Documentation
¶
Overview ¶
Package webmw holds the Githome web front's middleware: the signed session cookie that resolves the viewer, the color-mode cookie, the CSRF guard, the one-shot flash cookie, and the panic recovery that renders the HTML error page. Each is a mizu.Middleware. They import fe/view to set the request-scoped values the view builder reads; the import stays one way (webmw imports view, not the reverse). See implementation/06.
Index ¶
Constants ¶
const DefaultSessionCookie = "githome_session"
DefaultSessionCookie is the cookie name the front uses for its session. It is distinct from any API credential, which the front never reads.
Variables ¶
This section is empty.
Functions ¶
func ColorMode ¶
func ColorMode() mizu.Middleware
ColorMode reads the viewer's appearance cookies, validates them against the closed mode and theme sets, and stores the resulting ColorMode on the context for the view builder. It never errors: an absent or invalid cookie falls back to the default for that slot.
func Gzip ¶ added in v0.1.3
Gzip wraps h with gzip response compression. Every response gains Vary: Accept-Encoding (the same URL serves two encodings, so a cache must key on the header); the body is compressed only when the client offers gzip, the response carries a compressible content type, no Content-Encoding is already set, and the status has a body.
func Recover ¶
Recover is the web front's outermost middleware. It turns a panic, or an error a handler returns without rendering, into the themed 500 page, and logs the detail server side so the user never sees a stack trace. It keeps the front's failures rendering as HTML rather than falling through to the API error handler the root router carries. See implementation/06.
func SecureHeaders ¶ added in v0.1.3
func SecureHeaders() mizu.Middleware
SecureHeaders sets the security-related response headers the spec requires on every HTML page. It does not depend on any other middleware and may sit at any position in the chain. The Content-Security-Policy allows inline styles (needed by the color-mode data attributes) and disallows all inline scripts; external resources are restricted to same-origin and the CDN domain in the asset URL. The CSP is deliberately strict but avoids report-only mode since the front has no report collector. See implementation/14 section 4.
Types ¶
type CSRF ¶
type CSRF struct {
// contains filtered or unexported fields
}
CSRF is the double-submit guard. On a safe request it ensures a token cookie exists and puts the token on the context for the forms to echo. On a mutating request it requires the submitted token to match the cookie, rejecting a mismatch with the rendered 403 page. It holds the render set so the rejection is a themed page rather than a bare status.
type Flash ¶
type Flash struct {
// contains filtered or unexported fields
}
Flash reads, verifies and clears the flash cookie, and lets a handler set a new flash before redirecting. One Flash is constructed at boot with the session key and shared.
func (*Flash) Add ¶
Add appends a flash to be shown on the next page. It reads any flash already staged on this response (or the inbound cookie) so several adds before a redirect accumulate rather than overwrite.
func (*Flash) Middleware ¶
func (f *Flash) Middleware() mizu.Middleware
Middleware reads the flash cookie, puts the verified messages on the context for the shell to render, and clears the cookie so each flash shows once. A missing or tampered cookie yields no flashes and is not an error.
type Sessions ¶
type Sessions struct {
// contains filtered or unexported fields
}
Sessions issues and verifies the front's signed session cookie and exposes the middleware that loads the viewer. The cookie carries the user primary key and an expiry, signed with HMAC-SHA256 over the front's session key, so a tampered or expired cookie resolves to anonymous rather than to a user. Login and logout (a later milestone) reuse Issue and Clear.
func NewSessions ¶
func NewSessions(key []byte, ttl time.Duration, lookup ViewerLookup) *Sessions
NewSessions returns a Sessions signing with key (the front's session secret, at least 32 bytes) and resolving viewers through lookup. ttl bounds how long a session cookie stays valid; a zero ttl defaults to thirty days.
func (*Sessions) Clear ¶
Clear deletes the session cookie. It is called by the logout handler. It also drops the viewer from the session cache, so a logout takes effect on the very next request rather than after the cache entry ages out.
func (*Sessions) Issue ¶
Issue writes the session cookie for userPK. It is called by the login handler once credentials check out. It drops any cached viewer for the user so the first page after login reflects the account as it is now.
func (*Sessions) Middleware ¶
func (s *Sessions) Middleware() mizu.Middleware
Middleware loads the viewer for the request from the session cookie and stores it on the context. A missing, malformed or expired cookie, or a lookup that finds no user, leaves the viewer nil (anonymous); none of those is an error, so public pages render either way. A lookup that errors for an infrastructure reason is propagated so the recover layer can turn it into a 500.
Source Files