README
¶
httphandlers
A collection of small utility http.Handler's for Golang.
Documentation
¶
Overview ¶
Package handlers is a collection of small utility http.Handler's for Golang.
Index ¶
- type Handler
- func AccessLog(h http.Handler, out io.Writer) Handler
- func AddHeader(h http.Handler, name, value string) Handler
- func DeleteHeader(h http.Handler, name string) Handler
- func ErrorCode(code int) Handler
- func ErrorMessage(msg string, code int) Handler
- func HostRedirect(host string, code int) Handler
- func InternalRedirect(h http.Handler, url string) Handler
- func Must(h Handler, err error) Handler
- func NeverModified(h http.Handler) Handler
- func SNIHost(h http.Handler) Handler
- func SNIMatch(h http.Handler, mismatch http.Handler) Handler
- func ServeBytes(name string, modtime time.Time, content []byte) Handler
- func ServeError(code int, content []byte, mimeType string) Handler
- func ServeErrorTemplate(code int, tmpl Template, data interface{}, mimeType string) (Handler, error)
- func ServeString(name string, modtime time.Time, content string) Handler
- func ServeTemplate(name string, modtime time.Time, tmpl Template, data interface{}) (Handler, error)
- func SetHeader(h http.Handler, name, value string) Handler
- func SetHeaders(h http.Handler, headers map[string]string) Handler
- func StatusCodeSwitch(h http.Handler, handlers map[int]http.Handler) Handler
- type HostSwitch
- type Middleware
- func AccessLogWrap(out io.Writer) Middleware
- func AddHeaderWrap(name, value string) Middleware
- func DeleteHeaderWrap(name string) Middleware
- func InternalRedirectWrap(url string) Middleware
- func SNIMatchWrap(mismatch http.Handler) Middleware
- func SecurityHeadersWrap(c *SecurityHeaders) Middleware
- func SetHeaderWrap(name, value string) Middleware
- func SetHeadersWrap(headers map[string]string) Middleware
- func StatusCodeSwitchWrap(handlers map[int]http.Handler) Middleware
- type RedirectToHTTPS
- type SafeHostSwitch
- type SecurityHeaders
- type Template
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
Handler is an alias to http.Handler for godoc.
func AccessLog ¶
AccessLog wraps a http.Handler and logs all HTTP requests to an io.Writer that defaults to os.Stderr.
The log format is intended for human debugging and may not be stable.
func DeleteHeader ¶
DeleteHeader removes a header from the response.
func ErrorCode ¶
ErrorCode calls http.Error with the given HTTP status code. It uses http.StatusText for the message.
func ErrorMessage ¶
ErrorMessage calls http.Error with the given HTTP status code and message.
func HostRedirect ¶
HostRedirect returns a request handler that redirects each request it receives to the same url, but with a different host, using the given status code.
The provided code should be in the 3xx range and is usually http.StatusMovedPermanently.
func InternalRedirect ¶
InternalRedirect replaces the requests url with the given string. It is like http.Redirect but is handled internally.
func Must ¶
Must is a helper that wraps a call to a function returning (Handler, error) and panics if the error is non-nil. It is intended for use in variable initializations such as
var h = handlers.Must(handlers.ServeTemplate("index.html", time.Now(), indexTmpl, indexData))
func NeverModified ¶
NeverModified wraps a http.Handler and returns a 304 Not Modified HTTP status code to the browser for all If-Modified-Since conditional requests.
It is intended for resources that are guaranteed to never change, primarily content addressable resources.
See the article
'This browser tweak saved 60% of requests to Facebook' https://code.facebook.com/posts/557147474482256/
for an overview of how this method works.
func SNIHost ¶
SNIHost sets (*http.Request).Host to the TLS SNI extension value if the request is TLS and the HTTP Host header was absent.
func SNIMatch ¶
SNIMatch verifies that the TLS SNI extension matches the HTTP Host header.
It does nothing for HTTP/2.0 to allow for connection coalescing.
mismatch is invoked on requests that contain a mismatch between the TLS SNI extension and the HTTP Host header.
