Documentation
¶
Overview ¶
Package middleware is responsible for the definition/implementation of middleware functionality. This package will also handle maintaining request Context and Session.
Index ¶
- Variables
- func ApplySecurityHeaders(next http.Handler) http.HandlerFunc
- func CSRFExceptions(handler http.Handler) http.HandlerFunc
- func EnforceViewOnly(next http.Handler) http.Handler
- func GetContext(handler http.Handler) http.HandlerFunc
- func JSONError(w http.ResponseWriter, c int, m string)
- func RequireAPIKey(handler http.Handler) http.Handler
- func RequireLogin(handler http.Handler) http.HandlerFunc
- func RequirePermission(perm string) func(http.Handler) http.HandlerFunc
- func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
Constants ¶
This section is empty.
Variables ¶
var CSRFExemptPrefixes = []string{
"/api",
}
CSRFExemptPrefixes are a list of routes that are exempt from CSRF protection
var Store = sessions.NewCookieStore( []byte(securecookie.GenerateRandomKey(64)), []byte(securecookie.GenerateRandomKey(32)))
Store contains the session information for the request
Functions ¶
func ApplySecurityHeaders ¶
func ApplySecurityHeaders(next http.Handler) http.HandlerFunc
ApplySecurityHeaders applies various security headers according to best- practices.
func CSRFExceptions ¶
func CSRFExceptions(handler http.Handler) http.HandlerFunc
CSRFExceptions is a middleware that prevents CSRF checks on routes listed in CSRFExemptPrefixes.
func EnforceViewOnly ¶
EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.
func GetContext ¶
func GetContext(handler http.Handler) http.HandlerFunc
GetContext wraps each request in a function which fills in the context for a given request. This includes setting the User and Session keys and values as necessary for use in later functions.
func JSONError ¶
func JSONError(w http.ResponseWriter, c int, m string)
JSONError returns an error in JSON format with the given status code and message
func RequireAPIKey ¶
RequireAPIKey ensures that a valid API key is set as either the api_key GET parameter, or a Bearer token.
func RequireLogin ¶
func RequireLogin(handler http.Handler) http.HandlerFunc
RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.
func RequirePermission ¶
func RequirePermission(perm string) func(http.Handler) http.HandlerFunc
RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.
func Use ¶
func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc
Use allows us to stack middleware to process the request Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
Types ¶
This section is empty.
Source Files
Directories