Update CLAUDE.md and README for revised behavior
Document RateLimit's RemoteAddr-by-default keying and WithTrustedProxies, and that WithMaxResponseBody returns ErrResponseTooLarge rather than truncating.
This commit is contained in:
@@ -24,7 +24,7 @@ go vet ./... # static analysis
|
|||||||
- **Client.Close()** stops the health checker goroutine
|
- **Client.Close()** stops the health checker goroutine
|
||||||
- **Client.Patch()** — PATCH method, same pattern as Put/Post
|
- **Client.Patch()** — PATCH method, same pattern as Put/Post
|
||||||
- **NewFormRequest** — form-encoded request builder (`application/x-www-form-urlencoded`) with `GetBody` for retry
|
- **NewFormRequest** — form-encoded request builder (`application/x-www-form-urlencoded`) with `GetBody` for retry
|
||||||
- **WithMaxResponseBody** — wraps `resp.Body` with `io.LimitedReader` to prevent OOM
|
- **WithMaxResponseBody** — caps `resp.Body` reads; returns `ErrResponseTooLarge` (not silent truncation) when exceeded
|
||||||
- **middleware.RequestID()** — propagates request ID from context to outgoing `X-Request-Id` header
|
- **middleware.RequestID()** — propagates request ID from context to outgoing `X-Request-Id` header
|
||||||
- **`internal/requestid`** — shared context key used by both `server` and `middleware` packages to avoid circular imports
|
- **`internal/requestid`** — shared context key used by both `server` and `middleware` packages to avoid circular imports
|
||||||
|
|
||||||
@@ -37,7 +37,7 @@ go vet ./... # static analysis
|
|||||||
- **Defaults()** preset: RequestID → Recovery → Logging + production timeouts
|
- **Defaults()** preset: RequestID → Recovery → Logging + production timeouts
|
||||||
- **HealthHandler** exposes `GET /healthz` (liveness) and `GET /readyz` (readiness with pluggable checkers)
|
- **HealthHandler** exposes `GET /healthz` (liveness) and `GET /readyz` (readiness with pluggable checkers)
|
||||||
- **CORS** middleware — preflight OPTIONS handling, `AllowOrigins`, `AllowMethods`, `AllowHeaders`, `ExposeHeaders`, `AllowCredentials`, `MaxAge`
|
- **CORS** middleware — preflight OPTIONS handling, `AllowOrigins`, `AllowMethods`, `AllowHeaders`, `ExposeHeaders`, `AllowCredentials`, `MaxAge`
|
||||||
- **RateLimit** middleware — per-key token bucket (`sync.Map`), IP from `X-Forwarded-For`, `WithRate`/`WithBurst`/`WithKeyFunc`, uses `internal/clock`
|
- **RateLimit** middleware — per-key token bucket (`sync.Map`), keys on `RemoteAddr` by default; `X-Forwarded-For` is honored only via `WithTrustedProxies`; `WithRate`/`WithBurst`/`WithKeyFunc`/`WithMaxKeys`, uses `internal/clock`, idle buckets evicted to bound memory
|
||||||
- **MaxBodySize** middleware — wraps `r.Body` via `http.MaxBytesReader`
|
- **MaxBodySize** middleware — wraps `r.Body` via `http.MaxBytesReader`
|
||||||
- **Timeout** middleware — wraps `http.TimeoutHandler`, returns 503
|
- **Timeout** middleware — wraps `http.TimeoutHandler`, returns 503
|
||||||
- **WriteJSON** / **WriteError** — JSON response helpers in `server/respond.go`
|
- **WriteJSON** / **WriteError** — JSON response helpers in `server/respond.go`
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ Server middleware is `func(http.Handler) http.Handler`. The `server` package pro
|
|||||||
| `server.Logging` | Structured request logging (method, path, status, duration, request ID). |
|
| `server.Logging` | Structured request logging (method, path, status, duration, request ID). |
|
||||||
| `server.HealthHandler` | Liveness (`/healthz`) and readiness (`/readyz`) endpoints with pluggable checkers. |
|
| `server.HealthHandler` | Liveness (`/healthz`) and readiness (`/readyz`) endpoints with pluggable checkers. |
|
||||||
| `server.CORS` | Cross-origin resource sharing with preflight handling and functional options. |
|
| `server.CORS` | Cross-origin resource sharing with preflight handling and functional options. |
|
||||||
| `server.RateLimit` | Per-key token bucket rate limiting with IP extraction and `Retry-After`. |
|
| `server.RateLimit` | Per-key token bucket rate limiting (keys on `RemoteAddr`; `X-Forwarded-For` via `WithTrustedProxies`) with `Retry-After`. |
|
||||||
| `server.MaxBodySize` | Limits request body size via `http.MaxBytesReader`. |
|
| `server.MaxBodySize` | Limits request body size via `http.MaxBytesReader`. |
|
||||||
| `server.Timeout` | Context-based request timeout, returns 503 on expiry. |
|
| `server.Timeout` | Context-based request timeout, returns 503 on expiry. |
|
||||||
| `server.WriteJSON` | JSON response helper, sets Content-Type and status. |
|
| `server.WriteJSON` | JSON response helper, sets Content-Type and status. |
|
||||||
@@ -195,6 +195,9 @@ client := httpx.New(
|
|||||||
)
|
)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Reading a body that exceeds the limit returns `httpx.ErrResponseTooLarge`
|
||||||
|
(checkable with `errors.Is`) rather than silently truncating.
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
See the [`examples/`](examples/) directory for runnable programs:
|
See the [`examples/`](examples/) directory for runnable programs:
|
||||||
|
|||||||
Reference in New Issue
Block a user