQueryFilter(config *QueryFilterConfig) *QueryFilter

NewQueryFilter 创建查询过滤器

func (*QueryFilter) GetIdentity 

func (qf *QueryFilter) GetIdentity(ctx context.Context) (core.Identity, bool)

GetIdentity 获取当前用户身份

func (*QueryFilter) GetUserID 

func (qf *QueryFilter) GetUserID(ctx context.Context) (uuid.UUID, bool)

GetUserID 获取当前用户ID(不检查角色)

func (*QueryFilter) ShouldFilter 

func (qf *QueryFilter) ShouldFilter(ctx context.Context) (bool, uuid.UUID)

ShouldFilter 判断是否需要过滤 返回 (needFilter bool, userID uuid.UUID)

type QueryFilterConfig 

type QueryFilterConfig struct {
	Logger          logging.Logger
	SuperAdminRoles []string
	BypassRoles     []string
}

QueryFilterConfig 查询过滤配置

func DefaultQueryFilterConfig 

func DefaultQueryFilterConfig(logger logging.Logger) *QueryFilterConfig

DefaultQueryFilterConfig 默认查询过滤配置

type RoutePermission 

type RoutePermission struct {
	IsPublic    bool
	Permissions []string
}

RoutePermission describes route-level public/private metadata.

type RoutePermissionResolver 

type RoutePermissionResolver struct {
	// contains filtered or unexported fields
}

RoutePermissionResolver resolves route metadata from a permission snapshot.

func NewRoutePermissionResolver 

func NewRoutePermissionResolver(snapshot *framePerm.Snapshot) *RoutePermissionResolver

NewRoutePermissionResolver creates a resolver with optional initial snapshot.

func (*RoutePermissionResolver) Resolve 

func (r *RoutePermissionResolver) Resolve(req *http.Request) (RoutePermission, bool)

Resolve resolves route permission metadata for a request.

func (*RoutePermissionResolver) Update 

func (r *RoutePermissionResolver) Update(snapshot framePerm.Snapshot)

Update replaces route permission map from snapshot.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.