middleware

Middleware — Protocol-based, no inheritance required.

A middleware is any callable matching:

async def mw(request: Request, next: Next) -> Response

Built-in middleware: AuthMiddleware -- Dual-mode authentication (session + token) AuthRateLimitMiddleware -- Auth endpoint rate limiting CORSMiddleware -- Cross-Origin Resource Sharing CSRFMiddleware -- CSRF token protection (requires SessionMiddleware) HTMLInject -- Inject snippets into HTML responses SecurityHeadersMiddleware -- X-Frame-Options, X-Content-Type-Options, Referrer-Policy SessionMiddleware -- Signed cookie sessions (requires itsdangerous) StaticFiles -- Serve static files from a directory