Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MiddlewareBuilder ¶
type MiddlewareBuilder struct {
Config RedirectConfig
}
MiddlewareBuilder is a struct that encapsulates configurations for building a middleware. It is designed for creating middleware in the context of an HTTP server using the mist framework. It manages redirecting requests based on the provided RedirectConfig struct settings. Fields:
- Config: An instantiated object of RedirectConfig struct. It holds configurations related to HTTP redirection settings. It provides security and control for HTTP redirections. This includes enforcing HTTPS redirect rules defined by the HTTP Strict Transport Security (HSTS) policy, and setting Content-Security-Policy (CSP) headers to mitigate Cross-Site Scripting (XSS) and other code injection attacks.
Usage:
- An instance of MiddlewareBuilder can be initialized directly with a RedirectConfig, applied when the middleware is performing redirections.
Example:
- var builder = MiddlewareBuilder{ Config: RedirectConfig{ ... }, }
func InitMiddlewareBuilder ¶ added in v0.0.24
func InitMiddlewareBuilder(config RedirectConfig) *MiddlewareBuilder
InitMiddlewareBuilder initializes a new instance of MiddlewareBuilder with the provided configuration. The RedirectConfig contains the parameters that configure how redirects should be handled. Parameters: - config: an instance of RedirectConfig, which includes the various parameters necessary to configure the MiddlewareBuilder. Returns: - a pointer to the newly created MiddlewareBuilder instance.
func (*MiddlewareBuilder) Build ¶
func (m *MiddlewareBuilder) Build() mist.Middleware
Build is a method of the MiddlewareBuilder struct. It constructs a new middleware function that will be composed into the request handling pipeline of an HTTP server. This middleware will enforce the redirection policies and security headers as defined in the MiddlewareBuilder's RedirectConfig. The returned mist.Middleware is a higher-order function that takes an existing mist.HandleFunc (which represents the next handler in the server's middleware chain) and wraps it with the additional functionality provided by the middleware. Returns:
- A mist.Middleware function ready to be used within an HTTP server setup that uses the mist framework.
Usage:
- The middleware created by this method will:
- Check if the redirection is enabled and if not, simply pass control to the next handler.
- If redirection is enabled, it will enforce HTTPS by checking the request's TLS state and 'X-Forwarded-Proto' header.
- If the request is not already using HTTPS, it will redirect the client to the equivalent HTTPS URL.
- Set the Strict-Transport-Security header according to the RedirectConfig.
- Optionally, set the Content-Security-Policy header if it's configured.
Example:
- builder := MiddlewareBuilder{...}
- middleware := builder.Build()
- http.Handle("/", middleware(originalHandler))
type RedirectConfig ¶
type RedirectConfig struct { Enabled bool HSTSMaxAge int CSP string IncludeSubDomains bool PreloadHSTS bool }
RedirectConfig is a struct that encapsulates configurations for managing HTTP redirections. It is designed to enhance security and control over redirection behavior in web applications, allowing for fine-tuned adjustments to HTTP headers related to security. Fields:
- Enabled: A boolean flag that determines whether redirect functionality is enabled or not. When set to true, redirection rules defined in this configuration will be applied. This allows for enabling or disabling of redirects globally without removing the configured settings.
- HSTSMaxAge: An integer that specifies the duration, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. This is a part of HTTP Strict Transport Security (HSTS) policy, which helps protect against man-in-the-middle attacks by forcing browsers to only use secure connections.
- CSP: A string that represents the Content-Security-Policy header value. This policy helps to prevent a wide range of attacks including Cross-Site Scripting (XSS) and data injection attacks by specifying valid sources of content.
- IncludeSubDomains: A boolean flag that, when set to true, applies the HSTS policy not only to the domain but also to all of its subdomains. This ensures that the entire domain hierarchy is only accessible over HTTPS.
- PreloadHSTS: A boolean flag that indicates whether the domain should be included in the HSTS preload list. Submission to the preload list means that browsers will preload the site's HSTS configuration, forcing HTTPS for the domain before the first visit, without needing to receive the HSTS header via HTTP first.
Usage:
- An instance of RedirectConfig can be initialized directly with desired configurations to control the behavior of HTTP redirections and related security headers in web applications.
Examples:
- var config = RedirectConfig{ Enabled: true, HSTSMaxAge: 31536000, // Set to one year. CSP: "default-src 'self'; script-src 'self' https://apis.example.com", IncludeSubDomains: true, PreloadHSTS: false, // Not preloaded by default. }