gin_teeny_security

package module

v0.0.0-...-bb11804 Latest Latest Go to latest Published: Mar 31, 2018 License: AGPL-3.0 Imports: 8 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/danielheath/gin-teeny-security

Links

Open Source Insights

README ¶

gin-teeny-security

A tiny middleware to add low-fi protection to personal pages

Documentation ¶

Overview ¶

A GIN middleware providing low-fi security for sites with simple needs.

Redirects users to a login page until they provide a secret code. No CSRF protection, so any js on the web can log you out (or in, if they know the password).

Protects you from brute-force attacks by making all login attempts take 1 second (configurable) and serializing them through a mutex.

Scripts can send `Authorization: <secret code>` instead of having to keep a cookie jar.

Index ¶

Variables
func DefaultGetSession(c *gin.Context) string
func DefaultSetSession(c *gin.Context, secret string)
func RequiresSecretAccessCode(secretAccessCode, path string) gin.HandlerFunc
type Config
- func (c Config) ExecTemplate(w io.Writer, message, returnUrl string) error
- func (cfg *Config) Middleware(c *gin.Context)
type LoginPageParams

Constants ¶

This section is empty.

Variables ¶

View Source

var DEFAULT_LOGIN_PAGE = template.Must(template.New("login").Parse(`
<h1>Login</h1>
{{ if .Message }}<h2>{{ .Message }}</h2>{{ end }}
<form action="{{.Path}}" method="POST">
  <input type="password" name="secretAccessCode" />
  <input type="submit" value="Login" />
</form>

<div style="display: none">
CURL users: try setting -H 'Authorization: <your secret>'
</div>
`))

Functions ¶

func DefaultGetSession ¶

func DefaultGetSession(c *gin.Context) string

Gets your login status from gin-sessions

func DefaultSetSession ¶

func DefaultSetSession(c *gin.Context, secret string)

Saves your login status using gin-sessions

func RequiresSecretAccessCode ¶

func RequiresSecretAccessCode(secretAccessCode, path string) gin.HandlerFunc

Convenient entry-point for those using gin-sessions and not wanting to override anything.

Types ¶

type Config ¶

type Config struct {
	Path              string                     // defaults to 'login'
	Secret            string                     // the password
	RequireAuth       func(*gin.Context) bool    // defaults to always requiring auth if unset; override to allow some public access.
	Template          *template.Template         // Markup for the login page
	SaveKeyToSession  func(*gin.Context, string) // Override to use something other than gin-sessions
	GetKeyFromSession func(*gin.Context) string  // Override to use something other than gin-sessions

	LoginAttemptSlowdown time.Duration // Increase to slow-down attempts to brute force your password.
	// contains filtered or unexported fields
}

Main entry point

func (Config) ExecTemplate ¶

func (c Config) ExecTemplate(w io.Writer, message, returnUrl string) error

func (*Config) Middleware ¶

func (cfg *Config) Middleware(c *gin.Context)

type LoginPageParams ¶

type LoginPageParams struct {
	Message string
	Path    string
}

Source Files ¶

View all Source files

gin-teeny-security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL