M.I.M.I.R - Multi-agent Intelligent Memory & Insight Repository

Overview Schema Related Servers Score Discussions

Mimir
nornicdb
pkg
security

middleware.go•2.58 kB

// Package security provides HTTP middleware for NornicDB security validation. package security import ( "fmt" "net/http" "os" "strings" ) // SecurityMiddleware wraps HTTP handlers with security validations. type SecurityMiddleware struct { isDevelopment bool allowHTTP bool } // NewSecurityMiddleware creates a new security middleware instance. func NewSecurityMiddleware() *SecurityMiddleware { env := strings.ToLower(os.Getenv("NODE_ENV")) if env == "" { env = strings.ToLower(os.Getenv("NORNICDB_ENV")) } isDevelopment := env == "development" || env == "dev" allowHTTP := os.Getenv("NORNICDB_ALLOW_HTTP") == "true" return &SecurityMiddleware{ isDevelopment: isDevelopment, allowHTTP: allowHTTP, } } // ValidateRequest performs comprehensive security validation on incoming requests. func (m *SecurityMiddleware) ValidateRequest(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Validate all header values for injection attacks for name, values := range r.Header { for _, value := range values { if err := ValidateHeaderValue(value); err != nil { http.Error(w, fmt.Sprintf("Invalid header %s: %v", name, err), http.StatusBadRequest) return } } } // Validate Authorization header specifically authHeader := r.Header.Get("Authorization") if authHeader != "" { parts := strings.SplitN(authHeader, " ", 2) if len(parts) == 2 { token := strings.TrimSpace(parts[1]) if err := ValidateToken(token); err != nil { http.Error(w, fmt.Sprintf("Invalid authorization token: %v", err), http.StatusUnauthorized) return } } } // Validate query parameter tokens (for SSE/WebSocket) if tokenParam := r.URL.Query().Get("token"); tokenParam != "" { if err := ValidateToken(tokenParam); err != nil { http.Error(w, fmt.Sprintf("Invalid token parameter: %v", err), http.StatusUnauthorized) return } } // Validate URL parameters urlParams := []string{"callback", "redirect", "redirect_uri", "url", "webhook"} for _, param := range urlParams { if urlValue := r.URL.Query().Get(param); urlValue != "" { if err := ValidateURL(urlValue, m.isDevelopment, m.allowHTTP); err != nil { http.Error(w, fmt.Sprintf("Invalid %s parameter: %v", param, err), http.StatusBadRequest) return } } } next.ServeHTTP(w, r) }) } // Wrap is a convenience method for wrapping individual handlers. func (m *SecurityMiddleware) Wrap(handler http.Handler) http.Handler { return m.ValidateRequest(handler) }

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/orneryd/Mimir'

If you have feedback or need assistance with the MCP directory API, please join our Discord server