Documentation ¶
Overview ¶
Package middle exposes functions useful building http services.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Auth ¶
func Auth(authorizer Authorizer, next http.Handler) http.HandlerFunc
Auth checks if request is authenticated with basic auth verifying that its cookie is present in registered sessions. If request if from browser it will prompt for credentials with no valid session.
BUG(eraclitux) session storage leaks.
Example ¶
package main import ( "fmt" "log" "net/http" "golang.org/x/crypto/bcrypt" "github.com/eraclitux/middle" ) type store struct { hash []byte username string } func (s *store) Verify(u, p string) bool { if s.username != u { return false } if err := bcrypt.CompareHashAndPassword(s.hash, []byte(p)); err != nil { return false } return true } func makeAuthorizer(username, passwd string) middle.Authorizer { // Never store clear text password! h, err := bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.DefaultCost) if err != nil { panic(err) } return &store{hash: h, username: username} } func main() { authorizer := makeAuthorizer("admin", "secret") http.HandleFunc("/secured", middle.Auth(authorizer, http.HandlerFunc(securedHandler))) log.Fatal(http.ListenAndServe(":8080", nil)) } func securedHandler(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Secured info...") }
Output:
func CORS ¶
func CORS(next http.Handler) http.HandlerFunc
CORS adds necessary headers to response to permit GET/POST CORS requests.
func HeaderJSON ¶
func HeaderJSON(w http.ResponseWriter)
HeaderJSON sets http header for a json response.
func Log ¶
Log calls Println on logger with following arguments:
<http method> <remote addr> <requested url>
If X-Real-IP is found in headers it is used as <remote addr> with (X-Real-IP) added.
Example ¶
This example shows how to log requests for different handlers.
package main import ( "fmt" "log" "net/http" "os" "github.com/eraclitux/middle" ) // This example shows how to log requests for different handlers. func main() { infoLogger := log.New(os.Stdout, "[INFO] ", log.Ldate|log.Ltime) http.HandleFunc("/bar", middle.Log(infoLogger, http.HandlerFunc(barHanlder))) http.HandleFunc("/foo", middle.Log(infoLogger, http.HandlerFunc(fooHanlder))) log.Fatal(http.ListenAndServe(":8080", nil)) } func barHanlder(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello bar") } func fooHanlder(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello foo") }
Output:
Types ¶
type Authorizer ¶
type Authorizer interface { // Verify uses its backend to verify password // for a given username. Verify(user, passw string) bool }
Authorizer models credentials verification to permit different backends and hash algorithms. Implementation MUST be concurrency safe.
Notes ¶
Bugs ¶
fully implement CORS.
session storage leaks.