security

package

v0.6.0-rc1 Latest Latest Go to latest Published: Nov 29, 2022 License: AGPL-3.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/superseriousbusiness/gotosocial

Documentation ¶

Index ¶

func New(db db.DB, server oauth.Server) api.ClientModule
type Module
type RateLimitOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(db db.DB, server oauth.Server) api.ClientModule

New returns a new security module

Types ¶

type Module ¶

type Module struct {
	// contains filtered or unexported fields
}

Module implements the ClientAPIModule interface for security middleware

func (*Module) ExtraHeaders ¶

func (m *Module) ExtraHeaders(c *gin.Context)

ExtraHeaders adds any additional required headers to the response

func (*Module) FlocBlock ¶

func (m *Module) FlocBlock(c *gin.Context)

FlocBlock is a middleware that prevents google chrome cohort tracking by writing the Permissions-Policy header after all other parts of the request have been completed. Floc was replaced by Topics in 2022 and the spec says that interest-cohort will also block Topics (as of 2022-Nov). See: https://smartframe.io/blog/google-topics-api-everything-you-need-to-know See: https://github.com/patcg-individual-drafts/topics

func (*Module) LimitReachedHandler ¶ added in v0.5.0

func (m *Module) LimitReachedHandler(c *gin.Context)

func (*Module) RateLimit ¶ added in v0.5.0

func (m *Module) RateLimit(rateOptions RateLimitOptions) func(c *gin.Context)

returns a gin middleware that will automatically rate limit caller (by IP address) and enrich the response header with the following headers: - `x-ratelimit-limit` maximum number of requests allowed per time period (fixed) - `x-ratelimit-remaining` number of remaining requests that can still be performed - `x-ratelimit-reset` unix timestamp when the rate limit will reset if `x-ratelimit-limit` is exceeded an HTTP 429 error is returned

func (*Module) RobotsGETHandler ¶

func (m *Module) RobotsGETHandler(c *gin.Context)

RobotsGETHandler returns a decent robots.txt that prevents crawling the api, auth pages, settings pages, etc.

More granular robots meta tags are then applied for web pages depending on user preferences (see internal/web).

func (*Module) Route ¶

func (m *Module) Route(s router.Router) error

Route attaches security middleware to the given router

func (*Module) SignatureCheck ¶

func (m *Module) SignatureCheck(c *gin.Context)

SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain that signed the request is permitted to access the server. If it is permitted, the handler will set the key verifier and the signature in the gin context for use down the line.

func (*Module) TokenCheck ¶ added in v0.2.0

func (m *Module) TokenCheck(c *gin.Context)

TokenCheck checks if the client has presented a valid oauth Bearer token. If so, it will check the User that the token belongs to, and set that in the context of the request. Then, it will look up the account for that user, and set that in the request too. If user or account can't be found, then the handler won't *fail*, in case the server wants to allow public requests that don't have a Bearer token set (eg., for public instance information and so on).

func (*Module) UserAgentBlock ¶

func (m *Module) UserAgentBlock(c *gin.Context)

UserAgentBlock aborts requests with empty user agent strings.

type RateLimitOptions ¶ added in v0.5.0

type RateLimitOptions struct {
	Period time.Duration
	Limit  int64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL