ワンクリックで
horse-security-auth
Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Guidelines and workflows for developing and maintaining regular expressions and optional parameter routing features in the Horse framework.
Guidelines for registering, executing, and optimizing native high-precision telemetry hooks (AddOnTelemetry) in the Horse Web Framework.
Guidelines for instantiating and configuring independent Horse server instances (THorseInstance) running concurrently on different ports.
Guide for setting up thread-safe database connection pooling (FireDAC / UniDAC) in multithreaded Horse applications.
Guide for managing request-scoped contextual services and IoC (dependency injection) in Delphi and Lazarus.
Guide to using standard Horse middlewares (CORS, Jhonson, compression, basic-auth, logger) and pipeline registration order.
| name | horse-security-auth |
| description | Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups. |
Always separate public endpoints (e.g., authentication, login, system health) from protected ones. Use THorse.Group to configure middleware layers specifically for protected routes without affecting public endpoints:
begin
// Global Middlewares (CORS, Johnson, etc.)
THorse.Use(CORS).Use(Jhonson);
// 1. Public Routes
THorse.Post('/login', DoLoginHandler);
THorse.Get('/health', GetHealthHandler);
// 2. Protected Routes (Using a Group with JWT Middleware)
THorse.Group.Prefix('/api/v1')
.Use(HorseJWT('my_secret_key')) // Authenticates all routes within this group
.Get('/customers', GetCustomersHandler)
.Get('/orders', GetOrdersHandler);
THorse.Listen(9000);
end;
The official JWT middleware is horse-jwt.
Once HorseJWT authenticates the request, it decodes the payload and stores it in the Session property of THorseRequest. You can retrieve claims using the Session dictionary:
procedure GetProfileHandler(Req: THorseRequest; Res: THorseResponse; Next: TProc);
var
LClaims: TJWTClaims; // Or TJSONObject depending on the horse-jwt version used
LUserId: string;
begin
// Example of pulling JWT claims
LUserId := Req.Session<TJSONObject>.GetValue<string>('sub');
Res.Send(Format('Hello, User %s!', [LUserId]));
end;
For quick, credential-based authentication, use the official horse-basic-auth middleware:
uses Horse.BasicAuth;
begin
// Protect all API routes with Basic-Auth
THorse.Group.Prefix('/api')
.Use(HorseBasicAuth(
function(AUsername, APassword: string): Boolean
begin
// Replace with secure database/credential lookup
Result := (AUsername = 'admin') and (APassword = 'secret123');
end
))
.Get('/secrets', GetSecretsHandler);
end;
GetEnvironmentVariable('JWT_SECRET_KEY')).exp claim) on issued JWTs and implement a refresh token pattern for long-running client sessions.