Documentation
¶
Overview ¶
Package middleware provides middleware functions for the transport package.
Index ¶
- Constants
- Variables
- func CreateHeaderForwardMiddleware(addHeaders map[string]string) (types.MiddlewareFunction, error)
- func CreateMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error
- func CreateStripAuthMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error
- func CreateTokenInjectionMiddleware(tokenSource oauth2.TokenSource) types.MiddlewareFunction
- func WriteTimeout(endpointPath string) func(http.Handler) http.Handler
- type HeaderForwardFactoryMiddleware
- type HeaderForwardMiddlewareParams
- type StripAuthMiddleware
Constants ¶
const HeaderForwardMiddlewareName = "header-forward"
HeaderForwardMiddlewareName is the type constant for the header forward middleware.
const StripAuthMiddlewareName = "strip-auth"
StripAuthMiddlewareName is the type constant for the credential stripping middleware.
Variables ¶
var RestrictedHeaders = map[string]bool{ "Host": true, "Connection": true, "Keep-Alive": true, "Te": true, "Trailer": true, "Upgrade": true, "Http2-Settings": true, "Proxy-Authorization": true, "Proxy-Authenticate": true, "Proxy-Connection": true, "Transfer-Encoding": true, "Content-Length": true, "Forwarded": true, "X-Forwarded-For": true, "X-Forwarded-Host": true, "X-Forwarded-Proto": true, "X-Real-Ip": true, }
RestrictedHeaders is the set of headers that cannot be configured for forwarding. Keys are in canonical form (http.CanonicalHeaderKey).
Functions ¶
func CreateHeaderForwardMiddleware ¶ added in v0.8.1
func CreateHeaderForwardMiddleware(addHeaders map[string]string) (types.MiddlewareFunction, error)
CreateHeaderForwardMiddleware returns a middleware function that injects configured headers into requests before they are forwarded to remote MCP servers. This is a convenience function for use outside the factory pattern (e.g., thv proxy). It returns an error if any header name is in the restricted set.
func CreateMiddleware ¶ added in v0.8.1
func CreateMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error
CreateMiddleware is the factory function for header forward middleware.
func CreateStripAuthMiddleware ¶ added in v0.30.0
func CreateStripAuthMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error
CreateStripAuthMiddleware is the factory function for the strip-auth middleware. It takes no parameters.
func CreateTokenInjectionMiddleware ¶
func CreateTokenInjectionMiddleware(tokenSource oauth2.TokenSource) types.MiddlewareFunction
CreateTokenInjectionMiddleware returns a middleware that injects a Bearer token from the provided oauth2.TokenSource. It returns 503 Service Unavailable with a Retry-After header when the token cannot be retrieved, so that MCP clients treat the failure as transient rather than initiating an OAuth discovery flow.
func WriteTimeout ¶ added in v0.12.3
WriteTimeout clears the write deadline for qualifying SSE connections (GET + Accept: text/event-stream + matching path) so http.Server.WriteTimeout does not kill long-lived streams (golang/go#16100). All other requests are left untouched.
Types ¶
type HeaderForwardFactoryMiddleware ¶ added in v0.8.1
type HeaderForwardFactoryMiddleware struct {
// contains filtered or unexported fields
}
HeaderForwardFactoryMiddleware wraps header forward functionality for the factory pattern.
func (*HeaderForwardFactoryMiddleware) Close ¶ added in v0.8.1
func (*HeaderForwardFactoryMiddleware) Close() error
Close cleans up any resources used by the middleware.
func (*HeaderForwardFactoryMiddleware) Handler ¶ added in v0.8.1
func (m *HeaderForwardFactoryMiddleware) Handler() types.MiddlewareFunction
Handler returns the middleware function used by the proxy.
type HeaderForwardMiddlewareParams ¶ added in v0.8.1
type HeaderForwardMiddlewareParams struct {
// AddHeaders is a map of header names to values to inject into requests.
AddHeaders map[string]string `json:"add_headers"`
}
HeaderForwardMiddlewareParams holds the parameters for the header forward middleware factory.
type StripAuthMiddleware ¶ added in v0.30.0
type StripAuthMiddleware struct{}
StripAuthMiddleware removes client credential headers from requests so they never reach the backend. It is used when clients are authenticated by the proxy but the backend itself is public (DisableUpstreamTokenInjection): by the time this middleware runs, the auth middleware has already validated the client JWT and stored the identity in the request context, so the backend receives an unauthenticated request. Credentials injected by middlewares that run closer to the backend (e.g. header-forward) are unaffected.
func (*StripAuthMiddleware) Close ¶ added in v0.30.0
func (*StripAuthMiddleware) Close() error
Close cleans up resources. The middleware holds none.
func (*StripAuthMiddleware) Handler ¶ added in v0.30.0
func (*StripAuthMiddleware) Handler() types.MiddlewareFunction
Handler returns the middleware function.
Source Files