-
Notifications
You must be signed in to change notification settings - Fork 0
Middleware
poteto edited this page Nov 19, 2024
·
6 revisions
It requirs >=0.15.1.
Example for logrus https://github.com/sirupsen/logrus.
func main() {
p := poteto.New()
log := logrus.New()
logConfig := middleware.DefaultRequestLoggerConfig
logConfig.LogHandleFunc = func(ctx poteto.Context, rlv middleware.RequestLoggerValues) error {
if rlv.Error == nil {
log.WithFields(logrus.Fields{
"method": rlv.Method,
"routePath": rlv.RoutePath,
"status": rlv.Status,
}).Info("request")
} else {
log.WithFields(logrus.Fields{
"method": rlv.Method,
"routePath": rlv.RoutePath,
"status": rlv.Status,
}).Error("request")
}
return nil
}
p.Register(middleware.RequestLoggerWithConfig(logConfig))
}Camara is a middleware; It provides security header. You can use so easily. It will never be perfect, but be better. Camara is highly recommended. Inspired by Helmet.
It requires >= 0.6.0
| Header | Default |
|---|---|
| Content-Security-Policy | default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=15552000; includeSubDomains |
| X-Download-Options | noopen |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | no-referrer |
package main
import (
"net/http"
"github.com/poteto0/poteto"
"github.com/poteto0/poteto/middleware"
)
func main() {
p := poteto.New()
p.Register(middleware.CamaraWithConfig(middleware.DefaultCamaraConfig))
...
}It requires >=0.17.0.
type MyTimeoutResponse struct {
Message string `json:"message"`
}
func main() {
p := poteto.New()
p.Register(
middleware.TimeoutWithConfig(
middleware.TimeoutConfig{
Limit: time.Second * 30,
TimeoutResponse: MyTimeoutResponse{
Message: "gateway time out",
},
},
),
)
}It returns JSONResponse with StatusGatewayTimeout
Verifying Signed JWT token.
it requires >=0.13.0
For exmaple, when login
type user struct {
name string `json:"name"`
}
func generateUserClaims(user user, time_duration time.Duration) *jwtUserClaims {
return &jwtUserClaims{
user.name,
jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time_duration)),
},
}
}
func Login(ctx poteto.Context) {
claims := generateUserClaims(u, time.Hour*14*24)
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tk, _ := token.SignedString([]byte("secret")) // Sign
...
}func main() {
p := poteto.New()
jwsConfig := NewPotetoJWSConfig(
"user", []byte("secret"),
)
p.Register(JWSWithConfig(jwsConfig))
...
}It verifies if token is valid.
If Bearer token not provided, returns BadRequestError. If token is invalid returns UnauthorisedError. Of course, you can handle the error what you want in controller( or handler).