Documentation
¶
Overview ¶
Package httpx holds shared HTTP plumbing: middleware and response helpers.
Index ¶
- func ClientIP(r *http.Request, trustProxy bool) *netip.Addr
- func JSON(w http.ResponseWriter, r *http.Request, status int, v any)
- func LoggerFrom(ctx context.Context) *slog.Logger
- func Recoverer(next http.Handler) http.Handler
- func RequestLogger(base *slog.Logger) func(http.Handler) http.Handler
- func SecureHeaders(next http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClientIP ¶
ClientIP returns the best-effort client IP address.
When trustProxy is false (default), it uses ONLY the direct peer (r.RemoteAddr) — forwarded headers are client-settable and spoofable when the origin is directly reachable, so they are ignored.
When trustProxy is true (the server sits behind a trusted reverse proxy / Cloudflare tunnel whose origin is not directly reachable), it prefers CF-Connecting-IP (set by Cloudflare, not the client), then the left-most X-Forwarded-For hop, before falling back to the direct peer. Behind a cf-tunnel the direct peer is always localhost, so without this the real client IP is lost.
func LoggerFrom ¶
LoggerFrom returns the request-scoped logger, or slog.Default if absent.
func Recoverer ¶
Recoverer converts panics into a 500 Problem response and logs the cause, without leaking internals to the client.
func RequestLogger ¶
RequestLogger logs each request and attaches a request-scoped logger (carrying request_id) to the context for downstream handlers.
Types ¶
This section is empty.