Documentation
¶
Index ¶
- Constants
- func CSRFMiddleware() gin.HandlerFunc
- func GetCSRFToken(c *gin.Context) string
- func IPMiddleware() gin.HandlerFunc
- func MetricsAuthMiddleware(token string) gin.HandlerFunc
- func NewRateLimiter(config RateLimitConfig) (gin.HandlerFunc, error)
- func RequireAdmin(userService *services.UserService) gin.HandlerFunc
- func RequireAuth(userService *services.UserService) gin.HandlerFunc
- func SessionFingerprintMiddleware(enabled, includeIP bool) gin.HandlerFunc
- func SessionIdleTimeout(idleTimeoutSeconds int) gin.HandlerFunc
- type RateLimitConfig
- type RateLimitStoreType
Constants ¶
const ( SessionUserID = "user_id" SessionLastActivity = "last_activity" SessionFingerprint = "session_fingerprint" )
Variables ¶
This section is empty.
Functions ¶
func CSRFMiddleware ¶
func CSRFMiddleware() gin.HandlerFunc
CSRFMiddleware provides CSRF protection for state-changing operations
func GetCSRFToken ¶
GetCSRFToken retrieves the CSRF token from the context
func IPMiddleware ¶
func IPMiddleware() gin.HandlerFunc
IPMiddleware extracts client IP and stores it in the context
func MetricsAuthMiddleware ¶
func MetricsAuthMiddleware(token string) gin.HandlerFunc
MetricsAuthMiddleware creates a middleware that protects metrics endpoint with Bearer token
func NewRateLimiter ¶
func NewRateLimiter(config RateLimitConfig) (gin.HandlerFunc, error)
NewRateLimiter creates a new rate limiter with configurable store backend
func RequireAdmin ¶
func RequireAdmin(userService *services.UserService) gin.HandlerFunc
RequireAdmin is a middleware that requires the user to have admin role This middleware should be used after RequireAuth
func RequireAuth ¶
func RequireAuth(userService *services.UserService) gin.HandlerFunc
RequireAuth is a middleware that requires the user to be logged in
func SessionFingerprintMiddleware ¶
func SessionFingerprintMiddleware(enabled, includeIP bool) gin.HandlerFunc
SessionFingerprintMiddleware validates session fingerprint to prevent session hijacking Checks User-Agent (and optionally IP) against stored fingerprint
func SessionIdleTimeout ¶
func SessionIdleTimeout(idleTimeoutSeconds int) gin.HandlerFunc
SessionIdleTimeout checks if the session has been idle for too long and clears it if necessary. Set idleTimeoutSeconds to 0 to disable.
Types ¶
type RateLimitConfig ¶
type RateLimitConfig struct {
// Rate limit settings
RequestsPerMinute int // Number of requests allowed per minute
CleanupInterval time.Duration // How often to cleanup (only for memory store)
// Store settings
StoreType RateLimitStoreType // "memory" or "redis"
// Redis settings (only used when StoreType = "redis")
// Must be provided when StoreType is "redis" (initialized in main.go)
RedisClient *redis.Client // Required for Redis store: shared go-redis client
// Audit settings
AuditService *services.AuditService // Optional: audit service for logging rate limit events
}
RateLimitConfig holds the configuration for rate limiting with store support
type RateLimitStoreType ¶
type RateLimitStoreType string
RateLimitStoreType defines the type of rate limit store
const ( // RateLimitStoreMemory uses in-memory storage (single instance only) RateLimitStoreMemory RateLimitStoreType = "memory" // RateLimitStoreRedis uses Redis storage (distributed, multi-pod support) RateLimitStoreRedis RateLimitStoreType = "redis" )
Source Files