middleware

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2017 License: Apache-2.0 Imports: 23 Imported by: 89

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// DefaultCORSConfig is the default CORS middleware config.
	DefaultCORSConfig = CORSConfig{
		Skipper:      echo.DefaultSkipper,
		AllowOrigins: []string{"*"},
		AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.POST, echo.DELETE},
	}
)
View Source
var (
	// DefaultCSRFConfig is the default CSRF middleware config.
	DefaultCSRFConfig = CSRFConfig{
		Skipper:      echo.DefaultSkipper,
		TokenLength:  32,
		TokenLookup:  "header:" + echo.HeaderXCSRFToken,
		ContextKey:   "csrf",
		CookieName:   "_csrf",
		CookieMaxAge: 86400,
	}
)
View Source
var (
	// DefaultGzipConfig is the default Gzip middleware config.
	DefaultGzipConfig = &GzipConfig{
		Skipper: echo.DefaultSkipper,
		Level:   -1,
	}
)
View Source
var (
	// DefaultMethodOverrideConfig is the default MethodOverride middleware config.
	DefaultMethodOverrideConfig = MethodOverrideConfig{
		Skipper: echo.DefaultSkipper,
		Getter:  MethodFromHeader(echo.HeaderXHTTPMethodOverride),
	}
)
View Source
var (
	// DefaultRecoverConfig is the default Recover middleware config.
	DefaultRecoverConfig = RecoverConfig{
		Skipper:           echo.DefaultSkipper,
		StackSize:         4 << 10,
		DisableStackAll:   false,
		DisablePrintStack: false,
	}
)
View Source
var (
	// DefaultRedirectConfig is the default Redirect middleware config.
	DefaultRedirectConfig = RedirectConfig{
		Skipper: echo.DefaultSkipper,
		Code:    http.StatusMovedPermanently,
	}
)
View Source
var (
	// DefaultSecureConfig is the default Secure middleware config.
	DefaultSecureConfig = SecureConfig{
		Skipper:            echo.DefaultSkipper,
		XSSProtection:      "1; mode=block",
		ContentTypeNosniff: "nosniff",
		XFrameOptions:      "SAMEORIGIN",
	}
)
View Source
var (
	// DefaultTrailingSlashConfig is the default TrailingSlash middleware config.
	DefaultTrailingSlashConfig = TrailingSlashConfig{
		Skipper: echo.DefaultSkipper,
	}
)

Functions

func AddTrailingSlash

func AddTrailingSlash() echo.MiddlewareFuncd

AddTrailingSlash returns a root level (before router) middleware which adds a trailing slash to the request `URL#Path`.

Usage `Echo#Pre(AddTrailingSlash())`

func AddTrailingSlashWithConfig

func AddTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFuncd

AddTrailingSlashWithConfig returns a AddTrailingSlash middleware with config. See `AddTrailingSlash()`.

func BasicAuth

func BasicAuth(fn BasicValidateFunc, skipper ...echo.Skipper) echo.MiddlewareFunc

BasicAuth returns an HTTP basic authentication middleware.

For valid credentials it calls the next handler. For invalid credentials, it sends "401 - Unauthorized" response.

func BodyLimit

func BodyLimit(limit string) echo.MiddlewareFunc

BodyLimit returns a body limit middleware.

BodyLimit middleware sets the maximum allowed size for a request body, if the size exceeds the configured limit, it sends "413 - Request Entity Too Large" response. The body limit is determined based on both `Content-Length` request header and actual content read, which makes it super secure. Limit can be specified as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.

func BodyLimitWithConfig

func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc

BodyLimitWithConfig returns a body limit middleware from config. See: `BodyLimit()`.

func CORS

func CORS() echo.MiddlewareFunc

CORS returns a cross-origin HTTP request (CORS) middleware. See https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS

func CORSWithConfig

func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc

CORSFromConfig returns a CORS middleware from config. See `CORS()`.

func CSRF

func CSRF() echo.MiddlewareFuncd

CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery

func CSRFWithConfig

func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFuncd

CSRFWithConfig returns a CSRF middleware with config. See `CSRF()`.

func FuncMap

func FuncMap(funcMap map[string]interface{}, skipper ...echo.Skipper) echo.MiddlewareFunc

func Gzip

func Gzip(config ...*GzipConfig) echo.MiddlewareFunc

Gzip returns a middleware which compresses HTTP response using gzip compression scheme.

func GzipWithConfig

func GzipWithConfig(config *GzipConfig) echo.MiddlewareFunc

GzipWithConfig return Gzip middleware with config. See: `Gzip()`.

func HTTPSRedirect

func HTTPSRedirect() echo.MiddlewareFuncd

HTTPSRedirect redirects HTTP requests to HTTPS. For example, http://webx.top will be redirect to https://webx.top.

