Documentation
¶
Overview ¶
Package middleware provides common HTTP middleware for the web application.
Index ¶
- func CORS(allowedOrigins []string, allowedHeaders ...string) mux.Middleware
- func CSRF(allowedOrigins ...string) mux.Middleware
- func CheckOriginFunc(allowedOrigins []string) func(string) bool
- func Errors(log *slog.Logger) mux.Middleware
- func Logger(log *slog.Logger) mux.Middleware
- func Panics() mux.Middleware
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CORS ¶
func CORS(allowedOrigins []string, allowedHeaders ...string) mux.Middleware
CORS middleware for handling CORS settings. If `*` is given, all origins will be accepted. Sensivle default headers are set, and can be optionally overridden with the variadic allowedHeaders parameter.
Example ¶
package main
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
cors := middleware.CORS([]string{"https://example.com"})
handler := cors(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
fmt.Fprint(w, "ok")
return nil
})
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "/", nil)
r.Header.Set("Origin", "https://example.com")
handler(context.Background(), w, r)
fmt.Println(w.Header().Get("Access-Control-Allow-Origin"))
fmt.Println(w.Body.String())
}
Output: https://example.com ok
func CSRF ¶
func CSRF(allowedOrigins ...string) mux.Middleware
CSRF uses the standard library CrossOriginProtection to prevent CSRF attacks.
Example ¶
package main
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
csrf := middleware.CSRF("https://example.com")
handler := csrf(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
fmt.Fprint(w, "protected")
return nil
})
// Safe methods bypass CSRF checks.
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "/", nil)
handler(r.Context(), w, r)
fmt.Println(w.Body.String())
}
Output: protected
func CheckOriginFunc ¶
CheckOriginFunc loads the list of allowed origins, and returns a func that determines if the given origin is valid against the allowable list.
Example ¶
package main
import (
"fmt"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
check := middleware.CheckOriginFunc([]string{
"https://example.com",
"https://*.example.org",
})
fmt.Println(check("https://example.com"))
fmt.Println(check("https://sub.example.org"))
fmt.Println(check("https://other.com"))
}
Output: true true false
func Errors ¶
func Errors(log *slog.Logger) mux.Middleware
Errors handles errors coming out of the call chain.
Example ¶
package main
import (
"context"
"fmt"
"io"
"log/slog"
"net/http"
"net/http/httptest"
"github.com/adamwoolhether/httper/web/errs"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
log := slog.New(slog.NewTextHandler(io.Discard, nil))
errMW := middleware.Errors(log)
handler := errMW(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
return errs.New(http.StatusNotFound, fmt.Errorf("item not found"))
})
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "/", nil)
handler(r.Context(), w, r)
fmt.Println(w.Code)
fmt.Println(w.Body.String())
}
Output: 404 {"code":404,"message":"item not found"}
func Logger ¶
func Logger(log *slog.Logger) mux.Middleware
Logger logs the start and completion of each request, including method, path, remote address, status code, and elapsed time.
Example ¶
package main
import (
"context"
"fmt"
"io"
"log/slog"
"net/http"
"net/http/httptest"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
log := slog.New(slog.NewTextHandler(io.Discard, nil))
logger := middleware.Logger(log)
handler := logger(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
fmt.Fprint(w, "logged")
return nil
})
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "/test", nil)
handler(r.Context(), w, r)
fmt.Println(w.Body.String())
}
Output: logged
func Panics ¶
func Panics() mux.Middleware
Panics recovers from panics if they occur.
Example ¶
package main
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"github.com/adamwoolhether/httper/web/middleware"
)
func main() {
panics := middleware.Panics()
handler := panics(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
fmt.Fprint(w, "safe")
return nil
})
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "/", nil)
handler(r.Context(), w, r)
fmt.Println(w.Body.String())
}
Output: safe
Types ¶
This section is empty.