Documentation
¶
Overview ¶
Package secureecho wires a complete set of hardening middlewares into an Echo server. It is intended for “localhost” utility apps that handle personal data.
go get github.com/you/secureecho
Usage:
e := echo.New()
opts := secureecho.Options{
AllowedHosts: []string{"localhost:8585", "127.0.0.1:8585"},
Auth: secureecho.BasicAuth("admin", "S3cret!"), // or secureecho.APIKeyAuth("X-My-Token", "abcd")
}
secureecho.Harden(e, opts)
if err := secureecho.StartLocal(e, ":8585"); err != nil {
e.Logger.Fatal(err)
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func APIKeyAuth ¶
func APIKeyAuth(headerName, token string) echo.MiddlewareFunc
APIKeyAuth enforces a constant token in a header (or query param).
func BasicAuth ¶
func BasicAuth(user, pass string) echo.MiddlewareFunc
BasicAuth returns a middleware that enforces a fixed username/password.
func StartLocal ¶
StartLocal is a helper that refuses to listen on non‑loopback addresses.
Types ¶
type Options ¶
type Options struct {
// AllowedHosts are the only Host header values accepted (anti‑DNS‑rebinding).
// If empty, defaults to localhost on any port.
AllowedHosts []string
// Auth provides a middleware factory implementing the authentication layer.
// Use BasicAuth(), APIKeyAuth(), or nil to disable (NOT recommended).
Auth echo.MiddlewareFunc
// EnableCSRF allows you to turn CSRF protection off; default true.
EnableCSRF bool
// CORSOrigins lists origins to allow. Leave nil/empty to deny all cross‑origin reads.
CORSOrigins []string
}
Options groups all configurable pieces.
Source Files
Click to show internal directories.
Click to hide internal directories.