<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>middleware.sl - Coverage</title>
<link rel="stylesheet" href="../assets/style.css">
</head>
<body>
<div class="container">
<header>
<h1>middleware.sl</h1>
<a href="../index.html" class="back-link">← Back to Dashboard</a>
</header>
<section class="source-view">
<table>
<tbody>
<tr class="code-line">
<td class="line-num">1</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">2</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// Middleware Examples for AI/LLM Code Generation</pre></td>
</tr><tr class="code-line">
<td class="line-num">3</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">4</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">5</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// AI AGENT GUIDE:</pre></td>
</tr><tr class="code-line">
<td class="line-num">6</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ---------------</pre></td>
</tr><tr class="code-line">
<td class="line-num">7</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// This file documents middleware conventions for the Soli MVC framework.</pre></td>
</tr><tr class="code-line">
<td class="line-num">8</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">9</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// MIDDLEWARE TYPES:</pre></td>
</tr><tr class="code-line">
<td class="line-num">10</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// 1. GLOBAL ONLY - Runs for ALL routes automatically</pre></td>
</tr><tr class="code-line">
<td class="line-num">11</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Marked with: // global_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">12</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Example: CORS, logging, security headers</pre></td>
</tr><tr class="code-line">
<td class="line-num">13</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">14</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// 2. SCOPE ONLY - Runs only when explicitly scoped</pre></td>
</tr><tr class="code-line">
<td class="line-num">15</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Marked with: // scope_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">16</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Used with: middleware("name", -> { routes })</pre></td>
</tr><tr class="code-line">
<td class="line-num">17</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Example: Authentication, authorization</pre></td>
</tr><tr class="code-line">
<td class="line-num">18</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">19</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// 3. REGULAR - Can be global OR scoped</pre></td>
</tr><tr class="code-line">
<td class="line-num">20</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - No special marker</pre></td>
</tr><tr class="code-line">
<td class="line-num">21</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Runs globally by default, can be scoped</pre></td>
</tr><tr class="code-line">
<td class="line-num">22</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">23</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// MIDDLEWARE EXECUTION:</pre></td>
</tr><tr class="code-line">
<td class="line-num">24</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Order determined by // order: N comment (lower = runs first)</pre></td>
</tr><tr class="code-line">
<td class="line-num">25</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Each middleware receives req: Any</pre></td>
</tr><tr class="code-line">
<td class="line-num">26</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Return {"continue": boolean, "request"?: dict, "response"?: dict}</pre></td>
</tr><tr class="code-line">
<td class="line-num">27</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - If continue=false, chain stops (or returns early response)</pre></td>
</tr><tr class="code-line">
<td class="line-num">28</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - If request is provided, modified request passed to next handler</pre></td>
</tr><tr class="code-line">
<td class="line-num">29</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - If response is provided, immediately returns that response</pre></td>
</tr><tr class="code-line">
<td class="line-num">30</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">31</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// TEMPLATE FOR AI GENERATION:</pre></td>
</tr><tr class="code-line">
<td class="line-num">32</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ----------------------------</pre></td>
</tr><tr class="code-line">
<td class="line-num">33</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // order: N</pre></td>
</tr><tr class="code-line">
<td class="line-num">34</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // global_only: true (or // scope_only: true)</pre></td>
</tr><tr class="code-line">
<td class="line-num">35</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">36</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// fn middleware_name(req: Any) -> Any {</pre></td>
</tr><tr class="code-line">
<td class="line-num">37</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // Your logic here</pre></td>
</tr><tr class="code-line">
<td class="line-num">38</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// </pre></td>
</tr><tr class="code-line">
<td class="line-num">39</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// return {</pre></td>
</tr><tr class="code-line">
<td class="line-num">40</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// "continue": true,</pre></td>
</tr><tr class="code-line">
<td class="line-num">41</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// "request": req // optional modification</pre></td>
</tr><tr class="code-line">
<td class="line-num">42</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// };</pre></td>
</tr><tr class="code-line">
<td class="line-num">43</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// }</pre></td>
</tr><tr class="code-line">
<td class="line-num">44</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">45</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">46</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">47</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">48</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// EXAMPLE 1: Global-only Middleware (CORS)</pre></td>
</tr><tr class="code-line">
<td class="line-num">49</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">50</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">51</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// CHARACTERISTICS:</pre></td>
</tr><tr class="code-line">
<td class="line-num">52</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Marked with // global_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">53</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Automatically runs for ALL requests</pre></td>
</tr><tr class="code-line">
<td class="line-num">54</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - No need to reference in routes.sl</pre></td>
</tr><tr class="code-line">
<td class="line-num">55</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">56</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// USAGE:</pre></td>
</tr><tr class="code-line">
<td class="line-num">57</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Set CORS headers on all responses</pre></td>
</tr><tr class="code-line">
<td class="line-num">58</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Handle preflight OPTIONS requests</pre></td>
</tr><tr class="code-line">
<td class="line-num">59</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">60</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">61</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">62</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// order: 10 - Runs early in the chain</pre></td>
</tr><tr class="code-line">
<td class="line-num">63</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// global_only: true - Automatically applies to all routes</pre></td>
</tr><tr class="code-line">
