package mware

import "zgo.at/zhttp/mware"

Package mware contains HTTP middlewares.

See e.g. chi for some additional middlewares.

Index ¶

• Variables
• func Delay(d time.Duration) func(http.Handler) http.Handler
• func Headers(h http.Header) func(next http.Handler) http.Handler
• func NoCache() func(http.Handler) http.Handler
• func NoStore() func(http.Handler) http.Handler
• func Ratelimit(opts RatelimitOptions) func(http.Handler) http.Handler
• func RatelimitIP(r *http.Request) string
• func RatelimitLimit(limit int, period int64) func(*http.Request) (int, int64)
• func RealIP(never ...string) func(http.Handler) http.Handler
• func RequestLog(opt *RequestLogOptions, printer RequestLogPrinter, ignore ...string) func(http.Handler) http.Handler
• func Unpanic(filterStack ...string) func(http.Handler) http.Handler
• func With(handler http.Handler, wares ...func(http.Handler) http.Handler) http.Handler
• func WrapWriter() func(http.Handler) http.Handler
• type RatelimitMemory
• func NewRatelimitMemory() *RatelimitMemory
• func (m *RatelimitMemory) Grant(key string, n int, period int64) (bool, int)
• type RatelimitOptions
• type RatelimitStore
• type RequestLogOptions
• type RequestLogPrinter

Variables ¶

var DefaultHeaders = http.Header{
	"Strict-Transport-Security": []string{"max-age=7776000"},
	"X-Frame-Options":           []string{"deny"},
	"X-Content-Type-Options":    []string{"nosniff"},
}

DefaultHeaders will be set by default.

Functions ¶

func Delay ¶

func Delay(d time.Duration) func(http.Handler) http.Handler

Delay adds a delay before every request.

The default delay is taken from the paramters (which may be 0), and can also be overriden by setting a "debug-delay" cookie, which is in seconds.

This is intended for debugging frontend timing issues.

func Headers ¶

func Headers(h http.Header) func(next http.Handler) http.Handler

Headers sets the given headers.

DefaultHeaders will always be set. Headers passed to this function overrides them. Use a nil value to remove a header.

func NoCache ¶

func NoCache() func(http.Handler) http.Handler

NoCache sets the Cache-Control header to "no-cache".

Browsers will always validate a cache (with e.g. If-Match or If-None-Match). It does NOT tell browsers to never store a cache (use NoStore for that).

func NoStore ¶

func NoStore() func(http.Handler) http.Handler

NoStore sets the Cache-Control header to "no-store, no-cache"

Browsers will never store a local copy (the no-cache is there to be sure previously stored copies from before this header are revalidated).

func Ratelimit ¶

func Ratelimit(opts RatelimitOptions) func(http.Handler) http.Handler

Ratelimit requests.

func RatelimitIP ¶

func RatelimitIP(r *http.Request) string

RatelimitIP rate limits based IP address.

Assumes RemoteAddr is set correctly. E.g. with chi's middleware.RealIP middleware.

func RatelimitLimit ¶

func RatelimitLimit(limit int, period int64) func(*http.Request) (int, int64)

RatelimitLimit is a simple limiter, always returning the same numbers.

func RealIP ¶

func RealIP(never ...string) func(http.Handler) http.Handler

RealIP sets the RemoteAddr to CF-Connecting-IP, Fly-Client-IP, X-Azure-SocketIP, X-Real-IP, X-Forwarded-For, or the RemoteAddr without a port.

The end result willl never have a source port set. It will ignore local and private addresses such as 127.0.0.1, 192.168.1.1, etc.

TODO: allow configuring which headers to look at, as this is very much dependent on the specific configuration; preferring e.g. Fly-Client-Ip means its trivial to spoof the "real IP".

func RequestLog ¶

func RequestLog(opt *RequestLogOptions, printer RequestLogPrinter, ignore ...string) func(http.Handler) http.Handler

RequestLog logs all requests to stdout.

Any paths matching ignore will not be printed.

func Unpanic ¶

func Unpanic(filterStack ...string) func(http.Handler) http.Handler

Unpanic recovers from panics in handlers and calls ErrPage().

func With ¶

func With(handler http.Handler, wares ...func(http.Handler) http.Handler) http.Handler

TODO: put in zhttp

func WrapWriter ¶

func WrapWriter() func(http.Handler) http.Handler

WrapWriter replaces the http.ResponseWriter with our version of http.ResponseWriter for some additional functionality.

Types ¶

type RatelimitMemory ¶

type RatelimitMemory struct {
	sync.Mutex
	// contains filtered or unexported fields
}

RatelimitMemory stores the rate limit information in the Go process' memory.

func NewRatelimitMemory ¶

func NewRatelimitMemory() *RatelimitMemory

func (*RatelimitMemory) Grant ¶

func (m *RatelimitMemory) Grant(key string, n int, period int64) (bool, int)

type RatelimitOptions ¶

type RatelimitOptions struct {
	Message string                                        // Displayed when limit is reached.
	Client  func(*http.Request) string                    // String to identify client (e.g. ip address).
	Store   RatelimitStore                                // How to store the # of requests.
	Limit   func(*http.Request) (limit int, period int64) // "limit" requests over "period" seconds.
}

type RatelimitStore ¶

type RatelimitStore interface {
	Grant(key string, n int, period int64) (granted bool, remaining int)
}

type RequestLogOptions ¶

type RequestLogOptions struct {
	Host    bool   // Print Host: as well
	TimeFmt string // Time format; default is just the time.
}

type RequestLogPrinter ¶

type RequestLogPrinter func(method, url string, status int, start time.Time, opt *RequestLogOptions)

Source Files ¶

cache.go delay.go doc.go headers.go ratelimit.go realip.go reqlog.go unpanic.go with.go writer.go