Documentation
¶
Overview ¶
Package wrap provides middleware functions for HTTP handlers, including security headers, CSRF protection, and panic recovery.
Package wrap provides a way to create middleware chains for HTTP handlers in Go.
The wrap methods and Chain are essentially the same as the `github.com/justinas/alice` package, which allows for chaining middleware in a clean and reusable way. All credit goes to `github.com/justinas`.
I just reimplemented it with a new name to match my semantic flow needs, and added some additional functionality to it.
Index ¶
- func After(h http.Handler, middleware ...Middleware) http.Handler
- func Around(h http.Handler, middleware ...Middleware) http.Handler
- func Before(h http.Handler, middleware ...Middleware) http.Handler
- func PreventCSRF(next http.Handler) http.Handler
- func SecurityHeaders(next http.Handler) http.Handler
- type Chain
- type ContentSecurityPolicyOptions
- type Middleware
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func After ¶
func After(h http.Handler, middleware ...Middleware) http.Handler
After wraps a handler with the provided middleware in reverse order. It returns the resulting http.Handler. This is useful for applying middleware that should run after the main handler
Example: h := wrap.After(myHandler, middleware1, middleware2) // h is now wrapped with middleware2 and middleware1, reversed
func Around ¶
func Around(h http.Handler, middleware ...Middleware) http.Handler
Around wraps a handler with the provided middleware in the order they are passed It return the resulting http.Handler. So, it's mostly useful for on-the-fly middleware application.
Example: h := wrap.Around(myHandler, middleware1, middleware2) // h is now wrapped with middleware1 and middleware2
func Before ¶
func Before(h http.Handler, middleware ...Middleware) http.Handler
Before is an alias for Around to provide a more semantic API
func PreventCSRF ¶
PreventCSRF prevents CSRF attacks by setting a CSRF cookie.
Types ¶
type Chain ¶
type Chain struct {
// contains filtered or unexported fields
}
Chain represents an immutable chain of http.Handler middleware
func New ¶
func New(middleware ...Middleware) Chain
New creates a new middleware chain, memoizing the middlewares
func (Chain) Append ¶
func (c Chain) Append(middleware ...Middleware) Chain
Append adds additional middleware to the chain and returns a new chain 1. It returns a new chain with the combined middlewares 2. The original chain remains unchanged 3. This allows for composing middleware chains easily
Example: chain := wrap.New(middleware1).Append(middleware2, middleware3)
func (Chain) Then ¶
Then chains the middleware to the given http.Handler and returns the resulting http.Handler Chains can be safely reused, and the original chain remains unchanged.
Example:
chain := wrap.New(middleware1, middleware2) pipe1 := chain.Then(anotherHandler) pipe2 := chain.Then(yetAnotherHandler)
func (Chain) ThenFunc ¶
func (c Chain) ThenFunc(fn http.HandlerFunc) http.Handler
ThenFunc wraps the given handler function with all middleware in the chain and returns the resulting http.Handler. If the provided handler function is nil, it returns a handler that does nothing.
Example: chain := wrap.New(middleware1, middleware2) pipe1 := chain.ThenFunc(myHandlerFunc) pipe2 : = chain.ThenFunc(anotherHandlerFunc)
type ContentSecurityPolicyOptions ¶
type ContentSecurityPolicyOptions struct {
// ChildSrc sets the sources that can be used in child contexts.
ChildSrc string
// ConnectSrc sets the sources that can be used for WebSockets, EventSource, and other interfaces.
ConnectSrc string
// DefaultSrc sets the default sources for fetch, worker, frame, embed, and object.
DefaultSrc string
// FontSrc sets the sources for fonts.
FontSrc string
// FormAction sets the sources that can be used as the target of form submissions.
FrameSrc string
// ImgSrc sets the sources for images.
ImgSrc string
// ManifestSrc sets the sources for web app manifests.
ManifestSrc string
// MediaSrc sets the sources for audio and video.
MediaSrc string
// ObjectSrc sets the sources for objects.
ObjectSrc string
// ScriptSrc sets the sources for scripts.
ScriptSrc string
// ScriptSrcElem sets the sources for inline scripts.
ScriptSrcElem string
// ScriptSrcAttr sets the sources for script attributes.
ScriptSrcAttr string
// StyleSrc sets the sources for stylesheets.
StyleSrc string
// StyleSrcElem sets the sources for inline styles.
StyleSrcElem string
// StyleSrcAttr sets the sources for style attributes.
StyleSrcAttr string
// WorkerSrc sets the sources for workers.
WorkerSrc string
// BaseURI sets the sources for the document base URL.
BaseURI string
// Sandbox sets the restrictions for content in an iframe.
Sandbox string
// FormAction sets the sources that can be used as the target of form submissions.
FormAction string
// FrameAncestors sets the sources that can embed the page in a frame.
FrameAncestors string
// ReportURI sets the URI to send reports of policy violations.
ReportTo string
}
ContentSecurityPolicyOptions contains the options for the Content-Security-Policy header.
type Middleware ¶
Middleware represents a function that wraps an http.Handler with additional functionality
func ContentSecurityPolicy ¶
func ContentSecurityPolicy(optsFunc func(opts *ContentSecurityPolicyOptions)) Middleware
ContentSecurityPolicy sets the Content-Security-Policy header to protect against XSS attacks.
func Recovery ¶
func Recovery(render func(http.ResponseWriter, *http.Request, error)) Middleware
Recovery recovers from a panic and renders a system error page. The render function is passed as an argument to the middleware and used to render the error page.
Source Files