Documentation

Overview

    Package middleware is responsible for the definition/implementation of middleware functionality. This package will also handle maintaining request Context and Session.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var CSRFExemptPrefixes = []string{
    	"/api",
    }

      CSRFExemptPrefixes are a list of routes that are exempt from CSRF protection

        Store contains the session information for the request

        Functions

        func ApplySecurityHeaders

        func ApplySecurityHeaders(next http.Handler) http.HandlerFunc

          ApplySecurityHeaders applies various security headers according to best- practices.

          func CSRFExceptions

          func CSRFExceptions(handler http.Handler) http.HandlerFunc

            CSRFExceptions is a middleware that prevents CSRF checks on routes listed in CSRFExemptPrefixes.

            func EnforceViewOnly

            func EnforceViewOnly(next http.Handler) http.Handler

              EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.

              func GetContext

              func GetContext(handler http.Handler) http.HandlerFunc

                GetContext wraps each request in a function which fills in the context for a given request. This includes setting the User and Session keys and values as necessary for use in later functions.

                func JSONError

                func JSONError(w http.ResponseWriter, c int, m string)

                  JSONError returns an error in JSON format with the given status code and message

                  func RequireAPIKey

                  func RequireAPIKey(handler http.Handler) http.Handler

                    RequireAPIKey ensures that a valid API key is set as either the api_key GET parameter, or a Bearer token.

                    func RequireLogin

                    func RequireLogin(handler http.Handler) http.HandlerFunc

                      RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.

                      func RequirePermission

                      func RequirePermission(perm string) func(http.Handler) http.HandlerFunc

                        RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.

                        func Use

                        func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc

                          Use allows us to stack middleware to process the request Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172

                          Types

                          This section is empty.

                          Directories

                          Path Synopsis
                          Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.
                          Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.