middleware

package
v3.0.0-beta.3+incompat... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2016 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AlgorithmHS256 = "HS256"
)

Algorithims

Variables

View Source
var (
	// DefaultBasicAuthConfig is the default BasicAuth middleware config.
	DefaultBasicAuthConfig = BasicAuthConfig{
		Skipper: defaultSkipper,
	}
)
View Source
var (
	// DefaultBodyLimitConfig is the default Gzip middleware config.
	DefaultBodyLimitConfig = BodyLimitConfig{
		Skipper: defaultSkipper,
	}
)
View Source
var (
	// DefaultCORSConfig is the default CORS middleware config.
	DefaultCORSConfig = CORSConfig{
		Skipper:      defaultSkipper,
		AllowOrigins: []string{"*"},
		AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
	}
)
View Source
var (
	// DefaultCSRFConfig is the default CSRF middleware config.
	DefaultCSRFConfig = CSRFConfig{
		Skipper:      defaultSkipper,
		TokenLength:  32,
		TokenLookup:  "header:" + echo.HeaderXCSRFToken,
		ContextKey:   "csrf",
		CookieName:   "_csrf",
		CookieMaxAge: 86400,
	}
)
View Source
var (
	// DefaultGzipConfig is the default Gzip middleware config.
	DefaultGzipConfig = GzipConfig{
		Skipper: defaultSkipper,
		Level:   -1,
	}
)
View Source
var (
	// DefaultJWTConfig is the default JWT auth middleware config.
	DefaultJWTConfig = JWTConfig{
		Skipper:       defaultSkipper,
		SigningMethod: AlgorithmHS256,
		ContextKey:    "user",
		TokenLookup:   "header:" + echo.HeaderAuthorization,
		Claims:        jwt.MapClaims{},
	}
)
View Source
var (
	// DefaultLoggerConfig is the default Logger middleware config.
	DefaultLoggerConfig = LoggerConfig{
		Skipper: defaultSkipper,
		Format: `{"time":"${time_rfc3339}","remote_ip":"${remote_ip}","host":"${host}",` +
			`"method":"${method}","uri":"${uri}","status":${status}, "latency":${latency},` +
			`"latency_human":"${latency_human}","bytes_in":${bytes_in},` +
			`"bytes_out":${bytes_out}}` + "\n",
		Output: os.Stdout,
		// contains filtered or unexported fields
	}
)
View Source
var (
	// DefaultMethodOverrideConfig is the default MethodOverride middleware config.
	DefaultMethodOverrideConfig = MethodOverrideConfig{
		Skipper: defaultSkipper,
		Getter:  MethodFromHeader(echo.HeaderXHTTPMethodOverride),
	}
)
View Source
var (
	// DefaultRecoverConfig is the default Recover middleware config.
	DefaultRecoverConfig = RecoverConfig{
		Skipper:           defaultSkipper,
		StackSize:         4 << 10,
		DisableStackAll:   false,
		DisablePrintStack: false,
	}
)
View Source
var (
	// DefaultRedirectConfig is the default Redirect middleware config.
	DefaultRedirectConfig = RedirectConfig{
		Skipper: defaultSkipper,
		Code:    http.StatusMovedPermanently,
	}
)
View Source
var (
	// DefaultSecureConfig is the default Secure middleware config.
	DefaultSecureConfig = SecureConfig{
		Skipper:            defaultSkipper,
		XSSProtection:      "1; mode=block",
		ContentTypeNosniff: "nosniff",
		XFrameOptions:      "SAMEORIGIN",
	}
)
View Source
var (
	// DefaultTrailingSlashConfig is the default TrailingSlash middleware config.
	DefaultTrailingSlashConfig = TrailingSlashConfig{
		Skipper: defaultSkipper,
	}
)

Functions

func AddTrailingSlash

func AddTrailingSlash() echo.MiddlewareFunc

AddTrailingSlash returns a root level (before router) middleware which adds a trailing slash to the request `URL#Path`.

Usage `Echo#Pre(AddTrailingSlash())`

func AddTrailingSlashWithConfig

func AddTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc

AddTrailingSlashWithConfig returns a AddTrailingSlash middleware with config. See `AddTrailingSlash()`.

func BasicAuth

BasicAuth returns an BasicAuth middleware.

For valid credentials it calls the next handler. For invalid credentials, it sends "401 - Unauthorized" response. For empty or invalid `Authorization` header, it sends "400 - Bad Request" response.

func BasicAuthWithConfig

func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc

BasicAuthWithConfig returns an BasicAuth middleware with config. See `BasicAuth()`.

func BodyLimit

func BodyLimit(limit string) echo.MiddlewareFunc

BodyLimit returns a BodyLimit middleware.

BodyLimit middleware sets the maximum allowed size for a request body, if the size exceeds the configured limit, it sends "413 - Request Entity Too Large" response. The BodyLimit is determined based on both `Content-Length` request header and actual content read, which makes it super secure. Limit can be specified as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.

func BodyLimitWithConfig

func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc

BodyLimitWithConfig returns a BodyLimit middleware with config. See: `BodyLimit()`.

func CORS

func CORS() echo.MiddlewareFunc

CORS returns a Cross-Origin Resource Sharing (CORS) middleware. See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS

func CORSWithConfig

func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc

CORSWithConfig returns a CORS middleware with config. See: `CORS()`.

func CSRF

func CSRF() echo.MiddlewareFunc

CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery

func CSRFWithConfig

func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc

CSRFWithConfig returns a CSRF middleware with config. See `CSRF()`.

func Gzip added in v0.0.13

func Gzip() echo.MiddlewareFunc

Gzip returns a middleware which compresses HTTP response using gzip compression scheme.

func GzipWithConfig

func GzipWithConfig(config GzipConfig) echo.MiddlewareFunc

GzipWithConfig return Gzip middleware with config. See: `Gzip()`.

func HTTPSNonWWWRedirect

func HTTPSNonWWWRedirect() echo.MiddlewareFunc

HTTPSNonWWWRedirect redirects http requests to https non www. For example, http://www.labstack.com will be redirect to https://labstack.com.

Usage `Echo#Pre(HTTPSNonWWWRedirect())`

func HTTPSNonWWWRedirectWithConfig

func HTTPSNonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc

HTTPSNonWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSNonWWWRedirect()`.

func HTTPSRedirect

func HTTPSRedirect() echo.MiddlewareFunc

HTTPSRedirect redirects http requests to https. For example, http://labstack.com will be redirect to https://labstack.com.

Usage `Echo#Pre(HTTPSRedirect())`

func HTTPSRedirectWithConfig

func HTTPSRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc

HTTPSRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSRedirect()`.

func HTTPSWWWRedirect

func HTTPSWWWRedirect() echo.MiddlewareFunc

HTTPSWWWRedirect redirects http requests to https www. For example, http://labstack.com will be redirect to https://www.labstack.com.

Usage `Echo#Pre(HTTPSWWWRedirect())`

func HTTPSWWWRedirectWithConfig

func HTTPSWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc

HTTPSWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSWWWRedirect()`.

func JWT

func JWT(key []byte) echo.MiddlewareFunc

JWT returns a JSON Web Token (JWT) auth middleware.

For valid token, it sets the user in context and calls next handler. For invalid token, it returns "401 - Unauthorized" error. For empty token, it returns "400 - Bad Request" error.

See: https://jwt.io/introduction See `JWTConfig.TokenLookup`

func JWTWithConfig

func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc

JWTWithConfig returns a JWT auth middleware with config. See: `JWT()`.

func Logger

func Logger() echo.MiddlewareFunc

Logger returns a middleware that logs HTTP requests.

func LoggerWithConfig

func LoggerWithConfig(config LoggerConfig) echo.MiddlewareFunc

LoggerWithConfig returns a Logger middleware with config. See: `Logger()`.

func MethodOverride

func MethodOverride() echo.MiddlewareFunc

MethodOverride returns a MethodOverride middleware. MethodOverride middleware checks for the overridden method from the request and uses it instead of the original method.

For security reasons, only `POST` method can be overridden.

func MethodOverrideWithConfig

func MethodOverrideWithConfig(config MethodOverrideConfig) echo.MiddlewareFunc

MethodOverrideWithConfig returns a MethodOverride middleware with config. See: `MethodOverride()`.

func NonWWWRedirect

func NonWWWRedirect() echo.MiddlewareFunc

NonWWWRedirect redirects www requests to non www. For example, http://www.labstack.com will be redirect to http://labstack.com.

Usage `Echo#Pre(NonWWWRedirect())`

func NonWWWRedirectWithConfig

func NonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc

NonWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `NonWWWRedirect()`.

func Recover added in v0.0.13

func Recover() echo.MiddlewareFunc

Recover returns a middleware which recovers from panics anywhere in the chain and handles the control to the centralized HTTPErrorHandler.

func RecoverWithConfig

func RecoverWithConfig(config RecoverConfig) echo.MiddlewareFunc

RecoverWithConfig returns a Recover middleware with config. See: `Recover()`.

func RemoveTrailingSlash

func RemoveTrailingSlash() echo.MiddlewareFunc

RemoveTrailingSlash returns a root level (before router) middleware which removes a trailing slash from the request URI.

Usage `Echo#Pre(RemoveTrailingSlash())`

func RemoveTrailingSlashWithConfig

func RemoveTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc

RemoveTrailingSlashWithConfig returns a RemoveTrailingSlash middleware with config. See `RemoveTrailingSlash()`.

func Secure

func Secure() echo.MiddlewareFunc

Secure returns a Secure middleware. Secure middleware provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks.

func SecureWithConfig

func SecureWithConfig(config SecureConfig) echo.MiddlewareFunc

SecureWithConfig returns a Secure middleware with config. See: `Secure()`.

func WWWRedirect

func WWWRedirect() echo.MiddlewareFunc

WWWRedirect redirects non www requests to www. For example, http://labstack.com will be redirect to http://www.labstack.com.

Usage `Echo#Pre(WWWRedirect())`

func WWWRedirectWithConfig

func WWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc

WWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `WWWRedirect()`.

Types

type BasicAuthConfig

type BasicAuthConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Validator is a function to validate BasicAuth credentials.
	// Required.
	Validator BasicAuthValidator
}

BasicAuthConfig defines the config for BasicAuth middleware.

type BasicAuthValidator

type BasicAuthValidator func(string, string) bool

BasicAuthValidator defines a function to validate BasicAuth credentials.

type BodyLimitConfig

type BodyLimitConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Maximum allowed size for a request body, it can be specified
	// as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.
	Limit string `json:"limit"`
	// contains filtered or unexported fields
}

BodyLimitConfig defines the config for BodyLimit middleware.

type CORSConfig

type CORSConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// AllowOrigin defines a list of origins that may access the resource.
	// Optional. Default value []string{"*"}.
	AllowOrigins []string `json:"allow_origins"`

	// AllowMethods defines a list methods allowed when accessing the resource.
	// This is used in response to a preflight request.
	// Optional. Default value DefaultCORSConfig.AllowMethods.
	AllowMethods []string `json:"allow_methods"`

	// AllowHeaders defines a list of request headers that can be used when
	// making the actual request. This in response to a preflight request.
	// Optional. Default value []string{}.
	AllowHeaders []string `json:"allow_headers"`

	// AllowCredentials indicates whether or not the response to the request
	// can be exposed when the credentials flag is true. When used as part of
	// a response to a preflight request, this indicates whether or not the
	// actual request can be made using credentials.
	// Optional. Default value false.
	AllowCredentials bool `json:"allow_credentials"`

