middleware

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2025 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Examples

Constants

View Source 
const (
	// RequestIDKey is the key used to store request ID in context
	RequestIDKey = "request_id"

	// RequestIDHeader is the header name for request ID
	RequestIDHeader = "X-Request-ID"

	// TraceIDHeader is the header name for trace ID (for distributed tracing)
	TraceIDHeader = "X-Trace-ID"
)

Variables

This section is empty.

Functions

func GetRequestID 

func GetRequestID(c *gin.Context) string

GetRequestID is an alias for GetRequestIDFromLogger for backward compatibility

func GetRequestIDFromContext 

func GetRequestIDFromContext(ctx context.Context) string

GetRequestIDFromContext extracts request ID from standard context

func GetRequestIDFromGin 

func GetRequestIDFromGin(c *gin.Context) string

GetRequestIDFromGin extracts request ID from Gin context

func GetRequestIDFromLogger 

func GetRequestIDFromLogger(c *gin.Context) string

GetRequestIDFromLogger gets request ID from context (logger middleware compatible)

func GetStructuredLogFields 

func GetStructuredLogFields(c *gin.Context) map[string]interface{}

GetStructuredLogFields returns structured log fields for the request

func GetTraceIDFromContext 

func GetTraceIDFromContext(ctx context.Context) string

GetTraceIDFromContext extracts trace ID from standard context

func GetTraceIDFromGin 

func GetTraceIDFromGin(c *gin.Context) string

GetTraceIDFromGin extracts trace ID from Gin context

func GetTraceIDFromLogger 

func GetTraceIDFromLogger(c *gin.Context) string

GetTraceIDFromLogger gets trace ID from context (logger middleware compatible)

func GetUserID 

func GetUserID(c *gin.Context) (string, bool)

GetUserID gets user ID from context

func GetUserRole 

func GetUserRole(c *gin.Context) (string, bool)

GetUserRole gets user role from context

func HTTPSRedirect 

func HTTPSRedirect() gin.HandlerFunc

HTTPSRedirect middleware redirects HTTP to HTTPS

func IPWhitelist 

func IPWhitelist(allowedIPs []string) gin.HandlerFunc

IPWhitelist middleware allows only whitelisted IPs

func InputValidation 

func InputValidation(config *ValidationConfig) gin.HandlerFunc

InputValidation creates an input validation middleware

Example 
r := gin.New()

// Use default configuration
r.Use(InputValidation(nil))

// Or use custom configuration
config := &ValidationConfig{
	MaxRequestSize: 5 * 1024 * 1024, // 5MB
	SkipPaths:      []string{"/health", "/metrics"},
	AllowedFileTypes: []string{
		"image/jpeg",
		"image/png",
		"application/pdf",
	},
	MaxFileSize: 2 * 1024 * 1024, // 2MB
}
r.Use(InputValidation(config))

// Add request size limit for specific routes
r.POST("/upload", RequestSizeLimit(10*1024*1024), func(c *gin.Context) {
	// Handle file upload
})

func LogWithRequestID 

func LogWithRequestID(c *gin.Context, logger *slog.Logger) *slog.Logger

LogWithRequestID creates a logger with request ID context

func NoCache 

func NoCache() gin.HandlerFunc

NoCache middleware adds no-cache headers

func RequestIDMiddleware 

func RequestIDMiddleware(config *RequestIDConfig) gin.HandlerFunc

RequestIDMiddleware returns a middleware that generates and tracks request IDs

func RequestLifecycleMiddleware 

func RequestLifecycleMiddleware(config *RequestIDConfig) gin.HandlerFunc

RequestLifecycleMiddleware combines request ID generation with lifecycle tracking

