Define types and structure for generic middleware creation (#1298)

This is the first step towards generalizing the handling of middleware in the code. This is intended to allow new middleware to be added without altering the runner code or the runconfig schema.

This changes the runconfig to contain a list of generic MiddlewareConfig structs, and modifies the runner to create middleware instances based on this list, assuming a set of factory functions are supplied to the runner.

Right now, this list is never populated, and none of the existing middleware have been converted to use this scheme. This will be done in a future PR.

Author: dmjb

cmd/thv/app/proxy.go

@@ -195,7 +195,7 @@ func proxyCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 
 	// Create middlewares slice for incoming request authentication
-	var middlewares []types.Middleware
+	var middlewares []types.MiddlewareFunction
 
 	// Get OIDC configuration if enabled (for protecting the proxy endpoint)
 	var oidcConfig *auth.TokenValidatorConfig
@@ -514,7 +514,7 @@ func resolveClientSecret() (string, error) {
 }
 
 // createTokenInjectionMiddleware creates a middleware that injects the OAuth token into requests
-func createTokenInjectionMiddleware(tokenSource *oauth2.TokenSource) types.Middleware {
+func createTokenInjectionMiddleware(tokenSource *oauth2.TokenSource) types.MiddlewareFunction {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			token, err := (*tokenSource).Token()

docs/server/docs.go

@@ -8,6 +8,8 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+
+	"github.com/stacklok/toolhive/pkg/transport/types"
 )
 
 // Config represents the audit logging configuration.
@@ -103,7 +105,7 @@ func (c *Config) ShouldAuditEvent(eventType string) bool {
 }
 
 // CreateMiddleware creates an HTTP middleware from the audit configuration.
-func (c *Config) CreateMiddleware() (func(http.Handler) http.Handler, error) {
+func (c *Config) CreateMiddleware() (types.MiddlewareFunction, error) {
 	auditor, err := NewAuditor(c)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create auditor: %w", err)

docs/server/swagger.json

@@ -10,6 +10,8 @@ import (
 	"strings"
 
 	"sigs.k8s.io/yaml"
+
+	"github.com/stacklok/toolhive/pkg/transport/types"
 )
 
 // ConfigType represents the type of authorization configuration.
@@ -117,7 +119,7 @@ func (c *Config) Validate() error {
 }
 
 // CreateMiddleware creates an HTTP middleware from the configuration.
-func (c *Config) CreateMiddleware() (func(http.Handler) http.Handler, error) {
+func (c *Config) CreateMiddleware() (types.MiddlewareFunction, error) {
 	// Create the appropriate middleware based on the configuration type
 	switch c.Type {
 	case ConfigTypeCedarV1:

docs/server/swagger.yaml

@@ -32,7 +32,7 @@ var errBug = errors.New("there's a bug")
 // This middleware is designed to be used ONLY when tool filtering is enabled,
 // and expects the list of tools to be "correct" (i.e. not empty and not
 // containing nonexisting tools).
-func NewToolFilterMiddleware(filterTools []string) (types.Middleware, error) {
+func NewToolFilterMiddleware(filterTools []string) (types.MiddlewareFunction, error) {
 	if len(filterTools) == 0 {
 		return nil, fmt.Errorf("tools list for filtering is empty")
 	}
@@ -73,7 +73,7 @@ func NewToolFilterMiddleware(filterTools []string) (types.Middleware, error) {
 // This middleware is designed to be used ONLY when tool filtering is enabled,
 // and expects the list of tools to be "correct" (i.e. not empty and not
 // containing nonexisting tools).
-func NewToolCallFilterMiddleware(filterTools []string) (types.Middleware, error) {
+func NewToolCallFilterMiddleware(filterTools []string) (types.MiddlewareFunction, error) {
 	if len(filterTools) == 0 {
 		return nil, fmt.Errorf("tools list for filtering is empty")
 	}

pkg/audit/config.go

@@ -128,6 +128,10 @@ type RunConfig struct {
 
 	// IgnoreConfig contains configuration for ignore processing
 	IgnoreConfig *ignore.Config `json:"ignore_config,omitempty" yaml:"ignore_config,omitempty"`
+
+	// MiddlewareConfigs contains the list of middleware to apply to the transport
+	// and the configuration for each middleware.
+	MiddlewareConfigs []types.MiddlewareConfig `json:"middleware_configs,omitempty" yaml:"middleware_configs,omitempty"`
 }
 
 // WriteJSON serializes the RunConfig to JSON and writes it to the provided writer
@@ -167,6 +171,12 @@ func (c *RunConfig) WithAudit(config *audit.Config) *RunConfig {
 	return c
 }
 
+// WithMiddlewareConfig adds middleware configuration to the RunConfig
+func (c *RunConfig) WithMiddlewareConfig(middlewareConfig []types.MiddlewareConfig) *RunConfig {
+	c.MiddlewareConfigs = middlewareConfig
+	return c
+}
+
 // WithTransport parses and sets the transport type
 func (c *RunConfig) WithTransport(t string) (*RunConfig, error) {
 	transportType, err := types.ParseTransportType(t)

pkg/authz/config.go

@@ -58,6 +58,12 @@ func (b *RunConfigBuilder) WithName(name string) *RunConfigBuilder {
 	return b
 }
 
+// WithMiddlewareConfig sets the middleware configuration
+func (b *RunConfigBuilder) WithMiddlewareConfig(middlewareConfig []types.MiddlewareConfig) *RunConfigBuilder {
+	b.config.MiddlewareConfigs = middlewareConfig
+	return b
+}
+
 // WithCmdArgs sets the command arguments
 func (b *RunConfigBuilder) WithCmdArgs(args []string) *RunConfigBuilder {
 	b.config.CmdArgs = args

pkg/mcp/tool_filter.go

@@ -29,6 +29,9 @@ type Runner struct {
 
 	// telemetryProvider is the OpenTelemetry provider for cleanup
 	telemetryProvider *telemetry.Provider
+
+	// supportedMiddleware is a map of supported middleware types to their factory functions.
+	supportedMiddleware map[string]types.MiddlewareFactory
 }
 
 // NewRunner creates a new Runner with the provided configuration
@@ -53,6 +56,29 @@ func (r *Runner) Run(ctx context.Context) error {
 		Debug:      r.Config.Debug,
 	}
 
+	// Create middleware from the MiddlewareConfigs instances in the RunConfig.
+	for _, middlewareConfig := range r.Config.MiddlewareConfigs {
+		// First, get the correct factory function for the middleware type.
+		factory, ok := r.supportedMiddleware[middlewareConfig.Type]
+		if !ok {
+			return fmt.Errorf("unsupported middleware type: %s", middlewareConfig.Type)
+		}
+
+		// Create the middleware instance using the factory function.
+		middleware, err := factory(&middlewareConfig)
+		if err != nil {
+			return fmt.Errorf("failed to create middleware of type %s: %v", middlewareConfig.Type, err)
+		}
+
+		// Ensure middleware is cleaned up on shutdown.
+		defer func() {
+			if err := middleware.Close(); err != nil {
+				logger.Warnf("Failed to close middleware of type %s: %v", middlewareConfig.Type, err)
+			}
+		}()
+		transportConfig.Middlewares = append(transportConfig.Middlewares, middleware.Handler())
+	}
+
 	if len(r.Config.ToolsFilter) > 0 {
 		toolsFilterMiddleware, err := mcp.NewToolFilterMiddleware(r.Config.ToolsFilter)
 		if err != nil {