Request Pipeline
Guards
Boolean access control before the handler runs
A Guard decides whether a request is allowed to proceed. Build one with
gonest.NewGuard(func(guard *gonest.Guard) {...}).
var AuthGuard = gonest.NewGuard(func(guard *gonest.Guard) {
guard.Handler(func(ctx *gonest.RestContext) bool {
return ctx.Header("Authorization") != ""
})
})- Returning
falseproduces an automatic 403 Forbidden — no Interceptor or Handler runs. - Panicking with an
Exceptioninside a guard produces that exception's own response instead of a generic 403. - Multiple guards are evaluated in registration order and short-circuit on
the first
false.
Applying a guard
var UserController = gonest.NewController(func(controller *gonest.Controller) {
controller.Guards(AuthGuard)
})Guards are controller-scoped only — there is no Module.Guards. They
also have no MustInject support inside the builder: a single guard can
be attached across many controllers/modules, so there's no single "owner"
to resolve dependencies against.
Try it
A live "Try it" panel demonstrating a 403 from a guarded route lands here
once the hosted demo is deployed (see
.specs/features/docs-site/tasks.md T47-T49).