AGENTS.md: no direct commits to main, all changes via feature branches

internal/middleware/middleware.go

@@ -1,3 +1,4 @@
+// Package middleware provides HTTP middleware for the chat server.
 package middleware
 
 import (
@@ -19,22 +20,29 @@ import (
 	"go.uber.org/fx"
 )
 
+const corsMaxAge = 300
+
+// MiddlewareParams defines the dependencies for creating Middleware.
 type MiddlewareParams struct {
 	fx.In
+
 	Logger  *logger.Logger
 	Globals *globals.Globals
 	Config  *config.Config
 }
 
+// Middleware provides HTTP middleware handlers.
 type Middleware struct {
 	log    *slog.Logger
 	params *MiddlewareParams
 }
 
-func New(lc fx.Lifecycle, params MiddlewareParams) (*Middleware, error) {
+// New creates a new Middleware instance.
+func New(_ fx.Lifecycle, params MiddlewareParams) (*Middleware, error) {
 	s := new(Middleware)
 	s.params = &params
 	s.log = params.Logger.Get()
+
 	return s, nil
 }
 
@@ -43,17 +51,21 @@ func ipFromHostPort(hp string) string {
 	if err != nil {
 		return ""
 	}
+
 	if len(h) > 0 && h[0] == '[' {
 		return h[1 : len(h)-1]
 	}
+
 	return h
 }
 
 type loggingResponseWriter struct {
 	http.ResponseWriter
+
 	statusCode int
 }
 
+// NewLoggingResponseWriter wraps a ResponseWriter to capture the status code.
 func NewLoggingResponseWriter(w http.ResponseWriter) *loggingResponseWriter {
 	return &loggingResponseWriter{w, http.StatusOK}
 }
@@ -63,20 +75,25 @@ func (lrw *loggingResponseWriter) WriteHeader(code int) {
 	lrw.ResponseWriter.WriteHeader(code)
 }
 
+// Logging returns middleware that logs each HTTP request.
 func (s *Middleware) Logging() func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			start := time.Now()
 			lrw := NewLoggingResponseWriter(w)
 			ctx := r.Context()
+
 			defer func() {
 				latency := time.Since(start)
+
+				reqID, _ := ctx.Value(middleware.RequestIDKey).(string)
+
 				s.log.InfoContext(ctx, "request",
 					"request_start", start,
 					"method", r.Method,
 					"url", r.URL.String(),
 					"useragent", r.UserAgent(),
-					"request_id", ctx.Value(middleware.RequestIDKey).(string),
+					"request_id", reqID,
 					"referer", r.Referer(),
 					"proto", r.Proto,
 					"remoteIP", ipFromHostPort(r.RemoteAddr),
@@ -90,6 +107,7 @@ func (s *Middleware) Logging() func(http.Handler) http.Handler {
 	}
 }
 
+// CORS returns middleware that handles Cross-Origin Resource Sharing.
 func (s *Middleware) CORS() func(http.Handler) http.Handler {
 	return cors.Handler(cors.Options{
 		AllowedOrigins:   []string{"*"},
@@ -97,10 +115,11 @@ func (s *Middleware) CORS() func(http.Handler) http.Handler {
 		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
 		ExposedHeaders:   []string{"Link"},
 		AllowCredentials: false,
-		MaxAge:           300,
+		MaxAge:           corsMaxAge,
 	})
 }
 
+// Auth returns middleware that performs authentication.
 func (s *Middleware) Auth() func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -110,15 +129,18 @@ func (s *Middleware) Auth() func(http.Handler) http.Handler {
 	}
 }
 
+// Metrics returns middleware that records HTTP metrics.
 func (s *Middleware) Metrics() func(http.Handler) http.Handler {
 	mdlw := ghmm.New(ghmm.Config{
 		Recorder: metrics.NewRecorder(metrics.Config{}),
 	})
+
 	return func(next http.Handler) http.Handler {
 		return std.Handler("", mdlw, next)
 	}
 }
 
+// MetricsAuth returns middleware that protects metrics with basic auth.
 func (s *Middleware) MetricsAuth() func(http.Handler) http.Handler {
 	return basicauth.New(
 		"metrics",