Modules Overview
Scion provides 11 production-ready, copy-paste Go modules. Each module is self-contained. Modules are standard-library only by default; declared security exceptions are marked in the registry.
Available Modules
| Module | Description | Security Features |
|---|---|---|
| Auth | JWT email/password auth + bcrypt | Rate limiting, user enumeration prevention, JTI |
| CRUD | Generic CRUD with pagination | Sort/filter whitelist, SQL injection prevention |
| Middleware | Recovery, CORS, logging, timeout | CRLF injection prevention, body size limit |
| RBAC | Role-based access control | Wildcard permissions, cycle detection |
| Rate Limit | Fixed/sliding window, token bucket | Memory exhaustion protection, LRU eviction |
| Validation | Chainable request validation | Regex DoS prevention, null byte rejection |
| File Upload | Secure file upload handler | Magic bytes validation, path traversal prevention |
| Health | Liveness/readiness probes | SSRF protection, CRLF injection prevention |
| Cache | TTL + LRU in-memory cache | Background cleanup, max entries limit |
| Pagination | Offset/cursor pagination | Cursor base64 validation, max limit enforcement |
| SMTP email with templates | Header injection prevention, XSS escaping |
Quick Copy
bash
# Copy a module into your project
cp -r registry/<module>/src/go/* yourproject/internal/<module>/Module Structure
Each module follows this structure:
registry/<module>/
├── src/go/
│ ├── go.mod # module <name>, go 1.22
│ ├── config.go # Options struct, Defaults(), FromEnv()
│ ├── handler.go # HTTP handlers
│ ├── <core>.go # Core logic
│ ├── <core>_test.go # Functional tests
│ └── pentest_test.go # Penetration test cases
├── README.md # Human-readable adaptation guide
└── __llms__.md # AI-readable summary (~150 tokens)Testing
Every module includes functional tests and penetration test cases:
bash
cd registry/<module>/src/go
go test -v ./...Dependencies
Modules use only the Go standard library by default. Declared exceptions, such as auth, copy their own go.mod in standalone mode.