httpx

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package httpx holds shared HTTP plumbing: middleware and response helpers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientIP

func ClientIP(r *http.Request, trustProxy bool) *netip.Addr

ClientIP returns the best-effort client IP address.

When trustProxy is false (default), it uses ONLY the direct peer (r.RemoteAddr) — forwarded headers are client-settable and spoofable when the origin is directly reachable, so they are ignored.

When trustProxy is true (the server sits behind a trusted reverse proxy / Cloudflare tunnel whose origin is not directly reachable), it prefers CF-Connecting-IP (set by Cloudflare, not the client), then the left-most X-Forwarded-For hop, before falling back to the direct peer. Behind a cf-tunnel the direct peer is always localhost, so without this the real client IP is lost.

func JSON

func JSON(w http.ResponseWriter, r *http.Request, status int, v any)

JSON writes v as a JSON response with the given status code.

func LoggerFrom

func LoggerFrom(ctx context.Context) *slog.Logger

LoggerFrom returns the request-scoped logger, or slog.Default if absent.

func Recoverer

func Recoverer(next http.Handler) http.Handler

Recoverer converts panics into a 500 Problem response and logs the cause, without leaking internals to the client.

func RequestLogger

func RequestLogger(base *slog.Logger) func(http.Handler) http.Handler

RequestLogger logs each request and attaches a request-scoped logger (carrying request_id) to the context for downstream handlers.

func SecureHeaders

func SecureHeaders(next http.Handler) http.Handler

SecureHeaders sets baseline security response headers (OWASP A02).

Types

This section is empty.