middleware

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2022 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OpentracingTracer = "opentracing_tracer"
	OpentracingCtx    = "opentracing_ctx"
)
View Source 
const HeaderName = "X-Csrf-Token"

Variables

View Source 
var ConfigBasicAuthDefault = ConfigBasicAuth{
	Next:            nil,
	Users:           map[string]string{},
	Realm:           "Restricted",
	Authorizer:      nil,
	Unauthorized:    nil,
	ContextUsername: "username",
	ContextPassword: "password",
}

ConfigBasicAuthDefault is the default config

View Source 
var ConfigCorsDefault = ConfigCors{
	Next:         nil,
	AllowOrigins: "*",
	AllowMethods: strings.Join([]string{
		fiber.MethodGet,
		fiber.MethodPost,
		fiber.MethodHead,
		fiber.MethodPut,
		fiber.MethodDelete,
		fiber.MethodPatch,
	}, ","),
	AllowHeaders:     "",
	AllowCredentials: false,
	ExposeHeaders:    "",
	MaxAge:           0,
}

ConfigCorsDefault is the default config

View Source 
var ConfigCsrfDefault = ConfigCsrf{
	KeyLookup:      "header:" + HeaderName,
	CookieName:     "csrf_token",
	CookieSameSite: "Lax",
	Expiration:     1 * time.Hour,
	KeyGenerator:   xid.New().String,
	ErrorHandler:   defaultErrorHandler,
	Extractor:      CsrfFromHeader(HeaderName),
}

ConfigCsrfDefault is the default config

View Source 
var ConfigRecoverDefault = ConfigRecover{
	Next:              nil,
	EnableStackTrace:  false,
	StackTraceHandler: defaultStackTraceHandler,
}

ConfigRecoverDefault is the default config

View Source 
var ConfigRequestIDDefault = ConfigRequestID{
	Next:       nil,
	Header:     fiber.HeaderXRequestID,
	Generator:  xid.New().String,
	ContextKey: "requestid",
}

ConfigRequestIDDefault is the default config

Functions

func BasicAuth added in v1.0.3 

func BasicAuth(config ConfigBasicAuth) http.HandlerFunc

func Cors 

func Cors(config ...ConfigCors) http.HandlerFunc

Cors creates a new middleware handler

func Csrf added in v1.0.3 

func Csrf(config ...ConfigCsrf) http.HandlerFunc

Csrf creates a new middleware handler

func CsrfFromCookie added in v1.0.3 

func CsrfFromCookie(param string) func(c http.Context) (string, error)

CsrfFromCookie returns a function that extracts token from the cookie header.

func CsrfFromForm added in v1.0.3 

func CsrfFromForm(param string) func(c http.Context) (string, error)

CsrfFromForm returns a function that extracts a token from a multipart-form.

func CsrfFromHeader added in v1.0.3 

func CsrfFromHeader(param string) func(c http.Context) (string, error)

CsrfFromHeader returns a function that extracts token from the request header.

func CsrfFromParam added in v1.0.3 

func CsrfFromParam(param string) func(c http.Context) (string, error)

CsrfFromParam returns a function that extracts token from the url param string.

func CsrfFromQuery added in v1.0.3 

func CsrfFromQuery(param string) func(c http.Context) (string, error)

CsrfFromQuery returns a function that extracts token from the query string.

func Log added in v1.0.3 

func Log(config ConfigLog) http.HandlerFunc

Log Middleware request_id + logger + recover for request traceability

func Opentracing 

func Opentracing(tracer opentracing.Tracer) http.HandlerFunc

func Recover added in v1.0.3 

func Recover(config ...ConfigRecover) http.HandlerFunc

Recover creates a new middleware handler

func RequestID added in v1.0.3 

func RequestID(config ...ConfigRequestID) http.HandlerFunc

RequestID creates a new middleware handler

func Secure added in v1.0.3 

func Secure(config ...ConfigSecure) http.HandlerFunc

Secure ...

Types

type ConfigBasicAuth added in v1.0.3 

type ConfigBasicAuth struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c http.Context) bool

	// Users defines the allowed credentials
	//
	// Required. Default: map[string]string{}
	Users map[string]string

	// Realm is a string to define realm attribute of BasicAuth.
	// the realm identifies the system to authenticate against
	// and can be used by clients to save credentials
	//
	// Optional. Default: "Restricted".
	Realm string

	// Authorizer defines a function you can pass
	// to check the credentials however you want.
	// It will be called with a username and password
	// and is expected to return true or false to indicate
	// that the credentials were approved or not.
	//
	// Optional. Default: nil.
	Authorizer func(string, string) bool

	// Unauthorized defines the response body for unauthorized responses.
	// By default, it will return with a 401 Unauthorized and the correct WWW-Auth header
	//
	// Optional. Default: nil
	Unauthorized http.HandlerFunc

	// ContextUser is the key to store the username in Locals
	//
	// Optional. Default: "username"
	ContextUsername string

	// ContextPass is the key to store the password in Locals
	//
	// Optional. Default: "password"
	ContextPassword string
}

ConfigBasicAuth defines the config for middleware.

type ConfigCors added in v1.0.3 

type ConfigCors struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c http.Context) bool

	// AllowOrigin defines a list of origins that may access the resource.
	//
	// Optional. Default value "*"
	AllowOrigins string

	// AllowMethods defines a list methods allowed when accessing the resource.
	// This is used in response to a preflight request.
	//
	// Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
	AllowMethods string

	// AllowHeaders defines a list of request headers that can be used when
	// making the actual request. This is in response to a preflight request.
	//
	// Optional. Default value "".
	AllowHeaders string

	// AllowCredentials indicates whether or not the response to the request
	// can be exposed when the credentials flag is true. When used as part of
	// a response to a preflight request, this indicates whether or not the
	// actual request can be made using credentials.
	//
	// Optional. Default value false.
	AllowCredentials bool

	// ExposeHeaders defines a whitelist headers that clients are allowed to
	// access.
	//
	// Optional. Default value "".
	ExposeHeaders string

	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached.
	//
	// Optional. Default value 0.
	MaxAge int
}

ConfigCors defines the config for middleware.

type ConfigCsrf added in v1.0.3 

type ConfigCsrf struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c http.Context) bool

	// KeyLookup is a string in the form of "<source>:<key>" that is used
	// to create an Extractor that extracts the token from the request.
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "param:<name>"
	// - "form:<name>"
	// - "cookie:<name>"
	//
	// Ignored if an Extractor is explicitly set.
	//
	// Optional. Default: "header:X-CSRF-Token"
	KeyLookup string

	// Name of the session cookie. This cookie will store session key.
	// Optional. Default value "csrf_".
	CookieName string

	// Domain of the CSRF cookie.
	// Optional. Default value "".
	CookieDomain string

	// Path of the CSRF cookie.
	// Optional. Default value "".
	CookiePath string

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool

	// Value of SameSite cookie.
	// Optional. Default value "Lax".
	CookieSameSite string

	// Decides whether cookie should last for only the browser sesison.
	// Ignores Expiration if set to true
	CookieSessionOnly bool

	// Expiration is the duration before csrf token will expire
	//
	// Optional. Default: 1 * time.Hour
	Expiration time.Duration

	// Store is used to store the state of the middleware
	//
	// Optional. Default: memory.New()
	Storage fiber.Storage

	// Context key to store generated CSRF token into context.
	// If left empty, token will not be stored in context.
	//
	// Optional. Default: ""
	ContextKey string

	// KeyGenerator creates a new CSRF token
	//
	// Optional. Default: utils.UUID
	KeyGenerator func() string

	// ErrorHandler is executed when an error is returned from fiber.Handler.
	//
	// Optional. Default: DefaultErrorHandler
	ErrorHandler http.ErrorHandler

	// Extractor returns the csrf token
	//
	// If set this will be used in place of an Extractor based on KeyLookup.
	//
	// Optional. Default will create an Extractor based on KeyLookup.
	Extractor func(c http.Context) (string, error)
}

ConfigCsrf defines the config for middleware.

type ConfigLog added in v1.0.3 

type ConfigLog struct {
	Logger    *log.Logger
	LogWriter log.Writer
	RequestID func() string
}

type ConfigRecover added in v1.0.3 

type ConfigRecover struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c http.Context) bool

	// EnableStackTrace enables handling stack trace
	//
	// Optional. Default: false
	EnableStackTrace bool

	// StackTraceHandler defines a function to handle stack trace
	//
	// Optional. Default: defaultStackTraceHandler
	StackTraceHandler func(c http.Context, e interface{})
}

ConfigRecover defines the config for middleware.

type ConfigRequestID added in v1.0.3 

type ConfigRequestID struct {
	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c http.Context) bool

	// Header is the header key where to get/set the unique request ID
	//
	// Optional. Default: "X-Request-ID"
	Header string

	// Generator defines a function to generate the unique identifier.
	//
	// Optional. Default: utils.UUID
	Generator func() string

	// ContextKey defines the key used when storing the request ID in
	// the locals for a specific request.
	//
	// Optional. Default: requestid
	ContextKey string
}

ConfigRequestID defines the config for middleware.

type ConfigSecure added in v1.0.3 

type ConfigSecure struct {
	// Filter defines a function to skip middleware.
	// Optional. Default: nil
	Filter func(http.Context) bool
	// XSSProtection
	// Optional. Default value "1; mode=block".
	XSSProtection string
	// ContentTypeNosniff
	// Optional. Default value "nosniff".
	ContentTypeNosniff string
	// XFrameOptions
	// Optional. Default value "SAMEORIGIN".
	// Possible values: "SAMEORIGIN", "DENY", "ALLOW-FROM uri"
	XFrameOptions string
	// HSTSMaxAge
	// Optional. Default value 0.
	HSTSMaxAge int
	// HSTSExcludeSubdomains
	// Optional. Default value false.
	HSTSExcludeSubdomains bool
	// ContentSecurityPolicy
	// Optional. Default value "".
	ContentSecurityPolicy string
	// CSPReportOnly
	// Optional. Default value false.
	CSPReportOnly bool
	// HSTSPreloadEnabled
	// Optional.  Default value false.
	HSTSPreloadEnabled bool
	// ReferrerPolicy
	// Optional. Default value "".
	ReferrerPolicy string

	// Permissions-Policy
	// Optional. Default value "".
	PermissionPolicy string
}

ConfigSecure ...

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.