Documentation ¶
Overview ¶
A GIN middleware providing low-fi security for sites with simple needs.
Redirects users to a login page until they provide a secret code. No CSRF protection, so any js on the web can log you out (or in, if they know the password).
Protects you from brute-force attacks by making all login attempts take 1 second (configurable) and serializing them through a mutex.
Scripts can send `Authorization: <secret code>` instead of having to keep a cookie jar.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DEFAULT_LOGIN_PAGE = template.Must(template.New("login").Parse(`
<h1>Login</h1>
{{ if .Message }}<h2>{{ .Message }}</h2>{{ end }}
<form action="{{.Path}}" method="POST">
<input type="password" name="secretAccessCode" />
<input type="submit" value="Login" />
</form>
<div style="display: none">
CURL users: try setting -H 'Authorization: <your secret>'
</div>
`))
Functions ¶
func DefaultGetSession ¶
Gets your login status from gin-sessions
func DefaultSetSession ¶
Saves your login status using gin-sessions
func RequiresSecretAccessCode ¶
func RequiresSecretAccessCode(secretAccessCode, path string) gin.HandlerFunc
Convenient entry-point for those using gin-sessions and not wanting to override anything.
Types ¶
type Config ¶
type Config struct { Path string // defaults to 'login' Secret string // the password RequireAuth func(*gin.Context) bool // defaults to always requiring auth if unset; override to allow some public access. Template *template.Template // Markup for the login page SaveKeyToSession func(*gin.Context, string) // Override to use something other than gin-sessions GetKeyFromSession func(*gin.Context) string // Override to use something other than gin-sessions LoginAttemptSlowdown time.Duration // Increase to slow-down attempts to brute force your password. // contains filtered or unexported fields }
Main entry point
func (Config) ExecTemplate ¶
func (*Config) Middleware ¶
type LoginPageParams ¶
Click to show internal directories.
Click to hide internal directories.