personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eec4007f30233f7860ad483d47884c0b9cc10518
leo-claude-mktplace/plugins/saas-api-platform/commands/api-middleware.md
lmiranda 2d51df7a42 feat(marketplace): command consolidation + 8 new plugins (v8.1.0 → v9.0.0) [BREAKING] 
Phase 1b: Rename all ~94 commands across 12 plugins to /<noun> <action>
sub-command pattern. Git-flow consolidated from 8→5 commands (commit
variants absorbed into --push/--merge/--sync flags). Dispatch files,
name: frontmatter, and cross-reference updates for all plugins.

Phase 2: Design documents for 8 new plugins in docs/designs/.

Phase 3: Scaffold 8 new plugins — saas-api-platform, saas-db-migrate,
saas-react-platform, saas-test-pilot, data-seed, ops-release-manager,
ops-deploy-pipeline, debug-mcp. Each with plugin.json, commands, agents,
skills, README, and claude-md-integration. Marketplace grows from 12→20.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 14:52:11 -05:00

4.0 KiB
Raw Blame History

name, description, agent
name description agent
api middleware Add and configure API middleware api-architect

/api middleware - Middleware Manager

Skills to Load

  • skills/middleware-catalog.md
  • skills/framework-detection.md
  • skills/visual-header.md

Visual Output

Display header: API-PLATFORM - Middleware

Usage

/api middleware <action> [<type>] [--options]

Actions:

  • add <type> - Add middleware to the application
  • list - List currently configured middleware
  • remove <type> - Remove middleware configuration

Middleware Types:

  • auth - Authentication (JWT, OAuth2, API key)
  • cors - Cross-Origin Resource Sharing
  • rate-limit - Rate limiting per client/IP
  • logging - Request/response logging
  • error-handler - Global error handling and formatting
  • validation - Request body/query validation

Process

1. Detect Framework

Read .api-platform.json to determine target framework. Middleware implementation differs significantly between FastAPI and Express.

2. Add Middleware (add action)

Auth Middleware:

  • Ask user for auth type: JWT Bearer, OAuth2, API key header
  • Generate middleware file with token validation logic
  • Add dependency/middleware registration to app
  • Create auth utility functions (decode token, verify permissions)
  • Generate .env.example entries for secrets (JWT_SECRET, etc.)

CORS Middleware:

  • Ask for allowed origins (default: ["*"] for development)
  • Configure allowed methods, headers, credentials
  • Set max_age for preflight caching
  • FastAPI: CORSMiddleware configuration
  • Express: cors package configuration

Rate Limiting:

  • Ask for rate limit strategy: fixed window, sliding window, token bucket
  • Configure limits per endpoint or global (requests/minute)
  • Set burst allowance
  • Configure response headers (X-RateLimit-Limit, X-RateLimit-Remaining)
  • FastAPI: slowapi or custom middleware
  • Express: express-rate-limit package

Logging:

  • Configure log format (JSON structured, Apache combined, custom)
  • Set log levels per environment (debug for dev, info for prod)
  • Include request ID generation and propagation
  • Configure sensitive field masking (Authorization header, passwords)
  • FastAPI: custom middleware with structlog or logging
  • Express: morgan or pino-http

Error Handler:

  • Global exception/error handler with consistent response format
  • Map framework exceptions to HTTP status codes
  • Include request ID in error responses
  • Mask internal details in production mode
  • Log full stack traces server-side

Validation:

  • Request body validation using framework-native tools
  • Query parameter validation and type coercion
  • Custom validation error response format

3. List Middleware (list action)

Scan app configuration and display active middleware in execution order.

4. Remove Middleware (remove action)

Remove middleware registration and associated files. Warn about dependencies.

Output Format

+----------------------------------------------------------------------+
|  API-PLATFORM - Middleware                                            |
+----------------------------------------------------------------------+

Action: add
Type: rate-limit
Framework: FastAPI

Files Created/Modified:
  [+] app/middleware/rate_limit.py    (rate limiter implementation)
  [~] app/main.py                    (middleware registered)
  [~] .env.example                   (RATE_LIMIT_PER_MINUTE added)

Configuration:
  Strategy:     Sliding window
  Global Limit: 60 requests/minute
  Burst:        10 additional
  Headers:      X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Dependencies Added:
  slowapi>=0.1.9

Next Steps:
  - pip install slowapi
  - Configure RATE_LIMIT_PER_MINUTE in .env
  - Override per-endpoint limits in route decorators if needed

Important Notes

  • Middleware order matters; auth should run before rate-limiting
  • CORS must be configured before route handlers
  • Error handler should be the outermost middleware
  • Rate limiting should use persistent store (Redis) in production
Reference in New Issue View Git Blame Copy Permalink