<td class="line-num">64</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">65</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre>fn cors(req: Any) -> Any {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">66</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let headers = req["headers"];</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">67</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let method = req["method"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">68</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">69</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Handle preflight OPTIONS request</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">70</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (method == "OPTIONS") {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">71</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let origin = "*";</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">72</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (has_key(headers, "Origin")) {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">73</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> origin = headers["Origin"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">74</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">75</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">76</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">77</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": false,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">78</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "response": {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">79</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "status": 204,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">80</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "headers": {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">81</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Origin": origin,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">82</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, PATCH, OPTIONS",</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">83</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Api-Key",</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">84</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Credentials": "true",</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">85</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Max-Age": "86400"</pre></td>
</tr><tr class="code-line">
<td class="line-num">86</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> },</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">87</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "body": ""</pre></td>
</tr><tr class="code-line">
<td class="line-num">88</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">89</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">90</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">91</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">92</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Add CORS headers to regular requests</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">93</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let origin = "*";</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">94</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (has_key(headers, "Origin")) {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">95</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> origin = headers["Origin"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">96</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">97</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">98</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Modify request to include CORS headers for downstream handlers</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">99</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let modified_req = req;</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">100</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> modified_req["cors_headers"] = {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">101</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Origin": origin,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">102</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "Access-Control-Allow-Credentials": "true"</pre></td>
</tr><tr class="code-line">
<td class="line-num">103</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">104</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">105</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">106</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": true,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">107</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "request": modified_req</pre></td>
</tr><tr class="code-line">
<td class="line-num">108</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">109</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>}</pre></td>
</tr><tr class="code-line">
<td class="line-num">110</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">111</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">112</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// EXAMPLE 2: Scope-only Middleware (Authentication)</pre></td>
</tr><tr class="code-line">
<td class="line-num">113</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">114</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">115</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// CHARACTERISTICS:</pre></td>
</tr><tr class="code-line">
<td class="line-num">116</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Marked with // scope_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">117</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Does NOT run automatically</pre></td>
</tr><tr class="code-line">
<td class="line-num">118</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Must be explicitly scoped in routes.sl:</pre></td>
</tr><tr class="code-line">
<td class="line-num">119</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">120</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// middleware("authenticate", -> {</pre></td>
</tr><tr class="code-line">
<td class="line-num">121</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// get("/admin", "admin#index");</pre></td>
</tr><tr class="code-line">
<td class="line-num">122</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// get("/dashboard", "dashboard#index");</pre></td>
</tr><tr class="code-line">
<td class="line-num">123</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// });</pre></td>
</tr><tr class="code-line">
<td class="line-num">124</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">125</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// USAGE:</pre></td>
</tr><tr class="code-line">
<td class="line-num">126</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Protect sensitive routes</pre></td>
</tr><tr class="code-line">
<td class="line-num">127</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Require API key or session authentication</pre></td>
</tr><tr class="code-line">
<td class="line-num">128</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">129</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">130</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">131</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// order: 20 - Runs after CORS (higher order number)</pre></td>
</tr><tr class="code-line">
<td class="line-num">132</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// scope_only: true - Only runs when explicitly scoped</pre></td>
</tr><tr class="code-line">
<td class="line-num">133</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">134</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre>fn authenticate(req: Any) -> Any {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">135</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let headers = req["headers"];</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">136</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let path = req["path"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">137</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">138</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Check for API key in header</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">139</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let api_key = "";</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">140</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (has_key(headers, "X-Api-Key")) {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">141</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> api_key = headers["X-Api-Key"];</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">142</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> } elsif (has_key(headers, "x-api-key")) {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">143</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> api_key = headers["x-api-key"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">144</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">145</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">146</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Validate API key (in real app, check database)</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">147</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let valid_key = "secret-api-key-123";</pre></td>
