Documentation
¶
Index ¶
- Constants
- func BuildFeaturePolicyHeader(features map[string][]string) string
- func BuildPermissionsPolicyHeader(permissions map[string][]string) string
- func ContentSecurityPolicy(c *flow.Context)
- func GenerateNonce() string
- func GetCSPNonce(ctx context.Context) string
- func ParseStrictTransportSecurity(header string) (maxAge int, includeSubDomains, preload bool)
- func SecureHeaders(c *flow.Context)
- func WithCSPNonce(ctx context.Context, nonce string) context.Context
- type AuditConfig
- type AuditEvent
- type AuditLogger
- type AuditLoggerImpl
- func (l *AuditLoggerImpl) Close() error
- func (l *AuditLoggerImpl) GetLogs(eventType string, limit int) ([]AuditEvent, error)
- func (l *AuditLoggerImpl) LogAccessControl(userID string, action string, resource string, success bool, ...) error
- func (l *AuditLoggerImpl) LogAuthentication(userID string, success bool, ipAddress string, details map[string]interface{}) error
- func (l *AuditLoggerImpl) LogDataAccess(userID string, action string, resource string, success bool, ...) error
- func (l *AuditLoggerImpl) LogEvent(eventType string, userID string, action string, resource string, success bool, ...) error
- func (l *AuditLoggerImpl) LogRequest(r *http.Request) error
- func (l *AuditLoggerImpl) LogSensitiveAction(userID string, action string, resource string, success bool, ...) error
- type BasicAuditLogger
- func (l *BasicAuditLogger) Close() error
- func (l *BasicAuditLogger) GetLogs(eventType string, limit int) ([]AuditEvent, error)
- func (l *BasicAuditLogger) LogAccessControl(userID string, action string, resource string, success bool, ...) error
- func (l *BasicAuditLogger) LogAuthentication(userID string, success bool, ipAddress string, details map[string]interface{}) error
- func (l *BasicAuditLogger) LogDataAccess(userID string, action string, resource string, success bool, ...) error
- func (l *BasicAuditLogger) LogEvent(eventType string, userID string, action string, resource string, success bool, ...) error
- func (l *BasicAuditLogger) LogRequest(r *http.Request) error
- func (l *BasicAuditLogger) LogSensitiveAction(userID string, action string, resource string, success bool, ...) error
- type CORSConfig
- type CSPBuilder
- type CSPBuilderImpl
- type CSPConfig
- type CSPContextKey
- type CSRFConfig
- type Config
- type EncryptionConfig
- type HSTSConfig
- type HTMLPolicy
- type HeadersConfig
- type HeadersManager
- type HeadersManagerImpl
- func (m *HeadersManagerImpl) ApplyHeaders(w http.ResponseWriter)
- func (m *HeadersManagerImpl) ApplyHeadersWithRequest(w http.ResponseWriter, r *http.Request)
- func (m *HeadersManagerImpl) GetHeader(name string) string
- func (m *HeadersManagerImpl) RemoveHeader(name string)
- func (m *HeadersManagerImpl) SetHeader(name, value string)
- type Manager
- func (m *Manager) CSPNonceMiddleware() flow.HandlerFunc
- func (m *Manager) CSRFMiddleware() flow.HandlerFunc
- func (m *Manager) GetAuditLogger() AuditLogger
- func (m *Manager) GetCSPNonce(r *http.Request) string
- func (m *Manager) GetConfig() Config
- func (m *Manager) HTMLPolicy() *HTMLPolicy
- func (m *Manager) IntegrateWithExistingMiddleware(app *flow.Engine)
- func (m *Manager) LogAuditEvent(eventType, userID, action, resource string, success bool, ...)
