Skip to content

Refactor middleware #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ScriptSmith merged 1 commit into from
Mar 3, 2026
Merged

Refactor middleware #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/middleware/admin.rs → src/middleware/layers/admin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ use axum::{
use tower_cookies::Cookies;
use uuid::Uuid;

use super::{ClientInfo, RequestId};
use crate::{
AppState,
auth::{AuthError, AuthenticatedRequest, Identity, IdentityKind},
middleware::{ClientInfo, RequestId},
observability::metrics,
services::audit_logs::{AuthEventParams, auth_events},
};
Expand Down Expand Up @@ -647,7 +647,7 @@ async fn try_api_key_admin_auth(
headers: &axum::http::HeaderMap,
state: &AppState,
) -> Result<Option<Identity>, AuthError> {
let api_key_auth = match super::combined::try_api_key_auth(headers, state).await? {
let api_key_auth = match super::api::try_api_key_auth(headers, state).await? {
Some(auth) => auth,
None => return Ok(None),
};
Expand Down
12 changes: 7 additions & 5 deletions src/middleware/combined.rs → src/middleware/layers/api.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,22 @@ use axum::{
use chrono::Utc;

use super::{
RequestId,
budget::{BudgetCheckResult, BudgetError, adjust_budget_reservation},
rate_limit::{
RateLimitError, TokenRateLimitCheckResult, TokenRateLimitResult, TokenReservation,
add_rate_limit_headers, add_token_rate_limit_headers, adjust_token_reservation,
},
scope::required_scope_for_path,
usage::{UsageTracker, extract_full_usage_from_response, tracker_from_headers},
request_id::RequestId,
};
use crate::{
AppState,
auth::{ApiKeyAuth, AuthError, AuthenticatedRequest, Identity, IdentityKind},
cache::{BudgetCheckParams, Cache, CacheKeys, RateLimitCheckParams, RateLimitResult},
events::{BudgetType, ServerEvent},
middleware::util::{
budget::{BudgetCheckResult, BudgetError, adjust_budget_reservation},
scope::required_scope_for_path,
usage::{UsageTracker, extract_full_usage_from_response, tracker_from_headers},
},
models::{AuditActorType, BudgetPeriod, CreateAuditLog, has_valid_prefix, hash_api_key},
observability::metrics,
};
Expand Down Expand Up @@ -584,7 +586,7 @@ pub async fn api_middleware(
.map(|ci| ci.0.ip());

// Insert client info for audit logging
let client_info = super::ClientInfo {
let client_info = crate::middleware::ClientInfo {
ip_address: connecting_ip.map(|ip| ip.to_string()),
user_agent: headers
.get(axum::http::header::USER_AGENT)
Expand Down
3 changes: 2 additions & 1 deletion src/middleware/authz.rs → src/middleware/layers/authz.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -596,7 +596,8 @@ pub async fn permissive_authz_middleware(
};

// Insert ClientInfo for unprotected routes (no admin middleware to extract it).
req.extensions_mut().insert(super::ClientInfo::default());
req.extensions_mut()
.insert(crate::middleware::ClientInfo::default());

// Insert a default AdminAuth with system identity for unprotected routes.
// This allows handlers to extract AdminAuth for audit logging purposes.
Expand Down
6 changes: 6 additions & 0 deletions src/middleware/layers/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
pub mod admin;
pub mod api;
pub mod authz;
pub mod rate_limit;
pub mod request_id;
pub mod security_headers;
0 src/middleware/rate_limit.rs → src/middleware/layers/rate_limit.rs
View file
Open in desktop
File renamed without changes.
0 src/middleware/request_id.rs → src/middleware/layers/request_id.rs
View file
Open in desktop
File renamed without changes.
0 src/middleware/security_headers.rs → src/middleware/layers/security_headers.rs
View file
Open in desktop
File renamed without changes.
33 changes: 13 additions & 20 deletions src/middleware/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,30 +21,23 @@
//! ## Unprotected admin routes (login, session info)
//! - [`permissive_authz_middleware`] — Injects allow-all authz context

// ── Middleware layers ──────────────────────────────────────────────────────────
mod admin;
mod authz;
mod combined;
mod rate_limit;
mod request_id;
mod security_headers;
// ── True middleware (Axum middleware layers) ────────────────────────────────────
mod layers;

// ── Internal helpers (used only by combined.rs) ────────────────────────────────
mod budget;
mod scope;
mod usage;
// ── Internal utilities (budget, scope, usage helpers for combined middleware) ──
pub(crate) mod util;

// ── Middleware layer exports ───────────────────────────────────────────────────
pub use admin::{AdminAuth, admin_auth_middleware};
pub use authz::{
AuthzContext, api_authz_middleware, authz_middleware, permissive_authz_middleware,
};
pub use combined::api_middleware;
#[cfg(feature = "sso")]
pub use rate_limit::extract_client_ip_from_parts;
pub use rate_limit::rate_limit_middleware;
pub use request_id::{RequestId, request_id_middleware};
pub use security_headers::security_headers_middleware;
pub use layers::rate_limit::extract_client_ip_from_parts;
pub use layers::{
admin::{AdminAuth, admin_auth_middleware},
api::api_middleware,
authz::{AuthzContext, api_authz_middleware, authz_middleware, permissive_authz_middleware},
rate_limit::rate_limit_middleware,
request_id::{RequestId, request_id_middleware},
security_headers::security_headers_middleware,
};

// ── Types extracted by middleware (used by route handlers via Extension<T>) ────

Expand Down
0 src/middleware/budget.rs → src/middleware/util/budget.rs
View file
Open in desktop
File renamed without changes.
3 changes: 3 additions & 0 deletions src/middleware/util/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
pub mod budget;
pub mod scope;
pub mod usage;
0 src/middleware/scope.rs → src/middleware/util/scope.rs
View file
Open in desktop
File renamed without changes.
0 src/middleware/usage.rs → src/middleware/util/usage.rs
View file
Open in desktop
File renamed without changes.