func RequestSizeLimit 

func RequestSizeLimit(maxSize int64) gin.HandlerFunc

RequestSizeLimit creates a middleware to limit request body size

func RequireAnyRole 

func RequireAnyRole(roles ...string) gin.HandlerFunc

RequireAnyRole creates a middleware that requires any of the specified roles

func RequireRole 

func RequireRole(role string) gin.HandlerFunc

RequireRole creates a middleware that requires specific role

func SanitizeOutput 

func SanitizeOutput(input string) string

SanitizeOutput sanitizes strings before sending to client

func SecureHeaders 

func SecureHeaders() gin.HandlerFunc

SecureHeaders middleware adds security headers

func TrustedProxies 

func TrustedProxies(trustedProxies []string) gin.HandlerFunc

TrustedProxies middleware validates trusted proxies

func UserAgent 

func UserAgent(requiredUserAgent string) gin.HandlerFunc

UserAgent middleware validates user agent

func WithRequestID 

func WithRequestID(ctx context.Context, requestID string) context.Context

WithRequestID creates a new context with request ID

func WithTraceID 

func WithTraceID(ctx context.Context, traceID string) context.Context

WithTraceID creates a new context with trace ID

Types

type AuditAction 

type AuditAction string

AuditAction represents different types of audit actions 

const (
	AuditActionLogin            AuditAction = "LOGIN"
	AuditActionLogout           AuditAction = "LOGOUT"
	AuditActionTokenRefresh     AuditAction = "TOKEN_REFRESH"
	AuditActionTokenRevoke      AuditAction = "TOKEN_REVOKE"
	AuditActionPasswordReset    AuditAction = "PASSWORD_RESET"
	AuditActionPermissionChange AuditAction = "PERMISSION_CHANGE"
	AuditActionDataAccess       AuditAction = "DATA_ACCESS"
	AuditActionDataModify       AuditAction = "DATA_MODIFY"
	AuditActionAdminAction      AuditAction = "ADMIN_ACTION"
)

type AuditConfig 

type AuditConfig struct {
	Enabled         bool
	LogToRedis      bool
	LogToFile       bool
	RetentionDays   int
	SensitiveFields []string // Fields to redact from logs
}

AuditConfig holds audit logging configuration

type AuditEntry 

type AuditEntry struct {
	ID         string                 `json:"id"`
	Timestamp  time.Time              `json:"timestamp"`
	Action     AuditAction            `json:"action"`
	UserID     string                 `json:"user_id"`
	UserType   string                 `json:"user_type,omitempty"`
	RequestID  string                 `json:"request_id,omitempty"`
	SessionID  string                 `json:"session_id,omitempty"`
	IP         string                 `json:"ip"`
	UserAgent  string                 `json:"user_agent,omitempty"`
	Method     string                 `json:"method"`
	Path       string                 `json:"path"`
	Query      string                 `json:"query,omitempty"`
	StatusCode int                    `json:"status_code,omitempty"`
	Duration   int64                  `json:"duration_ms,omitempty"`
	Success    bool                   `json:"success"`
	ErrorMsg   string                 `json:"error_msg,omitempty"`
	Details    map[string]interface{} `json:"details,omitempty"`
	Metadata   map[string]string      `json:"metadata,omitempty"`
}

AuditEntry represents an audit log entry

type AuditFilter 

type AuditFilter struct {
	UserID    string
	Action    string
	Date      time.Time
	StartTime time.Time
	EndTime   time.Time
	Offset    int
	Limit     int
}

AuditFilter defines filters for querying audit logs

type AuditLogger 

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger handles audit logging

func NewAuditLogger 

func NewAuditLogger(logger *slog.Logger, redis *redis.Client, config AuditConfig) *AuditLogger

NewAuditLogger creates a new audit logger

func (*AuditLogger) AuditMiddleware 

func (a *AuditLogger) AuditMiddleware() gin.HandlerFunc

AuditMiddleware returns a Gin middleware for audit logging

func (*AuditLogger) LogAuth 

func (a *AuditLogger) LogAuth(ctx context.Context, action AuditAction, userID, userType string, success bool, details map[string]interface{})

LogAuth logs authentication-related events

func (*AuditLogger) LogDataAccess 

func (a *AuditLogger) LogDataAccess(ctx context.Context, userID string, resource string, action string, details map[string]interface{})

LogDataAccess logs data access events

func (*AuditLogger) QueryAuditLogs 

func (a *AuditLogger) QueryAuditLogs(ctx context.Context, filters AuditFilter) ([]AuditEntry, error)

