Documentation
¶
Overview ¶
Package middleware contains shared net/http middleware.
Index ¶
- func DebugDump(log zerolog.Logger, bodyOut io.Writer) func(http.Handler) http.Handler
- func Logging(log zerolog.Logger) func(http.Handler) http.Handler
- func MaxBodyBytes(limit int64) func(http.Handler) http.Handler
- func Recovery(log zerolog.Logger) func(http.Handler) http.Handler
- func RequestID(next http.Handler) http.Handler
- func RequestIDFromContext(ctx context.Context) string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DebugDump ¶
DebugDump logs every request (method, path, query, headers, body) and every response (status, headers, body) at INFO level. Off by default — enable via the DEBUG env var. Output shape per request:
21:39:28 INFO → request method=POST path=/oauth/token body_bytes=63
grant_type=client_credentials
client_id=docs
client_secret=<redacted>
21:39:28 INFO ← response status=200 body_bytes=142
{
"access_token": "<redacted>",
"token_type": "Bearer",
"expires_in": 86400
}
Bodies print AFTER the structured line as indented multi-line blocks because zerolog escapes everything inside a field value (which turns nested JSON into unreadable `\"` soup). JSON bodies get pretty-printed; form-encoded bodies split one key=value per line; everything else prints as-is. Authorization/Cookie headers are redacted (first 8 chars + "…<redacted>"); JWT/secret field values inside bodies are redacted to `<redacted>`. Bodies are capped at debugBodyCap (8 KiB).
NOT for production — buffering every request + response body and serialising through the logger costs an allocation and a synchronous write per request. Auth0-mock is local-dev / CI tooling, but even here you only want this on while actively debugging an SDK trace.
func Logging ¶
Logging emits one structured log line per request. The action (method, path, status) lives in the message so the eye lands on it first instead of after an alphabetical wall of fields. Use when DEBUG is OFF; the DebugDump middleware emits its own pair of request/response lines that already carry latency + bytes, so router.New skips Logging when DebugDump is mounted.
Note: the request ID is intentionally NOT dumped into the log line. It's still generated by RequestID middleware and echoed back via X-Request-Id (real-Auth0 behaviour), but for a local-dev mock the per-line rid was more noise than signal. Re-add if/when concurrent- request interleaving becomes a real source of confusion.
func MaxBodyBytes ¶
MaxBodyBytes caps every incoming request body to limit bytes. Reads past the limit return *http.MaxBytesError from the wrapped reader; downstream handlers surface that to the client through their normal decode-error path (a 400 in this codebase). The cap exists to bound the per-request allocation that /admin0/expectations and /oauth/token would otherwise accept unbounded.
Limit ≤ 0 is treated as "no limit" — the middleware is a no-op so callers can configure their way out of the cap if they really need to.
func Recovery ¶
Recovery converts panics in downstream handlers into 500 responses. The panic value goes into the structured log line; the stack trace prints separately as an indented block — same reasoning as DebugDump's body printer (zerolog escapes a Bytes field into a single `\n`-soup line, useless for reading a stack).
func RequestID ¶
RequestID populates the context (and the X-Request-Id response header) with the incoming X-Request-Id header value, or a new UUID if absent.
func RequestIDFromContext ¶
RequestIDFromContext returns the request_id stored in the context (or "").
Types ¶
This section is empty.
Source Files