middleware

package

v0.1.0 Latest Latest Go to latest Published: Feb 23, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/alternayte/forge

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CORSMiddleware(cfg config.CORSConfig) func(http.Handler) http.Handler
func RateLimitMiddleware(cfg config.RateLimitConfig) (func(http.Handler) http.Handler, error)
type AuthMiddleware
- func NewAuthMiddleware(api huma.API, tokenStore auth.TokenStore, apiKeyStore auth.APIKeyStore) *AuthMiddleware
- func (m *AuthMiddleware) Handle(ctx huma.Context, next func(huma.Context))

Constants ¶

View Source

const (
	// ContextKeyUserID is set in context when a bearer token is validated.
	ContextKeyUserID contextKey = "user_id"
	// ContextKeyAPIKeyID is set in context when an API key is validated.
	ContextKeyAPIKeyID contextKey = "api_key_id"
	// ContextKeyAPIKeyScopes is set in context with the API key's scopes.
	ContextKeyAPIKeyScopes contextKey = "api_key_scopes"
)

Variables ¶

This section is empty.

Functions ¶

func CORSMiddleware ¶

func CORSMiddleware(cfg config.CORSConfig) func(http.Handler) http.Handler

CORSMiddleware returns an HTTP middleware that applies CORS headers based on the forge.toml CORSConfig. If config.Enabled is false, a no-op pass-through middleware is returned so the middleware slot can always be wired in.

SAFETY: Combining AllowCredentials with a wildcard origin ("*") is forbidden by the CORS spec. If detected, credentials are disabled and a warning is logged so the API remains functional rather than breaking silently.

func RateLimitMiddleware ¶

func RateLimitMiddleware(cfg config.RateLimitConfig) (func(http.Handler) http.Handler, error)

RateLimitMiddleware returns an HTTP middleware that enforces per-IP token bucket rate limiting using go-limiter. If config.Enabled is false, a no-op pass-through middleware is returned.

The middleware automatically sets X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers. Requests that exceed the limit receive HTTP 429 Too Many Requests.

Types ¶

type AuthMiddleware ¶

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware validates bearer tokens and API keys on every request. It sets auth context values for downstream handlers on success, and returns 401 Unauthorized when no valid credential is presented.

func NewAuthMiddleware ¶

func NewAuthMiddleware(api huma.API, tokenStore auth.TokenStore, apiKeyStore auth.APIKeyStore) *AuthMiddleware

NewAuthMiddleware creates an AuthMiddleware that uses the given stores. The huma.API is required so the middleware can write structured error responses via huma.WriteErr.

func (*AuthMiddleware) Handle ¶

func (m *AuthMiddleware) Handle(ctx huma.Context, next func(huma.Context))

Handle implements the Huma middleware interface. It checks the Authorization header for a bearer token or an API key and rejects requests without a valid credential with HTTP 401.

When both tokenStore and apiKeyStore are nil (no auth configured), the middleware passes through without checking credentials. This allows freshly generated projects to work out of the box before auth is set up.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL