Documentation
¶
Overview ¶
Package securityprofile provides security posture defaults.
Package securityprofile composes secure middleware defaults. EXPERIMENTAL: This package is not yet API-stable.
Index ¶
- type ErrorWriter
- type Option
- func WithAuthAllowlist(paths ...string) Option
- func WithAuthCheck(fn func(*http.Request) bool) Option
- func WithDevBypassHeader(header string, allow bool) Option
- func WithErrorWriter(fn ErrorWriter) Option
- func WithMaxBodyBytes(n int64) Option
- func WithQueryLimits(opts querylimits.Options) Option
- func WithQueryLimitsDisabled() Option
- func WithRateLimitDisabled() Option
- func WithRateLimitOptions(opts ratelimit.Options) Option
- func WithRequireAuth(required bool) Option
- func WithResolver(resolver identity.Resolver) Option
- func WithRouteOverrides(overrides ...RouteOverride) Option
- func WithSecureOptions(opts ...securemw.Option) Option
- func WithTimeout(d time.Duration) Option
- func WithTimeoutDisabled() Option
- type Profile
- type RouteOverride
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrorWriter ¶
type ErrorWriter func(http.ResponseWriter, int, httpx.Problem)
ErrorWriter allows overriding how security profile errors are written.
type Option ¶
type Option func(*options)
Option customizes the security profile.
func WithAuthAllowlist ¶
WithAuthAllowlist sets paths that bypass auth checks.
func WithAuthCheck ¶
WithAuthCheck sets a function that determines whether a request is authenticated.
func WithDevBypassHeader ¶
WithDevBypassHeader sets a development-only auth bypass header.
func WithErrorWriter ¶
func WithErrorWriter(fn ErrorWriter) Option
WithErrorWriter overrides the error writer.
func WithMaxBodyBytes ¶
WithMaxBodyBytes sets the maximum request body size.
func WithQueryLimits ¶
func WithQueryLimits(opts querylimits.Options) Option
WithQueryLimits overrides query limits middleware options.
func WithQueryLimitsDisabled ¶
func WithQueryLimitsDisabled() Option
WithQueryLimitsDisabled disables query limits enforcement.
func WithRateLimitDisabled ¶
func WithRateLimitDisabled() Option
WithRateLimitDisabled disables rate limiting.
func WithRateLimitOptions ¶
WithRateLimitOptions configures rate limiting options.
func WithRequireAuth ¶
WithRequireAuth sets whether authentication is required by default.
func WithResolver ¶
WithResolver sets the identity resolver for trusted proxy checks.
func WithRouteOverrides ¶
func WithRouteOverrides(overrides ...RouteOverride) Option
WithRouteOverrides sets per-route limit overrides.
func WithSecureOptions ¶
WithSecureOptions appends secure header middleware options.
func WithTimeoutDisabled ¶
func WithTimeoutDisabled() Option
WithTimeoutDisabled disables request timeouts.
type Profile ¶
Profile describes a composed security middleware stack.
func OWASPBaseline ¶
OWASPBaseline returns a security profile that aligns with OWASP API resource limits.
func (Profile) Apply ¶
func (p Profile) Apply(r ports.HTTPRouter)
Apply attaches the profile middlewares to the router.
type RouteOverride ¶
type RouteOverride struct {
Pattern string
Methods []string
MaxBodyBytes *int64
QueryLimits *querylimits.Options
QueryLimitsEnabled *bool
Timeout *time.Duration
TimeoutEnabled *bool
RateLimit *ratelimit.Options
RateLimitEnabled *bool
}
RouteOverride customizes limits for matching requests.
Source Files