Expand description
HTTP middleware layers for the API server.
Collects the request-pipeline concerns mounted by the router: client-address resolution, CORS and security headers, bot detection and IP banning, rate limiting, JWT and session context establishment, request-context flavours, content negotiation, authorization gating, analytics, and tracing.
Copyright (c) systemprompt.io — Business Source License 1.1. See https://systemprompt.io for licensing details.
Re-exports§
pub use authz::AuthzPolicy;pub use authz::authz_gate;pub use context::A2AContextMiddleware;pub use context::ContextExtractor;pub use context::McpContextMiddleware;pub use context::PublicContextMiddleware;pub use context::UserOnlyContextMiddleware;pub use jwt::JtiRevocationChecker;pub use jwt::JwtContextExtractor;pub use negotiation::AcceptedFormat;pub use negotiation::AcceptedMediaType;pub use negotiation::content_negotiation_middleware;pub use negotiation::parse_accept_header;pub use analytics::*;pub use bot_detector::*;pub use cors::*;pub use ip_ban::*;pub use rate_limit::*;pub use security_headers::*;pub use served_by::*;pub use session::*;pub use site_auth::*;pub use trace::*;pub use trailing_slash::*;
Modules§
- analytics
- Request analytics middleware.
- authz
- Static, compile-time-enforced per-route authorization.
- bot_
detector - Early bot-classification middleware.
- client_
addr - Client-address resolution that does not blindly trust hop headers.
- context
- Request-context middleware: establishing the per-request execution identity.
- cors
- CORS layer construction from profile config.
- ip_ban
- IP-ban enforcement middleware backed by the ban list.
- jwt
- JWT request-context extraction.
- negotiation
- Content-negotiation middleware.
- rate_
limit - Router extension traits for rate limiting and authenticated route groups.
- security_
headers - Security response headers (CSP, frame options, HSTS).
- served_
by x-served-byreplica-identification header middleware.- session
- Session-establishment middleware.
- site_
auth - Site-wide auth gate redirecting unauthenticated page requests to login.
- trace
- Trace-id propagation middleware.
- trailing_
slash - Trailing-slash normalisation middleware.