Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearSession ¶
func ClearSession(r *safehttp.IncomingRequest)
ClearSession clears the session.
Implementation details: to interact with the interceptor, passes data through the IncomingRequest's context.
func CreateSession ¶
func CreateSession(r *safehttp.IncomingRequest, user string)
CreateSession creates a session.
Implementation details: to interact with the interceptor, passes data through the IncomingRequest's context.
Types ¶
type Interceptor ¶
Interceptor is an auth (access control) interceptor.
It showcases how safehttp.Interceptor could be implement to provide custom security features. See https://pkg.go.dev/github.com/google/go-safeweb/safehttp#hdr-Interceptors.
In order to interact with the interceptor, use functions from this package. E.g. to clear a user session call ClearSession.
func (Interceptor) Before ¶
func (ip Interceptor) Before(w safehttp.ResponseWriter, r *safehttp.IncomingRequest, cfg safehttp.InterceptorConfig) safehttp.Result
Before runs before the request is passed to the handler.
Implementation details: this interceptor uses IncomingRequest's context to store user information that's read from a cookie.
func (Interceptor) Commit ¶
func (ip Interceptor) Commit(w safehttp.ResponseHeadersWriter, r *safehttp.IncomingRequest, resp safehttp.Response, cfg safehttp.InterceptorConfig)
Commit runs after the handler commited to a response.
Implementation details: the interceptor reads IncomingRequest's context to retrieve information about the user and to do what the handler asked it to (through ClearSession or CreateSession).
func (Interceptor) Match ¶
func (Interceptor) Match(cfg safehttp.InterceptorConfig) bool
type Skip ¶
type Skip struct{}
Skip allows to mark an endpoint to skip auth checks.
Its uses would normally be gated by a security review. You can use the https://github.com/google/go-safeweb/blob/master/cmd/bancheck tool to enforce this.
Source Files