== The impact on middleware of expanding APIs with Go's interface smuggling Recently, the Go blog had [[Keeping your Modules Compatible https://blog.golang.org/module-compatibility]] which is about doing exactly that as you add features and want to expand your module's API. When the module's API involves interfaces, one of the approaches they suggested is what I've called [[interface smuggling GoInterfaceSmuggling]] and what other people have called *interface upgrades*. Let me quote the article: > When you run into a case where you want to add a method to an existing > interface, you may be able to follow this strategy. Start by creating > a new interface with your new method, or identify an existing > interface with the new method. Next, identify the relevant functions > that need to support it, type check for the second interface, and add > code that uses it. This is a quite popular approach, one used by many packages in Go's standard library and third party packages. However, it has a dark side, and that is its unfortunate effects on middleware. The problem for middleware is best illustrated by the most common sort of middleware, which is things that interpose in the chain of HTTP handlers to modify the results. Much middleware wants to look at or act on some aspect of the HTTP reply, for example [[to gather metrics based on the result code GoPrometheusMetricLabels]], which means that it must modify and proxy the [[_http.ResponseWriter_ https://golang.org/pkg/net/http/#ResponseWriter]] passed to child [[_http.Handler_ https://golang.org/pkg/net/http/#Handler]]s. Over time the [[_http_ package https://golang.org/pkg/net/http/]] has acquired a whole collection of smuggled interfaces on ResponseWriters, such as [[_http.CloseNotifier_ https://golang.org/pkg/net/http/#CloseNotifier]] (which is deprecated), [[_http.Flusher_ https://golang.org/pkg/net/http/#Flusher]], [[_http.Hijacker_ https://golang.org/pkg/net/http/#Hijacker]], and [[_http.Pusher_ https://golang.org/pkg/net/http/#Pusher]]. In the future there will probably be more. (In addition, the ResponseWriter may or may not support [[_io.ReaderFrom_ https://golang.org/pkg/io/#ReaderFrom]].) If you're a piece of middleware, the ResponseWriter you're passed may support some, many, or all of these additional APIs. However, Go provides you no good way to pass this support through your proxy ResponseWriter that you're going to pass to children Handlers. The Prometheus people try hard to do it anyway, and [[the result is rather messy https://github.com/prometheus/client_golang/blob/master/prometheus/promhttp/delegator.go]] and involves a combinatorial explosion of the possible combinations of APIs. As the case of io.ReaderFrom shows, these additional APIs don't even necessarily come from the [[_http_ package]]. A smuggled interface from anywhere may need to be supported. One answer to this is that you just don't support these additional APIs in your middleware, or you only support a few of them. The problem with this is that the ResponseWriter and the client code that people are trying to use your middleware with well have been developed, tested, and normally used in an environment where these expanded APIs are used, not cut off. As we all know, if you don't test it it doesn't work. Your middleware may be the first code to try to pass the next hop a ResponseWriter with a genuinely narrow API, because such narrow APIs may mostly come from middleware. And of course if there are any bugs in the result, people will blame your middleware. None of this is insurmountable. But beyond the problems and the hassles, it means that expanding your API with interface smuggling is decidedly not transparent if people use middleware with it. And as a practical matter, some amount of the time your new API will not be usable until middleware is expanded to cope with it (if it ever is). Another problem is that this expansion of middleware to cope with your new API can't happen until your new API itself is pervasive. Go currently provides no support for conditional building based on the version of other packages or the state of their API, so middleware can't include any use of your new API interfaces until it doesn't have to build against versions of your package that predate them. (People can work around this for HTTP middleware because they can make files build only on specific minimum versions of Go. Your package doesn't have this magical power; it's something available only for new APIs in the Go standard library.) Because nothing is new under the sun, this problem was noticed back in 2014's [[Interface Upgrades in Go https://avtok.com/2014/11/05/interface-upgrades.html]], which is one of the earliest places to call this pattern an 'interface upgrade'. The article notes the proxy problem and ends with a call to use interface upgrades sparingly. This is good advice in my opinion, but is very much at odds with the idea of routinely using interface upgrades to expand your API. ([[Via https://old.reddit.com/r/golang/comments/hoehhv/interface_smuggling_a_go_design_pattern_for/]].)