middlewares

func ApplySecurityHeaders ¶

func ApplySecurityHeaders(next http.Handler) http.HandlerFunc

ApplySecurityHeaders applies various security headers according to best- practices.

func CSRFMiddleware ¶

func CSRFMiddleware(session *sessions.SessionManager, errorHandler http.Handler, excludedPaths []string) func(http.Handler) http.Handler

CSRFMiddleware checks for a valid CSRF token on each POST request, except for excluded paths.

func EnforceViewOnly ¶

func EnforceViewOnly(next http.Handler) http.Handler

EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.

func GetContext ¶

func GetContext(sessionManager *sessions.SessionManager) func(http.Handler) http.HandlerFunc

func JSONError ¶

func JSONError(w http.ResponseWriter, c int, m string)

JSONError returns an error in JSON format with the given status code and message

func LoggingMiddleware ¶

func LoggingMiddleware(appLogger *logger.Logger) func(next http.Handler) http.Handler

func RequireLogin ¶

func RequireLogin(handler http.Handler) http.Handler

RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.

func RequirePermission ¶

func RequirePermission(perm string) func(http.Handler) http.HandlerFunc

RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.

func Use ¶

func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc

Use allows us to stack middleware to process the request