middleware

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Default timeout durations.
	DefaultTimeout = 10 * time.Second
	ShortTimeout   = 5 * time.Second
	LongTimeout    = 30 * time.Second
)

Variables

This section is empty.

Functions

func Chain 

func Chain(
	h http.Handler,
	middlewares ...Middleware,
) http.Handler

Chain composes middlewares around a final handler.

func GetClientIP 

func GetClientIP(r *http.Request) string

GetClientIP extracts the client IP address from the request.

func GetRequestID 

func GetRequestID(r *http.Request) string

GetRequestID extracts the request ID from the request context.

Types

type BaseResponseWriter 

type BaseResponseWriter struct {
	http.ResponseWriter
}

BaseResponseWriter provides a base implementation that supports hijacking for WebSocket upgrades Other middleware can embed this to get hijacking support for free.

func (*BaseResponseWriter) Hijack 

func (brw *BaseResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error)

Hijack implements http.Hijacker interface for WebSocket support.

type BasicAuthConfig 

type BasicAuthConfig struct {
	Realm           string
	Users           map[string]string // username -> password mapping for users
	UnauthorizedMsg string
	Validator       func(username, password string) bool
	SkipPaths       map[string]bool
	// Use constant-time comparison to prevent timing attacks
	UseConstantTime bool
	SendChallenge   bool
}

BasicAuthConfig holds configuration for basic auth middleware.

type BasicAuthOption 

type BasicAuthOption func(*BasicAuthConfig)

func WithBasicAuthChallenge 

func WithBasicAuthChallenge(sendChallenge bool) BasicAuthOption

WithBasicAuthChallenge controls whether to send WWW-Authenticate header (browser popup).

func WithBasicAuthRealm 

func WithBasicAuthRealm(realm string) BasicAuthOption

WithBasicAuthRealm sets the authentication realm.

func WithBasicAuthSkipPaths 

func WithBasicAuthSkipPaths(paths ...string) BasicAuthOption

WithBasicAuthSkipPaths sets paths to skip authentication.

func WithBasicAuthUnauthorizedMessage 

func WithBasicAuthUnauthorizedMessage(
	message string,
) BasicAuthOption

WithBasicAuthUnauthorizedMessage sets the unauthorized response message.

func WithBasicAuthUsers 

func WithBasicAuthUsers(users map[string]string) BasicAuthOption

WithBasicAuthUsers sets username/password pairs.

func WithBasicAuthValidator 

func WithBasicAuthValidator(
	validator func(username, password string) bool,
) BasicAuthOption

WithBasicAuthValidator sets a custom validation function.

func WithConstantTimeComparison 

func WithConstantTimeComparison(enable bool) BasicAuthOption

WithConstantTimeComparison enables constant-time string comparison to prevent timing attacks.

type CORSConfig 

type CORSConfig struct {
	AllowedOrigins   []string
	AllowedMethods   []string
	AllowedHeaders   []string
	ExposedHeaders   []string
	MaxAge           int
	AllowCredentials bool
	AllowAllOrigins  bool
}

CORSConfig holds configuration for CORS middleware.

type CORSOption 

type CORSOption func(*CORSConfig)

func WithAllowAllOrigins 

func WithAllowAllOrigins() CORSOption

WithAllowAllOrigins allows all origins (sets Access-Control-Allow-Origin: *).

func WithAllowCredentials 

func WithAllowCredentials(allow bool) CORSOption

WithAllowCredentials enables credentials support.

func WithAllowedHeaders 

func WithAllowedHeaders(headers ...string) CORSOption

WithAllowedHeaders sets the allowed headers.

func WithAllowedMethods 

func WithAllowedMethods(methods ...string) CORSOption

WithAllowedMethods sets the allowed HTTP methods.

func WithAllowedOrigins 

func WithAllowedOrigins(origins ...string) CORSOption

WithAllowedOrigins sets the allowed origins.

