security

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2022 License: AGPL-3.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(db db.DB, server oauth.Server) api.ClientModule

New returns a new security module

Types

type Module 

type Module struct {
	// contains filtered or unexported fields
}

Module implements the ClientAPIModule interface for security middleware

func (*Module) ExtraHeaders 

func (m *Module) ExtraHeaders(c *gin.Context)

ExtraHeaders adds any additional required headers to the response

func (*Module) FlocBlock 

func (m *Module) FlocBlock(c *gin.Context)

FlocBlock is a middleware that prevents google chrome cohort tracking by writing the Permissions-Policy header after all other parts of the request have been completed. See: https://plausible.io/blog/google-floc

func (*Module) RobotsGETHandler 

func (m *Module) RobotsGETHandler(c *gin.Context)

RobotsGETHandler returns the most restrictive possible robots.txt file in response to a call to /robots.txt. The response instructs bots with *any* user agent not to index the instance at all.

func (*Module) Route 

func (m *Module) Route(s router.Router) error

Route attaches security middleware to the given router

func (*Module) SignatureCheck 

func (m *Module) SignatureCheck(c *gin.Context)

SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain that signed the request is permitted to access the server. If it is permitted, the handler will set the key verifier and the signature in the gin context for use down the line.

func (*Module) TokenCheck added in v0.2.0 

func (m *Module) TokenCheck(c *gin.Context)

TokenCheck checks if the client has presented a valid oauth Bearer token. If so, it will check the User that the token belongs to, and set that in the context of the request. Then, it will look up the account for that user, and set that in the request too. If user or account can't be found, then the handler won't *fail*, in case the server wants to allow public requests that don't have a Bearer token set (eg., for public instance information and so on).

func (*Module) UserAgentBlock 

func (m *Module) UserAgentBlock(c *gin.Context)

UserAgentBlock aborts requests with empty user agent strings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.