Documentation
¶
Index ¶
- Constants
- func ClearLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, secure func(*http.Request) bool)
- func DefaultLauncherDashboardSecureCookie(r *http.Request) bool
- func IPAllowlist(allowedCIDRs []string, next http.Handler) (http.Handler, error)
- func JSONContentType(next http.Handler) http.Handler
- func LauncherDashboardAuth(cfg LauncherDashboardAuthConfig, next http.Handler) http.Handler
- func Logger(next http.Handler) http.Handler
- func Recoverer(next http.Handler) http.Handler
- func ReferrerPolicyNoReferrer(next http.Handler) http.Handler
- func SessionCookieValue(signingKey []byte, dashboardToken string) string
- func SetLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, sessionValue string, ...)
- type LauncherDashboardAuthConfig
Constants ¶
const LauncherDashboardCookieName = "picoclaw_launcher_auth"
LauncherDashboardCookieName is the HttpOnly cookie set after a successful token login.
Variables ¶
This section is empty.
Functions ¶
func ClearLauncherDashboardSessionCookie ¶ added in v0.2.5
func ClearLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, secure func(*http.Request) bool)
ClearLauncherDashboardSessionCookie clears the dashboard session (e.g. logout).
func DefaultLauncherDashboardSecureCookie ¶ added in v0.2.5
DefaultLauncherDashboardSecureCookie mirrors typical production HTTPS detection (TLS or X-Forwarded-Proto).
func IPAllowlist ¶
IPAllowlist restricts access to requests from configured CIDR ranges. Loopback addresses are always allowed for local administration. Empty CIDR list means no restriction.
func JSONContentType ¶
JSONContentType sets the Content-Type header to application/json for API requests handled by the wrapped handler.
func LauncherDashboardAuth ¶ added in v0.2.5
func LauncherDashboardAuth(cfg LauncherDashboardAuthConfig, next http.Handler) http.Handler
LauncherDashboardAuth requires a valid session cookie or Authorization: Bearer <token> before calling next. Public paths are login page and /api/auth/* handlers.
func Recoverer ¶
Recoverer recovers from panics in downstream handlers and returns a 500 Internal Server Error response.
func ReferrerPolicyNoReferrer ¶ added in v0.2.5
ReferrerPolicyNoReferrer sets Referrer-Policy: no-referrer on every response so sensitive query parameters (e.g. ?token= for dashboard bootstrap) are not leaked via the Referer header.
func SessionCookieValue ¶ added in v0.2.5
SessionCookieValue is the expected cookie value for the given signing key and dashboard token.
func SetLauncherDashboardSessionCookie ¶ added in v0.2.5
func SetLauncherDashboardSessionCookie( w http.ResponseWriter, r *http.Request, sessionValue string, secure func(*http.Request) bool, )
SetLauncherDashboardSessionCookie writes the HttpOnly session cookie after successful dashboard token login.
Types ¶
type LauncherDashboardAuthConfig ¶ added in v0.2.5
type LauncherDashboardAuthConfig struct {
ExpectedCookie string
Token string
// SecureCookie sets the session cookie's Secure flag. If nil, DefaultLauncherDashboardSecureCookie is used.
SecureCookie func(*http.Request) bool
}
LauncherDashboardAuthConfig holds runtime material for dashboard access checks.
Source Files