Documentation
¶
Index ¶
- Constants
- func CORSMiddleware(cfg *config.Config) gin.HandlerFunc
- func CSRFMiddleware() gin.HandlerFunc
- func GenerateFingerprint(ip, userAgent string, includeIP bool) string
- func GetCSRFToken(c *gin.Context) string
- func IPMiddleware() gin.HandlerFunc
- func MetricsAuthMiddleware(token string) gin.HandlerFunc
- func NewCORSConfig(origins, methods, headers []string, maxAge time.Duration) cors.Config
- func NewRateLimiter(config RateLimitConfig) (gin.HandlerFunc, error)
- func OptionalAuth(userService *services.UserService) gin.HandlerFunc
- func RequireAdmin() gin.HandlerFunc
- func RequireAuth(userService *services.UserService) gin.HandlerFunc
- func SecurityHeaders(useHSTS bool) gin.HandlerFunc
- func SessionFingerprintMiddleware(enabled, includeIP bool) gin.HandlerFunc
- func SessionIdleTimeout(idleTimeoutSeconds int) gin.HandlerFunc
- type RateLimitConfig
- type RateLimitStoreType
Constants ¶
const ( SessionUserID = "user_id" SessionUsername = "username" SessionLastActivity = "last_activity" SessionFingerprint = "session_fingerprint" )
const ContextKeyClientIP = "client_ip"
ContextKeyClientIP is the gin context key for the client IP address.
Variables ¶
This section is empty.
Functions ¶
func CORSMiddleware ¶ added in v0.20.0
func CORSMiddleware(cfg *config.Config) gin.HandlerFunc
CORSMiddleware returns a CORS middleware configured from application settings. It allows cross-origin requests from the configured origins to API endpoints.
func CSRFMiddleware ¶
func CSRFMiddleware() gin.HandlerFunc
CSRFMiddleware provides CSRF protection for state-changing operations
func GenerateFingerprint ¶ added in v0.19.0
GenerateFingerprint creates a SHA256 hash from IP (optional) and User-Agent.
func GetCSRFToken ¶
GetCSRFToken retrieves the CSRF token from the context
func IPMiddleware ¶
func IPMiddleware() gin.HandlerFunc
IPMiddleware extracts client IP and stores it in the context
func MetricsAuthMiddleware ¶
func MetricsAuthMiddleware(token string) gin.HandlerFunc
MetricsAuthMiddleware creates a middleware that protects metrics endpoint with Bearer token
func NewCORSConfig ¶ added in v0.20.0
NewCORSConfig creates a cors.Config from application settings for testing purposes.
func NewRateLimiter ¶
func NewRateLimiter(config RateLimitConfig) (gin.HandlerFunc, error)
NewRateLimiter creates a new rate limiter with configurable store backend
func OptionalAuth ¶ added in v0.16.0
func OptionalAuth(userService *services.UserService) gin.HandlerFunc
OptionalAuth loads the user from session if logged in, but does not redirect if not. Use for public pages that show richer UI when authenticated.
func RequireAdmin ¶
func RequireAdmin() gin.HandlerFunc
RequireAdmin is a middleware that requires the user to have admin role. This middleware should be used after RequireAuth, which already fetches and caches the user in the gin context via loadUserFromSession.
func RequireAuth ¶
func RequireAuth(userService *services.UserService) gin.HandlerFunc
RequireAuth is a middleware that requires the user to be logged in
func SecurityHeaders ¶ added in v0.20.0
func SecurityHeaders(useHSTS bool) gin.HandlerFunc
SecurityHeaders returns a middleware that sets HTTP security headers to protect against common web vulnerabilities. HSTS is only applied when useHSTS is true (i.e. when BaseURL uses https://), so local HTTP development is unaffected.
func SessionFingerprintMiddleware ¶
func SessionFingerprintMiddleware(enabled, includeIP bool) gin.HandlerFunc
SessionFingerprintMiddleware validates session fingerprint to prevent session hijacking Checks User-Agent (and optionally IP) against stored fingerprint
func SessionIdleTimeout ¶
func SessionIdleTimeout(idleTimeoutSeconds int) gin.HandlerFunc
SessionIdleTimeout checks if the session has been idle for too long and clears it if necessary. Set idleTimeoutSeconds to 0 to disable.
Types ¶
type RateLimitConfig ¶
type RateLimitConfig struct {
// Rate limit settings
RequestsPerMinute int // Number of requests allowed per minute
CleanupInterval time.Duration // How often to cleanup (only for memory store)
// Store settings
StoreType RateLimitStoreType // "memory" or "redis"
// Redis settings (only used when StoreType = "redis")
// Must be provided when StoreType is "redis" (initialized in main.go)
RedisClient *redis.Client // Required for Redis store: shared go-redis client
// Audit settings
AuditService *services.AuditService // Optional: audit service for logging rate limit events
}
RateLimitConfig holds the configuration for rate limiting with store support
type RateLimitStoreType ¶
type RateLimitStoreType string
RateLimitStoreType defines the type of rate limit store
const ( // RateLimitStoreMemory uses in-memory storage (single instance only) RateLimitStoreMemory RateLimitStoreType = "memory" // RateLimitStoreRedis uses Redis storage (distributed, multi-pod support) RateLimitStoreRedis RateLimitStoreType = "redis" )
Source Files