Usage `Echo#Pre(HTTPSRedirect())`

func HTTPSRedirectWithConfig

func HTTPSRedirectWithConfig(config RedirectConfig) echo.MiddlewareFuncd

HTTPSRedirectWithConfig returns a HTTPSRedirect middleware with config. See `HTTPSRedirect()`.

func HTTPSWWWRedirect

func HTTPSWWWRedirect() echo.MiddlewareFuncd

HTTPSWWWRedirect redirects HTTP requests to WWW HTTPS. For example, http://webx.top will be redirect to https://www.webx.top.

Usage `Echo#Pre(HTTPSWWWRedirect())`

func HTTPSWWWRedirectWithConfig

func HTTPSWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFuncd

HTTPSWWWRedirectWithConfig returns a HTTPSRedirect middleware with config. See `HTTPSWWWRedirect()`.

func Log

func Log(recv ...func(*VisitorInfo)) echo.MiddlewareFunc

func MaxAllowed

func MaxAllowed(n int) echo.MiddlewareFunc

MaxAllowed limits simultaneous requests; can help with high traffic load

func MethodOverride

func MethodOverride() echo.MiddlewareFuncd

MethodOverride returns a MethodOverride middleware. MethodOverride middleware checks for the overridden method from the request and uses it instead of the original method.

For security reasons, only `POST` method can be overridden.

func MethodOverrideWithConfig

func MethodOverrideWithConfig(config MethodOverrideConfig) echo.MiddlewareFuncd

MethodOverrideWithConfig returns a MethodOverride middleware with config. See: `MethodOverride()`.

func NoCache added in v1.1.0

func NoCache(skippers ...echo.Skipper) echo.MiddlewareFuncd

NoCache is a simple piece of middleware that sets a number of HTTP headers to prevent a router (or subrouter) from being cached by an upstream proxy and/or client.

As per http://wiki.nginx.org/HttpProxyModule - NoCache sets:

Expires: Thu, 01 Jan 1970 00:00:00 UTC
Cache-Control: no-cache, private, max-age=0
X-Accel-Expires: 0
Pragma: no-cache (for HTTP/1.0 proxies/clients)

func NonWWWRedirect

func NonWWWRedirect() echo.MiddlewareFuncd

NonWWWRedirect redirects WWW requests to non WWW. For example, http://www.webx.top will be redirect to http://webx.top.

Usage `Echo#Pre(NonWWWRedirect())`

func NonWWWRedirectWithConfig

func NonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFuncd

NonWWWRedirectWithConfig returns a HTTPSRedirect middleware with config. See `NonWWWRedirect()`.

func Recover

func Recover() echo.Middleware

Recover returns a middleware which recovers from panics anywhere in the chain and handles the control to the centralized HTTPErrorHandler.

func RecoverWithConfig added in v1.1.0

func RecoverWithConfig(config RecoverConfig) echo.MiddlewareFunc

RecoverWithConfig returns a Recover middleware with config. See: `Recover()`.

func RemoveTrailingSlash

func RemoveTrailingSlash() echo.MiddlewareFuncd

RemoveTrailingSlash returns a root level (before router) middleware which removes a trailing slash from the request URI.

Usage `Echo#Pre(RemoveTrailingSlash())`

func RemoveTrailingSlashWithConfig

func RemoveTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFuncd

RemoveTrailingSlashWithConfig returns a RemoveTrailingSlash middleware with config. See `RemoveTrailingSlash()`.

func Secure

func Secure() echo.MiddlewareFuncd

Secure returns a Secure middleware. Secure middleware provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks.

func SecureWithConfig

func SecureWithConfig(config SecureConfig) echo.MiddlewareFuncd

SecureWithConfig returns a Secure middleware with config. See: `Secure()`.

func SetNoCacheHeader added in v1.1.0

func SetNoCacheHeader(c echo.Context)

func Static

func Static(options ...*StaticOptions) echo.MiddlewareFunc

func WWWRedirect

func WWWRedirect() echo.MiddlewareFuncd

WWWRedirect redirects non WWW requests to WWW. For example, http://webx.top will be redirect to http://www.webx.top.

