security

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ContextCSPNonce is the context key for the CSP nonce value
	ContextCSPNonce = "csp-nonce"
)
View Source 
const (
	// DefaultMaxClients is the maximum number of tracked clients before forced eviction
	DefaultMaxClients = 10000
)

Variables

This section is empty.

Functions

func CORSMiddleware 

func CORSMiddleware(cfg *CorsConfig) gin.HandlerFunc

func CSRFProtection 

func CSRFProtection() gin.HandlerFunc

CSRFProtection implements CSRF protection middleware

func GenerateCSRFToken 

func GenerateCSRFToken(c *gin.Context) string

GenerateCSRFToken generates a CSRF token for the current session

func SecurityMiddleware 

func SecurityMiddleware(config *SecurityConfig) gin.HandlerFunc

SecurityMiddleware adds security headers to each response

Types

type ClientRateLimiter 

type ClientRateLimiter struct {
	// contains filtered or unexported fields
}

ClientRateLimiter manages per-client rate limiters

func NewClientRateLimiter 

func NewClientRateLimiter(r rate.Limit, b int) *ClientRateLimiter

NewClientRateLimiter creates a new ClientRateLimiter

func RateLimitMiddleware 

func RateLimitMiddleware(r rate.Limit, b int) (gin.HandlerFunc, *ClientRateLimiter)

RateLimitMiddleware creates a Gin middleware for rate limiting. Returns the middleware handler and the underlying ClientRateLimiter for lifecycle management. Callers should call Stop() on the returned limiter during shutdown.

func (*ClientRateLimiter) GetLimiter 

func (rl *ClientRateLimiter) GetLimiter(ip string) *rate.Limiter

GetLimiter returns a rate limiter for the specified IP address

func (*ClientRateLimiter) Stop added in v0.9.0 

func (rl *ClientRateLimiter) Stop()

Stop stops the cleanup timer and releases resources

type CorsConfig 

type CorsConfig struct {
	CorsEnabled      bool     `json:"corsEnabled"`
	AllowOrigins     []string `json:"allowOrigins"`
	AllowMethods     []string `json:"allowMethods"`
	AllowHeaders     []string `json:"allowHeaders"`
	ExposeHeaders    []string `json:"exposeHeaders"`
	AllowCredentials bool     `json:"allowCredentials"`
	MaxAge           int      `json:"maxAgeSeconds"`
	Vary             string   `json:"vary"`
	DevMode          bool     `json:"devMode"`
}

func NewCorsConfig 

func NewCorsConfig() *CorsConfig

func (*CorsConfig) Validate 

func (c *CorsConfig) Validate() error

type SecurityConfig 

type SecurityConfig struct {
	// Content Security Policy
	CSP string

	// XSS Protection header
	XSSProtection string

	// X-Content-Type-Options header
	ContentTypeOptions string

	// Referrer-Policy header
	ReferrerPolicy string

	// Strict-Transport-Security header
	HSTS string

	// X-Frame-Options header
	FrameOptions string

	// Feature-Policy header
	FeaturePolicy string

	// Cache-Control header
	CacheControl string

	// Generate and add CSP nonce to requests
	UseCSPNonce bool
}

SecurityConfig contains configuration for security headers

func DefaultSecurityConfig 

func DefaultSecurityConfig() *SecurityConfig

DefaultSecurityConfig returns security configuration with sane defaults

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.