원클릭으로
horse-security-auth
Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Guidelines and workflows for developing and maintaining regular expressions and optional parameter routing features in the Horse framework.
Guidelines for registering, executing, and optimizing native high-precision telemetry hooks (AddOnTelemetry) in the Horse Web Framework.
Guidelines for instantiating and configuring independent Horse server instances (THorseInstance) running concurrently on different ports.
Guide for setting up thread-safe database connection pooling (FireDAC / UniDAC) in multithreaded Horse applications.
Guide for managing request-scoped contextual services and IoC (dependency injection) in Delphi and Lazarus.
Guide to using standard Horse middlewares (CORS, Jhonson, compression, basic-auth, logger) and pipeline registration order.
| name | horse-security-auth |
| description | Guide for securing routes, configuring JWT and Basic-Auth middlewares, and handling route authentication groups. |
Always separate public endpoints (e.g., authentication, login, system health) from protected ones. Use THorse.Group to configure middleware layers specifically for protected routes without affecting public endpoints:
begin
// Global Middlewares (CORS, Johnson, etc.)
THorse.Use(CORS).Use(Jhonson);
// 1. Public Routes
THorse.Post('/login', DoLoginHandler);
THorse.Get('/health', GetHealthHandler);
// 2. Protected Routes (Using a Group with JWT Middleware)
THorse.Group.Prefix('/api/v1')
.Use(HorseJWT('my_secret_key')) // Authenticates all routes within this group
.Get('/customers', GetCustomersHandler)
.Get('/orders', GetOrdersHandler);
THorse.Listen(9000);
end;
The official JWT middleware is horse-jwt.
Once HorseJWT authenticates the request, it decodes the payload and stores it in the Session property of THorseRequest. You can retrieve claims using the Session dictionary:
procedure GetProfileHandler(Req: THorseRequest; Res: THorseResponse; Next: TProc);
var
LClaims: TJWTClaims; // Or TJSONObject depending on the horse-jwt version used
LUserId: string;
begin
// Example of pulling JWT claims
LUserId := Req.Session<TJSONObject>.GetValue<string>('sub');
Res.Send(Format('Hello, User %s!', [LUserId]));
end;
For quick, credential-based authentication, use the official horse-basic-auth middleware:
uses Horse.BasicAuth;
begin
// Protect all API routes with Basic-Auth
THorse.Group.Prefix('/api')
.Use(HorseBasicAuth(
function(AUsername, APassword: string): Boolean
begin
// Replace with secure database/credential lookup
Result := (AUsername = 'admin') and (APassword = 'secret123');
end
))
.Get('/secrets', GetSecretsHandler);
end;
GetEnvironmentVariable('JWT_SECRET_KEY')).exp claim) on issued JWTs and implement a refresh token pattern for long-running client sessions.