</tr><tr class="code-line">
<td class="line-num">148</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">149</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (api_key == valid_key) {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">150</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> print("[AUTH] Request authenticated for path: ", path);</pre></td>
</tr><tr class="code-line">
<td class="line-num">151</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">152</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Add user info to request for downstream handlers</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">153</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let modified_req = req;</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">154</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> modified_req["user"] = {"id": "user_001", "role": "admin"};</pre></td>
</tr><tr class="code-line">
<td class="line-num">155</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">156</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">157</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": true,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">158</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "request": modified_req</pre></td>
</tr><tr class="code-line">
<td class="line-num">159</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">160</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">161</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">162</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Authentication failed - return 401</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">163</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> print("[AUTH] Authentication failed for path: ", path);</pre></td>
</tr><tr class="code-line">
<td class="line-num">164</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">165</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">166</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": false,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">167</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "response": {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">168</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "status": 401,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">169</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "headers": {"Content-Type": "application/json"},</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">170</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "body": json_stringify({</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">171</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "error": "Unauthorized",</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">172</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "message": "Valid API key required in X-Api-Key header"</pre></td>
</tr><tr class="code-line">
<td class="line-num">173</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> })</pre></td>
</tr><tr class="code-line">
<td class="line-num">174</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">175</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">176</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>}</pre></td>
</tr><tr class="code-line">
<td class="line-num">177</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">178</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">179</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// EXAMPLE 3: Scope-only Middleware (Admin Authorization)</pre></td>
</tr><tr class="code-line">
<td class="line-num">180</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">181</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">182</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// USAGE:</pre></td>
</tr><tr class="code-line">
<td class="line-num">183</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Check if authenticated user has admin role</pre></td>
</tr><tr class="code-line">
<td class="line-num">184</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Scoped within authenticated routes</pre></td>
</tr><tr class="code-line">
<td class="line-num">185</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">186</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">187</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">188</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// order: 30</pre></td>
</tr><tr class="code-line">
<td class="line-num">189</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// scope_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">190</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">191</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre>fn require_admin(req: Any) -> Any {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">192</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let user = req["user"];</pre></td>
</tr><tr class="code-line">
<td class="line-num">193</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">194</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> if (user == null || user["role"] != "admin") {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">195</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">196</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": false,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">197</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "response": {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">198</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "status": 403,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">199</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "headers": {"Content-Type": "application/json"},</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">200</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "body": json_stringify({</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">201</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "error": "Forbidden",</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">202</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "message": "Admin access required"</pre></td>
</tr><tr class="code-line">
<td class="line-num">203</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> })</pre></td>
</tr><tr class="code-line">
<td class="line-num">204</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">205</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">206</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> }</pre></td>
</tr><tr class="code-line">
<td class="line-num">207</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">208</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {"continue": true, "request": req};</pre></td>
</tr><tr class="code-line">
<td class="line-num">209</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>}</pre></td>
</tr><tr class="code-line">
<td class="line-num">210</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">211</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">212</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// EXAMPLE 4: Regular Middleware (Request Logging)</pre></td>
</tr><tr class="code-line">
<td class="line-num">213</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">214</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">215</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// CHARACTERISTICS:</pre></td>
</tr><tr class="code-line">
<td class="line-num">216</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - No special markers</pre></td>
</tr><tr class="code-line">
<td class="line-num">217</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Runs globally by default</pre></td>
</tr><tr class="code-line">
<td class="line-num">218</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Can also be scoped if needed</pre></td>
</tr><tr class="code-line">
<td class="line-num">219</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">220</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// USAGE:</pre></td>
</tr><tr class="code-line">
<td class="line-num">221</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Log all requests (or scoped requests)</pre></td>
</tr><tr class="code-line">
<td class="line-num">222</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Add request timing</pre></td>
</tr><tr class="code-line">
