Documentation
¶
Overview ¶
Package mware contains HTTP middlewares.
Index ¶
- Variables
- func Delay(d time.Duration) zhttp.Middleware
- func Headers(h http.Header) zhttp.Middleware
- func NoCache() zhttp.Middleware
- func NoStore() zhttp.Middleware
- func Ratelimit(opts RatelimitOptions) zhttp.Middleware
- func RatelimitIP(r *http.Request) string
- func RatelimitLimit(limit int, period int64) func(*http.Request) (int, int64)
- func RealIP(never ...string) zhttp.Middleware
- func RequestLog(opt *RequestLogOptions, ignore ...string) zhttp.Middleware
- func Unpanic(filterStack ...string) zhttp.Middleware
- func WrapWriter() zhttp.Middleware
- type RatelimitMemory
- type RatelimitOptions
- type RatelimitStore
- type RequestLogOptions
Constants ¶
This section is empty.
Variables ¶
var DefaultHeaders = http.Header{ "Strict-Transport-Security": []string{"max-age=7776000"}, "X-Frame-Options": []string{"deny"}, "X-Content-Type-Options": []string{"nosniff"}, }
DefaultHeaders will be set by default.
Functions ¶
func Delay ¶
func Delay(d time.Duration) zhttp.Middleware
Delay adds a delay before every request.
The default delay is taken from the paramters (which may be 0), and can also be overriden by setting a "debug-delay" cookie, which is in seconds.
This is intended for debugging frontend timing issues.
func Headers ¶
func Headers(h http.Header) zhttp.Middleware
Headers sets the given headers.
DefaultHeaders will always be set. Headers passed to this function overrides them. Use a nil value to remove a header.
func NoCache ¶
func NoCache() zhttp.Middleware
NoCache sets the Cache-Control header to "no-cache".
Browsers will always validate a cache (with e.g. If-Match or If-None-Match). It does NOT tell browsers to never store a cache (use NoStore for that).
func NoStore ¶
func NoStore() zhttp.Middleware
NoStore sets the Cache-Control header to "no-store, no-cache"
Browsers will never store a local copy (the no-cache is there to be sure previously stored copies from before this header are revalidated).
func RatelimitIP ¶
RatelimitIP rate limits based IP address.
Assumes RemoteAddr is set correctly. E.g. with chi's middleware.RealIP middleware.
func RatelimitLimit ¶
RatelimitLimit is a simple limiter, always returning the same numbers.
func RealIP ¶
func RealIP(never ...string) zhttp.Middleware
RealIP sets the RemoteAddr to CF-Connecting-IP, Fly-Client-IP, X-Azure-SocketIP, X-Real-IP, X-Forwarded-For, or the RemoteAddr without a port.
The end result willl never have a source port set. It will ignore local and private addresses such as 127.0.0.1, 192.168.1.1, etc.
TODO: allow configuring which headers to look at, as this is very much dependent on the specific configuration; preferring e.g. Fly-Client-Ip means its trivial to spoof the "real IP".
func RequestLog ¶
func RequestLog(opt *RequestLogOptions, ignore ...string) zhttp.Middleware
RequestLog logs all requests to stdout.
Any paths matching ignore will not be printed.
func Unpanic ¶
func Unpanic(filterStack ...string) zhttp.Middleware
Unpanic recovers from panics in handlers and calls ErrPage().
func WrapWriter ¶
func WrapWriter() zhttp.Middleware
WrapWriter replaces the http.ResponseWriter with our version of http.ResponseWriter for some additional functionality.
Types ¶
type RatelimitMemory ¶
RatelimitMemory stores the rate limit information in the Go process' memory.
func NewRatelimitMemory ¶
func NewRatelimitMemory() *RatelimitMemory
type RatelimitOptions ¶
type RatelimitOptions struct {
Message string // Displayed when limit is reached.
Client func(*http.Request) string // String to identify client (e.g. ip address).
Store RatelimitStore // How to store the # of requests.
Limit func(*http.Request) (limit int, period int64) // "limit" requests over "period" seconds.
}
Source Files