- func (m *Manager) Middleware() func(http.Handler) http.Handler
- func (m *Manager) RateLimitMiddleware() flow.HandlerFunc
- func (m *Manager) SanitizeHTML(input string) string
- func (m *Manager) SanitizeInput(input string) string
- func (m *Manager) SecurityMiddleware() flow.HandlerFunc
- func (m *Manager) UpdateConfig(config Config)
- func (m *Manager) ValidatePassword(password string) error
- func (m *Manager) WithConfig(config Config) *Manager
- func (m *Manager) XSSProtectionMiddleware() flow.HandlerFunc
- type PasswordConfig
- type PasswordMeter
- type PasswordPolicy
- type PasswordPolicyConfig
- type PasswordPolicyImpl
- type PasswordStrength
- type PasswordValidationError
- type Provider
- type RateLimitConfig
- type SecurityProvider
- type XSSConfig
- type XSSManager
Constants ¶
View Source
const ( // X-Frame-Options values XFrameOptionsDeny = "DENY" XFrameOptionsSameOrigin = "SAMEORIGIN" XFrameOptionsAllowFrom = "ALLOW-FROM" // X-Content-Type-Options values XContentTypeOptionsNoSniff = "nosniff" // X-XSS-Protection values XXSSProtectionDisabled = "0" XXSSProtectionEnabled = "1" XXSSProtectionBlock = "1; mode=block" XXSSProtectionReport = "1; report=" // Referrer-Policy values ReferrerPolicyNoReferrer = "no-referrer" ReferrerPolicyNoReferrerWhenDowngrade = "no-referrer-when-downgrade" ReferrerPolicySameOrigin = "same-origin" ReferrerPolicyOrigin = "origin" ReferrerPolicyStrictOrigin = "strict-origin" ReferrerPolicyOriginWhenCrossOrigin = "origin-when-cross-origin" ReferrerPolicyStrictOriginWhenCrossOrigin = "strict-origin-when-cross-origin" ReferrerPolicyUnsafeUrl = "unsafe-url" )
Common security header values
View Source
const CSPNonceKey = CSPContextKey("csp-nonce")
CSPNonceKey CSP nonce的上下文键
Variables ¶
This section is empty.
Functions ¶
func BuildFeaturePolicyHeader ¶
BuildFeaturePolicyHeader 构建Feature-Policy头部值(已废弃,但某些浏览器仍支持) 使用此函数前请考虑使用BuildPermissionsPolicyHeader
func BuildPermissionsPolicyHeader ¶
BuildPermissionsPolicyHeader 构建Permissions-Policy头部值
func ContentSecurityPolicy ¶
ContentSecurityPolicy 中间件函数简单版本
func ParseStrictTransportSecurity ¶
ParseStrictTransportSecurity 解析Strict-Transport-Security头部值
Types ¶
type AuditConfig ¶
type AuditConfig struct {
// 是否启用审计
Enabled bool
// 是否记录到文件
LogToFile bool
// 日志文件路径
FilePath string
// 是否记录到数据库
LogToDatabase bool
// 数据库连接字符串
DatabaseDSN string
// 审计日志级别: 0-错误,1-警告,2-信息,3-调试
LogLevel int
// 日志目标: file, database, console, webhook
Destination string
// 是否记录认证事件
LogAuthenticationEvents bool
// 是否记录访问控制事件
LogAccessControl bool
// 是否记录数据访问事件
LogDataAccess bool
// 是否记录敏感操作事件
LogSensitiveActions bool
}
AuditConfig 定义审计日志配置
type AuditEvent ¶
type AuditEvent struct {
// ID 事件唯一标识
ID string `json:"id"`
// Timestamp 事件时间戳
Timestamp time.Time `json:"timestamp"`
// EventType 事件类型
EventType string `json:"event_type"`
// UserID 用户标识
UserID string `json:"user_id"`
// Action 执行的操作
Action string `json:"action"`
// Resource 操作的资源
Resource string `json:"resource"`
// Success 操作是否成功
Success bool `json:"success"`
// Details 事件详细信息
Details map[string]interface{} `json:"details,omitempty"`
}
AuditEvent 审计事件结构
type AuditLogger ¶
type AuditLogger interface {
// LogEvent 记录安全审计事件
LogEvent(eventType string, userID string, action string, resource string, success bool, details map[string]interface{}) error
// LogAuthentication 记录认证事件
LogAuthentication(userID string, success bool, ipAddress string, details map[string]interface{}) error
// LogAccessControl 记录访问控制事件
LogAccessControl(userID string, action string, resource string, success bool, details map[string]interface{}) error
// LogDataAccess 记录数据访问事件
LogDataAccess(userID string, action string, resource string, success bool, details map[string]interface{}) error
// LogSensitiveAction 记录敏感操作事件
LogSensitiveAction(userID string, action string, resource string, success bool, details map[string]interface{}) error
// GetLogs 获取指定类型的审计日志(一般用于测试/调试)
GetLogs(eventType string, limit int) ([]AuditEvent, error)
// LogRequest 记录HTTP请求
LogRequest(r *http.Request) error
}
AuditLogger 安全审计日志记录器接口
type AuditLoggerImpl ¶
type AuditLoggerImpl struct {
// contains filtered or unexported fields
}
AuditLoggerImpl 审计日志记录器实现
func (*AuditLoggerImpl) GetLogs ¶
func (l *AuditLoggerImpl) GetLogs(eventType string, limit int) ([]AuditEvent, error)
GetLogs 获取指定类型的审计日志
func (*AuditLoggerImpl) LogAccessControl ¶
func (l *AuditLoggerImpl) LogAccessControl(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogAccessControl 记录访问控制事件
func (*AuditLoggerImpl) LogAuthentication ¶
func (l *AuditLoggerImpl) LogAuthentication(userID string, success bool, ipAddress string, details map[string]interface{}) error
LogAuthentication 记录认证事件
func (*AuditLoggerImpl) LogDataAccess ¶
func (l *AuditLoggerImpl) LogDataAccess(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogDataAccess 记录数据访问事件
func (*AuditLoggerImpl) LogEvent ¶
func (l *AuditLoggerImpl) LogEvent(eventType string, userID string, action string, resource string, success bool, details map[string]interface{}) error
LogEvent 记录安全审计事件
func (*AuditLoggerImpl) LogRequest ¶
func (l *AuditLoggerImpl) LogRequest(r *http.Request) error
LogRequest 记录HTTP请求
func (*AuditLoggerImpl) LogSensitiveAction ¶
func (l *AuditLoggerImpl) LogSensitiveAction(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogSensitiveAction 记录敏感操作事件
type BasicAuditLogger ¶
type BasicAuditLogger struct {
// contains filtered or unexported fields
}
BasicAuditLogger 提供 AuditLogger 接口的简单实现
func NewBasicAuditLogger ¶
func NewBasicAuditLogger(config AuditConfig) *BasicAuditLogger
NewBasicAuditLogger 创建简单审计日志记录器
func (*BasicAuditLogger) GetLogs ¶
func (l *BasicAuditLogger) GetLogs(eventType string, limit int) ([]AuditEvent, error)
GetLogs 获取指定类型的审计日志
func (*BasicAuditLogger) LogAccessControl ¶
func (l *BasicAuditLogger) LogAccessControl(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogAccessControl 记录访问控制事件
func (*BasicAuditLogger) LogAuthentication ¶
func (l *BasicAuditLogger) LogAuthentication(userID string, success bool, ipAddress string, details map[string]interface{}) error
LogAuthentication 记录认证事件
func (*BasicAuditLogger) LogDataAccess ¶
func (l *BasicAuditLogger) LogDataAccess(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogDataAccess 记录数据访问事件
func (*BasicAuditLogger) LogEvent ¶
func (l *BasicAuditLogger) LogEvent(eventType string, userID string, action string, resource string, success bool, details map[string]interface{}) error
LogEvent 记录安全审计事件
func (*BasicAuditLogger) LogRequest ¶
func (l *BasicAuditLogger) LogRequest(r *http.Request) error
LogRequest 记录HTTP请求
func (*BasicAuditLogger) LogSensitiveAction ¶
func (l *BasicAuditLogger) LogSensitiveAction(userID string, action string, resource string, success bool, details map[string]interface{}) error
LogSensitiveAction 记录敏感操作事件
