middleware

package
v2.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2026 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RequestsPerMinute = 100 // Simple limit - 100 requests per minute per IP
	BurstSize         = 20  // Allow burst of 20 requests
)

Variables

This section is empty.

Functions

func HTTPAuthMiddleware added in v2.9.0 

func HTTPAuthMiddleware(auth *AuthConfig) func(http.Handler) http.Handler

HTTPAuthMiddleware creates an HTTP middleware that validates API key authentication. If no keys are configured or the request is from localhost, all requests pass through. Returns 401 Unauthorized if keys are configured but no valid key is provided.

func HTTPIPFilterMiddleware added in v2.7.0 

func HTTPIPFilterMiddleware(filter *IPFilter) func(http.Handler) http.Handler

HTTPIPFilterMiddleware creates an HTTP middleware that filters requests by IP. This middleware applies to both regular HTTP requests and WebSocket upgrade requests.

func HTTPRateLimitMiddleware 

func HTTPRateLimitMiddleware(limiter *IPRateLimiter) func(http.Handler) http.Handler

HTTPRateLimitMiddleware creates an HTTP rate limiting middleware

func IsLoopbackAddr added in v2.9.0 

func IsLoopbackAddr(remoteAddr string) bool

IsLoopbackAddr checks if a RemoteAddr string represents a loopback address.

func ParseRemoteIP added in v2.9.0 

func ParseRemoteIP(remoteAddr string) net.IP

ParseRemoteIP extracts and parses the IP address from a RemoteAddr string (IP:port format).

func WebSocketAuthHandler added in v2.9.0 

func WebSocketAuthHandler(auth *AuthConfig, r *http.Request) bool

WebSocketAuthHandler validates WebSocket connection requests. Returns true if the connection is allowed, false otherwise. If no keys are configured or the request is from localhost, all connections are allowed.

func WebSocketRateLimitHandler 

func WebSocketRateLimitHandler(
	limiter *IPRateLimiter,
	handler func(*melody.Session, []byte),
) func(*melody.Session, []byte)

WebSocketRateLimitHandler wraps a WebSocket message handler with rate limiting

Types

type APIKeyProvider added in v2.9.0 

type APIKeyProvider func() []string

APIKeyProvider is a function that returns the current list of API keys. This allows the auth middleware to dynamically fetch keys on each request, supporting hot-reload of configuration.

type AuthConfig added in v2.9.0 

type AuthConfig struct {
	// contains filtered or unexported fields
}

AuthConfig holds authentication configuration for the API. It uses a provider function to fetch keys dynamically, supporting hot-reload.

func NewAuthConfig added in v2.9.0 

func NewAuthConfig(keyProvider APIKeyProvider) *AuthConfig

NewAuthConfig creates a new AuthConfig with a key provider function. The provider is called on each request to get the current list of valid keys, allowing configuration changes to take effect without server restart.

func (*AuthConfig) Enabled added in v2.9.0 

func (a *AuthConfig) Enabled() bool

Enabled returns true if authentication is enabled (at least one key configured).

func (*AuthConfig) IsValidKey added in v2.9.0 

func (a *AuthConfig) IsValidKey(key string) bool

IsValidKey checks if the provided key is valid using constant-time comparison to prevent timing attacks.

type IPFilter added in v2.7.0 

type IPFilter struct {
	// contains filtered or unexported fields
}

IPFilter manages IP allowlist filtering for both HTTP and WebSocket connections. It uses a provider function to fetch the allowlist dynamically.

func NewIPFilter added in v2.7.0 

func NewIPFilter(ipsProvider IPsProvider) *IPFilter

NewIPFilter creates a new IP filter with an IPs provider function. The provider is called on each request to get the current allowlist, allowing configuration changes to take effect without server restart.

func (*IPFilter) IsAllowed added in v2.7.0 

func (f *IPFilter) IsAllowed(remoteAddr string) bool

IsAllowed checks if an IP address is allowed. Returns true if the allowlist is empty (no filtering) or if the IP matches an allowed entry.

type IPRateLimiter 

type IPRateLimiter struct {
	// contains filtered or unexported fields
}

IPRateLimiter manages rate limiters per IP address for both HTTP and WebSocket

func NewIPRateLimiter 

func NewIPRateLimiter() *IPRateLimiter

NewIPRateLimiter creates a new IP-based rate limiter with hardcoded limits

func (*IPRateLimiter) Cleanup 

func (rl *IPRateLimiter) Cleanup()

Cleanup removes old entries that haven't been seen recently

func (*IPRateLimiter) GetLimiter 

func (rl *IPRateLimiter) GetLimiter(ip string) *rate.Limiter

GetLimiter returns the rate limiter for the given IP

func (*IPRateLimiter) StartCleanup 

func (rl *IPRateLimiter) StartCleanup(ctx context.Context)

StartCleanup starts a goroutine to periodically clean up old rate limiters. The cleanup goroutine will stop when the provided context is cancelled.

type IPsProvider added in v2.9.0 

type IPsProvider func() []string

IPsProvider is a function that returns the current list of allowed IPs/CIDRs. This allows the IP filter to dynamically fetch the allowlist on each request, supporting hot-reload of configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.