Middleware
The PRX gateway uses a composable middleware stack to handle cross-cutting concerns like authentication, rate limiting, CORS, and request logging.
Middleware Stack
Requests pass through the middleware stack in order:
- Request logging -- log incoming requests with timing
- CORS -- handle cross-origin resource sharing headers
- Authentication -- validate bearer tokens or API keys
- Rate limiting -- enforce per-client request limits
- Request routing -- dispatch to the appropriate handler
Authentication Middleware
toml
[gateway.auth]
enabled = true
method = "bearer" # "bearer" | "api_key" | "none"
token_secret = "your-secret-key"Rate Limiting
toml
[gateway.rate_limit]
enabled = true
requests_per_minute = 60
burst_size = 10CORS
toml
[gateway.cors]
allowed_origins = ["https://app.example.com"]
allowed_methods = ["GET", "POST", "PUT", "DELETE"]
allowed_headers = ["Authorization", "Content-Type"]
max_age_secs = 86400Request Logging
All API requests are logged with method, path, status code, and response time. Log level can be configured:
toml
[gateway.logging]
level = "info" # "debug" | "info" | "warn" | "error"
format = "json" # "json" | "pretty"