README
¶
EchoSec
A Golang middleware for the Labstack Echo Server that simplifies the process of describing the prerequisites for a request to access combinations of endpoints and methods. The most common application is to offload boring and copy-paste security constraints to a middleware.
Ie. Can a user with a given JWT token perform DELETE /user/:id?
Example
Premises:
GetClaims(c)is a dummy function that represents, in the example, the retrieval of JWT claims.
import "github.com/theirish/echosec"
/*...*/
m := echosec.Middleware(echosec.Config{
PathMapping: echosec.PathItems{
{
Patterns: echosec.Patterns{"/api/v1/user"},
PathValidation: func(c echo.Context) error {
if GetClaims(c).Admin {
return nil
}
return errors.NewForbiddenError()
},
},
{
Patterns: echosec.Patterns{"/api/v1/user/:userId"},
PathValidation: func(c echo.Context) error {
if GetClaims(c).CanAdminUserData(c.Param("userId")) {
return nil
}
return errors.NewForbiddenError()
},
},
{
Patterns: echosec.Patterns{"/api/v1/workspace"},
Methods: echosec.ValidationMap{
"GET": func(c echo.Context) error {
if GetClaims(c).Admin {
return nil
}
return errors.NewForbiddenError()
},
},
PathValidation: func(c echo.Context) error {
return nil
},
},
{
Patterns: echosec.Patterns{"/api/v1/workspace/:workspaceId",
"/api/v1/workspace/:workspaceId/membership",
"/api/v1/workspace/:workspaceId/membership/:membershipId"},
Methods: echosec.ValidationMap{
"GET": func(c echo.Context) error {
if GetClaims(c).CanAccessWorkspace(c.Param("workspaceId")) {
return nil
}
return errors.NewForbiddenError()
},
"PUT,DELETE": func(c echo.Context) error {
if GetClaims(c).CanAdminWorkspace(c.Param("workspaceId")) {
return nil
}
return errors.NewForbiddenError()
},
},
},
},
})
/*...*/
e := echo.New()
e.Use(m)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Middleware ¶
func Middleware(cfg Config) echo.MiddlewareFunc
Middleware returns an echo.MiddlewareFunc for the echo server cfg is the Config of the middleware
Types ¶
type Config ¶
type Config struct {
PathMapping PathItems
DefaultValidation ValidationFunc
}
Config is the middleware configuration. PathMapping contains a list of validation functions, grouped by path and method. DefaultValidation is the default validation action taken if no mapping is matched
type PathItem ¶
type PathItem struct {
Methods ValidationMap
Patterns Patterns
PathValidation ValidationFunc
}
PathItem is a validation item. Patterns is a list of URL patterns to which this validation PathItem responds to Methods is a list of mappings based on methods. This can be NIL. PathValidation is the default validation for this path, if all Methods validations did not find a match
func (PathItem) FindMethodValidator ¶
func (i PathItem) FindMethodValidator(method string) ValidationFunc
FindMethodValidator looks for a method validator that matches the provided method. It will return NIL if Methods is NIL or if no method matchers are found
func (PathItem) MatchPattern ¶
MatchPattern will return true if a path pattern matches the provided path
type ValidationFunc ¶
type ValidationFunc func(c echo.Context) error
ValidationFunc is any function meant to validate access to a path or method
type ValidationMap ¶
type ValidationMap map[string]ValidationFunc
ValidationMap maps string keys to validation functions
Source Files