1. Negotiation
Content type, language, and encoding negotiation per RFC 9110 §12.5. Rate limiting and security headers run here — resource exhaustion is prevented before any processing begins.
ergo — Fast Fail REST APIs
Error or Go — composable middleware that enforces correct REST semantics and secure defaults through structured pipeline stages backed by IETF RFCs and OWASP guidelines.
The Fast Fail Principle
Section titled “The Fast Fail Principle”Every HTTP request passes through four ordered stages. A failure at any stage immediately returns a standards-compliant error response — no downstream work is wasted.
2. Authorization
Bearer/Basic authentication per RFC 6750 / RFC 7617. Unauthorized requests are rejected before body parsing, preventing DoS from large payloads on unauthenticated requests.
3. Validation
JSON Schema body validation, query parameter parsing, and input sanitization. Bounded parsing defaults protect against allocation bombs. Malformed requests fail before execution.
4. Execution
Only valid, authorized, properly-negotiated requests reach your handler. Responses use RFC 9457 Problem Details for errors.
Packages
Section titled “Packages”ergo
The core middleware toolkit. Composable functions for every HTTP concern — body parsing, CORS, CSRF, compression, caching, rate limiting, and more.
ergo-router
REST-compliant router built on find-my-way. Automatic 405+Allow, HEAD,
OPTIONS, and PATCH enforcement. Declarative pipeline builder.