type CORSConfig ¶
type CORSConfig struct {
// 是否启用CORS
Enabled bool
// 允许的源
AllowOrigins []string
// 允许的方法
AllowMethods []string
// 允许的头部
AllowHeaders []string
// 暴露的头部
ExposeHeaders []string
// 是否允许凭证
AllowCredentials bool
// 预检请求缓存时间(秒)
MaxAge int
}
CORSConfig 定义跨域资源共享配置
type CSPBuilder ¶
type CSPBuilder interface {
// ApplyCSP 将CSP头部应用到响应中
ApplyCSP(w http.ResponseWriter)
// GetPolicyString 获取CSP策略字符串
GetPolicyString() string
// AddDirective 添加CSP指令
AddDirective(directive string, values ...string)
// RemoveDirective 移除CSP指令
RemoveDirective(directive string)
// SetReportOnly 设置是否为仅报告模式
SetReportOnly(reportOnly bool)
}
CSPBuilder 内容安全策略构建器接口
type CSPBuilderImpl ¶
type CSPBuilderImpl struct {
// contains filtered or unexported fields
}
CSPBuilderImpl 内容安全策略构建器实现
func (*CSPBuilderImpl) AddDirective ¶
func (b *CSPBuilderImpl) AddDirective(directive string, values ...string)
AddDirective 添加CSP指令
func (*CSPBuilderImpl) ApplyCSP ¶
func (b *CSPBuilderImpl) ApplyCSP(w http.ResponseWriter)
ApplyCSP 将CSP头部应用到响应中
func (*CSPBuilderImpl) GetPolicyString ¶
func (b *CSPBuilderImpl) GetPolicyString() string
GetPolicyString 获取CSP策略字符串
func (*CSPBuilderImpl) RemoveDirective ¶
func (b *CSPBuilderImpl) RemoveDirective(directive string)
RemoveDirective 移除CSP指令
func (*CSPBuilderImpl) SetReportOnly ¶
func (b *CSPBuilderImpl) SetReportOnly(reportOnly bool)
SetReportOnly 设置是否为仅报告模式
type CSPConfig ¶
type CSPConfig struct {
// 是否启用 CSP
Enabled bool
// 默认来源策略
DefaultSrc []string
// 脚本来源策略
ScriptSrc []string
// 样式来源策略
StyleSrc []string
// 图片来源策略
ImgSrc []string
// 字体来源策略
FontSrc []string
// 对象来源策略
ObjectSrc []string
// 媒体来源策略
MediaSrc []string
// 框架来源策略
FrameSrc []string
// 连接来源策略
ConnectSrc []string
// 是否为仅报告模式
ReportOnly bool
// 报告 URI
ReportURI string
// 是否为每个请求启用 nonce
EnableNonce bool
// 沙盒指令
Sandbox []string
// 子来源策略
ChildSrc []string
// 表单提交目标
FormAction []string
// 框架祖先
FrameAncestors []string
// 插件类型
PluginTypes []string
// 基本URI
BaseURI []string
// Worker脚本源
WorkerSrc []string
// 清单源
ManifestSrc []string
// 预加载源
PrefetchSrc []string
// 需要SRI的元素
RequireSriFor []string
// 是否升级不安全请求
UpgradeInsecureRequests bool
// 是否阻止所有混合内容
BlockAllMixedContent bool
}
CSPConfig 定义内容安全策略配置
type CSRFConfig ¶
type CSRFConfig struct {
// 是否启用 CSRF 防护
Enabled bool
// 令牌有效期(秒)
TokenExpiry int
// 是否在 cookie 中存储令牌
UseCookie bool
// Cookie 名称
CookieName string
// Cookie 路径
CookiePath string
// Cookie 域
CookieDomain string
// 是否启用安全 cookie(仅 HTTPS)
SecureCookie bool
// 是否启用 HTTP-only cookie
HttpOnlyCookie bool
// 表单字段名称
FormFieldName string
// 头部名称
HeaderName string
}
CSRFConfig 定义 CSRF 防护配置
type Config ¶
type Config struct {
// 安全头部配置
Headers HeadersConfig
// XSS防护配置
XSS XSSConfig
// CSP配置
CSP CSPConfig
// 密码策略配置
Password PasswordPolicyConfig
// 审计日志配置
Audit AuditConfig
// CSRF防护配置
CSRF CSRFConfig
// 速率限制配置
RateLimit RateLimitConfig
// 加密配置
Encryption EncryptionConfig
}
Config 表示安全框架的配置
type EncryptionConfig ¶
type EncryptionConfig struct {
// 是否启用加密
Enabled bool
// 加密算法:AES, ChaCha20
Algorithm string
// 密钥(建议通过环境变量设置)
Key string
// 向量(建议通过环境变量设置)
IV string
}
EncryptionConfig 定义加密配置
type HSTSConfig ¶
type HSTSConfig struct {
// 是否启用 HSTS
Enabled bool
// max-age 指令值(单位:秒)
MaxAge int
// 是否包含子域名
IncludeSubDomains bool
// 是否预加载
Preload bool
}
HSTSConfig 定义 HTTP Strict Transport Security 配置
type HTMLPolicy ¶
type HTMLPolicy struct {
// contains filtered or unexported fields
}
HTMLPolicy 定义HTML内容清理策略
func (*HTMLPolicy) Sanitize ¶
func (p *HTMLPolicy) Sanitize(input string) string
Sanitize 按照策略清理HTML内容
type HeadersConfig ¶
type HeadersConfig struct {
// 是否启用安全头部
Enabled bool
// X-Frame-Options 头部值,如 DENY, SAMEORIGIN
FrameOptions string
// X-Content-Type-Options 头部值,通常为 nosniff
ContentTypeOptions string
// X-XSS-Protection 头部值
XSSProtection string
// 是否启用 Referrer-Policy
EnableReferrerPolicy bool
// Referrer-Policy 头部值
ReferrerPolicy string
// HSTS 配置
HSTS HSTSConfig
// 跨域资源共享策略
CORS CORSConfig
// 功能策略 (Permissions-Policy)
PermissionsPolicy map[string]string
// 自定义头部
CustomHeaders map[string]string
}
HeadersConfig 定义安全头部的配置
type HeadersManager ¶
type HeadersManager interface {
// ApplyHeaders 将安全头部应用到响应中
ApplyHeaders(w http.ResponseWriter)
// ApplyHeadersWithRequest 将安全头部应用到响应中,考虑请求的属性(如TLS)
ApplyHeadersWithRequest(w http.ResponseWriter, r *http.Request)
// SetHeader 设置自定义安全头部
SetHeader(name, value string)
// RemoveHeader 移除安全头部
RemoveHeader(name string)
// GetHeader 获取安全头部值
GetHeader(name string) string
}
HeadersManager 安全头部管理器接口
func NewHeadersManager ¶
func NewHeadersManager(config HeadersConfig) HeadersManager
NewHeadersManager 创建安全头部管理器
type HeadersManagerImpl ¶
type HeadersManagerImpl struct {
// contains filtered or unexported fields
}
HeadersManagerImpl 安全头部管理器实现
func (*HeadersManagerImpl) ApplyHeaders ¶
func (m *HeadersManagerImpl) ApplyHeaders(w http.ResponseWriter)
ApplyHeaders 将安全头部应用到响应中 注意:此方法不设置HSTS头部,因为它需要检查请求是否通过HTTPS
func (*HeadersManagerImpl) ApplyHeadersWithRequest ¶
func (m *HeadersManagerImpl) ApplyHeadersWithRequest(w http.ResponseWriter, r *http.Request)
ApplyHeadersWithRequest 将安全头部应用到响应中,考虑请求的属性
func (*HeadersManagerImpl) GetHeader ¶
func (m *HeadersManagerImpl) GetHeader(name string) string
GetHeader 获取安全头部值
func (*HeadersManagerImpl) RemoveHeader ¶
func (m *HeadersManagerImpl) RemoveHeader(name string)
RemoveHeader 移除安全头部
func (*HeadersManagerImpl) SetHeader ¶
func (m *HeadersManagerImpl) SetHeader(name, value string)
SetHeader 设置自定义安全头部
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager 是安全框架的主要管理器
func (*Manager) CSPNonceMiddleware ¶
func (m *Manager) CSPNonceMiddleware() flow.HandlerFunc
CSPNonceMiddleware 创建带有CSP nonce的中间件
func (*Manager) CSRFMiddleware ¶
func (m *Manager) CSRFMiddleware() flow.HandlerFunc
CSRFMiddleware 创建CSRF保护中间件
func (*Manager) GetAuditLogger ¶
func (m *Manager) GetAuditLogger() AuditLogger
GetAuditLogger 获取审计日志记录器
func (*Manager) GetCSPNonce ¶
GetCSPNonce 获取当前请求的CSP nonce值
func (*Manager) IntegrateWithExistingMiddleware ¶
IntegrateWithExistingMiddleware 将安全管理器集成到现有中间件
func (*Manager) LogAuditEvent ¶
func (m *Manager) LogAuditEvent(eventType, userID, action, resource string, success bool, details map[string]interface{})
LogAuditEvent 记录安全审计事件
func (*Manager) Middleware ¶
Middleware 返回安全中间件
func (*Manager) RateLimitMiddleware ¶
func (m *Manager) RateLimitMiddleware() flow.HandlerFunc
RateLimitMiddleware 创建速率限制中间件
func (*Manager) SanitizeHTML ¶
SanitizeHTML 清理HTML内容
func (*Manager) SanitizeInput ¶
SanitizeInput 对用户输入进行净化
func (*Manager) SecurityMiddleware ¶
func (m *Manager) SecurityMiddleware() flow.HandlerFunc
SecurityMiddleware 返回完整的安全中间件链
func (*Manager) ValidatePassword ¶
ValidatePassword 验证密码是否符合策略
func (*Manager) WithConfig ¶
WithConfig 使用新配置创建克隆的Manager
func (*Manager) XSSProtectionMiddleware ¶
func (m *Manager) XSSProtectionMiddleware() flow.HandlerFunc
