Documentation
¶
Index ¶
- Constants
- func APIKeyAuth(validKeys []string) gin.HandlerFunc
- func CombinedAuth(jwtAuth, apiKeyAuth gin.HandlerFunc) gin.HandlerFunc
- func JWTAuth(secret, issuer string) gin.HandlerFunc
- func Prometheus() gin.HandlerFunc
- func RBAC(allowedRoles ...string) gin.HandlerFunc
- func RateLimit(requests int, window time.Duration) gin.HandlerFunc
- func RequestID() gin.HandlerFunc
- func RequestLogging() gin.HandlerFunc
- func RequirePermission(rbac *security.RBACService, resource, action string) gin.HandlerFunc
- func SecurityHeaders() gin.HandlerFunc
- func SetAuditModeForTests(enabled bool)
- func TenantContext(cfg *config.ConsolidatedConfig) gin.HandlerFunc
- func Tracing(tracerName string) gin.HandlerFunc
Constants ¶
const ( HeaderRequestID = "X-Request-ID" HeaderTraceID = "X-Trace-ID" HeaderSpanID = "X-Span-ID" )
Variables ¶
This section is empty.
Functions ¶
func CombinedAuth ¶
func CombinedAuth(jwtAuth, apiKeyAuth gin.HandlerFunc) gin.HandlerFunc
CombinedAuth allows either JWT or API key authentication
func Prometheus ¶
func Prometheus() gin.HandlerFunc
Prometheus is a Gin middleware that records basic HTTP metrics
func RBAC ¶
func RBAC(allowedRoles ...string) gin.HandlerFunc
RBAC implements role-based access control
func RateLimit ¶
func RateLimit(requests int, window time.Duration) gin.HandlerFunc
RateLimit implements simple rate limiting
func RequestID ¶
func RequestID() gin.HandlerFunc
RequestID adds a unique request ID to each request
func RequestLogging ¶
func RequestLogging() gin.HandlerFunc
RequestLogging logs structured request/response with correlation IDs.
func RequirePermission ¶
func RequirePermission(rbac *security.RBACService, resource, action string) gin.HandlerFunc
RequirePermission enforces (resource, action) against a user_role present in context (set by auth middleware) using RBACService.CheckPermission. It allows a comma separated list of fallback roles in header X-User-Roles if user_role not set. Tracing: RBACService.CheckPermission creates the rbac.has_permission span.
func SecurityHeaders ¶
func SecurityHeaders() gin.HandlerFunc
SecurityHeaders adds security headers to responses
func SetAuditModeForTests ¶
func SetAuditModeForTests(enabled bool)
SetAuditModeForTests is an intentional test hook allowing deterministic toggling of audit soft-deny semantics without process restart (env variable is read only once in init). Not used by production code.
func TenantContext ¶
func TenantContext(cfg *config.ConsolidatedConfig) gin.HandlerFunc
TenantContext resolves tenant from headers and attaches to context when multi-tenancy is enabled. Header: X-Tenant-ID. When enabled and header is present/non-empty, sets:
- Gin context key "tenant_id"
- Request context value multitenant.ContextKeyTenantID
If feature flag is disabled, this middleware is a no-op. TenantContext: Intentional test helper kept separate from production buildTenantMiddleware. Used only in unit/e2e tests to validate tenant extraction chain (header -> jwt_claims -> context propagation). Production server enforces tenant requirements via buildTenantMiddleware in enterprise.go.
func Tracing ¶
func Tracing(tracerName string) gin.HandlerFunc
Tracing sets up request/trace/span IDs and context propagation.
Types ¶
This section is empty.
Source Files