httpmiddleware

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package httpmiddleware contains middleware for REST API's built with Gorilla web toolkit (router) and OpenCensus (telemetry).

The package is using on "github.com/gorilla/mux" "go.opencensus.io/trace"

Examples

An example including creating a router, adding a route and security as well as all middleware. 

router := mux.NewRouter()

const pathToCreateCompanyUser = "/companies/{companyID:[a-zA-Z0-9-]+}/users"
router.
    HandleFunc(pathToCreateUser, http_middleware.ContentType(
        server.createCompanyUserHandler, http_model.MimeJSON,
    )).
    Methods(http.MethodPost)

router.
    HandleFunc(pathToCreateUser, http_middleware.Options(
        []string{http.MethodPost},
        []string{http_model.HeaderContentType},
    )).
    Methods(http.MethodOptions)

http_middleware.
    HandleSecureEndpoint(pathToCreateCompanyUser).
    Methods(http.MethodPost).
    AccessToken().
    Authorize(ActionIAMCreateUser, http_middleware.NilResourceFunc).
    Authorize(ActionIAMInviteUser, companyOriginFromPathFunc)

router.Use(
    // Middleware is run from top to bottom, order is important
    http_middleware.TrailingSlashMiddleware,
    http_middleware.CorsMiddleware,
    http_middleware.OpenCensusMiddleware,
    http_middleware.AuthenticateMiddleware("<jwkeyset_url>"),
    http_middleware.AuthorizeMiddleware(authorizerClient),
)

Index

Constants

View Source 
const (
	HeaderAuthorization = "Authorization"
)

Variables

View Source 
var NilResourceFunc = func(req *http.Request) (*common.Origin, error) {
	return nil, nil
}

NilResourceFunc represents the Zero Value ResourceFunc.

Functions

func AuthenticateMiddleware 

func AuthenticateMiddleware(users Users, keySetURL string) mux.MiddlewareFunc

AuthenticateMiddleware retrieves the security configuration for the matched route and handles Access Token validation and stores the token claims in the request context.

func AuthorizeMiddleware 

func AuthorizeMiddleware(authorizer Authorizer) mux.MiddlewareFunc

AuthorizeMiddleware retrieves the security configuration for the matched route and handles the configured authorizations.

func ContentType added in v1.8.5 

func ContentType(next http.HandlerFunc, contentTypes ...string) http.HandlerFunc

ContentType wraps a HandlerFunc and checks the incoming content-type with a list of allowed content types.

func CorsMiddleware 

func CorsMiddleware(next http.Handler) http.Handler

CorsMiddleware adds CORS headers to requests. Shouldn't be use, instead use the combination of helper functions below.

func CorsMiddlewareV2 added in v1.8.5 

func CorsMiddlewareV2(next http.Handler) http.Handler

CorsMiddleware adds CORS Origin header to responses.

func ExtractUserIDFromContext 

func ExtractUserIDFromContext(ctx context.Context) (_ string, err error)

ExtractUserIDFromContext extracts User ID from a context.

func OpenCensusMiddleware 

func OpenCensusMiddleware(next http.Handler) http.Handler

OpenCensusMiddleware adds request method and path template as span name.

func Options added in v1.8.5 

func Options(methods, headers []string) http.HandlerFunc

Options takes a list of methods and headers and returns an Options HandlerFunc

func Recovery 

func Recovery(next http.Handler) http.Handler

func TrailingSlashMiddleware 

func TrailingSlashMiddleware(next http.Handler) http.Handler

TrailingSlashMiddleware removes trailing slash from URL's

Types

type Authorizer 

type Authorizer interface {
	IsAuthorizedWithContext(ctx context.Context, userID, action string, resource *common.Origin) (bool, error)
}

type ResourceFunc 

type ResourceFunc func(*http.Request) (*common.Origin, error)

ResourceFunc takes a *http.Request and returns the resource to use for authorization.

type SecurityConfig 

type SecurityConfig struct {
	// contains filtered or unexported fields
}

SecurityConfig represents how to authenticate and authorize a given endpoint and method.

func HandleSecureEndpoint 

func HandleSecureEndpoint(endpoint string) *SecurityConfig

HandleSecureEndpoint creates a new SecurityConfig for the specified endpoint.

func (*SecurityConfig) AccessToken 

func (s *SecurityConfig) AccessToken(headers ...string) *SecurityConfig

AccessToken adds Access Token as a mean for Authentication to the SecurityConfig. The header defaults to "Authorization".

func (*SecurityConfig) Authorize 

func (s *SecurityConfig) Authorize(action string, resourceFunc ResourceFunc) *SecurityConfig

Authorize adds an Authorization Configuration to the SecurityConfig.

func (*SecurityConfig) Methods 

func (s *SecurityConfig) Methods(methods ...string) *SecurityConfig

Methods adds methods to the SecurityConfig.

type UserIDContextKey added in v1.8.4 

type UserIDContextKey struct{}

type Users 

type Users interface {
	GetUserIDByEmail(ctx context.Context, email string) (string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.