middleware

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2024 License: GPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	HealthCheckTTL = 5 * time.Minute  // 5 minutes for health checks
	DefaultTTL     = 30 * time.Second // 30 seconds default for other endpoints
)

Variables

View Source
var (
	ErrTokenMissing  = errors.New("CSRF token missing")
	ErrTokenMismatch = errors.New("CSRF token mismatch")
)

Functions

func CSRF

func CSRF(config *CSRFConfig) gin.HandlerFunc

CSRF returns a middleware that provides CSRF protection

func Logger

func Logger() gin.HandlerFunc

Logger returns a gin middleware for logging HTTP requests with zerolog

func Secure

func Secure(config *SecureConfig) gin.HandlerFunc

Secure returns a middleware that adds security headers

func SetupCORS

func SetupCORS() gin.HandlerFunc

SetupCORS returns the CORS middleware configuration

Types

type AuthMiddleware

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

func NewAuthMiddleware

func NewAuthMiddleware(cache cache.Store) *AuthMiddleware

func (*AuthMiddleware) OptionalAuth

func (m *AuthMiddleware) OptionalAuth() gin.HandlerFunc

OptionalAuth middleware checks for authentication but doesn't require it

func (*AuthMiddleware) RequireAuth

func (m *AuthMiddleware) RequireAuth() gin.HandlerFunc

RequireAuth middleware checks for valid authentication

type CSRFConfig

type CSRFConfig struct {
	// Secure indicates if the cookie should be sent only over HTTPS
	Secure bool
	// Cookie path
	Path string
	// Cookie domain
	Domain string
	// Cookie max age in seconds
	MaxAge int
	// If true, cookie is not accessible via JavaScript
	HttpOnly bool
	// Methods that don't require CSRF validation
	ExemptMethods []string
	// Paths that don't require CSRF validation
	ExemptPaths []string
}

CSRFConfig holds configuration for CSRF protection

func DefaultCSRFConfig

func DefaultCSRFConfig() *CSRFConfig

DefaultCSRFConfig returns the default CSRF configuration

type CacheMiddleware

type CacheMiddleware struct {
	// contains filtered or unexported fields
}

func NewCacheMiddleware

func NewCacheMiddleware(store cache.Store) *CacheMiddleware

func (*CacheMiddleware) Cache

func (m *CacheMiddleware) Cache() gin.HandlerFunc

type CachedResponse

type CachedResponse struct {
	Status      int               `json:"status"`
	Body        []byte            `json:"body"`
	ContentType string            `json:"content_type"`
	Headers     map[string]string `json:"headers"`
}

type RateLimiter

type RateLimiter struct {
	// contains filtered or unexported fields
}

func NewRateLimiter

func NewRateLimiter(store cache.Store, window time.Duration, limit int, keyPrefix string) *RateLimiter

NewRateLimiter creates a new rate limiter with the specified configuration

func (*RateLimiter) RateLimit

func (rl *RateLimiter) RateLimit() gin.HandlerFunc

RateLimit returns a Gin middleware function that implements rate limiting

type SecureConfig

type SecureConfig struct {
	CSPEnabled            bool
	CSPDefaultSrc         []string
	CSPScriptSrc          []string
	CSPStyleSrc           []string
	CSPImgSrc             []string
	CSPConnectSrc         []string
	CSPFontSrc            []string
	CSPObjectSrc          []string
	CSPMediaSrc           []string
	CSPFrameSrc           []string
	CSPWorkerSrc          []string
	CSPManifestSrc        []string
	HSTSEnabled           bool
	HSTSMaxAge            int
	HSTSIncludeSubdomains bool
	HSTSPreload           bool
	FrameGuardEnabled     bool
	FrameGuardAction      string // DENY, SAMEORIGIN
	ContentTypeNosniff    bool
	XSSProtection         bool
	XSSProtectionMode     string // "0", "1", "1; mode=block"
	ReferrerPolicy        string
}

SecureConfig holds configuration for secure headers

func DefaultSecureConfig

func DefaultSecureConfig() *SecureConfig

DefaultSecureConfig returns the default secure configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL