Documentation
¶
Index ¶
- Constants
- func CSRFMiddleware(store *session.Store) func(http.Handler) http.Handler
- func GetClientIP(r *http.Request) string
- func IPWhitelistMiddleware(cfg *config.Config) func(http.Handler) http.Handler
- func JWTAuthMiddleware(cfg *config.Config) func(http.Handler) http.Handler
- func LoggingMiddleware(next http.Handler) http.Handler
- func MaxBodySizeMiddleware(maxBytes int64) func(http.Handler) http.Handler
- func SecurityHeadersMiddleware(next http.Handler) http.Handler
- func SessionAuthMiddleware(store *session.Store) func(http.Handler) http.Handler
- type RateLimiter
- func (rl *RateLimiter) Allow(ip string) bool
- func (rl *RateLimiter) GetAttemptCount(ip string) int
- func (rl *RateLimiter) Middleware(next http.Handler) http.Handler
- func (rl *RateLimiter) MiddlewareFunc(next http.Handler) http.Handler
- func (rl *RateLimiter) Reset(ip string)
- func (rl *RateLimiter) WrapHandler(handler http.HandlerFunc) http.HandlerFunc
Constants ¶
const (
UserContextKey contextKey = "user"
)
Variables ¶
This section is empty.
Functions ¶
func CSRFMiddleware ¶ added in v1.6.1
CSRFMiddleware validates CSRF tokens on state-changing requests (POST, PUT, DELETE) Protects GOTH GUI forms from cross-site request forgery attacks CSRF token is read from X-CSRF-Token header or csrf_token form field
func GetClientIP ¶
GetClientIP extracts the real client IP address Exported for backward compatibility - delegates to netutil.GetClientIP Deprecated: Use netutil.GetClientIP directly for new code
func IPWhitelistMiddleware ¶
IPWhitelistMiddleware enforces IP-based access control SECURITY: Logs warning at startup if whitelist file is missing (all IPs will be denied)
func JWTAuthMiddleware ¶
JWTAuthMiddleware validates JWT tokens The authService is created once and reused for all requests (performance optimization)
func LoggingMiddleware ¶
LoggingMiddleware logs all HTTP requests
func MaxBodySizeMiddleware ¶ added in v1.10.0
MaxBodySizeMiddleware limits request body size to prevent memory exhaustion attacks Default limit is 1MB (1048576 bytes)
func SecurityHeadersMiddleware ¶
SecurityHeadersMiddleware adds security headers to responses
func SessionAuthMiddleware ¶ added in v1.0.27
SessionAuthMiddleware validates session tokens (replacement for JWT) Uses in-memory session store for token validation Maintains backward compatibility by putting *auth.Claims in context
Types ¶
type RateLimiter ¶ added in v1.10.0
type RateLimiter struct {
// contains filtered or unexported fields
}
RateLimiter provides IP-based rate limiting for brute force protection
func NewRateLimiter ¶ added in v1.10.0
func NewRateLimiter(limit int, window time.Duration) *RateLimiter
NewRateLimiter creates a new rate limiter with the specified limit and time window limit: maximum number of requests allowed per IP within the window window: time duration for the sliding window
func (*RateLimiter) Allow ¶ added in v1.10.0
func (rl *RateLimiter) Allow(ip string) bool
Allow checks if the given IP is allowed to make a request Returns true if the request is allowed, false if rate limit exceeded
func (*RateLimiter) GetAttemptCount ¶ added in v1.10.0
func (rl *RateLimiter) GetAttemptCount(ip string) int
GetAttemptCount returns the current number of attempts for an IP (for monitoring)
func (*RateLimiter) Middleware ¶ added in v1.10.0
func (rl *RateLimiter) Middleware(next http.Handler) http.Handler
Middleware returns HTTP middleware that rate limits requests by client IP When rate limit is exceeded, returns 429 Too Many Requests
func (*RateLimiter) MiddlewareFunc ¶ added in v1.10.0
func (rl *RateLimiter) MiddlewareFunc(next http.Handler) http.Handler
MiddlewareFunc returns HTTP middleware function for use with gorilla/mux This is compatible with mux.MiddlewareFunc signature
func (*RateLimiter) Reset ¶ added in v1.10.0
func (rl *RateLimiter) Reset(ip string)
Reset clears all rate limit data for an IP (e.g., after successful login)
func (*RateLimiter) WrapHandler ¶ added in v1.10.0
func (rl *RateLimiter) WrapHandler(handler http.HandlerFunc) http.HandlerFunc
WrapHandler wraps a single http.HandlerFunc with rate limiting Useful for applying rate limiting to specific routes without subrouters
Source Files