	// ExposeHeaders defines a whitelist headers that clients are allowed to
	// access.
	// Optional. Default value []string{}.
	ExposeHeaders []string `json:"expose_headers"`

	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached.
	// Optional. Default value 0.
	MaxAge int `json:"max_age"`
}

CORSConfig defines the config for CORS middleware.

type CSRFConfig

type CSRFConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// TokenLength is the length of the generated token.
	TokenLength uint8 `json:"token_length"`

	// TokenLookup is a string in the form of "<source>:<key>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>"
	// - "form:<name>"
	// - "query:<name>"
	TokenLookup string `json:"token_lookup"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `json:"context_key"`

	// Name of the CSRF cookie. This cookie will store CSRF token.
	// Optional. Default value "csrf".
	CookieName string `json:"cookie_name"`

	// Domain of the CSRF cookie.
	// Optional. Default value none.
	CookieDomain string `json:"cookie_domain"`

	// Path of the CSRF cookie.
	// Optional. Default value none.
	CookiePath string `json:"cookie_path"`

	// Max age (in seconds) of the CSRF cookie.
	// Optional. Default value 86400 (24hr).
	CookieMaxAge int `json:"cookie_max_age"`

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool `json:"cookie_secure"`

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool `json:"cookie_http_only"`
}

CSRFConfig defines the config for CSRF middleware.

type GzipConfig

type GzipConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Gzip compression level.
	// Optional. Default value -1.
	Level int `json:"level"`
}

GzipConfig defines the config for Gzip middleware.

type JWTConfig

type JWTConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Signing key to validate token.
	// Required.
	SigningKey interface{} `json:"signing_key"`

	// Signing method, used to check token signing method.
	// Optional. Default value HS256.
	SigningMethod string `json:"signing_method"`

	// Context key to store user information from the token into context.
	// Optional. Default value "user".
	ContextKey string `json:"context_key"`

	// Claims are extendable claims data defining token content.
	// Optional. Default value jwt.MapClaims
	Claims jwt.Claims

	// TokenLookup is a string in the form of "<source>:<name>" that is used
	// to extract token from the request.
	// Optional. Default value "header:Authorization".
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "cookie:<name>"
	TokenLookup string `json:"token_lookup"`
	// contains filtered or unexported fields
}

JWTConfig defines the config for JWT middleware.

type LoggerConfig

type LoggerConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Log format which can be constructed using the following tags:
	//
	// - time_rfc3339
	// - id (Request ID - Not implemented)
	// - remote_ip
	// - uri
	// - host
	// - method
	// - path
	// - referer
	// - user_agent
	// - status
	// - latency (In microseconds)
	// - latency_human (Human readable)
	// - bytes_in (Bytes received)
	// - bytes_out (Bytes sent)
	// - header:<name>
	// - query:<name>
	// - form:<name>
	//
	// Example "${remote_ip} ${status}"
	//
	// Optional. Default value DefaultLoggerConfig.Format.
	Format string `json:"format"`

	// Output is a writer where logs are written.
	// Optional. Default value os.Stdout.
	Output io.Writer
	// contains filtered or unexported fields
}

LoggerConfig defines the config for Logger middleware.

type MethodOverrideConfig

type MethodOverrideConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Getter is a function that gets overridden method from the request.
	// Optional. Default values MethodFromHeader(echo.HeaderXHTTPMethodOverride).
	Getter MethodOverrideGetter
}

MethodOverrideConfig defines the config for MethodOverride middleware.

type MethodOverrideGetter

type MethodOverrideGetter func(echo.Context) string

MethodOverrideGetter is a function that gets overridden method from the request

func MethodFromForm

func MethodFromForm(param string) MethodOverrideGetter

MethodFromForm is a `MethodOverrideGetter` that gets overridden method from the form parameter.

