middleware

type CORSOptions struct {
	// AllowOrigins defines a list of origins that may access the resource.
	// Optional. Defaults to "*".
	AllowOrigins []string `json:"allow-origins,omitempty"`

	// AllowMethods defines a list methods allowed when accessing the resource.
	// If defined as an empty list, the preflight `Allow` request header value will be used.
	AllowMethods []string `json:"allow-methods,omitempty"`

	// AllowHeaders defines a list of request headers that can be used when
	// making the actual request.
	AllowHeaders []string `json:"allow-headers,omitempty"`

	// AllowCredentials indicates whether the response to the request
	// can be exposed when the credentials flag is true.
	// Do not set to true if allow origins is "*".
	// See: http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
	AllowCredentials bool `json:"allow-credentials,omitempty"`

	// ExposeHeaders defines a whitelist headers that clients are allowed to access.
	ExposeHeaders []string `json:"expose-headers,omitempty"`

	// MaxAge indicates how many seconds the results of a preflight request can be cached. Defaults to 0.
	MaxAge int `json:"max-age,omitempty"`
}

type CacheControlOptions struct {
	Public                        bool
	Private                       bool
	NoCache                       bool
	NoStore                       bool
	NoTransform                   bool
	MustRevalidate                bool
	ProxyRevalidate               bool
	MaxAgeInSeconds               *uint32
	SharedMaxAgeInSeconds         *uint32
	StaleWhileRevalidateInSeconds *uint32
	StaleIfErrorInSeconds         *uint32
}

type ConditionEvaluator func(req *request.RequestContext) bool

type PanicErrorHandler func(req *request.RequestContext, err error, stack []byte) error

type PanicOptions struct {
	// StackSize establishes the maximum stack buffer to print in bytes.
	StackSize int `json:"stackSize,omitempty"`

	// IncludeAllGoRoutines, if true, then the stack of all the go routines are included.
	IncludeAllGoRoutines bool `json:"includeAllGoRoutines,omitempty"`

	// PanicErrorHandler is an optional custom callback to call if a panic is raised.
	PanicErrorHandler PanicErrorHandler
}

type ProtectedEndpointEvaluator func(req *request.RequestContext) bool

type SafeBrowsingOptions struct {
	// XXSSProtection sets the `X-XSS-Protection` header to stops pages from loading when they detect reflected
	// cross-site scripting (XSS) attacks.
	// Optional. Defaults to "1; mode=block".
	XXSSProtection string `json:"x-xss-protection,omitempty"`

	// XContentTypeNoSniff sets the `X-Content-Type-Options` header to indicate that the MIME types advertised
	// in the Content-Type headers should be followed and not be changed.
	// Optional. Defaults to "nosniff".
	XContentTypeNoSniff string `json:"x-content-type-options,omitempty"`

	// XFrameOptions can be used to indicate whether a browser should be allowed to render a page in a <frame>,
	// <iframe> or <object>.
	// Optional. Defaults to "sameorigin".
	// Possible values: "sameorigin", "deny", "allow-from uri"
	XFrameOptions string `json:"x-frame-options,omitempty"`

	// HSTS controls the `Strict-Transport-Security` header to inform browsers that the site should only be
	// accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be
	// converted to HTTPS.
	HSTS struct {
		// MaxAge establishes the time, in seconds, that the browser should remember that a site is only to be
		// accessed using HTTPS.
		// Optional. Defaults to 0.
		MaxAge uint `json:"max-age,omitempty"`

		// IncludeSubdomains is used to apply the HSTS settings to all of the site's subdomains as well.
		// Optional.
		IncludeSubdomains bool `json:"include-subdomains,omitempty"`

		// Preload will add the preload tag in the HSTS header. See https://hstspreload.org/ for details.
		// Optional.
		Preload bool `json:"preload,omitempty"`
	} `json:"hsts,omitempty"`

	// ContentSecurityPolicy sets the `Content-Security-Policy` header to enhance security against XSS.
	// Optional.
	ContentSecurityPolicy string `json:"content-security-policy,omitempty"`

	// ContentSecurityPolicyReportOnly would use the `Content-Security-Policy-Report-Only` header instead
	// of the `Content-Security-Policy` header. Used to report violations instead of blocking resources.
	// Optional.
	ContentSecurityPolicyReportOnly bool `json:"csp-report-only,omitempty"`

	// ReferrerPolicy sets the `Referrer-Policy` header providing security against leaking potentially sensitive
	// request paths to third parties.
	// Optional.
	ReferrerPolicy string `json:"referrer-policy,omitempty"`
}

type TrailingSlashOptions struct {
	// Remove tells the middleware to remove trailing slashes if present.
	// If this setting is false, then the trailing slash is added if absent.
	Remove bool `json:"remove,omitempty"`

	// RedirectCode, if not zero, will make the middleware to return a redirect response.
	RedirectCode uint `json:"redirectCode,omitempty"`
}