Documentation
¶
Index ¶
- Constants
- func BodyDump() echo.MiddlewareFunc
- func CORS(cfg CORSConfig) echo.MiddlewareFunc
- func CSRF(cfg CSRFConfig) echo.MiddlewareFunc
- func GuardsMerchants() echo.MiddlewareFunc
- func GuardsPayment() echo.MiddlewareFunc
- func GuardsUsers() echo.MiddlewareFunc
- func Recover(logger *zerolog.Logger) echo.MiddlewareFunc
- func RequestID() echo.MiddlewareFunc
- func RequestIDFromCtx(ctx context.Context) string
- func ResolveMerchant(c echo.Context) *merchant.Merchant
- func ResolvePayment(c echo.Context) (*payment.Payment, error)
- func ResolveSession(c echo.Context) *sessions.Session
- func ResolveSessionOAuthState(c echo.Context) (string, bool)
- func ResolveUser(c echo.Context) *user.User
- func ResolvesMerchantByToken(tokens *auth.TokenAuthManager, merchants *merchant.Service) echo.MiddlewareFunc
- func ResolvesMerchantByUUID(merchants *merchant.Service) echo.MiddlewareFunc
- func ResolvesPaymentByPublicID(paramName string, payments PaymentResolver) echo.MiddlewareFunc
- func ResolvesUserBySession(users *user.Service) echo.MiddlewareFunc
- func ResolvesUserByToken(tokens *auth.TokenAuthManager, users *user.Service) echo.MiddlewareFunc
- func RestrictsArchivedPayments() echo.MiddlewareFunc
- func Session(cfg SessionConfig) echo.MiddlewareFunc
- type CORSConfig
- type CSRFConfig
- type PaymentResolver
- type SessionConfig
Constants ¶
View Source
const ( TokenHeader = "X-O2PAY-TOKEN" CSRFTokenHeader = "X-CSRF-TOKEN" UserContextKey = "user" UserIDContextKey = "user_id" IsTokenAuthContextKey = "token_auth" MerchantContextKey = "merchant" SessionStateKey = "session_state" ParamMerchantID = "merchantId" )
nolint gosec
View Source
const PaymentContextKey = "payment"
View Source
const RequestIDKey = "request_id"
Variables ¶
This section is empty.
Functions ¶
func CORS ¶
func CORS(cfg CORSConfig) echo.MiddlewareFunc
func CSRF ¶
func CSRF(cfg CSRFConfig) echo.MiddlewareFunc
func GuardsMerchants ¶
func GuardsMerchants() echo.MiddlewareFunc
GuardsMerchants validate that user's merchant is attached to echo.Context or returns 400 bad request
func GuardsPayment ¶
func GuardsPayment() echo.MiddlewareFunc
func GuardsUsers ¶
func GuardsUsers() echo.MiddlewareFunc
GuardsUsers validates that user attached to echo.Context otherwise returns '401 Unauthorized'.
func RequestIDFromCtx ¶
func ResolveMerchant ¶
func ResolvePayment ¶
func ResolveSession ¶
func ResolveSessionOAuthState ¶ added in v0.4.0
func ResolveUser ¶
func ResolvesMerchantByToken ¶
func ResolvesMerchantByToken(tokens *auth.TokenAuthManager, merchants *merchant.Service) echo.MiddlewareFunc
ResolvesMerchantByToken attaches merchant to echo.Context. Returns 400 if auth token not provided
func ResolvesMerchantByUUID ¶
ResolvesMerchantByUUID. Middleware tries to bind merchant from request to echo.Context if uuid is invalid or merchant not found, no error occurs. Warning: user with middleware only after ResolvesUserBySession or ResolvesUserByToken
func ResolvesPaymentByPublicID ¶
func ResolvesPaymentByPublicID(paramName string, payments PaymentResolver) echo.MiddlewareFunc
ResolvesUserByToken attaches user to echo.Context if user still isn't set by session
func ResolvesUserBySession ¶
ResolvesUserBySession attaches user to echo.Context if possible
func ResolvesUserByToken ¶
func ResolvesUserByToken(tokens *auth.TokenAuthManager, users *user.Service) echo.MiddlewareFunc
ResolvesUserByToken attaches user to echo.Context if user still isn't set by session
func RestrictsArchivedPayments ¶
func RestrictsArchivedPayments() echo.MiddlewareFunc
RestrictsArchivedPayments restricts user from accessing successful/failed payments after certain time window.
func Session ¶
func Session(cfg SessionConfig) echo.MiddlewareFunc
Types ¶
type CORSConfig ¶
type CSRFConfig ¶
type CSRFConfig struct {
// CookieDomain Defines the host to which the cookie will be sent.
// If omitted, this attribute defaults to the host of the current document URL, not including subdomains.
// Multiple host/domain values are not allowed, but if a domain is specified, then subdomains are always included.
CookieDomain string `yaml:"cookie_domain" env:"CSRF_COOKIE_DOMAIN" env-description:"CSRF (Cross Site Request Forgery) cookie domain"`
CookiePath string `yaml:"cookie_path" env:"CSRF_COOKIE_PATH" env-default:"/" env-description:"CSRF cookie path"`
CookieMaxAge int `yaml:"cookie_max_age" env:"CSRF_COOKIE_MAX_AGE" env-default:"7200" env-description:"CSRF cookie max-age"` // 2h
CookieSecure bool `yaml:"cookie_secure" env:"CSRF_COOKIE_SECURE" env-description:"CSRF secure cookie"`
CookieHTTPOnly bool `yaml:"cookie_http_only" env:"CSRF_COOKIE_HTTP_ONLY" env-default:"true" env-description:"CSRF HTTP only cookie"`
CookieSameSite string `yaml:"cookie_same_site" env:"CSRF_COOKIE_SAME_SITE" env-default:"default" env-description:"CSRF cookie same site"`
}
CSRFConfig Cross Site Request Forgery config. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
type PaymentResolver ¶
type SessionConfig ¶
type SessionConfig struct {
FilesystemPath string `yaml:"path" env:"SESSION_FS_PATH" env-description:"Path to sessions directory"`
Secret string `yaml:"secret" env:"SESSION_SECRET" env-description:"Sessions secret, use random string with 8+ characters"`
CookieDomain string `yaml:"cookie_domain" env:"SESSION_COOKIE_DOMAIN" env-description:"Cookie domain"`
CookiePath string `yaml:"cookie_path" env:"SESSION_COOKIE_PATH" env-default:"/" env-description:"Cookie path"`
CookieMaxAge int `yaml:"cookie_max_age" env:"SESSION_COOKIE_MAX_AGE" env-default:"86400" env-description:"Cookie max-age"` // 60*60*24 = 24h
CookieSecure bool `yaml:"cookie_secure" env:"SESSION_COOKIE_SECURE" env-description:"Allow secure cookies only"`
CookieHTTPOnly bool `yaml:"cookie_http_only" env:"SESSION_COOKIE_HTTP_ONLY" env-default:"true" env-description:"Allow HTTP cookies only"`
CookieSameSite string `yaml:"cookie_same_site" env:"SESSION_COOKIE_SAME_SITE" env-default:"default" env-description:"Cookie same site"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.