zhttpzgo.at/zhttp/mware Index | Files

package mware

import "zgo.at/zhttp/mware"

Package mware contains HTTP middlewares.

See e.g. chi for some additional middlewares.



var DefaultHeaders = http.Header{
	"Strict-Transport-Security": []string{"max-age=7776000"},
	"X-Frame-Options":           []string{"deny"},
	"X-Content-Type-Options":    []string{"nosniff"},

DefaultHeaders will be set by default.


func Delay

func Delay(d time.Duration) func(http.Handler) http.Handler

Delay adds a delay before every request.

The default delay is taken from the paramters (which may be 0), and can also be overriden by setting a "debug-delay" cookie, which is in seconds.

This is intended for debugging frontend timing issues.

func Headers

func Headers(h http.Header) func(next http.Handler) http.Handler

Headers sets the given headers.

DefaultHeaders will always be set. Headers passed to this function overrides them. Use a nil value to remove a header.

func NoCache

func NoCache() func(http.Handler) http.Handler

NoCache sets the Cache-Control header to "no-cache".

Browsers will always validate a cache (with e.g. If-Match or If-None-Match). It does NOT tell browsers to never store a cache (use NoStore for that).

func NoStore

func NoStore() func(http.Handler) http.Handler

NoStore sets the Cache-Control header to "no-store, no-cache"

Browsers will never store a local copy (the no-cache is there to be sure previously stored copies from before this header are revalidated).

func Ratelimit

func Ratelimit(opts RatelimitOptions) func(http.Handler) http.Handler

Ratelimit requests.

func RatelimitIP

func RatelimitIP(r *http.Request) string

RatelimitIP rate limits based IP address.

Assumes RemoteAddr is set correctly. E.g. with chi's middleware.RealIP middleware.

func RatelimitLimit

func RatelimitLimit(limit int, period int64) func(*http.Request) (int, int64)

RatelimitLimit is a simple limiter, always returning the same numbers.

func RealIP

func RealIP(never ...string) func(http.Handler) http.Handler

RealIP sets the RemoteAddr to CF-Connecting-IP, Fly-Client-IP, X-Azure-SocketIP, X-Real-IP, X-Forwarded-For, or the RemoteAddr without a port.

The end result willl never have a source port set. It will ignore local and private addresses such as,, etc.

TODO: allow configuring which headers to look at, as this is very much dependent on the specific configuration; preferring e.g. Fly-Client-Ip means its trivial to spoof the "real IP".

func RequestLog

func RequestLog(opt *RequestLogOptions, ignore ...string) func(http.Handler) http.Handler

RequestLog logs all requests to stdout.

Any paths matching ignore will not be printed.

func Unpanic

func Unpanic(filterStack ...string) func(http.Handler) http.Handler

Unpanic recovers from panics in handlers and calls ErrPage().

func With

func With(handler http.Handler, wares ...func(http.Handler) http.Handler) http.Handler

TODO: put in zhttp

func WrapWriter

func WrapWriter() func(http.Handler) http.Handler

WrapWriter replaces the http.ResponseWriter with our version of http.ResponseWriter for some additional functionality.


type RatelimitMemory

type RatelimitMemory struct {
	// contains filtered or unexported fields

RatelimitMemory stores the rate limit information in the Go process' memory.

func NewRatelimitMemory

func NewRatelimitMemory() *RatelimitMemory

func (*RatelimitMemory) Grant

func (m *RatelimitMemory) Grant(key string, n int, period int64) (bool, int)

type RatelimitOptions

type RatelimitOptions struct {
	Message string                                        // Displayed when limit is reached.
	Client  func(*http.Request) string                    // String to identify client (e.g. ip address).
	Store   RatelimitStore                                // How to store the # of requests.
	Limit   func(*http.Request) (limit int, period int64) // "limit" requests over "period" seconds.

type RatelimitStore

type RatelimitStore interface {
	Grant(key string, n int, period int64) (granted bool, remaining int)

type RequestLogOptions

type RequestLogOptions struct {
	Host    bool   // Print Host: as well
	TimeFmt string // Time format; default is just the time.

Source Files

cache.go delay.go doc.go headers.go ratelimit.go realip.go reqlog.go unpanic.go with.go writer.go

v0.0.0-20230814193423-dab96c397850 (latest)
Aug 14, 2023
12 packages
Last checked
6 hours ago

Tools for package owners.