go/httpmw
1
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity

feat(httpmw): initial stable release v0.9.0

Browse Source 
Standalone net/http middleware for panic recovery, CORS, request ID injection, and request logging.

What's included:
- Recover(): panic -> 500, captures debug.Stack, no logger required
- CORS(origins): OPTIONS 204 preflight, origin allowlist, package-wide method/header constants
- RequestID(generator): injects ID via logz.WithRequestID, sets X-Request-ID response header
- RequestLogger(logger): logs method/path/status/latency/request_id; Error for 5xx, Info otherwise
- Logger interface: Info, Error, With — duck-typed; satisfied by logz.Logger
- StatusRecorder: exported http.ResponseWriter wrapper that captures written status code
- Direct logz import for context helpers (documented exception to ADR-001)

Tested-via: todo-api POC integration
Reviewed-against: docs/adr/
This commit is contained in:
Rene Nochebuena
2026-03-19 00:03:24 +00:00
commit ad2a9e465e
17 changed files with 739 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
cors.go Normal file
View File

@@ -0,0 +1,51 @@
package httpmw
import (
"net/http"
"strings"
)
const (
allowedMethods = "GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS"
allowedHeaders = "Content-Type, Authorization, X-Request-ID"
)
// CORS applies Cross-Origin Resource Sharing headers.
// origins is the allowed origins list. Pass []string{"*"} for development.
func CORS(origins []string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
origin := r.Header.Get("Origin")
allowed := false
for _, o := range origins {
if o == "*" || o == origin {
allowed = true
break
}
}
if allowed {
w.Header().Set("Access-Control-Allow-Origin", origin)
w.Header().Set("Access-Control-Allow-Methods", allowedMethods)
w.Header().Set("Access-Control-Allow-Headers", allowedHeaders)
}
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
next.ServeHTTP(w, r)
})
}
}
// originAllowed is a helper for tests.
func originAllowed(origins []string, origin string) bool {
for _, o := range origins {
if o == "*" {
return true
}
if strings.EqualFold(o, origin) {
return true
}
}
return false
}