Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Middleware Catalogue

The catalogue is a set of ready-made middleware packages that cover the common needs of every production API — authentication, validation, password hashing, audit logging, caching, CORS, and so on. Each one is an ordinary maniflex.MiddlewareFunc you register on the appropriate pipeline step, with the same scoping options as any other middleware.

The packages live under maniflex/middleware/. Each one is its own Go module so a project pulls in only the dependencies it actually uses:

PackageStepWhat it ships
middleware/authAuthJWT, API key, role gates, public-read helpers
middleware/bodyDeserialize / Validatebody size limits, unknown-field stripping, type coercion
middleware/validateValidateuniqueness, regex, cross-field rules, numeric precision, date ranges, conditional required
middleware/workflowValidatestate-machine transitions with role-gated guards
middleware/serviceService / DB-Afterpassword hashing, slugify, derived fields, event emission, webhooks, email
middleware/dbDBtenancy, forced filters, rate limiting, audit log, cache invalidation
middleware/responseResponseCORS, caching, transforms, redaction, envelopes, metrics
middleware/openapiOpenAPI.Generatesecurity schemes, servers, titles, custom extensions

How to use the catalogue

Import the package you need and register the returned middleware on the matching pipeline step:

import (
    "github.com/xaleel/maniflex/middleware/auth"
    "github.com/xaleel/maniflex/middleware/service"
)

server.Pipeline.Auth.Register(
    auth.JWTAuth("my-signing-secret", auth.JWTOptions{Issuer: "my-app"}),
)

server.Pipeline.Service.Register(
    service.HashField("password"),
    maniflex.ForModel("User"),
)

Each middleware factory returns a maniflex.MiddlewareFunc, so the standard options — ForModel, ForOperation, AtPosition, WithName — apply verbatim.

Composition

Catalogue middleware is designed to be composable. The expected stack for a typical REST API is roughly:

  1. AuthJWTAuth or APIKeyAuth populates ctx.Auth; RequireRole gates sensitive operations.
  2. BodyMaxBodySize and StripUnknownFields shape input early.
  3. Validate — built-in tag rules plus UniqueField and friends.
  4. ServiceHashField, SetField, SlugifyField, then any custom business logic, then Emit / Webhook / SendEmail on the After side.
  5. DBTenancy or ForceFilter enforces row-level scoping; AuditLog and Invalidate run After.
  6. ResponseCORSHeaders, Cache, RedactField, then Logging / Metrics on the After side.

Mix and match freely; nothing in the catalogue is required.

Writing your own

The catalogue is just an applied form of Writing Middleware. If a built-in does not match your needs, write your own — the contract is the same func(ctx *maniflex.ServerContext, next func() error) error signature.