middleware

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SessionCookieName = "testpay_session"
	// LocalWorkspaceID mirrors store.LocalWorkspaceID; duplicated to avoid circular import.
	LocalWorkspaceID = "00000000-0000-0000-0000-000000000001"
)
View Source 
const GatewayKey contextKey = "gateway"
View Source 
const RequestIDHeader = "X-Request-ID"

Variables

This section is empty.

Functions

func Auth 

func Auth(mode, apiKey string) func(http.Handler) http.Handler

func CORS 

func CORS(allowedOrigins []string) func(http.Handler) http.Handler

CORS returns a middleware that sets permissive CORS headers for the allowed origins. Credentials are allowed (required for the httpOnly session cookie). Empty allowedOrigins means allow the request's Origin header (for local mode).

func Capture 

func Capture(out *CapturedResponse) func(http.Handler) http.Handler

Capture wraps the handler so the response is recorded into *CapturedResponse.

func ClearSessionCookie 

func ClearSessionCookie(w http.ResponseWriter, mode string)

ClearSessionCookie writes an expired cookie.

func GatewayResolver 

func GatewayResolver(next http.Handler) http.Handler

GatewayResolver infers the gateway name from the URL prefix and stores it in context.

func GetGateway 

func GetGateway(r *http.Request) string

func IssueToken 

func IssueToken(secret, userID, workspaceID string, ttl time.Duration) (string, error)

IssueToken returns a signed JWT for the given user + workspace.

func Logger 

func Logger(env, service string) func(http.Handler) http.Handler

Logger injects a contextualized zerolog logger (with trace_id) into the request context, then emits a single "request completed" log at the edge. Downstream code retrieves the logger via log.Ctx(r.Context()).

func ReadBody 

func ReadBody(r *http.Request) []byte

ReadBody reads and restores r.Body, returning the bytes.

func RequestID 

func RequestID(next http.Handler) http.Handler

RequestID extracts or generates a trace ID and stores it in both the response header and the request context.

func RequireAuth 

func RequireAuth(next http.Handler) http.Handler

RequireAuth is middleware that 401s if no authenticated session is present. Apply to dashboard /api routes (not /api/auth/*). Mock endpoints do their own api_key-based auth and should not use this.

func RequireSession 

func RequireSession(w http.ResponseWriter, r *http.Request) bool

RequireSession writes a 401 if no user is in context and returns false. Call at the top of any handler that requires an authenticated user.

func Session 

func Session(secret, mode string) func(http.Handler) http.Handler

Session populates context with user_id and workspace_id if the session cookie is valid. No anonymous fallback — dashboard access is always login-gated. Mock endpoints resolve their workspace via api_key Bearer auth.

func SetSessionCookie 

func SetSessionCookie(w http.ResponseWriter, token, mode string)

SetSessionCookie writes the session cookie.

func TraceID 

func TraceID(ctx context.Context) string

TraceID returns the trace ID stored in ctx, or "" if none.

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) (string, bool)

UserIDFromContext returns the authenticated user id if present.

func WorkspaceIDFromContext 

func WorkspaceIDFromContext(ctx context.Context) (string, bool)

WorkspaceIDFromContext returns the workspace id (local or authenticated).

Types

type CapturedRequest 

type CapturedRequest struct {
	Headers map[string]string
	Body    []byte
	Time    time.Time
}

CapturedRequest holds a snapshot of the incoming request.

type CapturedResponse 

type CapturedResponse struct {
	Status  int
	Headers map[string]string
	Body    []byte
}

CapturedResponse holds a snapshot of the outgoing response.

type Claims 

type Claims struct {
	WorkspaceID string `json:"workspace_id"`
	jwt.RegisteredClaims
}

func ParseToken 

func ParseToken(secret, raw string) (*Claims, error)

ParseToken validates and returns the claims or error.

type RateLimiter 

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter enforces per-IP and global token-bucket caps. In-memory only; state is lost on restart, which is fine for free-tier abuse prevention (the server also sleeps, so long-term accumulation doesn't matter).

func NewRateLimiter 

func NewRateLimiter(perMinute, burstSize, globalPerMin int) *RateLimiter

NewRateLimiter returns a limiter that allows roughly perMinute requests per IP with a burst of burstSize, and caps all clients combined at globalPerMin. Either value <=0 disables that tier.

func (*RateLimiter) Middleware 

func (rl *RateLimiter) Middleware(next http.Handler) http.Handler

Middleware returns the HTTP middleware. Requests over the limit get 429.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.