echox

package module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2024 License: MIT Imports: 19 Imported by: 6

README

EchoX

EchoX is Echo web framework + Fx dependency injection system + Huma REST/HTTP API Framework with OpenAPI 3.1

Installation

go get -u github.com/gowool/echox

Documentation

Index

Constants

View Source 
const (
	DecisionDeny = iota + 1
	DecisionAllow
)

Variables

View Source 
var (
	OptionEcho        = fx.Provide(NewEcho)
	OptionIPExtractor = fx.Provide(IPExtractor)

	OptionRBAC                 = fx.Provide(rbac.New)
	OptionRBACWithConfig       = fx.Provide(rbac.NewWithConfig)
	OptionAuthorizationChecker = fx.Provide(func(rbac *rbac.RBAC) rbac.AuthorizationChecker { return rbac })
	OptionAuthorizer           = fx.Provide(fx.Annotate(NewDefaultAuthorizer, fx.As(new(Authorizer))))

	OptionSessionManager = fx.Provide(NewSessionManager)

	OptionRecoverMiddleware       = fx.Provide(AsMiddleware(RecoverMiddleware))
	OptionBodyLimitMiddleware     = fx.Provide(AsMiddleware(BodyLimitMiddleware))
	OptionCompressMiddleware      = fx.Provide(AsMiddleware(CompressMiddleware))
	OptionDecompressMiddleware    = fx.Provide(AsMiddleware(DecompressMiddleware))
	OptionRequestIDMiddleware     = fx.Provide(AsMiddleware(RequestIDMiddleware))
	OptionLoggerMiddleware        = fx.Provide(AsMiddleware(LoggerMiddleware))
	OptionSecureMiddleware        = fx.Provide(AsMiddleware(SecureMiddleware))
	OptionCORSMiddleware          = fx.Provide(AsMiddleware(CORSMiddleware))
	OptionCSRFMiddleware          = fx.Provide(AsMiddleware(CSRFMiddleware))
	OptionSessionMiddleware       = fx.Provide(AsMiddleware(SessionMiddleware))
	OptionBasicAuthMiddleware     = fx.Provide(AsMiddleware(BasicAuthMiddleware))
	OptionBearerAuthMiddleware    = fx.Provide(AsMiddleware(BearerAuthMiddleware))
	OptionAuthorizationMiddleware = fx.Provide(AsMiddleware(AuthorizationMiddleware))

	OptionAuthorizationAPIMiddleware = fx.Provide(AsAPIMiddleware(AuthorizationAPIMiddleware))
)
View Source 
var ErrDeny = errors.New("huma api: authorizer decision `deny`")

Functions

func AsAPIHandler 

func AsAPIHandler(f any) any

func AsAPIMiddleware 

func AsAPIMiddleware(middleware any) any

func AsAPIMiddlewareFunc 

func AsAPIMiddlewareFunc(name string, middleware func(huma.API) func(ctx huma.Context, next func(huma.Context))) any

func AsHandler 

func AsHandler(f any) any

func AsMiddleware 

func AsMiddleware(middleware any) any

func AsMiddlewareFunc 

func AsMiddlewareFunc(name string, middleware echo.MiddlewareFunc) any

func ChainSkipper 

func ChainSkipper(skippers ...middleware.Skipper) middleware.Skipper

func CheckMethod 

func CheckMethod(method, skip string) (string, bool)

func CtxArea 

func CtxArea(ctx context.Context) string

func CtxAssertions 

func CtxAssertions(ctx context.Context) []rbac.Assertion

func EqualPathSkipper 

func EqualPathSkipper(paths ...string) middleware.Skipper

func IPExtractor 

func IPExtractor() echo.IPExtractor

func NewEcho 

func NewEcho(params EchoParams) *echo.Echo

func NewSessionManager 

func NewSessionManager(params SessionManagerParams) *scs.SessionManager

func PrefixPathSkipper 

func PrefixPathSkipper(prefixes ...string) middleware.Skipper

func SuffixPathSkipper 

func SuffixPathSkipper(suffixes ...string) middleware.Skipper

func WithAssertions 

func WithAssertions(ctx context.Context, assertions ...rbac.Assertion) context.Context