Usage `Echo#Pre(WWWRedirect())`

func WWWRedirectWithConfig

func WWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFuncd

WWWRedirectWithConfig returns a HTTPSRedirect middleware with config. See `WWWRedirect()`.

Types

type BasicValidateFunc

type BasicValidateFunc func(string, string) bool

type BodyLimitConfig

type BodyLimitConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// Maximum allowed size for a request body, it can be specified
	// as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.
	Limit string `json:"limit"`
	// contains filtered or unexported fields
}

BodyLimitConfig defines the config for body limit middleware.

type CORSConfig

type CORSConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper

	// AllowOrigin defines a list of origins that may access the resource.
	// Optional with default value as []string{"*"}.
	AllowOrigins []string

	// AllowMethods defines a list methods allowed when accessing the resource.
	// This is used in response to a preflight request.
	// Optional with default value as `DefaultCORSConfig.AllowMethods`.
	AllowMethods []string

	// AllowHeaders defines a list of request headers that can be used when
	// making the actual request. This in response to a preflight request.
	// Optional with default value as []string{}.
	AllowHeaders []string

	// AllowCredentials indicates whether or not the response to the request
	// can be exposed when the credentials flag is true. When used as part of
	// a response to a preflight request, this indicates whether or not the
	// actual request can be made using credentials.
	// Optional with default value as false.
	AllowCredentials bool

	// ExposeHeaders defines a whitelist headers that clients are allowed to
	// access.
	// Optional with default value as []string{}.
	ExposeHeaders []string

	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached.
	// Optional with default value as 0.
	MaxAge int
}

CORSConfig defines the config for CORS middleware.

type CSRFConfig

type CSRFConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// TokenLength is the length of the generated token.
	TokenLength uint8 `json:"token_length"`

	// TokenLookup is a string in the form of "<source>:<key>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>"
	// - "form:<name>"
	// - "query:<name>"
	TokenLookup string `json:"token_lookup"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `json:"context_key"`

	// Name of the CSRF cookie. This cookie will store CSRF token.
	// Optional. Default value "csrf".
	CookieName string `json:"cookie_name"`

	// Domain of the CSRF cookie.
	// Optional. Default value none.
	CookieDomain string `json:"cookie_domain"`

	// Path of the CSRF cookie.
	// Optional. Default value none.
	CookiePath string `json:"cookie_path"`

	// Max age (in seconds) of the CSRF cookie.
	// Optional. Default value 86400 (24hr).
	CookieMaxAge int64 `json:"cookie_max_age"`

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool `json:"cookie_secure"`

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool `json:"cookie_http_only"`
}

CSRFConfig defines the config for CSRF middleware.

type GzipConfig

type GzipConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// Gzip compression level.
	// Optional. Default value -1.
	Level int `json:"level"`
}

GzipConfig defines the config for Gzip middleware.

type MethodOverrideConfig

type MethodOverrideConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper

	// Getter is a function that gets overridden method from the request.
	// Optional. Default values MethodFromHeader(echo.HeaderXHTTPMethodOverride).
	Getter MethodOverrideGetter
}

MethodOverrideConfig defines the config for MethodOverride middleware.

type MethodOverrideGetter

type MethodOverrideGetter func(echo.Context) string

MethodOverrideGetter is a function that gets overridden method from the request

func MethodFromForm

func MethodFromForm(param string) MethodOverrideGetter

MethodFromForm is a `MethodOverrideGetter` that gets overridden method from the form parameter.

func MethodFromHeader

func MethodFromHeader(header string) MethodOverrideGetter

MethodFromHeader is a `MethodOverrideGetter` that gets overridden method from the request header.

func MethodFromQuery

func MethodFromQuery(param string) MethodOverrideGetter

MethodFromQuery is a `MethodOverrideGetter` that gets overridden method from the query parameter.