XSSProtectionMiddleware 创建XSS保护中间件
type PasswordConfig ¶
type PasswordConfig PasswordPolicyConfig
PasswordConfig 与 PasswordPolicyConfig 相同,用于兼容现有代码
type PasswordMeter ¶
type PasswordMeter struct {
// contains filtered or unexported fields
}
PasswordMeter 密码强度测量工具
func NewPasswordMeter ¶
func NewPasswordMeter(policy PasswordPolicy) *PasswordMeter
NewPasswordMeter 创建密码强度测量工具
func (*PasswordMeter) GetStrength ¶
func (m *PasswordMeter) GetStrength(password string) PasswordStrength
GetStrength 评估密码强度
type PasswordPolicy ¶
type PasswordPolicy interface {
// Validate 验证密码是否符合策略
Validate(password string) (bool, []string)
// GetRequirements 获取密码要求描述
GetRequirements() []string
// GetDefaultError 获取默认错误消息
GetDefaultError() string
}
PasswordPolicy 密码策略接口
func NewPasswordPolicy ¶
func NewPasswordPolicy(config PasswordConfig) PasswordPolicy
NewPasswordPolicy 创建密码策略实例
type PasswordPolicyConfig ¶
type PasswordPolicyConfig struct {
// 最小长度
MinLength int
// 是否需要大写字母
RequireUpper bool
// 是否需要小写字母
RequireLower bool
// 是否需要数字
RequireNumber bool
// 是否需要特殊字符
RequireSpecial bool
// 密码最大有效期(天)
MaxAge int
// 禁止使用的常见密码列表文件路径
CommonPasswordsFilePath string
// 历史密码检查数量(防止重用旧密码)
HistoryCount int
}
PasswordPolicyConfig 定义密码策略配置
type PasswordPolicyImpl ¶
type PasswordPolicyImpl struct {
// contains filtered or unexported fields
}
PasswordPolicyImpl 密码策略实现
func (*PasswordPolicyImpl) GetDefaultError ¶
func (p *PasswordPolicyImpl) GetDefaultError() string
GetDefaultError 获取默认错误消息
func (*PasswordPolicyImpl) GetRequirements ¶
func (p *PasswordPolicyImpl) GetRequirements() []string
GetRequirements 获取密码要求描述
type PasswordStrength ¶
type PasswordStrength int
PasswordStrength 密码强度级别
const ( // 非常弱 VeryWeak PasswordStrength = iota // 弱 Weak // 中等 Medium // 强 Strong // 非常强 VeryStrong )
type PasswordValidationError ¶
type PasswordValidationError struct {
Reasons []string
}
PasswordValidationError 密码验证错误
func (*PasswordValidationError) Error ¶
func (e *PasswordValidationError) Error() string
Error 实现错误接口
type Provider ¶
type Provider interface {
// Register 注册安全服务到容器
Register()
// Boot 启动安全服务
Boot()
}
Provider 安全提供者接口
type RateLimitConfig ¶
type RateLimitConfig struct {
// 是否启用速率限制
Enabled bool
// 时间窗口(秒)
Window int
// 窗口内最大请求数
MaxRequests int
// 是否使用客户端 IP 作为限制依据
UseClientIP bool
// 是否使用 JWT 标识符作为限制依据
UseJWTIdentifier bool
// 存储类型:memory, redis
StorageType string
// Redis 连接字符串(如果使用)
RedisDSN string
}
RateLimitConfig 定义速率限制配置
type SecurityProvider ¶
type SecurityProvider struct {
// contains filtered or unexported fields
}
SecurityProvider 安全提供者实现
func NewSecurityProvider ¶
func NewSecurityProvider(config Config) *SecurityProvider
NewSecurityProvider 创建安全提供者
func (*SecurityProvider) Middleware ¶
func (p *SecurityProvider) Middleware() func(http.Handler) http.Handler
Middleware 获取安全中间件
type XSSConfig ¶
type XSSConfig struct {
// 是否启用 XSS 防护
Enabled bool
// 是否自动清理用户输入
AutoSanitize bool
// 是否在响应中转义 HTML
EscapeHTML bool
// 是否允许HTML (如果为false,将完全转义所有HTML)
AllowHTML bool
// 允许的HTML标签 (仅当AllowHTML为true时有效)
AllowedTags []string
// 允许的HTML属性 (仅当AllowHTML为true时有效)
AllowedAttributes []string
// 允许的URL协议 (用于href、src等属性)
AllowedProtocols []string
// 是否启用自动链接处理
EnableLinkify bool
}
XSSConfig 定义 XSS 防护配置
type XSSManager ¶
type XSSManager struct {
// contains filtered or unexported fields
}
XSSManager XSS防护管理器
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.