feat(middleware): add Connect interceptors and HTTP middleware

New middleware package providing ConnectRPC interceptors and net/http
middleware for common cross-cutting concerns:

- middleware/recovery: panic recovery with logging
- middleware/requestid: X-Request-ID propagation/generation
- middleware/requestlog: request logging with duration and status
- middleware/errorz: error sanitization for client-facing responses
- middleware/cors: CORS with Connect-specific header defaults

Chain builders: Default(logger) returns the standard interceptor chain,
DefaultHTTP(logger) returns the standard HTTP middleware chain,
ChainHTTP() composes middleware in order.

Author: ravisuhag

go.mod

@@ -1,8 +1,9 @@
 module github.com/raystack/salt
 
-go 1.22
+go 1.24.0
 
 require (
+	connectrpc.com/connect v1.19.1
 	github.com/AlecAivazis/survey/v2 v2.3.6
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/NYTimes/gziphandler v1.1.1
@@ -56,7 +57,7 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.36.9 // indirect
 )
 
 require (

go.sum

@@ -1,6 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
 cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
+connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
+connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 github.com/AlecAivazis/survey/v2 v2.3.6 h1:NvTuVHISgTHEHeBFqt6BHOe4Ny/NwGZr7w+F8S9ziyw=
 github.com/AlecAivazis/survey/v2 v2.3.6/go.mod h1:4AuI9b7RjAR+G7v9+C4YSlX/YL3K3cWNXgWXOhllqvI=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
@@ -548,8 +550,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

middleware/cors/cors.go

@@ -0,0 +1,112 @@
+package cors
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+)
+
+// Option configures the CORS middleware.
+type Option func(*config)
+
+type config struct {
+	allowedOrigins []string
+	allowedMethods []string
+	allowedHeaders []string
+	maxAge         int
+}
+
+// WithAllowedOrigins sets the allowed origins. Use "*" to allow all.
+func WithAllowedOrigins(origins ...string) Option {
+	return func(c *config) { c.allowedOrigins = origins }
+}
+
+// WithAllowedMethods sets the allowed HTTP methods.
+func WithAllowedMethods(methods ...string) Option {
+	return func(c *config) { c.allowedMethods = methods }
+}
+
+// WithAllowedHeaders sets the allowed request headers.
+func WithAllowedHeaders(headers ...string) Option {
+	return func(c *config) { c.allowedHeaders = headers }
+}
+
+// WithMaxAge sets the max age (in seconds) for preflight cache.
+func WithMaxAge(seconds int) Option {
+	return func(c *config) { c.maxAge = seconds }
+}
+
+// Defaults returns sensible CORS defaults for ConnectRPC services.
+// Includes Connect-specific headers.
+func Defaults() []Option {
+	return []Option{
+		WithAllowedOrigins("*"),
+		WithAllowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"),
+		WithAllowedHeaders(
+			"Content-Type",
+			"Connect-Protocol-Version",
+			"Connect-Timeout-Ms",
+			"Grpc-Timeout",
+			"X-Grpc-Web",
+			"X-User-Agent",
+			"X-Request-ID",
+			"Authorization",
+		),
+		WithMaxAge(7200),
+	}
+}
+
+func newConfig(opts []Option) *config {
+	c := &config{}
+	// Apply defaults first, then user overrides.
+	for _, opt := range Defaults() {
+		opt(c)
+	}
+	for _, opt := range opts {
+		opt(c)
+	}
+	return c
+}
+
+// Middleware returns net/http CORS middleware.
+func Middleware(opts ...Option) func(http.Handler) http.Handler {
+	cfg := newConfig(opts)
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			origin := r.Header.Get("Origin")
+			if origin == "" {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			if isOriginAllowed(cfg.allowedOrigins, origin) {
+				w.Header().Set("Access-Control-Allow-Origin", origin)
+			}
+
+			w.Header().Set("Access-Control-Allow-Methods", strings.Join(cfg.allowedMethods, ", "))
+			w.Header().Set("Access-Control-Allow-Headers", strings.Join(cfg.allowedHeaders, ", "))
+
+			if cfg.maxAge > 0 {
+				w.Header().Set("Access-Control-Max-Age", strconv.Itoa(cfg.maxAge))
+			}
+
+			w.Header().Set("Vary", "Origin")
+
+			if r.Method == http.MethodOptions {
+				w.WriteHeader(http.StatusNoContent)
+				return
+			}
+
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+func isOriginAllowed(allowed []string, origin string) bool {
+	for _, a := range allowed {
+		if a == "*" || a == origin {
+			return true
+		}
+	}
+	return false
+}

