Middlewares providing request and response validation against an OpenAPI spec at runtime, optionally integrating with the Firetail SaaS. Packages containing middleware for various different frameworks can be found in the middlewares directory, and examples of their use in examples.
net/httpGet the middleware:
Import it:
Create a middleware using GetMiddleware; see the Options struct for all the available configurations:
You will then have a func(next http.Handler) http.Handler, firetailMiddleware, which you can use to wrap a http.Handler just the same as with the middleware from net/http/middleware. This should also be suitable for Chi.
See the Go reference for the Options struct for documentation regarding the available options. For example, if you are using us.firetail.app you will need to set the LogsApiUrl to https://api.logging.us-east-2.prod.firetail.app/logs/bulk.
Automated testing is setup with the testing package, using github.com/stretchr/testify for shorthand assertions. You can run them with go test.
The FireTail Go library does not come with XML request & response body decoding support out of the box. You will need to implement your own decoder as an openapi3filter.BodyDecoder and pass it to Firetail as part of the CustomBodyDecoders field of the firetail.Options struct. See the following example for a minimal XML decoder setup using sbabiv/xml2map:
If you use securitySchemes in your OpenAPI specification, you will need to populate the firetail.Options struct's AuthCallbacks field with a callback for each security scheme implementing your authentication logic.
For example, for the following securitySchemes:
Your AuthCallback could look like this:
To customise the errors returned by your application when a request fails to authenticate, you can pick up the errors returned by your AuthCallbacks in a custom ErrHandler. This allows you to, for example, add the WWW-Authenticate header on responses to requests that fail to validate against a basic auth security requirement.