package mware

import ""

Package mware contains HTTP middlewares.

See e.g. chi for some additional middlewares.


Package Files

cache.go delay.go doc.go headers.go ratelimit.go realip.go reqlog.go unpanic.go with.go writer.go


var DefaultHeaders = http.Header{
    "Strict-Transport-Security": []string{"max-age=7776000"},
    "X-Frame-Options":           []string{"deny"},
    "X-Content-Type-Options":    []string{"nosniff"},

DefaultHeaders will be set by default.

func Delay

func Delay(d time.Duration) func(http.Handler) http.Handler

Delay adds a delay before every request.

The default delay is taken from the paramters (which may be 0), and can also be overriden by setting a "debug-delay" cookie, which is in seconds.

This is intended for debugging frontend timing issues.

func Headers

func Headers(h http.Header) func(next http.Handler) http.Handler

Headers sets the given headers.

DefaultHeaders will always be set. Headers passed to this function overrides them. Use a nil value to remove a header.

func NoCache

func NoCache() func(http.Handler) http.Handler

NoCache sets the Cache-Control header to "no-cache".

Browsers will always validate a cache (with e.g. If-Match or If-None-Match). It does NOT tell browsers to never store a cache (use NoStore for that).

func NoStore

func NoStore() func(http.Handler) http.Handler

NoStore sets the Cache-Control header to "no-store, no-cache"

Browsers will never store a local copy (the no-cache is there to be sure previously stored copies from before this header are revalidated).

func Ratelimit

func Ratelimit(opts RatelimitOptions) func(http.Handler) http.Handler

Ratelimit requests.

func RatelimitIP

func RatelimitIP(r *http.Request) string

RatelimitIP rate limits based IP address.

This assumes RemoteAddr is set correctly, for example with the [RealIP] middleware.

func RatelimitLimit

func RatelimitLimit(limit int, period int64) func(*http.Request) (int, int64)

RatelimitLimit is a simple limiter, always returning the same numbers.

func RealIP

func RealIP(never ...string) func(http.Handler) http.Handler

RealIP sets the RemoteAddr to X-Real-Ip, X-Forwarded-For, or the RemoteAddr without a port.

The end result willl never have a source port set. It will ignore local and private addresses such as,, etc.

func RequestLog

func RequestLog(opt *RequestLogOptions, ignore ...string) func(http.Handler) http.Handler

RequestLog logs all requests to stdout.

Any paths matching ignore will not be printed.

func Unpanic

func Unpanic(filterStack ...string) func(http.Handler) http.Handler

Unpanic recovers from panics in handlers and calls ErrPage().

func With

func With(handler http.Handler, wares ...func(http.Handler) http.Handler) http.Handler

TODO: put in zhttp

func WrapWriter

func WrapWriter() func(http.Handler) http.Handler

WrapWriter replaces the http.ResponseWriter with our version of http.ResponseWriter for some additional functionality.

type RatelimitMemory

type RatelimitMemory struct {
    // contains filtered or unexported fields

RatelimitMemory stores the rate limit information in the Go process' memory.

func NewRatelimitMemory

func NewRatelimitMemory() *RatelimitMemory

func (*RatelimitMemory) Grant

func (m *RatelimitMemory) Grant(key string, limit int, period int64) (bool, int, int64)

type RatelimitOptions

type RatelimitOptions struct {
    Message string                                        // Displayed when limit is reached.
    Client  func(*http.Request) string                    // String to identify client (e.g. ip address).
    Store   RatelimitStore                                // How to store the # of requests.
    Limit   func(*http.Request) (limit int, period int64) // "limit" requests over "period" seconds.

type RatelimitStore

type RatelimitStore interface {
    // Grant reports if key should be granted access.
    // The limit is the total number of allowed requests, for the time duration
    // of period seconds.
    // The remaining return value indicates how many requests are remaining
    // *after* this request is processed. The free return value is the number of
    // seconds before a new request can be sent again.
    Grant(key string, limit int, period int64) (granted bool, remaining int, next int64)

type RequestLogOptions

type RequestLogOptions struct {
    Host    bool   // Print Host: as well
    TimeFmt string // Time format; default is just the time.
v0.0.0-20221021071853-2fea7a3c1367 (latest)
Oct 21, 2022
12 packages (graph)
Last checked
2 months ago

Tools for package owners.