base

package
v0.0.0-...-a4dd944 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2020 License: MIT Imports: 14 Imported by: 5

Documentation

Overview

Package base contains middleware that has no external dependencies except Goji

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrorSessionNotFound error = errors.New("No session found matching that Id")
)

Functions

func AWSHTTPRedirect 

func AWSHTTPRedirect(host string) func(c *web.C, h http.Handler) http.Handler

AWSHTTPRedirect redirects traffic on port 80 to https. It does this by looking at the X-Forwarded-Proto header, which is set by AWS load balancers

func BuildEnvSet 

func BuildEnvSet(key string, value interface{}) func(c *web.C, h http.Handler) http.Handler

Build a middleware that always sets c.Env[key] = value

func BuildSessionMiddleware 

func BuildSessionMiddleware(sh SessionHolder) func(c *web.C, h http.Handler) http.Handler

BuildSessionMiddleware builds middleware with the provided SessionHolder. The middleware

  • adds the SessionHolder to c.Env["sessionholder"] so application code can create and delete sessions
  • finds the session associated with the request (if any) and puts it in c.Env["session"]
  • saves the session if dirty and the request is processed without a panic

Add the middleware as follows 

mux := web.New()
mux.Use(redis.BuildRedis(":6379"))
sh := redis.NewSessionHolder()
mux.Use(redis.BuildSessionMiddleware(sh))
// Add handlers that use sessions

func BuildStripPrefix 

func BuildStripPrefix(pattern interface{}) func(c *web.C, h http.Handler) http.Handler

BuildStripPrefix builds Goji middleware that strips a prefix from the request URL path.

pattern can be either a string or a *regexp.Regexp. If it is a string a prefix of the same length as the string is removed from the path. If it is a Regexp then everything up to the end of the first match is removed

func BuildUpdateableSet 

func BuildUpdateableSet(key string, value *interface{}) func(c *web.C, h http.Handler) http.Handler

Build a middleware that always sets c.Env[key] = *value

func CacheAWhileMiddleWare 

func CacheAWhileMiddleWare(cacheFor time.Duration) func(c *web.C, h http.Handler) http.Handler

CacheAWhileMiddleware builds a middleware that sets the Expires header for cacheFor into the future

func GzipMiddleWare 

func GzipMiddleWare(c *web.C, h http.Handler) http.Handler

Simple GZIP middleware

GZIPs GET 200 OK responses if the request Accept-Encoding includes gzip. Sets Content-Encoding to "gzip".

func LoggingMiddleWare 

func LoggingMiddleWare(c *web.C, h http.Handler) http.Handler

Middleware that logs responses.

The output format is:

<remote addr> - <method> <url> <status code> <response time ms>

Remote address is taken from X-Forwarded-For & X-Forwarded-Port if present

func LoggingMiddleWareJSON 

func LoggingMiddleWareJSON(c *web.C, h http.Handler) http.Handler

func Logout 

func Logout(c *web.C)

Logout() destroys the current session in the Goji context

func StripRangeMiddleWare 

func StripRangeMiddleWare(c *web.C, h http.Handler) http.Handler

Types

type BaseSessionHolder 

type BaseSessionHolder struct {
	Timeout          int
	RandSource       rand.Source
	HttpOnly         bool
	Secure           bool
	SameSite         http.SameSite
	PersistentCookie bool
}

BaseSessionHolder is a building block you can use to build a SessionHolder implementation

func NewBaseSessionHolder 

func NewBaseSessionHolder(timeout int) BaseSessionHolder

func (*BaseSessionHolder) AddToResponse 

func (sh *BaseSessionHolder) AddToResponse(c web.C, session *Session, w http.ResponseWriter)

Add the Session to the response

Basically this means setting a cookie

func (*BaseSessionHolder) Create 

func (sh *BaseSessionHolder) Create(c web.C) *Session

Create builds a session object, adds it to c.Env["session"] and marks it as dirty

func (*BaseSessionHolder) GenerateSessionId 

func (sh *BaseSessionHolder) GenerateSessionId() string

func (*BaseSessionHolder) GetSessionId 

func (sh *BaseSessionHolder) GetSessionId(r *http.Request) string

GetSessionId extracts the session ID from a request if one is present.