type RecoverConfig added in v1.1.0

type RecoverConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper

	// Size of the stack to be printed.
	// Optional. Default value 4KB.
	StackSize int `json:"stack_size"`

	// DisableStackAll disables formatting stack traces of all other goroutines
	// into buffer after the trace for the current goroutine.
	// Optional. Default value false.
	DisableStackAll bool `json:"disable_stack_all"`

	// DisablePrintStack disables printing stack trace.
	// Optional. Default value as false.
	DisablePrintStack bool `json:"disable_print_stack"`
}

RecoverConfig defines the config for Recover middleware.

type RedirectConfig

type RedirectConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// Status code to be used when redirecting the request.
	// Optional. Default value http.StatusMovedPermanently.
	Code int `json:"code"`
}

RedirectConfig defines the config for Redirect middleware.

type SecureConfig

type SecureConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// XSSProtection provides protection against cross-site scripting attack (XSS)
	// by setting the `X-XSS-Protection` header.
	// Optional. Default value "1; mode=block".
	XSSProtection string `json:"xss_protection"`

	// ContentTypeNosniff provides protection against overriding Content-Type
	// header by setting the `X-Content-Type-Options` header.
	// Optional. Default value "nosniff".
	ContentTypeNosniff string `json:"content_type_nosniff"`

	// XFrameOptions can be used to indicate whether or not a browser should
	// be allowed to render a page in a <frame>, <iframe> or <object> .
	// Sites can use this to avoid clickjacking attacks, by ensuring that their
	// content is not embedded into other sites.provides protection against
	// clickjacking.
	// Optional. Default value "SAMEORIGIN".
	// Possible values:
	// - "SAMEORIGIN" - The page can only be displayed in a frame on the same origin as the page itself.
	// - "DENY" - The page cannot be displayed in a frame, regardless of the site attempting to do so.
	// - "ALLOW-FROM uri" - The page can only be displayed in a frame on the specified origin.
	XFrameOptions string `json:"x_frame_options"`

	// HSTSMaxAge sets the `Strict-Transport-Security` header to indicate how
	// long (in seconds) browsers should remember that this site is only to
	// be accessed using HTTPS. This reduces your exposure to some SSL-stripping
	// man-in-the-middle (MITM) attacks.
	// Optional. Default value 0.
	HSTSMaxAge int `json:"hsts_max_age"`

	// HSTSExcludeSubdomains won't include subdomains tag in the `Strict Transport Security`
	// header, excluding all subdomains from security policy. It has no effect
	// unless HSTSMaxAge is set to a non-zero value.
	// Optional. Default value false.
	HSTSExcludeSubdomains bool `json:"hsts_exclude_subdomains"`

	// ContentSecurityPolicy sets the `Content-Security-Policy` header providing
	// security against cross-site scripting (XSS), clickjacking and other code
	// injection attacks resulting from execution of malicious content in the
	// trusted web page context.
	// Optional. Default value "".
	ContentSecurityPolicy string `json:"content_security_policy"`
}

SecureConfig defines the config for Secure middleware.

type StaticOptions

type StaticOptions struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	Path   string `json:"path"` //UrlPath
	Root   string `json:"root"`
	Index  string `json:"index"`
	Browse bool   `json:"browse"`
}

type TrailingSlashConfig

type TrailingSlashConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper echo.Skipper `json:"-"`

	// Status code to be used when redirecting the request.
	// Optional, but when provided the request is redirected using this code.
	RedirectCode int `json:"redirect_code"`
}

TrailingSlashConfig defines the config for TrailingSlash middleware.

type VisitorInfo added in v1.1.1

type VisitorInfo struct {
	RealIP       string
	Time         time.Time
	Elapsed      time.Duration
	URI          string
	Method       string
	UserAgent    string
	Referer      string
	RequestSize  int64
	ResponseSize int64
	ResponseCode int
}

Directories

Path Synopsis
config
Package config provides data structure to configure rate-limiter.
Package config provides data structure to configure rate-limiter.
errors
Package errors provide data structure for errors.
Package errors provide data structure for errors.
sse
standard
* * 模板扩展 * @author swh <swh@admpub.com>
* * 模板扩展 * @author swh <swh@admpub.com>

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL