middleware

package

v0.2.7 Latest Latest Go to latest Published: Apr 21, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sipeed/picoclaw

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ClearLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, secure func(*http.Request) bool)
func DefaultLauncherDashboardSecureCookie(r *http.Request) bool
func IPAllowlist(allowedCIDRs []string, next http.Handler) (http.Handler, error)
func JSONContentType(next http.Handler) http.Handler
func LauncherDashboardAuth(cfg LauncherDashboardAuthConfig, next http.Handler) http.Handler
func Logger(next http.Handler) http.Handler
func NewLauncherDashboardSessionCookie() (string, error)
func Recoverer(next http.Handler) http.Handler
func ReferrerPolicyNoReferrer(next http.Handler) http.Handler
func SetLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, sessionValue string, ...)
type LauncherDashboardAuthConfig
type LauncherDashboardLocalAutoLogin
- func NewLauncherDashboardLocalAutoLogin(ttl time.Duration) (*LauncherDashboardLocalAutoLogin, error)
- func (a *LauncherDashboardLocalAutoLogin) URLPath() string

Constants ¶

View Source

const (

	// LauncherDashboardLocalAutoLoginPath is the one-shot local browser
	// bootstrap endpoint used by the launcher-managed auto-open flow.
	LauncherDashboardLocalAutoLoginPath = "/launcher-auto-login"
	// LauncherDashboardSetupPath is the setup page used before the dashboard
	// password is initialized.
	LauncherDashboardSetupPath = "/launcher-setup"
)

View Source

const LauncherDashboardCookieName = "picoclaw_launcher_auth"

LauncherDashboardCookieName is the HttpOnly cookie set after a successful password login.

Variables ¶

View Source

var ErrInvalidLauncherDashboardGrant = errors.New("invalid launcher dashboard grant")

ErrInvalidLauncherDashboardGrant reports that an auto-login grant is missing, expired, already consumed, or otherwise invalid.

Functions ¶

func ClearLauncherDashboardSessionCookie ¶ added in v0.2.5

func ClearLauncherDashboardSessionCookie(w http.ResponseWriter, r *http.Request, secure func(*http.Request) bool)

ClearLauncherDashboardSessionCookie clears the dashboard session (e.g. logout).

func DefaultLauncherDashboardSecureCookie ¶ added in v0.2.5

func DefaultLauncherDashboardSecureCookie(r *http.Request) bool

DefaultLauncherDashboardSecureCookie mirrors typical production HTTPS detection (TLS or X-Forwarded-Proto).

func IPAllowlist ¶

func IPAllowlist(allowedCIDRs []string, next http.Handler) (http.Handler, error)

IPAllowlist restricts access to requests from configured CIDR ranges. Loopback addresses are always allowed for local administration. Empty CIDR list means no restriction.

func JSONContentType ¶

func JSONContentType(next http.Handler) http.Handler

JSONContentType sets the Content-Type header to application/json for API requests handled by the wrapped handler.

func LauncherDashboardAuth ¶ added in v0.2.5

func LauncherDashboardAuth(cfg LauncherDashboardAuthConfig, next http.Handler) http.Handler

LauncherDashboardAuth requires a valid session cookie before calling next. Public paths are login/setup pages and /api/auth/* handlers.

func Logger ¶

func Logger(next http.Handler) http.Handler

Logger logs each HTTP request with method, path, status code, and duration.

func NewLauncherDashboardSessionCookie ¶ added in v0.2.7

func NewLauncherDashboardSessionCookie() (string, error)

NewLauncherDashboardSessionCookie creates the per-process session cookie value.

func Recoverer ¶

func Recoverer(next http.Handler) http.Handler

Recoverer recovers from panics in downstream handlers and returns a 500 Internal Server Error response.

func ReferrerPolicyNoReferrer ¶ added in v0.2.5

func ReferrerPolicyNoReferrer(next http.Handler) http.Handler

ReferrerPolicyNoReferrer sets Referrer-Policy: no-referrer on every response so sensitive paths and query parameters are not leaked via the Referer header.

func SetLauncherDashboardSessionCookie ¶ added in v0.2.5

func SetLauncherDashboardSessionCookie(
	w http.ResponseWriter,
	r *http.Request,
	sessionValue string,
	secure func(*http.Request) bool,
)

SetLauncherDashboardSessionCookie writes the HttpOnly session cookie after successful dashboard password login.

Types ¶

type LauncherDashboardAuthConfig ¶ added in v0.2.5

type LauncherDashboardAuthConfig struct {
	ExpectedCookie string
	// LocalAutoLogin enables one-shot startup auto-login.
	LocalAutoLogin *LauncherDashboardLocalAutoLogin
	// SecureCookie sets the session cookie's Secure flag. If nil, DefaultLauncherDashboardSecureCookie is used.
	SecureCookie func(*http.Request) bool
}

LauncherDashboardAuthConfig holds runtime material for dashboard access checks.

type LauncherDashboardLocalAutoLogin ¶ added in v0.2.7

type LauncherDashboardLocalAutoLogin struct {
	// contains filtered or unexported fields
}

LauncherDashboardLocalAutoLogin is an in-memory, one-shot startup grant. It is not a reusable credential; it only lets the launcher-opened browser receive the current process session cookie.

func NewLauncherDashboardLocalAutoLogin ¶ added in v0.2.7

func NewLauncherDashboardLocalAutoLogin(ttl time.Duration) (*LauncherDashboardLocalAutoLogin, error)

NewLauncherDashboardLocalAutoLogin creates a one-shot local auto-login grant.

func (*LauncherDashboardLocalAutoLogin) URLPath ¶ added in v0.2.7

func (a *LauncherDashboardLocalAutoLogin) URLPath() string

URLPath returns the one-shot local auto-login URL path including its nonce.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL