Documentation
¶
Index ¶
- func AdminOnly(next http.Handler) http.Handler
- func Certificate(dataDir, ip, certPEMFile, keyPEMFile string) (tls.Certificate, error)
- func CheckConnectivity(ip string, port int)
- func GenerateAccessToken(hmacSecret []byte, username string, expiration time.Time) (string, error)
- func GetRequestUsername(r *http.Request) string
- func ListenAndServeTLS(dataDir, certPEM, keyPEM string, publicIP string, listenPort int, ...) error
- func Middleware(hmacSecret []byte, next http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdminOnly ¶
AdminOnly is a middleware that restricts access to admin users only. It checks if the username retrieved by GetRequestUsername is "admin".
func Certificate ¶ added in v0.0.3
func Certificate(dataDir, ip, certPEMFile, keyPEMFile string) (tls.Certificate, error)
Certificate generates or loads a self-signed TLS certificate and private key. It first attempts to read "cert.pem" and "key.pem" from the specified dataDir. If the files don't exist, it generates a new RSA 2048-bit key pair and a self-signed certificate valid only for the given IP address. The certificate is intentionally created with an immediate expiration time, making it suitable only for contexts where validation is skipped or customized. The generated PEM-encoded certificate and key are returned. If certPEMFile and keyPEMFile are provided, it uses those files instead of generating a new one.
func CheckConnectivity ¶ added in v0.0.13
CheckConnectivity periodically checks the health endpoint of the server using its public IP and port. It runs in a loop, making requests every minute with jitter. It uses an HTTP client configured to skip TLS verification, suitable for self-signed certificates. Errors during the check are logged.
func GenerateAccessToken ¶
GenerateAccessToken creates a new JWT access token signed with the HS256 algorithm. It includes the username as the subject ("sub") claim and sets the expiration time ("exp"). The token is signed using the provided hmacSecret.
func GetRequestUsername ¶
GetRequestUsername retrieves the username stored in the request context by the Middleware. It returns an empty string if the username is not found.
func ListenAndServeTLS ¶ added in v0.0.13
func ListenAndServeTLS(dataDir, certPEM, keyPEM string, publicIP string, listenPort int, handler http.Handler) error
ListenAndServeTLS listens on the TCP network address addr and then calls Serve with handler and a self-signed certificate (optionally signed by Lantern) to handle requests on incoming TLS connections.
func Middleware ¶
Middleware is an HTTP middleware that validates JWT tokens from the Authorization header or "token" query parameter. If the token is valid, it extracts the username (subject claim) and stores it in the request context. If the token is missing or invalid, it returns an Unauthorized error.
Types ¶
This section is empty.
Source Files