middleware

package
v0.0.0-...-5024c58 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 3, 2020 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var SecureAdmin = secure.New(secure.Options{
	AllowedHosts:          strings.Split(os.Getenv("CORS_ADMIN_ORIGINS"), ","),
	HostsProxyHeaders:     []string{"X-Forwarded-Host"},
	SSLRedirect:           true,
	SSLHost:               "ssl.example.com",
	SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},
	STSSeconds:            315360000,
	STSIncludeSubdomains:  true,
	STSPreload:            true,
	FrameDeny:             true,
	ContentTypeNosniff:    true,
	BrowserXssFilter:      true,
	IsDevelopment:         true,
	ContentSecurityPolicy: "",
	PublicKey:             `pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubdomains; report-uri="https://www.example.com/hpkp-report"`,
})

SecureAdmin configuration for the admin security middleware

View Source 
var SecureUser = secure.New(secure.Options{
	AllowedHosts:          strings.Split(os.Getenv("CORS_ALLOWED_ORIGINS"), ","),
	HostsProxyHeaders:     []string{"X-Forwarded-Host"},
	SSLRedirect:           true,
	SSLHost:               "ssl.example.com",
	SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},
	STSSeconds:            315360000,
	STSIncludeSubdomains:  true,
	STSPreload:            true,
	FrameDeny:             true,
	ContentTypeNosniff:    true,
	BrowserXssFilter:      true,
	IsDevelopment:         true,
	ContentSecurityPolicy: "",
	PublicKey:             `pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubdomains; report-uri="https://www.example.com/hpkp-report"`,
})

SecureUser configuration for the user security middleware

Functions

func BasicAuthAdmin 

func BasicAuthAdmin(next http.Handler) http.Handler

AdminAuth contains the middleware functionality to authenticate an admin

The admin is authenticated using the BasicAuth method against the ADMIN_AUTH_USER and ADMIN_AUTH_PASS environment variables

func BasicAuthUser 

func BasicAuthUser(next http.Handler) http.Handler

BasicAuthUser contains the middleware functionality to authenticate an admin

The admin is authenticated using the BasicAuth method against the BASIC_AUTH_USER and BASIC_AUTH_PASS environment variables

func JwtAuthentication 

func JwtAuthentication(next http.Handler) http.Handler

JwtAuthentication with the jwt, first we set the paths allowed without token(none in this case) Check if the response contains the token Generates the access token using the secret key contained on the .env file and compares it with the received one, if they match, we grant access, if not, we deny it.

Returns 401 - "Unauthorized" if the request contains a malformed authorization token

Returns 403 - "Forbidden" if the request does not contain an authorization token If the token is correct, we perform the request of the user

func RateLimiter 

func RateLimiter(next http.Handler) http.Handler

RateLimiter middleware sets up the request limit based on the user ip

The user ip gets stored on a map and has associated a rate, if the rate is exceeded, a TooManyRequests error is thrown

The map is checked every 3 minutes, the ips that have not called in that time are deleted

Types

type Account 

type Account struct {
	Email    string `json:"email"`
	Password string `json:"password"`
	Token    string `json:"token"`
}

type Token 

type Token struct {
	UserId string
	jwt.StandardClaims
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.