If Mismatch is nil, a 400 Bad Request error will be returned instead.
func ServeBytes ¶
ServeBytes returns a http.Handler that calls http.ServeContent with a bytes.Reader.
func ServeError ¶
ServeError returns a http.Handler that serves content with a given HTTP status code.
If mimeType is empty, it will be sniffed from content.
func ServeErrorTemplate ¶
func ServeErrorTemplate(code int, tmpl Template, data interface{}, mimeType string) (Handler, error)
ServeErrorTemplate returns a http.Handler that serves the executed template with a given HTTP status code.
If mimeType is empty, it will be sniffed from content.
func ServeString ¶
ServeString returns a http.Handler that calls http.ServeContent with a strings.Reader.
func ServeTemplate ¶
func ServeTemplate(name string, modtime time.Time, tmpl Template, data interface{}) (Handler, error)
ServeTemplate returns a http.Handler that calls http.ServeContent with the executed template.
func SetHeaders ¶
SetHeaders sets multiple response headers.
func StatusCodeSwitch ¶
StatusCodeSwitch intercepts calls to http.ResponseWriter.WriteHeader and redirects the request to a http.Handler based on the response status code.
handlers is a map of HTTP status code (for example http.StatusNotFound) to a http.Handler to use for the response.
It can be used with ServeError to statically render pretty error pages.
type HostSwitch ¶
type HostSwitch struct {
// NotFound is invoked for hosts
// that have not been added to the
// host switch.
NotFound http.Handler
// contains filtered or unexported fields
}
HostSwitch is a http.Handler that routes the request based on the Host header.
func (*HostSwitch) Add ¶
func (hs *HostSwitch) Add(host string, h http.Handler)
Add adds a http.Handler to the host switch.
It panics if the host has already been added.
func (*HostSwitch) ServeHTTP ¶
func (hs *HostSwitch) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
type Middleware ¶
Middleware represents a function that wraps an http.Handler.
func AccessLogWrap ¶
func AccessLogWrap(out io.Writer) Middleware
AccessLogWrap returns a Middleware that calls AccessLog.
func AddHeaderWrap ¶
func AddHeaderWrap(name, value string) Middleware
AddHeaderWrap returns a Middleware that calls AddHeader.
func DeleteHeaderWrap ¶
func DeleteHeaderWrap(name string) Middleware
DeleteHeaderWrap returns a Middleware that calls DeleteHeader.
func InternalRedirectWrap ¶
func InternalRedirectWrap(url string) Middleware
InternalRedirectWrap returns a Middleware that calls InternalRedirect.
func SNIMatchWrap ¶
func SNIMatchWrap(mismatch http.Handler) Middleware
SNIMatchWrap returns a Middleware that calls SNIMatch.
func SecurityHeadersWrap ¶
func SecurityHeadersWrap(c *SecurityHeaders) Middleware
SecurityHeadersWrap returns a Middleware that produces a *SecurityHeaders handler.
func SetHeaderWrap ¶
func SetHeaderWrap(name, value string) Middleware
SetHeaderWrap returns a Middleware that calls SetHeader.
func SetHeadersWrap ¶
func SetHeadersWrap(headers map[string]string) Middleware
SetHeadersWrap returns a Middleware that calls SetHeaders.
func StatusCodeSwitchWrap ¶
func StatusCodeSwitchWrap(handlers map[int]http.Handler) Middleware
StatusCodeSwitchWrap returns a Middleware that calls StatusCodeSwitch.
type RedirectToHTTPS ¶
type RedirectToHTTPS struct {
// Optionally specifies a host to
// redirect to for clients that do
// not set the HTTP Host header.
//
// If Host is an empty string, a 400
// Bad Request error will be returned
// instead.
Host string
// Optionally specifies a port to
// add to the URL.
Port string
// The HTTP status code to use when
// redirecting, defaults to 301 Moved
// Permanently.
Code int
}
RedirectToHTTPS redirects clients to the same URL but with the scheme set to https.
func (*RedirectToHTTPS) ServeHTTP ¶
func (rt *RedirectToHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
type SafeHostSwitch ¶
type SafeHostSwitch struct {
// NotFound is invoked for hosts
// that have not been added to the
// host switch.
NotFound http.Handler
// contains filtered or unexported fields
}
SafeHostSwitch is a http.Handler that routes the request based on the Host header. It is thread safe and requites no external locks.
func (*SafeHostSwitch) Add ¶
func (hs *SafeHostSwitch) Add(host string, h http.Handler) error
Add adds a http.Handler to the host switch.
It returns an error if the host has already been added.
func (*SafeHostSwitch) Remove ¶
func (hs *SafeHostSwitch) Remove(host string)
Remove removes a http.Handler from the host switch.
func (*SafeHostSwitch) ServeHTTP ¶
func (hs *SafeHostSwitch) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
type SecurityHeaders ¶
type SecurityHeaders struct {
Handler http.Handler
// The value of the Content-Security-Policy
// header to set.
//
// It is recommended to set this to
// default-src 'none'; sandbox
// and use less restrictive policies for each
// resource as needed.
//
// This header may require caution to use safely,
// but it is strongly recommend for all sites.
//
// See the article
// 'Content Security Policy - An Introduction'
// https://scotthelme.co.uk/content-security-policy-an-introduction/
// for more information.
ContentSecurityPolicy string
// The value of the Strict-Transport-Security
// header to set.
//
// It takes a max-age directive, with time in
// seconds, which indicate how long browsers
// should cache the policy. It should be set to
// at least six months, like so:
// max-age=15768000
//
// It also optionally takes two other directives:
// - includeSubDomains, which applies the policy
// to all subdomains, and
// - preload, which signals to browser
// manufacturers that this policy may be
// preloaded into the browser to prevent
// them from ever connecting to the site
// without TLS. Visit https://hstspreload.org/
// to request preloading.
//
// This header may require caution to use safely,
// but it is strongly recommend for all HTTPS
// only sites.
//
// See the article
// 'HSTS - The missing link in Transport Layer Security'
// https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
// for more information.
StrictTransportSecurity string
// The value of the Expect-CT header to set.
//
// It takes a max-age directive, with time in
// seconds, which indicate how long browsers
// should cache the policy.
//
// It also optionally takes two other directives:
// - enforce, which indicates that browsers
// should enforce the policy or treat it as
// a report-only policy, and
// - report-uri, which specifies a URI that
// a browser should send a report to, if it
// doesn't receive valid CT information.
//
// See the article
// 'A new security header: Expect-CT'
// https://scotthelme.co.uk/a-new-security-header-expect-ct/
// for more information.
ExpectCT string
// The value of the Report-To header to set.
//
// It should be a json object containing a group,
// max_age, endpoints and include_subdomains fields.
//
// See the article
// 'Introducing the Reporting API, Network Error Logging and other major upgrades to Report URI'
// https://scotthelme.co.uk/introducing-the-reporting-api-nel-other-major-changes-to-report-uri/
// for more information.
ReportTo string
// The value of the NEL header to set.
//
// It should be a json object containing a report_to,
// max_age and include_subdomains fields.
//
// See the article
// 'Network Error Logging: Deep Dive'
// https://scotthelme.co.uk/network-error-logging-deep-dive/
// for more information.
NEL string
// The value of the Feature-Policy header to set.
//
// This header allows a site to control what browser
// features are allowed to be used.
//
// See the article
// 'A new security header: Feature Policy'
// https://scotthelme.co.uk/a-new-security-header-feature-policy/
// for more information.
FeaturePolicy string
}
SecurityHeaders sets several recommended security related headers to sane defaults.
It sets:
- X-Frame-Options: SAMEORIGIN,
- X-XSS-Protection: 1; mode=block,
- X-Content-Type-Options: nosniff, and
- Referrer-Policy: strict-origin-when-cross-origin.
It also optionally sets the Content-Security-Policy, Strict-Transport-Security and Expect-CT to user specified values.
func (*SecurityHeaders) ServeHTTP ¶
func (sh *SecurityHeaders) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
Source Files