func WithExposedHeaders 

func WithExposedHeaders(headers ...string) CORSOption

WithExposedHeaders sets the exposed headers.

func WithMaxAge 

func WithMaxAge(age int) CORSOption

WithMaxAge sets the max age for preflight requests.

type LoggerConfig 

type LoggerConfig struct {
	Logger         *slog.Logger
	LogLevel       slog.Level
	Message        string
	SkipPaths      map[string]bool
	ExtraFields    map[string]any
	IncludeQuery   bool
	IncludeHeaders bool
	HeaderFields   []string
}

LoggerConfig holds configuration for logger middleware.

type LoggerOption 

type LoggerOption func(*LoggerConfig)

func WithExtraFields 

func WithExtraFields(fields map[string]any) LoggerOption

WithExtraFields adds extra fields to all log entries.

func WithIncludeHeaders 

func WithIncludeHeaders(headers ...string) LoggerOption

WithIncludeHeaders enables header logging.

func WithIncludeQuery 

func WithIncludeQuery(include bool) LoggerOption

WithIncludeQuery enables/disables query parameter logging.

func WithLogLevel 

func WithLogLevel(level slog.Level) LoggerOption

WithLogLevel sets the log level for requests.

func WithLogMessage 

func WithLogMessage(message string) LoggerOption

WithLogMessage sets the log message.

func WithLogger 

func WithLogger(logger *slog.Logger) LoggerOption

WithLogger sets the logger instance.

func WithSkipPaths 

func WithSkipPaths(paths ...string) LoggerOption

WithSkipPaths sets paths to skip logging.

type Middleware 

type Middleware func(http.Handler) http.Handler

func BasicAuth 

func BasicAuth(opts ...BasicAuthOption) Middleware

func CORS 

func CORS(opts ...CORSOption) Middleware

CORSMiddleware handles Cross-Origin Resource Sharing with configurable options

Multiple if statements for header configuration is acceptable

func EnforceRequestContentType 

func EnforceRequestContentType(allowedContentTypes ...string) Middleware

EnforceRequestContentTypeMiddleware enforces specific content types on incoming requests.

func EnforceRequestContentTypeJSON 

func EnforceRequestContentTypeJSON() Middleware

EnforceRequestContentTypeJSONMiddleware is a convenience function that enforces JSON content type on requests.

func Logger 

func Logger(opts ...LoggerOption) Middleware

LoggerMiddleware logs HTTP requests with structured logging and configurable options

func Recovery 

func Recovery(opts ...RecoveryOption) Middleware

RecoveryMiddleware recovers from panics with configurable options

Complex panic handling logic is necessary for proper recovery

func RequestID 

func RequestID() Middleware

RequestIDMiddleware generates and injects a unique request ID.

func SecurityHeaders 

func SecurityHeaders(opts ...SecurityHeadersOption) Middleware

SecurityHeadersMiddleware adds common security headers with default values.

func Timeout 

func Timeout(opts ...TimeoutOption) Middleware

TimeoutMiddleware sets a timeout for the request context and handles timeout responses

type RecoveryConfig 

type RecoveryConfig struct {
	Logger        *slog.Logger
	LogLevel      slog.Level
	LogMessage    string
	StatusCode    int
	Response      any
	ContentType   string
	IncludeStack  bool
	ExtraFields   map[string]any
	CustomHandler func(recovered any, w http.ResponseWriter, r *http.Request)
}

RecoveryConfig holds configuration for recovery middleware.

type RecoveryOption 

type RecoveryOption func(*RecoveryConfig)

func WithCustomRecoveryHandler 

func WithCustomRecoveryHandler(
	handler func(recovered any, w http.ResponseWriter, r *http.Request),
) RecoveryOption

WithCustomRecoveryHandler sets a custom handler for panic recovery.

func WithIncludeStack 

func WithIncludeStack(include bool) RecoveryOption

WithIncludeStack enables/disables stack trace inclusion in logs.

func WithRecoveryContentType 

func WithRecoveryContentType(contentType string) RecoveryOption

WithRecoveryContentType sets the content type for panic responses.

func WithRecoveryExtraFields 

func WithRecoveryExtraFields(fields map[string]any) RecoveryOption

WithRecoveryExtraFields adds extra fields to panic log entries.

func WithRecoveryLogLevel 

func WithRecoveryLogLevel(level slog.Level) RecoveryOption

WithRecoveryLogLevel sets the log level for panic recovery.

func WithRecoveryLogMessage 

func WithRecoveryLogMessage(message string) RecoveryOption

WithRecoveryLogMessage sets the log message for panic recovery.

func WithRecoveryLogger 

func WithRecoveryLogger(logger *slog.Logger) RecoveryOption

WithRecoveryLogger sets the logger instance.

func WithRecoveryResponse 

func WithRecoveryResponse(response any) RecoveryOption

WithRecoveryResponse sets the response body for panic responses.

func WithRecoveryStatusCode 

func WithRecoveryStatusCode(code int) RecoveryOption

WithRecoveryStatusCode sets the HTTP status code for panic responses.

type SecurityHeadersConfig 

type SecurityHeadersConfig struct {
	XContentTypeOptions        string
	XFrameOptions              string
	XXSSProtection             string
	StrictTransportSecurity    string
	ReferrerPolicy             string
	ContentSecurityPolicy      string
	DisableXContentTypeOptions bool
	DisableXFrameOptions       bool
	DisableXXSSProtection      bool
	DisableHSTS                bool
	DisableReferrerPolicy      bool
	DisableCSP                 bool
}

SecurityHeadersConfig holds configuration for security headers.

type SecurityHeadersOption 

type SecurityHeadersOption func(*SecurityHeadersConfig)

func DisableCSP 

func DisableCSP() SecurityHeadersOption

DisableCSP disables the Content-Security-Policy header.

func DisableHSTS 

func DisableHSTS() SecurityHeadersOption

DisableHSTS disables the Strict-Transport-Security header.

func DisableReferrerPolicy 

func DisableReferrerPolicy() SecurityHeadersOption

DisableReferrerPolicy disables the Referrer-Policy header.

func DisableXContentTypeOptions 

func DisableXContentTypeOptions() SecurityHeadersOption

DisableXContentTypeOptions disables the X-Content-Type-Options header.

func DisableXFrameOptions 

func DisableXFrameOptions() SecurityHeadersOption

DisableXFrameOptions disables the X-Frame-Options header.

func DisableXXSSProtection 

func DisableXXSSProtection() SecurityHeadersOption

DisableXXSSProtection disables the X-XSS-Protection header.

func WithContentSecurityPolicy 

func WithContentSecurityPolicy(value string) SecurityHeadersOption

WithContentSecurityPolicy sets the Content-Security-Policy header value.

func WithReferrerPolicy 

func WithReferrerPolicy(value string) SecurityHeadersOption

WithReferrerPolicy sets the Referrer-Policy header value.

func WithStrictTransportSecurity 

func WithStrictTransportSecurity(value string) SecurityHeadersOption

func WithXContentTypeOptions 

func WithXContentTypeOptions(value string) SecurityHeadersOption

func WithXFrameOptions 

func WithXFrameOptions(value string) SecurityHeadersOption

func WithXXSSProtection 

func WithXXSSProtection(value string) SecurityHeadersOption

type TimeoutConfig 

type TimeoutConfig struct {
	Timeout time.Duration
}

TimeoutConfig holds configuration for timeout middleware.

type TimeoutOption 

type TimeoutOption func(*TimeoutConfig)

func WithDefaultTimeout 

func WithDefaultTimeout() TimeoutOption

func WithLongTimeout 

func WithLongTimeout() TimeoutOption

func WithShortTimeout 

func WithShortTimeout() TimeoutOption

func WithTimeout 

func WithTimeout(timeout time.Duration) TimeoutOption

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.