middleware

package

v0.9.0 Latest Latest Go to latest Published: Jan 18, 2020 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jordan-wright/gophish

Links

Open Source Insights

Documentation ¶

Overview ¶

Package middleware is responsible for the definition/implementation of middleware functionality. This package will also handle maintaining request Context and Session.

Index ¶

Variables
func CSRFExceptions(handler http.Handler) http.HandlerFunc
func EnforceViewOnly(next http.Handler) http.Handler
func GetContext(handler http.Handler) http.HandlerFunc
func JSONError(w http.ResponseWriter, c int, m string)
func RequireAPIKey(handler http.Handler) http.Handler
func RequireLogin(handler http.Handler) http.HandlerFunc
func RequirePermission(perm string) func(http.Handler) http.HandlerFunc
func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc

Constants ¶

This section is empty.

Variables ¶

View Source

var CSRFExemptPrefixes = []string{
	"/api",
}

CSRFExemptPrefixes are a list of routes that are exempt from CSRF protection

View Source

var Store = sessions.NewCookieStore(
	[]byte(securecookie.GenerateRandomKey(64)),
	[]byte(securecookie.GenerateRandomKey(32)))

Store contains the session information for the request

Functions ¶

func CSRFExceptions ¶ added in v0.2.0

func CSRFExceptions(handler http.Handler) http.HandlerFunc

CSRFExceptions is a middleware that prevents CSRF checks on routes listed in CSRFExemptPrefixes.

func EnforceViewOnly ¶ added in v0.8.0

func EnforceViewOnly(next http.Handler) http.Handler

EnforceViewOnly is a global middleware that limits the ability to edit objects to accounts with the PermissionModifyObjects permission.

func GetContext ¶

func GetContext(handler http.Handler) http.HandlerFunc

GetContext wraps each request in a function which fills in the context for a given request. This includes setting the User and Session keys and values as necessary for use in later functions.

func JSONError ¶

func JSONError(w http.ResponseWriter, c int, m string)

JSONError returns an error in JSON format with the given status code and message

func RequireAPIKey ¶

func RequireAPIKey(handler http.Handler) http.Handler

RequireAPIKey ensures that a valid API key is set as either the api_key GET parameter, or a Bearer token.

func RequireLogin ¶

func RequireLogin(handler http.Handler) http.HandlerFunc

RequireLogin checks to see if the user is currently logged in. If not, the function returns a 302 redirect to the login page.

func RequirePermission ¶ added in v0.8.0

func RequirePermission(perm string) func(http.Handler) http.HandlerFunc

RequirePermission checks to see if the user has the requested permission before executing the handler. If the request is unauthorized, a JSONError is returned.

func Use ¶ added in v0.8.0

func Use(handler http.HandlerFunc, mid ...func(http.Handler) http.HandlerFunc) http.HandlerFunc

Use allows us to stack middleware to process the request Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL