httpx

package
v3.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DenySimpleRequests = func(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

		switch r.Method {
		case http.MethodGet, http.MethodHead, http.MethodPost:

			mediaType, _, err := ParseContentType(r)
			if err != nil {
				http.Error(w, err.Error(), http.StatusBadRequest)
				return
			}
			switch mediaType {
			case "application/json", "application/proto":
			default:
				http.Error(w, "Content-Type must be application/json or application/proto", http.StatusUnsupportedMediaType)
				return
			}
		}

		next.ServeHTTP(w, r)
	})
}
View Source 
var HeaderContentType = http.CanonicalHeaderKey("Content-Type")
View Source 
var NoStore = func(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

		w.Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0")

		if !r.ProtoAtLeast(1, 1) {
			w.Header().Set("Pragma", "no-cache")
			w.Header().Set("Expires", "0")
		}

		next.ServeHTTP(w, r)
	})
}

NoStore is a middleware that sets HTTP headers to prevent caching of responses. It applies the appropriate cache control headers based on the HTTP protocol version: - For HTTP/1.1+: Sets Cache-Control: no-store - For HTTP/1.0 and below: Also sets Pragma: no-cache and Expires: 0

View Source 
var Security = func(conf SecurityConfig) func(next http.Handler) http.Handler {
	corsOpts := cors.Options{
		AllowedOrigins:   conf.CORS.AllowedOrigins,
		AllowCredentials: true,
		AllowedMethods:   lo.Uniq(slices.Concat([]string{http.MethodPost}, conf.CORS.AllowedMethods)),
		AllowedHeaders:   lo.Uniq(slices.Concat([]string{HeaderContentType}, conf.CORS.AllowedHeaders, connectcors.AllowedHeaders())),
		ExposedHeaders:   lo.Uniq(slices.Concat(conf.CORS.ExposedHeaders, connectcors.ExposedHeaders())),
		MaxAge:           int(conf.CORS.MaxAge.Seconds()),
		Debug:            conf.CORS.Debug,
	}
	if len(corsOpts.AllowedOrigins) == 0 {
		corsOpts.AllowOriginFunc = func(_ string) bool {
			return false
		}
	}
	c := cors.New(corsOpts)
	frameAncestors := buildFrameAncestors(conf.CORS.AllowedOrigins)
	return func(next http.Handler) http.Handler {
		var handler http.Handler
		handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if conf.DenyMIMETypeSniffing {
				w.Header().Set("X-Content-Type-Options", "nosniff")
			}

			if conf.DenyClickjacking {
				w.Header().Set("Content-Security-Policy", frameAncestors)
				w.Header().Set("X-Frame-Options", "SAMEORIGIN")
			}

			if conf.EnableHSTS {
				w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
			}

			next.ServeHTTP(w, r)
		})
		if conf.CORS.DenySimpleRequests {
			handler = DenySimpleRequests(handler)
		}
		return c.Handler(handler)
	}
}

Functions

func NewServer 

func NewServer(conf *ServerConfig, handler http.Handler) (*http.Server, error)

func ParseContentType 

func ParseContentType(r *http.Request) (mediaType string, params map[string]string, err error)

func SetupServerFactory 

func SetupServerFactory(name string, handler http.Handler) func(ctx context.Context, lc *lifecycle.Lifecycle, conf *ServerConfig, listener Listener) (*http.Server, error)

Types

type CORSConfig 

type CORSConfig struct {
	Debug              bool          `confx:"debug" usage:"CORS debug"`
	AllowedOrigins     []string      `confx:"allowedOrigins" usage:"CORS allowed origins" validate:"dive,http_url"`
	AllowedMethods     []string      `` /* 150-byte string literal not displayed */
	AllowedHeaders     []string      `confx:"allowedHeaders" usage:"CORS allowed headers, Content-Type is always allowed"`
	ExposedHeaders     []string      `confx:"exposedHeaders" usage:"CORS exposed headers"`
	MaxAge             time.Duration `confx:"maxAge" usage:"CORS max age"`
	DenySimpleRequests bool          `confx:"denySimpleRequests" usage:"CORS Deny simple requests"`
}

type Listener 

type Listener net.Listener

func SetupListener 

func SetupListener(lc *lifecycle.Lifecycle, conf *ServerConfig) (Listener, error)

type SecurityConfig 

type SecurityConfig struct {
	CORS                 CORSConfig `confx:"cors"`
	DenyMIMETypeSniffing bool       `confx:"denyMIMETypeSniffing" usage:"Deny MIME type sniffing"`
	DenyClickjacking     bool       `confx:"denyClickjacking" usage:"Deny clickjacking"`
	EnableHSTS           bool       `confx:"enableHSTS" usage:"Enable HSTS"`
}

type ServerConfig 

type ServerConfig struct {
	Address           string         `confx:"address" usage:"HTTP server address" validate:"required"`
	ReadTimeout       time.Duration  `confx:"readTimeout" usage:"maximum duration before timing out read of the request"`
	ReadHeaderTimeout time.Duration  `` /* 128-byte string literal not displayed */
	WriteTimeout      time.Duration  `confx:"writeTimeout" usage:"maximum duration before timing out write of the response"`
	IdleTimeout       time.Duration  `confx:"idleTimeout" usage:"maximum amount of time to wait for the next request when keep-alives are enabled"`
	TLS               TLSConfig      `confx:"tls"`
	Security          SecurityConfig `confx:",squash"`
}

type TLSConfig 

type TLSConfig struct {
	Enabled    bool   `confx:"enabled" usage:"Enable TLS"`
	CertBase64 string `confx:"certBase64" usage:"TLS certificate base64 encoded" validate:"required_if=Enabled true"`
	KeyBase64  string `confx:"keyBase64" usage:"TLS key base64 encoded" validate:"required_if=Enabled true"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.