middleware/errorz/errorz.go

@@ -0,0 +1,83 @@
+package errorz
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"connectrpc.com/connect"
+	"github.com/raystack/salt/logger"
+)
+
+// Option configures the error sanitization middleware.
+type Option func(*config)
+
+type config struct {
+	verbose bool
+	logger  logger.Logger
+}
+
+// WithVerbose enables full error messages in responses.
+// Useful for development/staging environments.
+func WithVerbose(v bool) Option {
+	return func(c *config) { c.verbose = v }
+}
+
+// WithLogger sets the logger for recording original errors before sanitization.
+func WithLogger(l logger.Logger) Option {
+	return func(c *config) { c.logger = l }
+}
+
+func newConfig(opts []Option) *config {
+	c := &config{logger: &logger.Noop{}}
+	for _, opt := range opts {
+		opt(c)
+	}
+	return c
+}
+
+// NewInterceptor returns a Connect interceptor that sanitizes internal errors.
+// Non-Connect errors are mapped to CodeInternal with a timestamp reference.
+// Connect errors with known codes are passed through.
+func NewInterceptor(opts ...Option) connect.UnaryInterceptorFunc {
+	cfg := newConfig(opts)
+	return func(next connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			resp, err := next(ctx, req)
+			if err == nil {
+				return resp, nil
+			}
+
+			// If it's already a Connect error, preserve the code.
+			var connectErr *connect.Error
+			if errors.As(err, &connectErr) {
+				if cfg.verbose {
+					return resp, err
+				}
+				// Preserve code but sanitize message for client-facing codes.
+				code := connectErr.Code()
+				if code == connect.CodeInternal || code == connect.CodeUnknown {
+					ref := time.Now().Unix()
+					cfg.logger.Error("internal error",
+						"error", err.Error(),
+						"ref", ref,
+					)
+					return resp, connect.NewError(code, fmt.Errorf("internal error (ref: %d)", ref))
+				}
+				return resp, err
+			}
+
+			// Non-Connect error: sanitize completely.
+			ref := time.Now().Unix()
+			cfg.logger.Error("internal error",
+				"error", err.Error(),
+				"ref", ref,
+			)
+			if cfg.verbose {
+				return resp, connect.NewError(connect.CodeInternal, err)
+			}
+			return resp, connect.NewError(connect.CodeInternal, fmt.Errorf("internal error (ref: %d)", ref))
+		}
+	}
+}

middleware/middleware.go

@@ -0,0 +1,46 @@
+package middleware
+
+import (
+	"net/http"
+
+	"connectrpc.com/connect"
+	"github.com/raystack/salt/logger"
+	"github.com/raystack/salt/middleware/cors"
+	"github.com/raystack/salt/middleware/errorz"
+	"github.com/raystack/salt/middleware/recovery"
+	"github.com/raystack/salt/middleware/requestid"
+	"github.com/raystack/salt/middleware/requestlog"
+)
+
+// Default returns the standard raystack Connect interceptor chain:
+// recovery → requestid → requestlog → errorz
+func Default(l logger.Logger) []connect.Interceptor {
+	return []connect.Interceptor{
+		recovery.NewInterceptor(recovery.WithLogger(l)),
+		requestid.NewInterceptor(),
+		requestlog.NewInterceptor(requestlog.WithLogger(l)),
+		errorz.NewInterceptor(errorz.WithLogger(l)),
+	}
+}
+
+// DefaultHTTP returns the standard raystack HTTP middleware chain:
+// recovery → requestid → requestlog → cors
+func DefaultHTTP(l logger.Logger, corsOpts ...cors.Option) func(http.Handler) http.Handler {
+	return ChainHTTP(
+		recovery.HTTPMiddleware(recovery.WithLogger(l)),
+		requestid.HTTPMiddleware(),
+		requestlog.HTTPMiddleware(requestlog.WithLogger(l)),
+		cors.Middleware(corsOpts...),
+	)
+}
+
+// ChainHTTP chains net/http middleware in order.
+// The first middleware wraps outermost (processes request first).
+func ChainHTTP(mws ...func(http.Handler) http.Handler) func(http.Handler) http.Handler {
+	return func(final http.Handler) http.Handler {
+		for i := len(mws) - 1; i >= 0; i-- {
+			final = mws[i](final)
+		}
+		return final
+	}
+}