<td class="line-num">223</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// - Add request ID for tracing</pre></td>
</tr><tr class="code-line">
<td class="line-num">224</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">225</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">226</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">227</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// order: 100 - Run last (after authentication, etc.)</pre></td>
</tr><tr class="code-line">
<td class="line-num">228</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// No global_only or scope_only = runs globally by default</pre></td>
</tr><tr class="code-line">
<td class="line-num">229</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">230</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre>fn logger(req: Any) -> Any {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">231</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let method = req["method"];</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">232</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let path = req["path"];</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">233</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let start_time = clock();</pre></td>
</tr><tr class="code-line">
<td class="line-num">234</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">235</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Log request</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">236</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> print("[LOG] ", method, " ", path);</pre></td>
</tr><tr class="code-line">
<td class="line-num">237</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line">
<td class="line-num">238</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // Add request ID for tracing</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">239</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> let modified_req = req;</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">240</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> modified_req["request_id"] = generate_uuid();</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">241</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> modified_req["start_time"] = start_time;</pre></td>
</tr><tr class="code-line">
<td class="line-num">242</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">243</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">244</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "continue": true,</pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">245</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> "request": modified_req</pre></td>
</tr><tr class="code-line">
<td class="line-num">246</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> };</pre></td>
</tr><tr class="code-line">
<td class="line-num">247</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>}</pre></td>
</tr><tr class="code-line">
<td class="line-num">248</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">249</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">250</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// EXAMPLE 5: Response Modifier Middleware</pre></td>
</tr><tr class="code-line">
<td class="line-num">251</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">252</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">253</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// This middleware modifies responses after the handler completes.</pre></td>
</tr><tr class="code-line">
<td class="line-num">254</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// Note: This requires response modification support in the framework.</pre></td>
</tr><tr class="code-line">
<td class="line-num">255</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">256</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">257</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">258</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// order: 50</pre></td>
</tr><tr class="code-line">
<td class="line-num">259</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// global_only: true</pre></td>
</tr><tr class="code-line">
<td class="line-num">260</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">261</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre>fn response_minifier(req: Any) -> Any {</pre></td>
</tr><tr class="code-line">
<td class="line-num">262</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // In framework with response modification:</pre></td>
</tr><tr class="code-line">
<td class="line-num">263</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // - Could minify HTML responses</pre></td>
</tr><tr class="code-line">
<td class="line-num">264</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // - Could add compression headers</pre></td>
</tr><tr class="code-line">
<td class="line-num">265</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> // - Could track response times</pre></td>
</tr><tr class="code-line">
<td class="line-num">266</td>
<td class="line-indicator"></td>
<td class="code-content"><pre> </pre></td>
</tr><tr class="code-line uncovered">
<td class="line-num">267</td>
<td class="line-indicator">✗</td>
<td class="code-content"><pre> return {"continue": true, "request": req};</pre></td>
</tr><tr class="code-line">
<td class="line-num">268</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>}</pre></td>
</tr><tr class="code-line">
<td class="line-num">269</td>
<td class="line-indicator"></td>
<td class="code-content"><pre></pre></td>
</tr><tr class="code-line">
<td class="line-num">270</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">271</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// HOW TO USE SCOPE-ONLY MIDDLEWARE IN routes.sl:</pre></td>
</tr><tr class="code-line">
<td class="line-num">272</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr><tr class="code-line">
<td class="line-num">273</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">274</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // Load middleware (already auto-loaded from app/middleware/)</pre></td>
</tr><tr class="code-line">
<td class="line-num">275</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // Reference by function name (without .sl extension)</pre></td>
</tr><tr class="code-line">
<td class="line-num">276</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// </pre></td>
</tr><tr class="code-line">
<td class="line-num">277</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // Scoped routes with authentication</pre></td>
</tr><tr class="code-line">
<td class="line-num">278</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// middleware("authenticate", -> {</pre></td>
</tr><tr class="code-line">
<td class="line-num">279</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// get("/api/users", "api#users");</pre></td>
</tr><tr class="code-line">
<td class="line-num">280</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// get("/api/settings", "api#settings");</pre></td>
</tr><tr class="code-line">
<td class="line-num">281</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// });</pre></td>
</tr><tr class="code-line">
<td class="line-num">282</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// </pre></td>
</tr><tr class="code-line">
<td class="line-num">283</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// // Nested scoping - auth + admin required</pre></td>
</tr><tr class="code-line">
<td class="line-num">284</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// middleware("authenticate", -> {</pre></td>
</tr><tr class="code-line">
<td class="line-num">285</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// middleware("require_admin", -> {</pre></td>
</tr><tr class="code-line">
<td class="line-num">286</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// get("/admin", "admin#index");</pre></td>
</tr><tr class="code-line">
<td class="line-num">287</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// post("/admin/users", "admin#create_user");</pre></td>
</tr><tr class="code-line">
<td class="line-num">288</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// });</pre></td>
</tr><tr class="code-line">
<td class="line-num">289</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// });</pre></td>
</tr><tr class="code-line">
<td class="line-num">290</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>//</pre></td>
</tr><tr class="code-line">
<td class="line-num">291</td>
<td class="line-indicator"></td>
<td class="code-content"><pre>// ============================================================================</pre></td>
</tr>
</tbody>
</table>
</section>
</div>
</body>
</html>