middleware

type APIKeyConfig struct {
	// Header name to look for the API key (e.g., "X-API-Key").
	Header string

	// Query parameter name to look for the API key (optional).
	Query string

	// Validator validates the API key and returns user info.
	Validator func(key string) (any, bool)

	// ContextKey to store authenticated user.
	ContextKey string
}

type AuthConfig struct {
	// Validator is a function that validates credentials and returns user info.
	Validator func(credentials string) (any, bool)

	// Realm is the authentication realm for Basic Auth.
	Realm string

	// Unauthorized is called when authentication fails.
	// If nil, a default 401 response is sent.
	Unauthorized func(*ginji.Context)

	// ContextKey is the key used to store authenticated user in context.
	ContextKey string

	// SkipFunc allows skipping authentication for certain requests.
	SkipFunc func(*ginji.Context) bool
}

type BasicAuthConfig struct {
	// Users is a map of allowed username:password pairs.
	Users map[string]string

	// Validator is a custom function to validate username/password.
	// Takes precedence over Users map.
	Validator func(username, password string) bool

	// Realm for WWW-Authenticate header.
	Realm string

	// ContextKey to store authenticated username.
	ContextKey string
}

type BearerAuthConfig struct {
	// Validator validates the bearer token and returns user info.
	Validator func(token string) (any, bool)

	// ContextKey to store authenticated user.
	ContextKey string

	// Realm for WWW-Authenticate header.
	Realm string
}

type BodyLimitConfig struct {
	// MaxBytes is the maximum allowed size of the request body in bytes.
	MaxBytes int64

	// ErrorMessage is the custom error message to return when limit is exceeded.
	// If empty, a default message will be used.
	ErrorMessage string

	// StatusCode is the HTTP status code to return when limit is exceeded.
	// Defaults to 413 (Request Entity Too Large).
	StatusCode int
}

type CSP struct {
	// contains filtered or unexported fields
}

type CSRFConfig struct {
	// TokenLength is the length of CSRF tokens in bytes.
	// Default: 32
	TokenLength int

	// TokenLookup specifies how to extract the token from the request.
	// Formats: "header:<name>", "form:<name>", "query:<name>"
	// Default: "header:X-CSRF-Token"
	TokenLookup string

	// CookieName is the name of the CSRF cookie.
	// Default: "_csrf"
	CookieName string

	// CookiePath is the path for the CSRF cookie.
	// Default: "/"
	CookiePath string

	// CookieDomain is the domain for the CSRF cookie.
	CookieDomain string

	// CookieSecure sets the Secure flag on the cookie.
	// Default: false
	CookieSecure bool

	// CookieHTTPOnly sets the HttpOnly flag on the cookie.
	// Default: true
	CookieHTTPOnly bool

	// CookieSameSite sets the SameSite attribute on the cookie.
	// Default: http.SameSiteStrictMode
	CookieSameSite http.SameSite

	// CookieMaxAge is the max age of the CSRF cookie in seconds.
	// Default: 86400 (24 hours)
	CookieMaxAge int

	// ContextKey is the key used to store the CSRF token in the context.
	// Default: "csrf"
	ContextKey string

	// ErrorHandler is called when CSRF validation fails.
	// If nil, a default 403 response is sent.
	ErrorHandler func(*ginji.Context)
}

type HealthCheckConfig struct {
	// LivenessPath is the path for liveness probes.
	// Default: "/health/live"
	LivenessPath string

	// ReadinessPath is the path for readiness probes.
	// Default: "/health/ready"
	ReadinessPath string

	// Checkers are health check functions to run for readiness.
	// Liveness checks are typically simpler (just checking if the app is running).
	Checkers map[string]HealthChecker

	// Timeout is the maximum time to wait for all health checks.
	// Default: 5 seconds
	Timeout time.Duration

	// DisableLiveness disables the liveness endpoint.
	DisableLiveness bool

	// DisableReadiness disables the readiness endpoint.
	DisableReadiness bool
}

type HealthChecker func() error

type HealthStatus struct {
	Status  string            `json:"status"`
	Checks  map[string]string `json:"checks,omitempty"`
	Message string            `json:"message,omitempty"`
	Time    string            `json:"time"`
}

type LoggerConfig struct {
	// Logger is the slog logger instance to use. If nil, uses engine's logger.
	Logger *slog.Logger

	// SkipPaths is a list of paths to skip logging (e.g., health checks).
	SkipPaths []string

	// SkipFunc allows custom logic to skip logging for certain requests.
	SkipFunc func(*ginji.Context) bool
}

type RateLimiterConfig struct {
	// Max is the maximum number of requests allowed in the time window.
	Max int

	// Window is the time window for rate limiting.
	Window time.Duration

	// KeyFunc is a function that returns the key for rate limiting.
	// Common keys: IP address, user ID, API key.
	// Default: uses client IP
	KeyFunc func(*ginji.Context) string

	// ErrorMessage is returned when rate limit is exceeded.
	ErrorMessage string

	// StatusCode is the HTTP status code when rate limit is exceeded.
	// Default: 429 Too Many Requests
	StatusCode int

	// SkipFunc allows skipping rate limiting for certain requests.
	SkipFunc func(*ginji.Context) bool

	// Headers determines whether to add rate limit headers to the response.
	Headers bool

	// TrustedProxies is a list of trusted proxy IP addresses.
	// If empty, X-Forwarded-For headers are not trusted.
	TrustedProxies []string
}

type RequestIDConfig struct {
	// Generator is a function that generates unique request IDs.
	// If nil, a default UUID-like generator is used.
	Generator func() string

	// RequestIDHeader is the header name for the request ID.
	// Default: "X-Request-ID"
	RequestIDHeader string

	// ResponseIDHeader is the header name for the response ID.
	// Default: "X-Request-ID"
	ResponseIDHeader string

	// ContextKey is the key to store the request ID in context.
	// Default: "request_id"
	ContextKey string
}

type SecureConfig struct {
	// XSSProtection provides XSS protection header.
	// Default: "1; mode=block"
	XSSProtection string

	// ContentTypeNosniff provides X-Content-Type-Options header.
	// Default: "nosniff"
	ContentTypeNosniff string

	// XFrameOptions provides X-Frame-Options header.
	// Possible values: "DENY", "SAMEORIGIN", "ALLOW-FROM uri"
	// Default: "SAMEORIGIN"
	XFrameOptions string

	// HSTSMaxAge sets the Strict-Transport-Security header max-age value in seconds.
	// Default: 0 (disabled)
	HSTSMaxAge int

	// HSTSIncludeSubdomains adds includeSubDomains to the HSTS header.
	// Default: false
	HSTSIncludeSubdomains bool

	// HSTSPreload adds preload to the HSTS header.
	// Default: false
	HSTSPreload bool

	// ContentSecurityPolicy sets the Content-Security-Policy header.
	// Default: "" (not set)
	ContentSecurityPolicy string

	// ReferrerPolicy sets the Referrer-Policy header.
	// Default: "" (not set)
	ReferrerPolicy string

	// PermissionsPolicy sets the Permissions-Policy header.
	// Default: "" (not set)
	PermissionsPolicy string

	// CrossOriginEmbedderPolicy sets the Cross-Origin-Embedder-Policy header.
	// Possible values: "unsafe-none", "require-corp", "credentialless"
	// Default: "" (not set)
	CrossOriginEmbedderPolicy string

	// CrossOriginOpenerPolicy sets the Cross-Origin-Opener-Policy header.
	// Possible values: "unsafe-none", "same-origin-allow-popups", "same-origin"
	// Default: "" (not set)
	CrossOriginOpenerPolicy string

	// CrossOriginResourcePolicy sets the Cross-Origin-Resource-Policy header.
	// Possible values: "same-site", "same-origin", "cross-origin"
	// Default: "" (not set)
	CrossOriginResourcePolicy string
}

type TimeoutConfig struct {
	// Timeout is the duration before the request times out.
	Timeout time.Duration

	// ErrorMessage is the message returned when a timeout occurs.
	ErrorMessage string

	// StatusCode is the HTTP status code for timeout responses.
	// Default: 408 Request Timeout or 504 Gateway Timeout
	StatusCode int

	// SkipFunc allows skipping timeout for certain requests.
	SkipFunc func(*ginji.Context) bool
}