gophish: github.com/gophish/gophish/middleware Index | Files | Directories

package middleware

import "github.com/gophish/gophish/middleware"

Package middleware is responsible for the definition/implementation of middleware functionality. This package will also handle maintaining request Context and Session.

Index

Package Files

doc.go middleware.go session.go

Variables

var CSRFExemptPrefixes = []string{
    "/api",
}

CSRFExemptPrefixes are a list of routes that are exempt from CSRF protection

var Store = sessions.NewCookieStore(
    []byte(securecookie.GenerateRandomKey(64)),
    []byte(securecookie.GenerateRandomKey(32)))

Store contains the session information for the request

func ApplySecurityHeaders Uses

func ApplySecurityHeaders(next http.Handler) http.HandlerFunc

ApplySecurityHeaders applies various security headers according to best- practices.

func CSRFExceptions Uses

func CSRFExceptions(handler http.Handler) http.HandlerFunc

CSRFExceptions is a middleware that prevents CSRF checks on routes listed in CSRFExemptPrefixes.

func EnforceViewOnly Uses

func EnforceViewOnly(next http.Handler) http.Handler

EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.

func GetContext Uses

func GetContext(handler http.Handler) http.HandlerFunc

GetContext wraps each request in a function which fills in the context for a given request. This includes setting the User and Session keys and values as necessary for use in later functions.

func JSONError Uses

func JSONError(w http.ResponseWriter, c int, m string)

JSONError returns an error in JSON format with the given status code and message

func RequireAPIKey Uses

func RequireAPIKey(handler http.Handler) http.Handler

RequireAPIKey ensures that a valid API key is set as either the api_key GET parameter, or a Bearer token.

func RequireLogin Uses

func RequireLogin(handler http.Handler) http.HandlerFunc

RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.

func RequirePermission Uses

func RequirePermission(perm string) func(http.Handler) http.HandlerFunc

RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.

func Use Uses

func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc

Use allows us to stack middleware to process the request Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172

Directories

PathSynopsis
ratelimitPackage ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.

Package middleware imports 10 packages (graph) and is imported by 19 packages. Updated 2020-10-15. Refresh now. Tools for package owners.