middleware

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2018 License: BSD-3-Clause Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source
const (
	AcceptHeaderKey = "Accept"
)
View Source
const (
	RetryAfterHeaderKey = "Retry-After"
)
View Source
const (
	WWWAuthenticateHeaderKey = "Www-Authenticate"
)

Variables

This section is empty.

Functions

func RateLimiterErrorHandler

func RateLimiterErrorHandler(handler httpx.ErrorHandler) func(*RateLimiter)

func RateLimiterHandler

func RateLimiterHandler(handler RateLimitHandler) func(*RateLimiter)

Types

type AllowContentTypes

type AllowContentTypes struct {
	// Permitted is content types that should be allowed.
	Permitted []contenttype.ContentType
	// ErrorHandler can be set to optionally customize the response
	// for an error. The `err` parameter passed to the handler will
	// have a recommended HTTP status code. The default handler will
	// return the recommended status code and an empty body.
	ErrorHandler httpx.ErrorHandler
}

AllowContentTypes is middleware to whitelist incoming Content-Type and Accept Headers.

func (*AllowContentTypes) Service

type Authentication

type Authentication struct {
	// Authenticator must be non-nil or an InternalServiceError
	// status response will be returned.
	Authenticator authn.Authenticator

	// UnauthorizedHandler can be set to optionally customize the
	// response for an unknown user.  The default handler will
	// return a 401 status code, the "WWW-Authenticate" header
	// and an empty body.
	UnauthorizedHandler httpx.Handler

	// `ErrorHandler` can be set to optionally customize the
	// response for an error. The `err` parameter passed to the
	// handler will have a recommended HTTP status code. The
	// default handler will return the recommended status code,
	// the "WWW-Authenticate" header (if the recommended status
	// code is 401) and an empty body.
	ErrorHandler httpx.ErrorHandler
}

Authentication is middleware to help automate authentication.

func (*Authentication) HandleError

func (m *Authentication) HandleError(ctx context.Context, request *httpx.Request, err merry.Error) httpx.Response

func (*Authentication) HandleUnauthorized

func (m *Authentication) HandleUnauthorized(ctx context.Context, request *httpx.Request) httpx.Response

func (*Authentication) Service

func (m *Authentication) Service(ctx context.Context, request *httpx.Request) httpx.Response

type CSRFProtector

type CSRFProtector struct {
	// SiteURL is the URL to use for CSRF protection. This must
	// be non-nil and contain non-empty Scheme and Host values
	// or a internal server error will be returned.
	SiteURL *url.URL

	// IsExempt optionally customizes checking request exemption
	// from CSRF protection.
	// The default checker always returns `false`.
	IsExempt httpx.RequestPredicate

	// CheckOrigin optionally customizes how URLs should be
	// compared for the purposes of CSRF protection.
	// The default comparisons ensures that URL Schemes and Hosts
	// are equal.
	CheckOrigin CheckOrigin

	// ExtractToken optionally customizes how the CSRF token is
	// extracted from the request.
	// The default extractor uses the header "X-Csrf-Token".
	ExtractToken httpx.StringExtractor

	// CookieName optionally customizes the name of the CSRF
	// cookie sent by the user agent.
	// The default cookie name is "csrftoken".
	CookieName string

	// TokenLength optionally customizes the expected CSRF token
	// length.
	// The default length is 32.
	TokenLength int

	// ErrorHandler optionally customizes the response for an
	// error. The `err` parameter passed to the handler will
	// have a recommended HTTP status code.
	// The default handler will return the recommended status
	// code and an empty body.
	ErrorHandler httpx.ErrorHandler
}

CSRFProtector is middleware used to guard against CSRF attacks.

func (*CSRFProtector) Service

func (m *CSRFProtector) Service(ctx context.Context, request *httpx.Request) httpx.Response

type CheckOrigin

type CheckOrigin func(expected, actual *url.URL) bool

CheckOrigin compares two URLs and determines if they should be considered the "same" for the purposes of CSRF protection.

func (CheckOrigin) InvokeSafely

func (h CheckOrigin) InvokeSafely(expected, actual *url.URL) (ok bool, exception merry.Error)

type Invoker

type Invoker func(context.Context, *httpx.Request) (httpx.Response, merry.Error)

Invoker sends the proxied request and returns the response.

