ChaffHeaderDetector returns a chaff header detector.

CheckSessionIdleNoAuth is an explicit check for session idleness.

ConfigureStaticAssets configures headers for static assets.

GzipResponse serves gzipped responses if the requestor supports gzip.

HandleCSRF first extracts an existing CSRF token from the session (if one exists).

LoadCurrentMembership attempts to load the current membership.

MutateMethod looks for HTML form values that define the "real" HTTP method and then forward that along to the router.

OnlyIfEnabled can be used to hide legitimate routes behind a 404 if the feature has been disabled.

PopulateLogger populates the logger onto the context.

PopulateRequestID populates the request context with a random UUID.

PopulateTemplateVariables populates the template variables with common information and bootstraps the map for more values to be set by other middlewares.

PopulateTraceID populates the trace ID injected by Google Cloud (if it exists).

ProcessChaff injects the chaff processing middleware.

ProcessDebug adds additional debugging information to the response if the request included the "X-Debug" header with any value.

ProcessFirewall verifies the application-level firewall configuration.

ProcessLocale extracts the locale from the various possible locations and sets the template translator to the correct language.

ProcessNonce reads the X-Nonce header and stores it in the context.

QueryHeaderInjection is for development and should not be installed in production flows.

Recovery recovers from panics and other fatal errors.

RequireAPIKey reads the X-API-Key header and validates it is a real authorized app.

RequireAuth requires a user to be logged in.

RequireEmailVerified requires a user to have verified their login email.

RequireHeader requires that the request have a certain header present.

RequireHeaderValues requires that the request have a certain header present and that the value be one of the supplied entries.

RequireHostHeader requires that the request's host header is one of the allowed values.

RequireMembership requires a membership (realm selection) to exist in the session.

RequireMFA checks the realm's MFA requirements and enforces them.

RequireNamedSession retrieves or creates a new session with a specific name, other than the default session name.

RequireSession retrieves or creates a new session and stores it on the request's context for future retrieval.

RequireSystemAdmin requires the current user is a global administrator.

SecureHeaders sets a bunch of default secure headers that our servers should have.

WithObservability sets common observability context fields.

APIKeyHeader is the authorization header required for APIKey protected requests.

ChaffHeader is the chaff header key.

CSRFFormField is the form field name.

CSRFHeaderField is the name of the header where the CSRF token resides.

CSRFMetaTagName is the meta tag name (used by Javascript).

NonceHeader is the header for the incoming nonce.

TokenLength is the length of the token (in bytes).