gonest
Request Pipeline

Guards

Boolean access control before the handler runs

A Guard decides whether a request is allowed to proceed. Build one with gonest.NewGuard(func(guard *gonest.Guard) {...}).

var AuthGuard = gonest.NewGuard(func(guard *gonest.Guard) {
  guard.Handler(func(ctx *gonest.RestContext) bool {
    return ctx.Header("Authorization") != ""
  })
})
  • Returning false produces an automatic 403 Forbidden — no Interceptor or Handler runs.
  • Panicking with an Exception inside a guard produces that exception's own response instead of a generic 403.
  • Multiple guards are evaluated in registration order and short-circuit on the first false.

Applying a guard

var UserController = gonest.NewController(func(controller *gonest.Controller) {
  controller.Guards(AuthGuard)
})

Guards are controller-scoped only — there is no Module.Guards. They also have no MustInject support inside the builder: a single guard can be attached across many controllers/modules, so there's no single "owner" to resolve dependencies against.

Try it

A live "Try it" panel demonstrating a 403 from a guarded route lands here once the hosted demo is deployed (see .specs/features/docs-site/tasks.md T47-T49).

Next steps

On this page