Skip to main content

modo/middleware/
mod.rs

1//! # modo::middleware
2//!
3//! HTTP middleware for the modo web framework.
4//!
5//! Provides a collection of Tower-compatible middleware layers covering
6//! the most common cross-cutting concerns for HTTP applications.
7//! Always available (no feature flag required).
8//!
9//! ## Provided items
10//!
11//! | Function / type | Purpose |
12//! |---|---|
13//! | [`compression`] | Compress responses (gzip, deflate, brotli, zstd) |
14//! | [`request_id`] | Set / propagate `x-request-id` header |
15//! | [`catch_panic`] | Convert handler panics into 500 responses |
16//! | [`cors`] / [`cors_with`] | CORS headers (static or dynamic origins) |
17//! | [`CorsConfig`] | CORS configuration |
18//! | [`subdomains`] / [`urls`] | CORS origin predicates |
19//! | [`csrf`] / [`CsrfConfig`] | Double-submit signed-cookie CSRF protection |
20//! | [`CsrfToken`] | CSRF token in request/response extensions |
21//! | [`error_handler`] | Centralised error-response rendering |
22//! | [`security_headers`] / [`SecurityHeadersConfig`] | Security response headers |
23//! | [`tracing`] | HTTP request/response lifecycle spans |
24//! | [`rate_limit`] / [`rate_limit_with`] | Token-bucket rate limiting |
25//! | [`RateLimitConfig`] | Rate-limit configuration |
26//! | [`RateLimitLayer`] | Tower layer produced by `rate_limit` / `rate_limit_with` |
27//! | [`KeyExtractor`] | Trait for custom rate-limit key extraction |
28//! | [`PeerIpKeyExtractor`] / [`GlobalKeyExtractor`] | Built-in key extractors |
29//!
30//! ## Quick start
31//!
32//! ```rust,no_run
33//! use axum::{Router, routing::get};
34//! use axum::response::IntoResponse;
35//! use modo::middleware::*;
36//!
37//! async fn render_error(err: modo::Error, _parts: http::request::Parts) -> axum::response::Response {
38//!     (err.status(), err.message().to_string()).into_response()
39//! }
40//!
41//! let app: Router = Router::new()
42//!     .route("/", get(|| async { "hello" }))
43//!     .layer(error_handler(render_error))
44//!     .layer(compression())
45//!     .layer(request_id())
46//!     .layer(catch_panic())
47//!     .layer(tracing());
48//! ```
49
50mod catch_panic;
51mod compression;
52mod cors;
53mod csrf;
54mod error_handler;
55mod rate_limit;
56mod request_id;
57mod security_headers;
58mod tracing;
59
60pub use self::tracing::tracing;
61pub use catch_panic::catch_panic;
62pub use compression::compression;
63pub use cors::{CorsConfig, cors, cors_with, subdomains, urls};
64pub use csrf::{CsrfConfig, CsrfToken, csrf};
65pub use error_handler::error_handler;
66pub use rate_limit::{
67    GlobalKeyExtractor, KeyExtractor, PeerIpKeyExtractor, RateLimitConfig, RateLimitLayer,
68    rate_limit, rate_limit_with,
69};
70pub use request_id::request_id;
71pub use security_headers::{SecurityHeadersConfig, security_headers};