Middleware

Middleware in AIScript provides a powerful way to process HTTP requests and responses. Middleware functions are executed in a sequence, allowing you to modify requests, validate authentication, log activities, and more before a route handler is invoked.

CORS

Controls Cross-Origin Resource Sharing settings.

# project.toml

[middleware.cors]
allowed_origins = ["http://localhost:3000", "https://example.com"]
allowed_methods = ["GET", "POST", "PUT", "DELETE"]
allowed_headers = ["Content-Type", "Authorization"]
allow_credentials = true
max_age = 86400

Options

OptionTypeDescriptionDefault
allowed_originsArrayList of origins that are allowed to access the resource["*"]
allowed_methodsArrayHTTP methods allowed["GET", "POST", "PUT", "DELETE", "OPTIONS"]
allowed_headersArrayHTTP headers allowed["Content-Type", "Authorization"]
allow_credentialsBooleanIndicates if cookies can be included in requestsfalse
max_ageNumberHow long the results of a preflight request can be cached86400 (24 hours)

Rate Limit

Limits the number of requests a client can make within a specified time period.

# project.toml

[middleware.rate_limit]
limit = 100
window = 60  # in seconds
message = "Too many requests, please try again later."

Options

OptionTypeDescriptionDefault
limitNumberMaximum number of requests allowed100
windowNumberTime window in seconds60
messageStringMessage to return when rate limit is exceeded"Too many requests"
key_extractorStringFunction to extract the rate limit key (e.g., "ip", "header:X-API-Key")"ip"

Body Limit

Limits the size of request bodies.

# project.toml

[middleware.body_limit]
limit = "1mb"

Options

OptionTypeDescriptionDefault
limitStringMaximum size of request body (e.g., "1mb", "500kb")"1mb"

Timeout

Sets a timeout for handling requests.

# project.toml

[middleware.timeout]
duration = 5000  # in milliseconds
message = "Request timeout"

Options

OptionTypeDescriptionDefault
durationNumberTimeout in milliseconds5000
messageStringMessage to return when timeout occurs"Request timeout"

Compression

Compresses response bodies.

# project.toml

[middleware.compression]
level = 6  # compression level (1-9)
threshold = 1024  # minimum size to compress

Options

OptionTypeDescriptionDefault
levelNumberCompression level (1-9)6
thresholdNumberMinimum size in bytes to compress1024
typesArrayContent types to compress["text/plain", "text/html", "application/json", "application/xml"]

Security Headers

Adds security-related HTTP headers to responses.

# project.toml

[middleware.security_headers]
xss_protection = "1; mode=block"
content_security_policy = "default-src 'self'"

Options

OptionTypeDescriptionDefault
xss_protectionStringX-XSS-Protection header value"1; mode=block"
content_type_optionsStringX-Content-Type-Options header value"nosniff"
frame_optionsStringX-Frame-Options header value"SAMEORIGIN"
content_security_policyStringContent-Security-Policy header value"default-src 'self'"
referrer_policyStringReferrer-Policy header value"no-referrer-when-downgrade"