Documentation
¶
Index ¶
- Constants
- func ApplySecurityMiddleware(r *gin.RouterGroup)
- func CSRFMiddleware(config *SecurityConfig) gin.HandlerFunc
- func CorsMiddleware() gin.HandlerFunc
- func GetCarrotSessionField() string
- func InjectDB(db *gorm.DB) gin.HandlerFunc
- func InputValidationMiddleware() gin.HandlerFunc
- func LoggerMiddleware(logger *zap.Logger) gin.HandlerFunc
- func SanitizeString(input string) string
- func SecureCompare(a, b string) bool
- func SecurityMiddleware(config *SecurityConfig) gin.HandlerFunc
- func SecurityMiddlewareChain() []gin.HandlerFunc
- func SignVerifyMiddleware() gin.HandlerFunc
- func ValidateEmail(email string) bool
- func ValidatePassword(password string) error
- func WithCookieSession(secret string, maxAge int) gin.HandlerFunc
- func WithMemSession(secret string) gin.HandlerFunc
- func XSSProtectionMiddleware() gin.HandlerFunc
- type SecurityConfig
Constants ¶
View Source
const DbField = "_lingecho_db"
View Source
const ENV_SESSION_EXPIRE_DAYS = "SESSION_EXPIRE_DAYS"
View Source
const ENV_SESSION_FIELD = "SESSION_FIELD"
View Source
const ENV_SESSION_SECRET = "SESSION_SECRET"
Variables ¶
This section is empty.
Functions ¶
func ApplySecurityMiddleware ¶
func ApplySecurityMiddleware(r *gin.RouterGroup)
ApplySecurityMiddleware applies security middleware to router group
func CSRFMiddleware ¶
func CSRFMiddleware(config *SecurityConfig) gin.HandlerFunc
CSRFMiddleware CSRF保护中间件
func CorsMiddleware ¶
func CorsMiddleware() gin.HandlerFunc
CorsMiddleware handles cross-origin resource sharing
func GetCarrotSessionField ¶
func GetCarrotSessionField() string
func InputValidationMiddleware ¶
func InputValidationMiddleware() gin.HandlerFunc
InputValidationMiddleware 输入验证中间件
func LoggerMiddleware ¶
func LoggerMiddleware(logger *zap.Logger) gin.HandlerFunc
LoggerMiddleware 请求日志中间件
func SecurityMiddleware ¶
func SecurityMiddleware(config *SecurityConfig) gin.HandlerFunc
SecurityMiddleware 安全中间件
func SecurityMiddlewareChain ¶
func SecurityMiddlewareChain() []gin.HandlerFunc
SecurityMiddlewareChain returns security middleware chain
func SignVerifyMiddleware ¶
func SignVerifyMiddleware() gin.HandlerFunc
API signature verification middleware
func WithCookieSession ¶
func WithCookieSession(secret string, maxAge int) gin.HandlerFunc
func WithMemSession ¶
func WithMemSession(secret string) gin.HandlerFunc
func XSSProtectionMiddleware ¶
func XSSProtectionMiddleware() gin.HandlerFunc
XSSProtectionMiddleware XSS防护中间件
Types ¶
type SecurityConfig ¶
type SecurityConfig struct {
// CSRF配置
CSRFSecret string `json:"csrf_secret"`
CSRFTokenName string `json:"csrf_token_name"`
CSRFMaxAge time.Duration `json:"csrf_max_age"`
CSRFSecure bool `json:"csrf_secure"`
CSRFHttpOnly bool `json:"csrf_http_only"`
CSRFSameSite csrf.SameSiteMode `json:"csrf_same_site"`
// XSS配置
XSSProtection bool `json:"xss_protection"`
ContentTypeNosniff bool `json:"content_type_nosniff"`
XFrameOptions string `json:"x_frame_options"`
// 输入验证配置
MaxRequestSize int64 `json:"max_request_size"`
AllowedOrigins []string `json:"allowed_origins"`
// 安全头配置
HSTSMaxAge int `json:"hsts_max_age"`
ReferrerPolicy string `json:"referrer_policy"`
}
SecurityConfig 安全配置
func DefaultSecurityConfig ¶
func DefaultSecurityConfig() *SecurityConfig
DefaultSecurityConfig 默认安全配置
Source Files
Click to show internal directories.
Click to hide internal directories.