middleware

package
v0.0.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2022 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package middleware provides helpful functions that implement some common functionalities in http servers. A middleware is a function that returns a http.HandlerFunc

Example (All) 
package main

import (
	"io"
	"net/http"
	"os"

	"github.com/komuw/ong/log"
	"github.com/komuw/ong/middleware"
)

func main() {
	l := log.New(os.Stdout, 100)
	opts := middleware.WithOpts("example.com", 443, "secretKey", l)

	myHandler := func(w http.ResponseWriter, _ *http.Request) {
		_, _ = io.WriteString(w, "Hello from a HandleFunc \n")
	}

	handler := middleware.All(myHandler, opts)

	http.HandleFunc("/", handler)
	err := http.ListenAndServe(":8080", nil)
	if err != nil {
		panic(err)
	}
}

Output:
Example (Get) 
package main

import (
	"fmt"
	"net/http"
	"os"

	"github.com/komuw/ong/log"
	"github.com/komuw/ong/middleware"
)

func loginHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		cspNonce := middleware.GetCspNonce(r.Context())
		_ = cspNonce

		_, _ = fmt.Fprint(w, "welcome to your favorite website.")
	}
}

func main() {
	l := log.New(os.Stdout, 100)
	opts := middleware.WithOpts("example.com", 443, "secretKey", l)
	handler := middleware.Get(loginHandler(), opts)
	_ = handler // use handler

}

Output:
Example (GetCspNonce) 
package main

import (
	"fmt"
	"net/http"

	"github.com/komuw/ong/middleware"
)

func loginHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		cspNonce := middleware.GetCspNonce(r.Context())
		_ = cspNonce

		_, _ = fmt.Fprint(w, "welcome to your favorite website.")
	}
}

func main() {
	handler := middleware.SecurityHeaders(loginHandler(), "example.com")
	_ = handler // use handler

}

Output:
Example (GetCsrfToken) 
package main

import (
	"fmt"
	"net/http"

	"github.com/komuw/ong/middleware"
)

func welcomeHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		csrfToken := middleware.GetCsrfToken(r.Context())
		_ = csrfToken

		_, _ = fmt.Fprint(w, "welcome.")
	}
}

func main() {
	handler := middleware.Csrf(welcomeHandler(), "some-secret-key", "example.com")
	_ = handler // use handler

}

Output:

Index

Examples

Constants

View Source 
const (
	// CsrfTokenFormName is the name of the html form name attribute for csrf token.
	CsrfTokenFormName = "csrftoken" // named after what django uses.
	// CsrfHeader is the name of the http header that Ong uses to store csrf token.
	CsrfHeader = "X-Csrf-Token" // named after what fiber uses.

)

Variables

This section is empty.

Functions

func All 

func All(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

All is a middleware that allows all http methods.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func BasicAuth 

func BasicAuth(wrappedHandler http.HandlerFunc, user, passwd string) http.HandlerFunc

BasicAuth is a middleware that protects wrappedHandler using basic authentication.

func Cors 

func Cors(
	wrappedHandler http.HandlerFunc,
	allowedOrigins []string,
	allowedMethods []string,
	allowedHeaders []string,
) http.HandlerFunc

Cors is a middleware to implement Cross-Origin Resource Sharing support.

If allowedOrigins is nil, all origins are allowed. You can also use * to allow all. If allowedMethods is nil, "GET", "POST", "HEAD" are allowed. Use * to allow all. If allowedHeaders is nil, "Origin", "Accept", "Content-Type", "X-Requested-With" are allowed. Use * to allow all.

func Csrf 

func Csrf(wrappedHandler http.HandlerFunc, secretKey, domain string) http.HandlerFunc

Csrf is a middleware that provides protection against Cross Site Request Forgeries.