QueryAuditLogs queries audit logs based on filters

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware handles JWT authentication

func NewAuthMiddleware 

func NewAuthMiddleware(cfg config.AuthConfig, jwtService *JWTService, redis *redis.Client) *AuthMiddleware

NewAuthMiddleware creates a new auth middleware

func (*AuthMiddleware) BlacklistToken 

func (a *AuthMiddleware) BlacklistToken(ctx context.Context, token string, expiry time.Duration) error

BlacklistToken adds token to blacklist

func (*AuthMiddleware) Handler 

func (a *AuthMiddleware) Handler() gin.HandlerFunc

Handler returns the middleware handler function

type Claims 

type Claims struct {
	UserID string `json:"user_id"`
	Role   string `json:"role"`
	jwt.RegisteredClaims
}

Claims represents JWT claims

type EnhancedClaims 

type EnhancedClaims struct {
	// User identification
	UserID   string `json:"uid"`
	UserType string `json:"user_type"` // REGULAR, ADMIN, TEMP, etc.

	// Token metadata
	TokenType TokenType `json:"token_type"`
	JTI       string    `json:"jti"`        // JWT ID for tracking
	DeviceID  string    `json:"device_id"`  // Device fingerprint
	SessionID string    `json:"session_id"` // Session tracking

	// Additional context
	IP        string            `json:"ip,omitempty"`
	UserAgent string            `json:"user_agent,omitempty"`
	Extra     map[string]string `json:"extra,omitempty"`

	jwt.RegisteredClaims
}

EnhancedClaims represents enhanced JWT claims with additional fields

type EnhancedJWTService 

type EnhancedJWTService struct {
	// contains filtered or unexported fields
}

EnhancedJWTService provides advanced JWT operations

func NewEnhancedJWTService 

func NewEnhancedJWTService(config JWTServiceConfig) *EnhancedJWTService

NewEnhancedJWTService creates a new enhanced JWT service

func (*EnhancedJWTService) GenerateAccessToken 

func (s *EnhancedJWTService) GenerateAccessToken(userID, userType string, options ...TokenOption) (string, error)

GenerateAccessToken creates a new access token

func (*EnhancedJWTService) GenerateRefreshToken 

func (s *EnhancedJWTService) GenerateRefreshToken(userID, userType string, options ...TokenOption) (string, error)

GenerateRefreshToken creates a new refresh token

func (*EnhancedJWTService) GenerateTokenPair 

func (s *EnhancedJWTService) GenerateTokenPair(userID, userType string, options ...TokenOption) (string, string, error)

GenerateTokenPair generates both access and refresh tokens

func (*EnhancedJWTService) GetTokenRemainingTime 

func (s *EnhancedJWTService) GetTokenRemainingTime(tokenString string) (time.Duration, error)

GetTokenRemainingTime returns the remaining time before token expires

func (*EnhancedJWTService) IsTokenExpired 

func (s *EnhancedJWTService) IsTokenExpired(tokenString string) bool

IsTokenExpired checks if a token is expired

func (*EnhancedJWTService) ParseToken 

func (s *EnhancedJWTService) ParseToken(tokenString string) (*EnhancedClaims, error)

ParseToken validates and parses a JWT token

func (*EnhancedJWTService) ValidateAccessToken 

func (s *EnhancedJWTService) ValidateAccessToken(tokenString string) (*EnhancedClaims, error)

ValidateAccessToken validates an access token

func (*EnhancedJWTService) ValidateRefreshToken 

func (s *EnhancedJWTService) ValidateRefreshToken(tokenString string) (*EnhancedClaims, error)

ValidateRefreshToken validates a refresh token

type JWTService 

type JWTService struct {
	// contains filtered or unexported fields
}

JWTService handles JWT operations

func NewJWTService 

func NewJWTService(cfg config.JWTConfig) *JWTService

NewJWTService creates a new JWT service

func (*JWTService) GenerateTokens 

func (j *JWTService) GenerateTokens(userID, role string) (string, string, error)

GenerateTokens generates access and refresh tokens

func (*JWTService) ValidateToken 

func (j *JWTService) ValidateToken(tokenString string) (*Claims, error)

ValidateToken validates a JWT token

type JWTServiceConfig 

type JWTServiceConfig struct {
	SecretKey             string
	AccessExpirationMins  int
	RefreshExpirationMins int
	Issuer                string

	// Advanced options
	EnableJTI             bool // Enable JWT ID tracking
	EnableDeviceTracking  bool // Enable device fingerprint
	EnableSessionTracking bool // Enable session management
	RefreshTokenRotation  bool // Rotate refresh token on use
	MaxDevices            int  // Max concurrent devices (0 = unlimited)
}

JWTServiceConfig holds JWT service configuration

type LoggerMiddleware 

type LoggerMiddleware struct {
	// contains filtered or unexported fields
}

LoggerMiddleware handles request logging

func NewLoggerMiddleware 

func NewLoggerMiddleware(cfg config.LoggerConfig, logger *slog.Logger) *LoggerMiddleware

NewLoggerMiddleware creates a new logger middleware

func (*LoggerMiddleware) Handler 

func (l *LoggerMiddleware) Handler() gin.HandlerFunc

Handler returns the middleware handler function

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages all middleware

func NewManager 

func NewManager(cfg *config.MiddlewareConfig, redis *redis.Client, logger *slog.Logger, jwtService *JWTService) *Manager

NewManager creates a new middleware manager

func Setup 

func Setup(router *gin.Engine, cfg *config.MiddlewareConfig, redis *redis.Client, logger *slog.Logger, jwtService *JWTService) *Manager

Setup is a convenience function to set up all middleware

func SetupWithAuth 

func SetupWithAuth(router *gin.Engine, cfg *config.MiddlewareConfig, redis *redis.Client, logger *slog.Logger, jwtService *JWTService) *Manager

SetupWithAuth sets up middleware with authentication on specific routes

func (*Manager) GetAuthMiddleware 

func (m *Manager) GetAuthMiddleware() gin.HandlerFunc

GetAuthMiddleware returns the auth middleware handler

func (*Manager) GetCORSMiddleware 

func (m *Manager) GetCORSMiddleware() gin.HandlerFunc

GetCORSMiddleware returns the CORS middleware handler

func (*Manager) GetLoggerMiddleware 

func (m *Manager) GetLoggerMiddleware() gin.HandlerFunc

GetLoggerMiddleware returns the logger middleware handler

func (*Manager) GetRateLimitMiddleware 

func (m *Manager) GetRateLimitMiddleware() gin.HandlerFunc

GetRateLimitMiddleware returns the rate limit middleware handler

func (*Manager) GetSecurityMiddleware 

func (m *Manager) GetSecurityMiddleware() gin.HandlerFunc

GetSecurityMiddleware returns the security middleware handler

func (*Manager) Initialize 

func (m *Manager) Initialize()

Initialize initializes all middleware instances

func (*Manager) SetupAll 

func (m *Manager) SetupAll(router *gin.Engine)

SetupAll sets up all middleware in the correct order

func (*Manager) SetupBasic 

func (m *Manager) SetupBasic(router *gin.Engine)

SetupBasic sets up basic middleware without authentication

type RateLimitMiddleware 

type RateLimitMiddleware struct {
	// contains filtered or unexported fields
}

RateLimitMiddleware handles rate limiting

func NewRateLimitMiddleware 

func NewRateLimitMiddleware(cfg config.RateLimitConfig, redis *redis.Client) *RateLimitMiddleware

NewRateLimitMiddleware creates a new rate limit middleware

func (*RateLimitMiddleware) ClearRateLimit 

func (r *RateLimitMiddleware) ClearRateLimit(ctx context.Context, key string) error

ClearRateLimit clears rate limit for a specific key

func (*RateLimitMiddleware) FixedWindowRateLimit 

func (r *RateLimitMiddleware) FixedWindowRateLimit(c *gin.Context, key string) (bool, int64, time.Time, error)

FixedWindowRateLimit implements fixed window rate limiting

func (*RateLimitMiddleware) GetRateLimitStatus 

func (r *RateLimitMiddleware) GetRateLimitStatus(ctx context.Context, key string) (int64, time.Time, error)

GetRateLimitStatus gets current rate limit status

func (*RateLimitMiddleware) Handler 

func (r *RateLimitMiddleware) Handler() gin.HandlerFunc

Handler returns the middleware handler function

type RefreshTokenManager 

type RefreshTokenManager struct {
	// contains filtered or unexported fields
}

RefreshTokenManager manages refresh token lifecycle

func NewRefreshTokenManager 

func NewRefreshTokenManager(redis *redis.Client, expirationMins int, enableRotation bool) *RefreshTokenManager

NewRefreshTokenManager creates a new refresh token manager

func (*RefreshTokenManager) CheckTokenFamily 

func (m *RefreshTokenManager) CheckTokenFamily(ctx context.Context, userID, familyID string) (bool, error)

CheckTokenFamily validates if a token belongs to a valid family chain

func (*RefreshTokenManager) GetActiveTokens 

func (m *RefreshTokenManager) GetActiveTokens(ctx context.Context, userID string) ([]TokenInfo, error)

GetActiveTokens returns information about active refresh tokens for a user

func (*RefreshTokenManager) RevokeAllUserTokens 

func (m *RefreshTokenManager) RevokeAllUserTokens(ctx context.Context, userID string) error

RevokeAllUserTokens revokes all refresh tokens for a user

func (*RefreshTokenManager) RevokeDeviceTokens 

func (m *RefreshTokenManager) RevokeDeviceTokens(ctx context.Context, userID, deviceID string) error

RevokeDeviceTokens revokes all tokens for a specific device

func (*RefreshTokenManager) RevokeFamilyTokens 

func (m *RefreshTokenManager) RevokeFamilyTokens(ctx context.Context, userID, familyID string) error

RevokeFamilyTokens revokes all tokens in a family chain

func (*RefreshTokenManager) RevokeRefreshToken 

func (m *RefreshTokenManager) RevokeRefreshToken(ctx context.Context, userID string) error

RevokeRefreshToken revokes a specific refresh token

func (*RefreshTokenManager) RotateRefreshToken 

func (m *RefreshTokenManager) RotateRefreshToken(ctx context.Context, userID, oldToken string, newToken string, newClaims *EnhancedClaims) error

RotateRefreshToken rotates a refresh token (if rotation is enabled)

func (*RefreshTokenManager) StoreRefreshToken 

func (m *RefreshTokenManager) StoreRefreshToken(ctx context.Context, userID, tokenString string, claims *EnhancedClaims) error

StoreRefreshToken stores a refresh token in Redis

func (*RefreshTokenManager) ValidateRefreshToken 

func (m *RefreshTokenManager) ValidateRefreshToken(ctx context.Context, userID, tokenString string) (bool, error)

ValidateRefreshToken validates a refresh token from Redis

type RefreshTokenResult 

type RefreshTokenResult struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token,omitempty"` // Only if rotation is enabled
	ExpiresIn    int    `json:"expires_in"`              // Seconds until access token expires
}

RefreshTokenResult holds the result of a token refresh operation

type RequestIDConfig 

type RequestIDConfig struct {
	// Generator is the function to generate request ID
	Generator func() string

	// HeaderName is the header name for request ID
	HeaderName string

	// ContextKey is the key used to store request ID in context
	ContextKey string

	// SkipPaths are paths that should not generate request ID
	SkipPaths []string

	// EnableTraceID enables distributed tracing ID
	EnableTraceID bool

	// TraceIDGenerator is the function to generate trace ID
	TraceIDGenerator func() string
}

RequestIDConfig holds configuration for request ID middleware

func DefaultRequestIDConfig 

func DefaultRequestIDConfig() *RequestIDConfig

DefaultRequestIDConfig returns default configuration

type RequestInfo 

type RequestInfo struct {
	RequestID string    `json:"request_id"`
	TraceID   string    `json:"trace_id,omitempty"`
	Method    string    `json:"method"`
	Path      string    `json:"path"`
	UserAgent string    `json:"user_agent"`
	IP        string    `json:"ip"`
	StartTime time.Time `json:"start_time"`
	EndTime   time.Time `json:"end_time,omitempty"`
	Duration  int64     `json:"duration_ms,omitempty"`
	Status    int       `json:"status,omitempty"`
}

RequestInfo holds request information for logging

func GetRequestInfo 

func GetRequestInfo(c *gin.Context) RequestInfo

GetRequestInfo extracts complete request information from context

type RequestTracker 

type RequestTracker struct {
	// contains filtered or unexported fields
}

RequestTracker tracks request lifecycle

func NewRequestTracker 

func NewRequestTracker(config *RequestIDConfig) *RequestTracker

NewRequestTracker creates a new request tracker

func (*RequestTracker) FinishRequest 

func (rt *RequestTracker) FinishRequest(c *gin.Context)

FinishRequest marks a request as finished

func (*RequestTracker) GetAllActiveRequests 

func (rt *RequestTracker) GetAllActiveRequests() map[string]*RequestInfo

GetAllActiveRequests returns all currently active requests

func (*RequestTracker) GetRequestByID 

func (rt *RequestTracker) GetRequestByID(requestID string) (*RequestInfo, bool)

GetRequestByID retrieves request information by ID

func (*RequestTracker) TrackRequest 

func (rt *RequestTracker) TrackRequest(c *gin.Context)

TrackRequest tracks a request by its ID

type SecurityMiddleware 

type SecurityMiddleware struct {
	// contains filtered or unexported fields
}

SecurityMiddleware handles security headers and CORS

func NewSecurityMiddleware 

func NewSecurityMiddleware(cfg config.SecurityConfig) *SecurityMiddleware

NewSecurityMiddleware creates a new security middleware

func (*SecurityMiddleware) CORSMiddleware 

func (s *SecurityMiddleware) CORSMiddleware() gin.HandlerFunc

CORSMiddleware creates CORS middleware

func (*SecurityMiddleware) Handler 

func (s *SecurityMiddleware) Handler() gin.HandlerFunc

Handler returns the middleware handler function

type TokenInfo 

type TokenInfo struct {
	JTI       string    `json:"jti"`
	DeviceID  string    `json:"device_id,omitempty"`
	IP        string    `json:"ip,omitempty"`
	UserAgent string    `json:"user_agent,omitempty"`
	IssuedAt  time.Time `json:"issued_at"`
	ExpiresAt time.Time `json:"expires_at"`
	LastUsed  time.Time `json:"last_used,omitempty"`
}

TokenInfo holds information about an active token

type TokenOption 

type TokenOption func(*tokenOptions)

TokenOption is a function that configures token options

func WithDeviceID 

func WithDeviceID(deviceID string) TokenOption

WithDeviceID sets the device ID for the token

func WithExtra 

func WithExtra(extra map[string]string) TokenOption

WithExtra sets additional data for the token

func WithIP 

func WithIP(ip string) TokenOption

WithIP sets the IP address for the token

func WithSessionID 

func WithSessionID(sessionID string) TokenOption

WithSessionID sets the session ID for the token

func WithUserAgent 

func WithUserAgent(userAgent string) TokenOption

WithUserAgent sets the user agent for the token

type TokenType 

type TokenType string

TokenType defines the type of JWT token 

const (
	AccessTokenType  TokenType = "access"
	RefreshTokenType TokenType = "refresh"
)

type ValidationConfig 

type ValidationConfig struct {
	// MaxRequestSize is the maximum allowed request body size
	MaxRequestSize int64
	// SkipPaths are paths that should bypass validation
	SkipPaths []string
	// CustomPatterns are additional malicious patterns to check
	CustomPatterns []*regexp.Regexp
	// AllowedFileTypes for file uploads (e.g., "image/jpeg", "image/png")
	AllowedFileTypes []string
	// MaxFileSize for file uploads
	MaxFileSize int64
}

ValidationConfig holds configuration for input validation

func DefaultValidationConfig 

func DefaultValidationConfig() *ValidationConfig

DefaultValidationConfig returns default validation configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.