func WithClaims 

func WithClaims(ctx context.Context, claims *Claims) context.Context

Types

type APIConfig 

type APIConfig struct {
	Enabled     bool            `json:"enabled,omitempty" yaml:"enabled,omitempty"`
	Path        string          `json:"path,omitempty" yaml:"path,omitempty"`
	OpenAPIPath string          `json:"openAPIPath,omitempty" yaml:"openAPIPath,omitempty"`
	DocsPath    string          `json:"docsPath,omitempty" yaml:"docsPath,omitempty"`
	SchemasPath string          `json:"schemasPath,omitempty" yaml:"schemasPath,omitempty"`
	Middlewares []string        `json:"middlewares,omitempty" yaml:"middlewares,omitempty"`
	Info        huma.Info       `json:"info,omitempty" yaml:"info,omitempty"`
	Components  huma.Components `json:"components,omitempty" yaml:"components,omitempty"`
}

func (*APIConfig) InitDefaults 

func (cfg *APIConfig) InitDefaults()

type APIHandler 

type APIHandler interface {
	Area() string
	Version() string
	Register(*echo.Echo, huma.API)
}

type APIMiddleware 

type APIMiddleware struct {
	Name       string
	Middleware func(huma.API) func(huma.Context, func(huma.Context))
}

func AuthorizationAPIMiddleware 

func AuthorizationAPIMiddleware(authorizer Authorizer, logger *zap.Logger) APIMiddleware

func NewAPIMiddleware 

func NewAPIMiddleware(name string, middleware func(huma.API) func(huma.Context, func(huma.Context))) APIMiddleware

type AreaConfig 

type AreaConfig struct {
	Enabled     bool                 `json:"enabled,omitempty" yaml:"enabled,omitempty"`
	Path        string               `json:"path,omitempty" yaml:"path,omitempty"`
	Middlewares []string             `json:"middlewares,omitempty" yaml:"middlewares,omitempty"`
	Additional  map[string]any       `json:"additional,omitempty" yaml:"additional,omitempty"`
	API         map[string]APIConfig `json:"api,omitempty" yaml:"api,omitempty"`
}

func (*AreaConfig) InitDefaults 

func (cfg *AreaConfig) InitDefaults()

type Authorizer 

type Authorizer interface {
	Authorize(ctx context.Context, claims *Claims, target *Target) (Decision, error)
}

type BodyLimitConfig 

type BodyLimitConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper `json:"-" yaml:"-"`

	// Maximum allowed size for a request body, it can be specified
	// as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.
	Limit string `json:"limit,omitempty" yaml:"limit,omitempty"`
}

func (*BodyLimitConfig) InitDefaults 

func (cfg *BodyLimitConfig) InitDefaults()

type CORSConfig 

type CORSConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper `json:"-" yaml:"-"`

	// AllowOrigins determines the value of the Access-Control-Allow-Origin
	// response header.  This header defines a list of origins that may access the
	// resource.  The wildcard characters '*' and '?' are supported and are
	// converted to regex fragments '.*' and '.' accordingly.
	//
	// Security: use extreme caution when handling the origin, and carefully
	// validate any logic. Remember that attackers may register hostile domain names.
	// See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
	//
	// Optional. Default value []string{"*"}.
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
	AllowOrigins []string `json:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"`

	// AllowOriginFunc is a custom function to validate the origin. It takes the
	// origin as an argument and returns true if allowed or false otherwise. If
	// an error is returned, it is returned by the handler. If this option is
	// set, AllowOrigins is ignored.
	//
	// Security: use extreme caution when handling the origin, and carefully
	// validate any logic. Remember that attackers may register hostile domain names.
	// See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
	//
	// Optional.
	AllowOriginFunc func(origin string) (bool, error) `json:"-" yaml:"-"`

	// AllowMethods determines the value of the Access-Control-Allow-Methods
	// response header.  This header specified the list of methods allowed when
	// accessing the resource.  This is used in response to a preflight request.
	//
	// Optional. Default value DefaultCORSConfig.AllowMethods.
	// If `allowMethods` is left empty, this middleware will fill for preflight
	// request `Access-Control-Allow-Methods` header value
	// from `Allow` header that echo.Router set into context.
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
	AllowMethods []string `json:"allowMethods,omitempty" yaml:"allowMethods,omitempty"`

	// AllowHeaders determines the value of the Access-Control-Allow-Headers
	// response header.  This header is used in response to a preflight request to
	// indicate which HTTP headers can be used when making the actual request.
	//
	// Optional. Default value []string{}.
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
	AllowHeaders []string `json:"allowHeaders,omitempty" yaml:"allowHeaders,omitempty"`

	// AllowCredentials determines the value of the
	// Access-Control-Allow-Credentials response header.  This header indicates
	// whether or not the response to the request can be exposed when the
	// credentials mode (Request.credentials) is true. When used as part of a
	// response to a preflight request, this indicates whether or not the actual
	// request can be made using credentials.  See also
	// [MDN: Access-Control-Allow-Credentials].
	//
	// Optional. Default value false, in which case the header is not set.
	//
	// Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`.
	// See "Exploiting CORS misconfigurations for Bitcoins and bounties",
	// https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
	AllowCredentials bool `json:"allowCredentials,omitempty" yaml:"allowCredentials,omitempty"`

	// UnsafeWildcardOriginWithAllowCredentials UNSAFE/INSECURE: allows wildcard '*' origin to be used with AllowCredentials
	// flag. In that case we consider any origin allowed and send it back to the client with `Access-Control-Allow-Origin` header.
	//
	// This is INSECURE and potentially leads to [cross-origin](https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties)
	// attacks. See: https://github.com/labstack/echo/issues/2400 for discussion on the subject.
	//
	// Optional. Default value is false.
	UnsafeWildcardOriginWithAllowCredentials bool `json:"unsafeWildcardOriginWithAllowCredentials,omitempty" yaml:"unsafeWildcardOriginWithAllowCredentials,omitempty"`

	// ExposeHeaders determines the value of Access-Control-Expose-Headers, which
	// defines a list of headers that clients are allowed to access.
	//
	// Optional. Default value []string{}, in which case the header is not set.
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header
	ExposeHeaders []string `json:"exposeHeaders,omitempty" yaml:"exposeHeaders,omitempty"`

	// MaxAge determines the value of the Access-Control-Max-Age response header.
	// This header indicates how long (in seconds) the results of a preflight
	// request can be cached.
	// The header is set only if MaxAge != 0, negative value sends "0" which instructs browsers not to cache that response.
	//
	// Optional. Default value 0 - meaning header is not sent.
	//
	// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
	MaxAge int `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
}

type CSRFConfig 

type CSRFConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper `json:"-" yaml:"-"`

	// ErrorHandler defines a function which is executed for returning custom errors.
	ErrorHandler middleware.CSRFErrorHandler `json:"-" yaml:"-"`

	// TokenLength is the length of the generated token.
	TokenLength uint8 `json:"tokenLength,omitempty" yaml:"tokenLength,omitempty"`

	// TokenLookup is a string in the form of "<source>:<name>" or "<source>:<name>,<source>:<name>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>" or "header:<name>:<cut-prefix>"
	// - "query:<name>"
	// - "form:<name>"
	// Multiple sources example:
	// - "header:X-CSRF-Token,query:csrf"
	TokenLookup string `json:"tokenLookup,omitempty" yaml:"tokenLookup,omitempty"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `json:"contextKey,omitempty" yaml:"contextKey,omitempty"`

	Cookie struct {
		Name     string        `json:"name,omitempty" yaml:"name,omitempty"`
		Domain   string        `json:"domain,omitempty" yaml:"domain,omitempty"`
		Path     string        `json:"path,omitempty" yaml:"path,omitempty"`
		MaxAge   time.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
		Secure   bool          `json:"secure,omitempty" yaml:"secure,omitempty"`
		HTTPOnly bool          `json:"httpOnly,omitempty" yaml:"httpOnly,omitempty"`
		SameSite SameSiteType  `json:"sameSite,omitempty" yaml:"sameSite,omitempty"`
	} `json:"cookie" yaml:"cookie"`
}

type Claims 

type Claims struct {
	Subject  Subject
	Metadata map[string]any
}

func CtxClaims 

func CtxClaims(ctx context.Context) *Claims

type Config 

type Config struct {
	Security    rbac.Config           `json:"security,omitempty" yaml:"security,omitempty"`
	Middlewares MiddlewaresConfig     `json:"middlewares,omitempty" yaml:"middlewares,omitempty"`
	Areas       map[string]AreaConfig `json:"areas,omitempty" yaml:"areas,omitempty"`
}

func (*Config) InitDefaults 

func (cfg *Config) InitDefaults()

type Decision 

type Decision int8

func (Decision) String 

func (d Decision) String() string

type DefaultAuthorizer 

type DefaultAuthorizer struct {
	// contains filtered or unexported fields
}

func NewDefaultAuthorizer 

func NewDefaultAuthorizer(rbac *rbac.RBAC) *DefaultAuthorizer

func (*DefaultAuthorizer) Authorize 

func (a *DefaultAuthorizer) Authorize(ctx context.Context, claims *Claims, target *Target) (d Decision, err error)

type EchoParams 

type EchoParams struct {
	fx.In
	Config         Config
	ErrorHandler   echo.HTTPErrorHandler
	Renderer       echo.Renderer
	Validator      echo.Validator
	IPExtractor    echo.IPExtractor
	Filesystem     fs.FS           `name:"echo-fs"`
	Handlers       []Handler       `group:"handler"`
	Middlewares    []Middleware    `group:"middleware"`
	APIHandlers    []APIHandler    `group:"api-handler"`
	APIMiddlewares []APIMiddleware `group:"api-middleware"`
}

type GzipConfig 

type GzipConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper `json:"-" yaml:"-"`

	// Gzip compression level.
	// Optional. Default value -1.
	Level int `json:"level,omitempty" yaml:"level,omitempty"`

	// Length threshold before gzip compression is applied.
	// Optional. Default value 0.
	//
	// Most of the time you will not need to change the default. Compressing
	// a short response might increase the transmitted data because of the
	// gzip format overhead. Compressing the response will also consume CPU
	// and time on the server and the client (for decompressing). Depending on
	// your use case such a threshold might be useful.
	//
	// See also:
	// https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits
	MinLength int `json:"minLength,omitempty" yaml:"minLength,omitempty"`
}

func (*GzipConfig) InitDefaults 

func (cfg *GzipConfig) InitDefaults()

type Handler 

type Handler interface {
	Area() string
	Register(*echo.Echo, *echo.Group)
}

type Middleware 

type Middleware struct {
	Name       string
	Middleware echo.MiddlewareFunc
}

func AuthorizationMiddleware 

func AuthorizationMiddleware(authorizer Authorizer) Middleware

func BasicAuthMiddleware 

func BasicAuthMiddleware(validator middleware.BasicAuthValidator) Middleware

func BearerAuthMiddleware 

func BearerAuthMiddleware(validator middleware.KeyAuthValidator) Middleware

func BodyLimitMiddleware 

func BodyLimitMiddleware(cfg BodyLimitConfig) Middleware

func CORSMiddleware 

func CORSMiddleware(cfg CORSConfig) Middleware

func CSRFMiddleware 

func CSRFMiddleware(cfg CSRFConfig) Middleware

func CompressMiddleware 

func CompressMiddleware(cfg GzipConfig) Middleware

func DecompressMiddleware 

func DecompressMiddleware() Middleware

func LoggerMiddleware 

func LoggerMiddleware(cfg RequestLoggerConfig, logger *zap.Logger) Middleware

func NewMiddleware 

func NewMiddleware(name string, middleware echo.MiddlewareFunc) Middleware

func RecoverMiddleware 

func RecoverMiddleware(cfg RecoverConfig, logger *zap.Logger) Middleware

func RequestIDMiddleware 

func RequestIDMiddleware() Middleware

func SecureMiddleware 

func SecureMiddleware(cfg SecureConfig) Middleware

func SessionMiddleware 

func SessionMiddleware(cfg SessionConfig, sessionManager *scs.SessionManager) Middleware

type MiddlewaresConfig 

type MiddlewaresConfig struct {
	fx.Out
	Router struct {
		Before []string `json:"before,omitempty" yaml:"before,omitempty"`
		After  []string `json:"after,omitempty" yaml:"after,omitempty"`
	} `json:"router,omitempty" yaml:"router,omitempty"`
	Recover   RecoverConfig       `json:"recover,omitempty" yaml:"recover,omitempty"`
	BodyLimit BodyLimitConfig     `json:"bodyLimit,omitempty" yaml:"bodyLimit,omitempty"`
	Compress  GzipConfig          `json:"compress,omitempty" yaml:"compress,omitempty"`
	Secure    SecureConfig        `json:"secure,omitempty" yaml:"secure,omitempty"`
	CORS      CORSConfig          `json:"cors,omitempty" yaml:"cors,omitempty"`
	CSRF      CSRFConfig          `json:"csrf,omitempty" yaml:"csrf,omitempty"`
	Session   SessionConfig       `json:"session,omitempty" yaml:"session,omitempty"`
	Logger    RequestLoggerConfig `json:"logger,omitempty" yaml:"logger,omitempty"`
}

func (*MiddlewaresConfig) InitDefaults 

func (cfg *MiddlewaresConfig) InitDefaults()

type RecoverConfig 

type RecoverConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper

	// Size of the stack to be printed.
	// Optional. Default value 4KB.
	StackSize int `json:"stackSize,omitempty" yaml:"stackSize,omitempty"`

	// DisableStackAll disables formatting stack traces of all other goroutines
	// into buffer after the trace for the current goroutine.
	// Optional. Default value false.
	DisableStackAll bool `json:"disableStackAll,omitempty" yaml:"disableStackAll,omitempty"`
}

type RequestLoggerConfig 

type RequestLoggerConfig struct {
	Skipper              middleware.Skipper             `json:"-" yaml:"-"`
	AdditionalFieldsFunc func(echo.Context) []zap.Field `json:"-" yaml:"-"`
	HandleError          bool                           `json:"handleError,omitempty" yaml:"handleError,omitempty"`
	LogLatency           bool                           `json:"latency,omitempty" yaml:"latency,omitempty"`
	LogProtocol          bool                           `json:"protocol,omitempty" yaml:"protocol,omitempty"`
	LogRemoteIP          bool                           `json:"remoteIP,omitempty" yaml:"remoteIP,omitempty"`
	LogHost              bool                           `json:"host,omitempty" yaml:"host,omitempty"`
	LogMethod            bool                           `json:"method,omitempty" yaml:"method,omitempty"`
	LogURI               bool                           `json:"uri,omitempty" yaml:"uri,omitempty"`
	LogURIPath           bool                           `json:"uriPath,omitempty" yaml:"uriPath,omitempty"`
	LogRoutePath         bool                           `json:"routePath,omitempty" yaml:"routePath,omitempty"`
	LogRequestID         bool                           `json:"requestID,omitempty" yaml:"requestID,omitempty"`
	LogReferer           bool                           `json:"referer,omitempty" yaml:"referer,omitempty"`
	LogUserAgent         bool                           `json:"userAgent,omitempty" yaml:"userAgent,omitempty"`
	LogStatus            bool                           `json:"status,omitempty" yaml:"status,omitempty"`
	LogError             bool                           `json:"error,omitempty" yaml:"error,omitempty"`
	LogContentLength     bool                           `json:"contentLength,omitempty" yaml:"contentLength,omitempty"`
	LogResponseSize      bool                           `json:"responseSize,omitempty" yaml:"responseSize,omitempty"`
	LogHeaders           []string                       `json:"headers,omitempty" yaml:"headers,omitempty"`
	LogQueryParams       []string                       `json:"queryParams,omitempty" yaml:"queryParams,omitempty"`
	LogFormValues        []string                       `json:"formValues,omitempty" yaml:"formValues,omitempty"`
}

type RoleHierarchyConfig 

type RoleHierarchyConfig struct {
	Role     string   `json:"role,omitempty" yaml:"role,omitempty"`
	Parents  []string `json:"parents,omitempty" yaml:"parents,omitempty"`
	Children []string `json:"children,omitempty" yaml:"children,omitempty"`
}

type SameSiteType 

type SameSiteType string
const (
	SameSiteDefault SameSiteType = "default"
	SameSiteLax     SameSiteType = "lax"
	SameSiteStrict  SameSiteType = "strict"
	SameSiteNone    SameSiteType = "none"
)

func (SameSiteType) HTTP 

func (s SameSiteType) HTTP() http.SameSite

type SecureConfig 

type SecureConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper middleware.Skipper `json:"-" yaml:"-"`

	// XSSProtection provides protection against cross-site scripting attack (XSS)
	// by setting the `X-XSS-Protection` header.
	// Optional. Default value "1; mode=block".
	XSSProtection string `json:"xssProtection,omitempty" yaml:"xssProtection,omitempty"`

	// ContentTypeNosniff provides protection against overriding Content-Type
	// header by setting the `X-Content-Type-Options` header.
	// Optional. Default value "nosniff".
	ContentTypeNosniff string `json:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty"`

	// XFrameOptions can be used to indicate whether or not a browser should
	// be allowed to render a page in a <frame>, <iframe> or <object> .
	// Sites can use this to avoid clickjacking attacks, by ensuring that their
	// content is not embedded into other sites.provides protection against
	// clickjacking.
	// Optional. Default value "SAMEORIGIN".
	// Possible values:
	// - "SAMEORIGIN" - The page can only be displayed in a frame on the same origin as the page itself.
	// - "DENY" - The page cannot be displayed in a frame, regardless of the site attempting to do so.
	// - "ALLOW-FROM uri" - The page can only be displayed in a frame on the specified origin.
	XFrameOptions string `json:"xFrameOptions,omitempty" yaml:"xFrameOptions,omitempty"`

	// HSTSMaxAge sets the `Strict-Transport-Security` header to indicate how
	// long (in seconds) browsers should remember that this site is only to
	// be accessed using HTTPS. This reduces your exposure to some SSL-stripping
	// man-in-the-middle (MITM) attacks.
	// Optional. Default value 0.
	HSTSMaxAge int `json:"hstsMaxAge,omitempty" yaml:"hstsMaxAge,omitempty"`

	// HSTSExcludeSubdomains won't include subdomains tag in the `Strict Transport Security`
	// header, excluding all subdomains from security policy. It has no effect
	// unless HSTSMaxAge is set to a non-zero value.
	// Optional. Default value false.
	HSTSExcludeSubdomains bool `json:"hstsExcludeSubdomains,omitempty" yaml:"hstsExcludeSubdomains,omitempty"`

	// ContentSecurityPolicy sets the `Content-Security-Policy` header providing
	// security against cross-site scripting (XSS), clickjacking and other code
	// injection attacks resulting from execution of malicious content in the
	// trusted web page context.
	// Optional. Default value "".
	ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`

	// CSPReportOnly would use the `Content-Security-Policy-Report-Only` header instead
	// of the `Content-Security-Policy` header. This allows iterative updates of the
	// content security policy by only reporting the violations that would
	// have occurred instead of blocking the resource.
	// Optional. Default value false.
	CSPReportOnly bool `json:"cspReportOnly,omitempty" yaml:"cspReportOnly,omitempty"`

	// HSTSPreloadEnabled will add the preload tag in the `Strict Transport Security`
	// header, which enables the domain to be included in the HSTS preload list
	// maintained by Chrome (and used by Firefox and Safari): https://hstspreload.org/
	// Optional.  Default value false.
	HSTSPreloadEnabled bool `json:"hstsPreloadEnabled,omitempty" yaml:"hstsPreloadEnabled,omitempty"`

	// ReferrerPolicy sets the `Referrer-Policy` header providing security against
	// leaking potentially sensitive request paths to third parties.
	// Optional. Default value "".
	ReferrerPolicy string `json:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty"`
}

func (*SecureConfig) InitDefaults 

func (cfg *SecureConfig) InitDefaults()

type SessionConfig 

type SessionConfig struct {
	Skipper         middleware.Skipper `json:"-" yaml:"-"`
	CleanupInterval time.Duration      `json:"cleanupInterval,omitempty" yaml:"cleanupInterval,omitempty"`
	IdleTimeout     time.Duration      `json:"idleTimeout,omitempty" yaml:"idleTimeout,omitempty"`
	Lifetime        time.Duration      `json:"lifetime,omitempty" yaml:"lifetime,omitempty"`
	Cookie          struct {
		Name     string       `json:"name,omitempty" yaml:"name,omitempty"`
		Domain   string       `json:"domain,omitempty" yaml:"domain,omitempty"`
		Path     string       `json:"path,omitempty" yaml:"path,omitempty"`
		Persist  bool         `json:"persist,omitempty" yaml:"persist,omitempty"`
		Secure   bool         `json:"secure,omitempty" yaml:"secure,omitempty"`
		HTTPOnly bool         `json:"httpOnly,omitempty" yaml:"httpOnly,omitempty"`
		SameSite SameSiteType `json:"sameSite,omitempty" yaml:"sameSite,omitempty"`
	} `json:"cookie,omitempty" yaml:"cookie,omitempty"`
}

type SessionManagerParams 

type SessionManagerParams struct {
	fx.In
	Config SessionConfig
	Store  scs.Store
}

type Subject 

type Subject interface {
	Identifier() string
	Roles() []string
}

type Target 

type Target struct {
	Action     string
	Assertions []rbac.Assertion
	Metadata   map[string]any
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.