func MethodFromHeader

func MethodFromHeader(header string) MethodOverrideGetter

MethodFromHeader is a `MethodOverrideGetter` that gets overridden method from the request header.

func MethodFromQuery

func MethodFromQuery(param string) MethodOverrideGetter

MethodFromQuery is a `MethodOverrideGetter` that gets overridden method from the query parameter.

type RecoverConfig

type RecoverConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Size of the stack to be printed.
	// Optional. Default value 4KB.
	StackSize int `json:"stack_size"`

	// DisableStackAll disables formatting stack traces of all other goroutines
	// into buffer after the trace for the current goroutine.
	// Optional. Default value false.
	DisableStackAll bool `json:"disable_stack_all"`

	// DisablePrintStack disables printing stack trace.
	// Optional. Default value as false.
	DisablePrintStack bool `json:"disable_print_stack"`
}

RecoverConfig defines the config for Recover middleware.

type RedirectConfig

type RedirectConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Status code to be used when redirecting the request.
	// Optional. Default value http.StatusMovedPermanently.
	Code int `json:"code"`
}

RedirectConfig defines the config for Redirect middleware.

type SecureConfig

type SecureConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// XSSProtection provides protection against cross-site scripting attack (XSS)
	// by setting the `X-XSS-Protection` header.
	// Optional. Default value "1; mode=block".
	XSSProtection string `json:"xss_protection"`

	// ContentTypeNosniff provides protection against overriding Content-Type
	// header by setting the `X-Content-Type-Options` header.
	// Optional. Default value "nosniff".
	ContentTypeNosniff string `json:"content_type_nosniff"`

	// XFrameOptions can be used to indicate whether or not a browser should
	// be allowed to render a page in a <frame>, <iframe> or <object> .
	// Sites can use this to avoid clickjacking attacks, by ensuring that their
	// content is not embedded into other sites.provides protection against
	// clickjacking.
	// Optional. Default value "SAMEORIGIN".
	// Possible values:
	// - "SAMEORIGIN" - The page can only be displayed in a frame on the same origin as the page itself.
	// - "DENY" - The page cannot be displayed in a frame, regardless of the site attempting to do so.
	// - "ALLOW-FROM uri" - The page can only be displayed in a frame on the specified origin.
	XFrameOptions string `json:"x_frame_options"`

	// HSTSMaxAge sets the `Strict-Transport-Security` header to indicate how
	// long (in seconds) browsers should remember that this site is only to
	// be accessed using HTTPS. This reduces your exposure to some SSL-stripping
	// man-in-the-middle (MITM) attacks.
	// Optional. Default value 0.
	HSTSMaxAge int `json:"hsts_max_age"`

	// HSTSExcludeSubdomains won't include subdomains tag in the `Strict Transport Security`
	// header, excluding all subdomains from security policy. It has no effect
	// unless HSTSMaxAge is set to a non-zero value.
	// Optional. Default value false.
	HSTSExcludeSubdomains bool `json:"hsts_exclude_subdomains"`

	// ContentSecurityPolicy sets the `Content-Security-Policy` header providing
	// security against cross-site scripting (XSS), clickjacking and other code
	// injection attacks resulting from execution of malicious content in the
	// trusted web page context.
	// Optional. Default value "".
	ContentSecurityPolicy string `json:"content_security_policy"`
}

SecureConfig defines the config for Secure middleware.

type Skipper

type Skipper func(c echo.Context) bool

Skipper defines a function to skip middleware. Returning true skips processing the middleware.

type TrailingSlashConfig

type TrailingSlashConfig struct {
	// Skipper defines a function to skip middleware.
	Skipper Skipper

	// Status code to be used when redirecting the request.
	// Optional, but when provided the request is redirected using this code.
	RedirectCode int `json:"redirect_code"`
}

TrailingSlashConfig defines the config for TrailingSlash middleware.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL