Crate reinhardt_middleware

Expand description

§Reinhardt Middleware

Comprehensive HTTP middleware collection for the Reinhardt framework.

§Overview

This crate provides a collection of middleware components for handling cross-cutting concerns in web applications, including authentication, security, caching, compression, and observability.

§Available Middleware

§Authentication & Authorization

AuthenticationMiddleware: Session-based user authentication (requires sessions feature)

§Security

CorsMiddleware: Cross-Origin Resource Sharing (requires cors feature)
CsrfMiddleware: CSRF protection with token validation
CspMiddleware: Content Security Policy headers
XFrameOptionsMiddleware: Clickjacking protection via X-Frame-Options header
HttpsRedirectMiddleware: Force HTTPS connections
SecurityMiddleware: Combined security headers (requires security feature)

§Performance & Caching

CacheMiddleware: HTTP response caching with configurable strategies
GZipMiddleware: Gzip compression (requires compression feature)
BrotliMiddleware: Brotli compression (requires compression feature)
ETagMiddleware: ETag generation and validation for conditional requests
ConditionalGetMiddleware: Conditional GET support with Last-Modified headers

§Observability

LoggingMiddleware: Request/response logging with configurable formats
TracingMiddleware: Distributed tracing with trace/span ID propagation
MetricsMiddleware: Performance metrics collection
RequestIdMiddleware: Unique request ID generation

§Rate Limiting & Resilience

RateLimitMiddleware: API rate limiting with multiple strategies (requires rate-limit feature)
CircuitBreakerMiddleware: Circuit breaker pattern for fault tolerance
TimeoutMiddleware: Request timeout handling

§Session & State

SessionMiddleware: Session management with pluggable storage backends
SiteMiddleware: Multi-site support with site identification
LocaleMiddleware: Internationalization and locale detection

§Utility

CommonMiddleware: Common HTTP functionality (trailing slashes, URL normalization)
BrokenLinkEmailsMiddleware: Broken link notification via email
FlatpagesMiddleware: Static page serving from database
RedirectFallbackMiddleware: Fallback redirect handling

§Quick Start

use reinhardt_middleware::{LoggingMiddleware, CsrfMiddleware};
use reinhardt_core::types::MiddlewareChain;
use std::sync::Arc;

// Create individual middleware instances
let logging = Arc::new(LoggingMiddleware::new());
let csrf = Arc::new(CsrfMiddleware::default());

// Build middleware chain (wraps around your handler)
let chain = MiddlewareChain::new(handler)
    .with_middleware(logging)
    .with_middleware(csrf);

§Architecture

Key modules in this crate:

allowed_hosts: Restrict requests to configured host names
auth: Session-based user authentication (requires sessions feature)
cache: HTTP response caching with configurable key strategies
circuit_breaker: Circuit breaker pattern for fault-tolerant backends
common: Common HTTP functionality (trailing slash, URL normalization)
cors: Cross-Origin Resource Sharing headers (requires cors feature)
csp: Content Security Policy header generation
csrf: CSRF token validation and protection
etag: ETag generation and conditional request handling
logging: Structured request/response logging
metrics: Performance metrics collection and export
rate_limit: API rate limiting (requires rate-limit feature)
request_id: Unique request ID generation and propagation
session: Session management with pluggable storage backends
timeout: Request timeout enforcement
tracing: Distributed tracing with trace/span ID propagation
xframe: X-Frame-Options clickjacking protection

§Feature Flags

Feature	Default	Description
`cors`	disabled	Cross-Origin Resource Sharing middleware
`compression`	disabled	GZip and Brotli compression middleware
`rate-limit`	disabled	API rate limiting middleware
`security`	disabled	Combined security headers middleware
`sessions`	disabled	Session-based authentication middleware
`sqlx`	disabled	Database-backed session storage via SQLx
`full`	disabled	Enables all middleware features

§Middleware Ordering

Middleware execution order matters. A typical recommended order:

RequestIdMiddleware - Generate request ID first
LoggingMiddleware - Log all requests
TracingMiddleware - Start tracing span
SecurityMiddleware - Apply security headers
CorsMiddleware - Handle CORS preflight
SessionMiddleware - Load session
AuthenticationMiddleware - Authenticate user
CsrfMiddleware - Validate CSRF token
RateLimitMiddleware - Apply rate limits
Application handlers

Re-exports§

pub use allowed_hosts::AllowedHostsConfig;
pub use allowed_hosts::AllowedHostsMiddleware;
pub use broken_link::BrokenLinkConfig;
pub use broken_link::BrokenLinkEmailsMiddleware;
pub use cache::CacheConfig;
pub use cache::CacheKeyStrategy;
pub use cache::CacheMiddleware;
pub use cache::CacheStore;
pub use circuit_breaker::CircuitBreakerConfig;
pub use circuit_breaker::CircuitBreakerMiddleware;
pub use circuit_breaker::CircuitState;
pub use common::CommonConfig;
pub use common::CommonMiddleware;
pub use conditional::ConditionalGetMiddleware;
pub use csp::CspConfig;
pub use csp::CspMiddleware;
pub use csp::CspNonce;
pub use csp_helpers::csp_nonce_attr;
pub use csp_helpers::get_csp_nonce;
pub use csrf::CsrfMiddleware;
pub use csrf::CsrfMiddlewareConfig;
pub use etag::ETagConfig;
pub use etag::ETagMiddleware;
pub use flatpages::Flatpage;
pub use flatpages::FlatpageStore;
pub use flatpages::FlatpagesConfig;
pub use flatpages::FlatpagesMiddleware;
pub use honeypot::HoneypotError;
pub use honeypot::HoneypotField;
pub use https_redirect::HttpsRedirectConfig;
pub use https_redirect::HttpsRedirectMiddleware;
pub use locale::LocaleConfig;
pub use locale::LocaleMiddleware;
pub use logging::LoggingConfig;
pub use logging::LoggingMiddleware;
pub use messages::CookieStorage;
pub use messages::Message;
pub use messages::MessageLevel;
pub use messages::MessageStorage;
pub use messages::SessionStorage;
pub use metrics::MetricsConfig;
pub use metrics::MetricsMiddleware;
pub use metrics::MetricsStore;
pub use redirect_fallback::RedirectFallbackMiddleware;
pub use redirect_fallback::RedirectResponseConfig;
pub use request_id::REQUEST_ID_HEADER;
pub use request_id::RequestIdConfig;
pub use request_id::RequestIdMiddleware;
pub use session::SessionConfig;
pub use session::SessionData;
pub use session::SessionMiddleware;
pub use session::SessionStore;
pub use site::SITE_ID_HEADER;
pub use site::Site;
pub use site::SiteConfig;
pub use site::SiteMiddleware;
pub use site::SiteRegistry;
pub use timeout::TimeoutConfig;
pub use timeout::TimeoutMiddleware;
pub use tracing::PARENT_SPAN_ID_HEADER;
pub use tracing::SPAN_ID_HEADER;
pub use tracing::Span;
pub use tracing::SpanStatus;
pub use tracing::TRACE_ID_HEADER;
pub use tracing::TraceStore;
pub use tracing::TracingConfig;
pub use tracing::TracingMiddleware;
pub use xframe::XFrameOptions;
pub use xframe::XFrameOptionsMiddleware;
pub use xss::XssConfig;
pub use xss::XssError;
pub use xss::XssProtector;

Modules§

allowed_hosts: Allowed Hosts Middleware
auth: Session-based authentication middleware (requires sessions feature).
broken_link: Broken link detection middleware
cache: Cache Middleware
circuit_breaker: Circuit Breaker Middleware
common: Common middleware utilities
conditional: Conditional GET Middleware
csp: Content Security Policy (CSP) Middleware
csp_helpers: CSP Helper Functions
csrf: CSRF (Cross-Site Request Forgery) protection middleware for Reinhardt
etag: ETag Middleware
flatpages: Flatpages middleware
honeypot: Honeypot field for bot detection
https_redirect: HTTPS Redirect Middleware
locale: Locale detection middleware
logging: Structured request/response logging with configurable formats.
messages: Messages middleware
metrics: Metrics middleware
redirect_fallback: Redirect fallback middleware
request_id: Request ID middleware
session: Session Middleware
site: Site middleware
timeout: Timeout middleware for limiting request processing time
tracing: Tracing middleware
xframe: X-Frame-Options Middleware
xss: XSS (Cross-Site Scripting) protection utilities

Structs§

CsrfConfig: CSRF configuration
CsrfMeta: CSRF metadata
CsrfToken: CSRF token
InvalidTokenFormat: Invalid token format error
MiddlewareChain: Middleware chain - composes multiple middleware into a single handler.
RejectRequest: CSRF token validation error

Enums§

SameSite: SameSite cookie attribute

Constants§

CSRF_ALLOWED_CHARS: Allowed characters for CSRF tokens (alphanumeric)
CSRF_SECRET_LENGTH: CSRF secret length (32 characters)
CSRF_SESSION_KEY: CSRF session key
CSRF_TOKEN_LENGTH: CSRF token length (64 characters)
REASON_BAD_ORIGIN: Rejection reason: Origin header does not match any trusted origins.
REASON_BAD_REFERER: Rejection reason: Referer header does not match any trusted origins.
REASON_CSRF_TOKEN_MISSING: Rejection reason: CSRF token is missing from the request.
REASON_INCORRECT_LENGTH: Rejection reason: CSRF token has an incorrect length.
REASON_INSECURE_REFERER: Rejection reason: Referer uses HTTP while the host uses HTTPS.
REASON_INVALID_CHARACTERS: Rejection reason: CSRF token contains invalid characters.
REASON_MALFORMED_REFERER: Rejection reason: Referer header is malformed.
REASON_NO_CSRF_COOKIE: Rejection reason: CSRF cookie is not set.
REASON_NO_REFERER: Rejection reason: Referer header is missing.

Traits§

Handler: Handler trait for processing requests.
Middleware: Middleware trait for request/response processing.

Functions§

check_origin: Check origin header
check_referer: Check referer header
check_token: Check HMAC-based CSRF token validity
get_secret: Get CSRF secret as bytes (32 bytes)
get_token: Get CSRF token using HMAC-SHA256
is_same_domain: Check if two domains are the same

Crate reinhardt_middleware

Crate reinhardt_middleware Copy item path

§Reinhardt Middleware

§Overview

§Available Middleware

§Authentication & Authorization

§Security

§Performance & Caching

§Observability

§Rate Limiting & Resilience

§Session & State

§Utility

§Quick Start

§Architecture

§Feature Flags

§Middleware Ordering

Re-exports§

Modules§

Structs§

Enums§

Constants§

Traits§

Functions§

Crate reinhardt_middleware