1
Middleware
Virgil edited this page 2026-03-11 12:06:34 +00:00
Table of Contents
Middleware
Module: forge.lthn.ai/core/go-api
All middleware is configured via functional options passed to api.New().
Authentication & Authorisation
| Option | Description |
|---|---|
WithBearerAuth(token) |
Bearer token auth (skips /health, /swagger) |
WithAuthentik(cfg) |
Authentik forward-auth via X-authentik-* headers (permissive) |
WithAuthz(enforcer) |
Casbin policy-based authorisation |
WithHTTPSign(secrets, opts...) |
HTTP signature verification (draft-cavage) |
WithSessions(name, secret) |
Cookie-based session management |
Compression
| Option | Description |
|---|---|
WithGzip(level...) |
gzip response compression (default: gzip.DefaultCompression) |
WithBrotli(level...) |
Brotli response compression |
Security
| Option | Description |
|---|---|
WithSecure() |
HSTS (1yr), X-Frame-Options DENY, nosniff, strict referrer |
WithRequestID() |
Assigns X-Request-ID (preserves client-provided) |
Performance
| Option | Description |
|---|---|
WithCache(ttl) |
In-memory GET response caching with X-Cache: HIT header |
WithTimeout(duration) |
Per-request timeout, 504 on exceed |
Observability
| Option | Description |
|---|---|
WithSlog(logger) |
Structured request logging |
WithPprof() |
Runtime profiling at /debug/pprof/ |
WithExpvar() |
Runtime metrics at /debug/vars |
Content
| Option | Description |
|---|---|
WithCORS(origins...) |
CORS with standard methods/headers ("*" for all) |
WithStatic(prefix, root) |
Static file serving (no directory listing) |
WithLocation() |
Reverse proxy header detection (X-Forwarded-*) |
Streaming
| Option | Description |
|---|---|
WithWSHandler(h) |
WebSocket handler at GET /ws |
WithSSE(broker) |
Server-Sent Events at GET /events |
WithGraphQL(schema, opts...) |
GraphQL endpoint (default /graphql) with optional playground |
WithSwagger(title, desc, ver) |
Swagger UI at /swagger/ |