func (Invoker) InvokeSafely

func (i Invoker) InvokeSafely(ctx context.Context, request *httpx.Request) (response httpx.Response, err merry.Error, exception merry.Error)

type PassiveAuthentication

type PassiveAuthentication struct {
	Authenticator authn.Authenticator
}

PassiveAuthentication is middleware to help automate optional authentication. If the authenticator returns a principal it will be added to the context. An error response will never be generated if no principal is found. `Authenticator` must be non-nil or an InternalServiceError status response will be returned. If the Authenticator panics an Unauthorized status response will be returned.

func (*PassiveAuthentication) Service

func (m *PassiveAuthentication) Service(ctx context.Context, request *httpx.Request) httpx.Response

type RateLimitHandler

type RateLimitHandler func(context.Context, *httpx.Request, time.Duration) httpx.Response

func (RateLimitHandler) InvokeSafely

func (h RateLimitHandler) InvokeSafely(ctx context.Context, request *httpx.Request, cooldown time.Duration) (response httpx.Response, exception merry.Error)

type RateLimiter

type RateLimiter struct {
	// RateLimitHandler optionally customizes the response for a
	// throttled request. The default handler will return
	// a 429 Too Many Requests response code, an empty body, and
	// the cooldown in seconds in the `Retry-After` header.
	Handler RateLimitHandler

	// ErrorHandler optionally customizes the response for an
	// error. The `err` parameter passed to the handler will
	// have a recommended HTTP status code.
	// The default handler will return the recommended status
	// code and an empty body.
	ErrorHandler httpx.ErrorHandler
	// contains filtered or unexported fields
}

func NewClientLimiter

func NewClientLimiter(provider ratelimit.Provider, opts ...RateLimiterOption) (*RateLimiter, merry.Error)

NewClient returns a rate-limiting middleware that throttles requests from the request's client IP address using the given rate limit Provider.

func NewRateLimiter

func NewRateLimiter(provider ratelimit.Provider, extractor httpx.StringExtractor, opts ...RateLimiterOption) (*RateLimiter, merry.Error)

New returns a rate-limiting middleware that throttles requests from the given extractor's value using the given rate limit Provider.

func NewUserLimiter

func NewUserLimiter(provider ratelimit.Provider, opts ...RateLimiterOption) (*RateLimiter, merry.Error)

NewUser returns a rate-limiting middleware that throttles requests from the context's Actor using the given rate limit Provider.

func (*RateLimiter) Service

func (m *RateLimiter) Service(ctx context.Context, request *httpx.Request) httpx.Response

type RateLimiterOption

type RateLimiterOption func(*RateLimiter)

type Responder

Responder modifies the response from the proxied server.

func (Responder) InvokeSafely

func (r Responder) InvokeSafely(ctx context.Context, request *httpx.Request, in httpx.Response) (out httpx.Response, err merry.Error, exception merry.Error)

type RestrictContentTypes

type RestrictContentTypes struct {
	// Forbidden is the content types that should be rejected.
	Forbidden []contenttype.ContentType
	// ErrorHandler can be set to optionally customize the
	// response for an error. The `err` parameter passed to the
	// handler will have a recommended HTTP status code. The
	// default handler will return the recommended status code
	// and an empty body.
	ErrorHandler httpx.ErrorHandler
}

RestrictContentTypes is middleware to blacklist incoming Content-Type and Accept Headers.

func (*RestrictContentTypes) Service

type ReverseProxy

type ReverseProxy struct {
	// Router must be non-nil or an InternalServiceError
	// status response will be returned.
	Router Router

	// Invoker can be set to optionally customize how the proxied
	// server is contacted.  If this is not set
	// `http.DefaultTransport` will be used.
	Invoker Invoker

	// Responder can be set to optionally customize the response
	// from the proxied server.  If this is not set the response
	// will not be modified.
	Responder Responder

	// ErrorHandler can be set to optionally customize the
	// response for an error. The `err` parameter passed to the
	// handler will have a recommended HTTP status code. The
	// default handler will return the recommended status code
	// and an empty body.
	ErrorHandler httpx.ErrorHandler
}

ReverseProxy is a Handler that takes an incoming request and sends it to another server, proxying the response back to the user agent.

func (*ReverseProxy) Service

func (m *ReverseProxy) Service(ctx context.Context, r *httpx.Request) httpx.Response

type Router

type Router func(context.Context, *httpx.Request) (*httpx.Request, merry.Error)

Router returns the request to contact the proxied server.

func (Router) InvokeSafely

func (r Router) InvokeSafely(ctx context.Context, request *httpx.Request) (out *httpx.Request, err merry.Error, exception merry.Error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL