[cperciva]

have the handlers of all endpoints inherit from a base class that performs the check automatically

I disagree. Much better to have a single endpoint which does nothing except validate opaque requests and passes them upstream. No good ever comes from having crypto code mixed up with non-crypto code.

[tptacek]

I'm not talking about crypto --- really, it was an offhand comment about what real advice about structuring code for security looks like, compared to "validate inputs so you don't have XSS" --- and whatever you're proposing is probably something I'd agree with.