Package middleware is responsible for the definition/implementation of middleware functionality. This package will also handle maintaining request Context and Session.
CSRFExemptPrefixes are a list of routes that are exempt from CSRF protection
var Store = sessions.NewCookieStore( byte(securecookie.GenerateRandomKey(64)), byte(securecookie.GenerateRandomKey(32)))
Store contains the session information for the request
ApplySecurityHeaders applies various security headers according to best- practices.
CSRFExceptions is a middleware that prevents CSRF checks on routes listed in CSRFExemptPrefixes.
EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.
GetContext wraps each request in a function which fills in the context for a given request. This includes setting the User and Session keys and values as necessary for use in later functions.
JSONError returns an error in JSON format with the given status code and message
RequireAPIKey ensures that a valid API key is set as either the api_key GET parameter, or a Bearer token.
RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.
RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.
Use allows us to stack middleware to process the request Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
|ratelimit||Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.|