If a csrf token is not provided(or is not valid), when it ought to have been; this middleware will issue a http GET redirect to the same url.

func Delete 

func Delete(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

Delete is a middleware that only allows http DELETE requests and http OPTIONS requests.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func Get 

func Get(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

Get is a middleware that only allows http GET requests and http OPTIONS requests.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func GetCspNonce 

func GetCspNonce(c context.Context) string

GetCspNonce returns the Content-Security-Policy nonce that was set for the http request in question.

func GetCsrfToken 

func GetCsrfToken(c context.Context) string

GetCsrfToken returns the csrf token that was set for the http request in question.

func Gzip 

func Gzip(wrappedHandler http.HandlerFunc) http.HandlerFunc

Gzip is a middleware that transparently gzips the http response body, for clients that support it. 

func Head(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

Head is a middleware that only allows http HEAD requests and http OPTIONS requests.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func HttpsRedirector 

func HttpsRedirector(wrappedHandler http.HandlerFunc, httpsPort uint16, domain string) http.HandlerFunc

HttpsRedirector is a middleware that redirects http requests to https.

domain is the domain name of your website. httpsPort is the tls port where http requests will be redirected to.

func LoadShedder 

func LoadShedder(wrappedHandler http.HandlerFunc) http.HandlerFunc

LoadShedder is a middleware that sheds load based on http response latencies.

func Log 

func Log(wrappedHandler http.HandlerFunc, domain string, l log.Logger) http.HandlerFunc

Log is a middleware that logs http requests and responses using log.Logger.

func Panic 

func Panic(wrappedHandler http.HandlerFunc, l log.Logger) http.HandlerFunc

Panic is a middleware that recovers from panics in wrappedHandler. When/if a panic occurs, it logs the stack trace and returns an InternalServerError response.

func Post 

func Post(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

Post is a middleware that only allows http POST requests and http OPTIONS requests.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func Put 

func Put(wrappedHandler http.HandlerFunc, o Opts) http.HandlerFunc

Put is a middleware that only allows http PUT requests and http OPTIONS requests.

It is composed of the Panic, Log, RateLimiter, LoadShedder, HttpsRedirector, SecurityHeaders, Cors, Session & Csrf middleware. As such, it provides the features and functionalities of all those middlewares.

func RateLimiter 

func RateLimiter(wrappedHandler http.HandlerFunc) http.HandlerFunc

RateLimiter is a middleware that limits requests by IP address.

func SecurityHeaders added in v0.0.14 

func SecurityHeaders(wrappedHandler http.HandlerFunc, domain string) http.HandlerFunc

SecurityHeaders is a middleware that adds some important HTTP security headers and assigns them sensible default values.

Some of the headers set are Permissions-Policy, Content-SecurityHeaders-Policy, X-Content-Type-Options, X-Frame-Options, Cross-Origin-Resource-Policy, Cross-Origin-Opener-Policy, Referrer-Policy & Strict-Transport-SecurityHeaders

func Session added in v0.0.16 

func Session(wrappedHandler http.HandlerFunc, secretKey, domain string) http.HandlerFunc

Session is a middleware that implements http sessions. It lets you store and retrieve arbitrary data on a per-site-visitor basis.

This middleware works best when used together with the sess package.

Types

type Opts 

type Opts struct {
	// contains filtered or unexported fields
}

Opts are the various parameters(optionals) that can be used to configure middlewares.

Use either New or WithOpts to get a valid Opts.

func New added in v0.0.14 

func New(
	domain string,
	httpsPort uint16,
	allowedOrigins []string,
	allowedMethods []string,
	allowedHeaders []string,
	secretKey string,
	l log.Logger,
) Opts

New returns a new Opts.

domain is the domain name of your website. httpsPort is the tls port where http requests will be redirected to. allowedOrigins, allowedMethods, & allowedHeaders are used by the Cors middleware.

The secretKey should be kept secret and should not be shared. If it becomes compromised, generate a new one and restart your application using the new one.

func WithOpts 

func WithOpts(domain string, httpsPort uint16, secretKey string, l log.Logger) Opts

WithOpts returns a new Opts that has sensible defaults.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.