Documentation
¶
Overview ¶
Package echo provides the shared Echo HTTP stack: instance assembly, apperror-aware error handling, request logging, Sentry integration, the HTTP server lifecycle, and actor guard middlewares.
Index ¶
- func AuthMiddleware[U any](cfg AuthConfig[U]) labecho.MiddlewareFunc
- func BearerToken(c *labecho.Context) string
- func EnsureRoles(...) labecho.MiddlewareFunc
- func ErrorHandler(c *labecho.Context, err error)
- func GetSentryHub(c *labecho.Context) *sentry.Hub
- func Logger(l logger.Logger) labecho.MiddlewareFunc
- func New(v validator.Validator, l logger.Logger, extra ...labecho.MiddlewareFunc) *labecho.Echo
- func RequireAdmin(next labecho.HandlerFunc) labecho.HandlerFunc
- func RequireService(next labecho.HandlerFunc) labecho.HandlerFunc
- func RequireUser(next labecho.HandlerFunc) labecho.HandlerFunc
- func Sentry() labecho.MiddlewareFunc
- type AuthConfig
- type Server
- type ServerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthMiddleware ¶
func AuthMiddleware[U any](cfg AuthConfig[U]) labecho.MiddlewareFunc
AuthMiddleware resolves the actor and user from the Bearer token; the request continues without an actor if the token is absent or invalid — route guards (RequireUser, RequireAdmin, RequireService) decide whether an anonymous request may proceed.
The actor's realm roles are taken from the token as-is. Routes that need them complete (admin routes) add EnsureRoles to their group.
func BearerToken ¶
BearerToken extracts the Bearer token from the Authorization header, returning an empty string if not present.
func EnsureRoles ¶
func EnsureRoles( ensure func(ctx context.Context, token string, actor *authorization.Actor) (*authorization.Actor, error), ) labecho.MiddlewareFunc
EnsureRoles returns middleware that completes the authenticated actor's realm roles before the route runs, fetching them from the identity provider when the access token omitted them. Apply it to the admin route group, ahead of RequireAdmin — it is the explicit declaration that this subtree needs accurate roles.
ensure is typically the auth driver's EnsureRoles method. Failures fail closed: the un-hydrated actor proceeds, so RequireAdmin denies access rather than letting a userinfo outage 500 the request.
func ErrorHandler ¶
ErrorHandler maps apperror types to HTTP statuses and reports unexpected errors to Sentry.
func GetSentryHub ¶
GetSentryHub returns the per-request Sentry hub stored in the echo context, or nil when Sentry is not configured.
func Logger ¶
func Logger(l logger.Logger) labecho.MiddlewareFunc
Logger emits structured logs for every HTTP request.
func New ¶
New creates a fully configured Echo instance with the standard middleware stack (Sentry, CORS, Recover, request logging) plus any extra middlewares the service supplies (typically its authenticator).
func RequireAdmin ¶
func RequireAdmin(next labecho.HandlerFunc) labecho.HandlerFunc
RequireAdmin returns 401 if unauthenticated, 403 if the actor is not an admin.
func RequireService ¶
func RequireService(next labecho.HandlerFunc) labecho.HandlerFunc
RequireService returns 401 if unauthenticated, 403 if the actor is not a service.
func RequireUser ¶
func RequireUser(next labecho.HandlerFunc) labecho.HandlerFunc
RequireUser returns 401 if no authenticated actor is in context.
func Sentry ¶
func Sentry() labecho.MiddlewareFunc
Sentry returns a middleware that attaches a per-request Sentry hub to the echo context and captures any panics before the Recover middleware handles them.
Types ¶
type AuthConfig ¶
type AuthConfig[U any] struct { // Authenticate validates the bearer token and returns the actor and the service's user entity (typically the auth // package's Authenticate). Authenticate func(ctx context.Context, token string) (*authorization.Actor, *U, error) }
AuthConfig wires the shared auth middleware to a service. New fields can be added without breaking existing call sites — prefer extending this struct over adding parameters.
Source Files