Note this is not part of the SessionHolder interface - it is intended to be used as a building block by SessionHolder implementations

func (*BaseSessionHolder) GetTimeout 

func (sh *BaseSessionHolder) GetTimeout() int

GetTimeout retrieves the currently set TTL for session objects

func (*BaseSessionHolder) SetHttpOnly 

func (sh *BaseSessionHolder) SetHttpOnly(httpOnly bool)

SetHTTPOnly allows setting/unsetting of HTTP only secured cookies

func (*BaseSessionHolder) SetPersistentCookies 

func (sh *BaseSessionHolder) SetPersistentCookies(persistent bool)

SetPersistentCookies allows switching between persistent time out based cookies (MaxAge) and session lifetime cookies (no MaxAge)

func (*BaseSessionHolder) SetSameSite 

func (sh *BaseSessionHolder) SetSameSite(ss http.SameSite)

func (*BaseSessionHolder) SetSecure 

func (sh *BaseSessionHolder) SetSecure(secure bool)

SetSecure allows setting/unsetting of HTTPS only / secure cookies

func (*BaseSessionHolder) SetTimeout 

func (sh *BaseSessionHolder) SetTimeout(timeout int)

SetTimeout updates the TTL for session objects

Note that the TTL will only be updated for existing sessions when the session is requested again, it might timeout if this request takes too long to occur

type MemorySessionHolder 

type MemorySessionHolder struct {
	BaseSessionHolder
	// contains filtered or unexported fields
}

MemorySessionHolder is an in-memory session holder. Only really useful for testing

func (*MemorySessionHolder) Destroy 

func (sh *MemorySessionHolder) Destroy(c web.C, session *Session) error

func (*MemorySessionHolder) Get 

func (sh *MemorySessionHolder) Get(c web.C, r *http.Request) (*Session, error)

func (*MemorySessionHolder) RegenerateId 

func (sh *MemorySessionHolder) RegenerateId(_ web.C, session *Session) (string, error)

Regenerate the session id of an existing session.

func (*MemorySessionHolder) ResetTTL 

func (sh *MemorySessionHolder) ResetTTL(_ web.C, session *Session) error

func (*MemorySessionHolder) Save 

func (sh *MemorySessionHolder) Save(c web.C, session *Session) error

Save a session

type Session 

type Session struct {
	Values map[string]interface{}
	// contains filtered or unexported fields
}

Session represents a web session

func SessionFromEnv 

func SessionFromEnv(c *web.C) (*Session, bool)

SessionFromEnv() retrieves the session from the Goji context

func (*Session) Del 

func (s *Session) Del(key string)

Delete a value from the session

func (*Session) Get 

func (s *Session) Get(key string) (interface{}, bool)

Retrieve a value from the Session

func (*Session) Id 

func (s *Session) Id() string

Get the id for this session

func (*Session) IsDirty 

func (s *Session) IsDirty() bool

Has anything been set in this Session since it was retrieved?

func (*Session) Put 

func (s *Session) Put(key string, value interface{})

Save a value in the Session

func (*Session) SetDirty 

func (s *Session) SetDirty(dirty bool)

Set whether this Session is dirty. Normally this is done automatically by Put

func (*Session) SetId 

func (s *Session) SetId(id string)

type SessionHolder 

type SessionHolder interface {
	/*
	   Get the session associated with the current request, if there is one.

	   Return ErrorSessionNotFound if there is no matching session
	*/
	Get(c web.C, r *http.Request) (*Session, error)

	/*
	   Create a new session

	   Note the implementation should create the session dirty so it will be saved
	   when the response is processed.  It should also add the session to c.Env["session"]
	   for easy access
	*/
	Create(c web.C) *Session

	/*
	   Destroy a session so that it can no longer be retrieved
	*/
	Destroy(c web.C, session *Session) error

	/*
	   Save a session
	*/
	Save(c web.C, session *Session) error

	/*
	   Regenerate the sessionId for an existing session. This can be used against session fixation attacks
	*/
	RegenerateId(c web.C, session *Session) (string, error)

	/*
		AddToResponse writes the session cookie into the http response
	*/
	AddToResponse(c web.C, session *Session, w http.ResponseWriter)

	/* SetTimeout sets the timeout for session data */
	SetTimeout(timeout int)

	/* GetTimeout retrieves the currently set timeout for session data */
	GetTimeout() int

	/* Set HttpOnly cookie on/off */
	SetHttpOnly(httpOnly bool)

	/* Set Secure cookie on/off */
	SetSecure(secure bool)

	SetSameSite(ss http.SameSite)

	/* ResetTTL can be implemented to reset the TTL for a session object if not dirty */
	ResetTTL(c web.C, session *Session) error
}

SessionHolder is an interface for a session repository.

func NewMemorySessionHolder 

func NewMemorySessionHolder(timeout int) SessionHolder

func SessionHolderFromEnv 

func SessionHolderFromEnv(c *web.C) (SessionHolder, bool)

SessionHolderFromEnv() retrieves the session holder from the Goji context

type StatusTrackingResponseWriter 

type StatusTrackingResponseWriter struct {
	http.ResponseWriter
	// http status code written
	Status int
}

func (*StatusTrackingResponseWriter) WriteHeader 

func (w *StatusTrackingResponseWriter) WriteHeader(status int)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.