This library regroups HTTP middleware to be used in our golang servers.
A middleware is a function taking a http.HandlerFunc and returning a http.HandlerFunc.
http.HandlerFunc is a function with the signature func(http.ResponseWriter, *http.Request).
It implements the interface http.Handler.
See the godoc
Minimum Go version: 1.7
- if using govendor
govendor fetch github.com/transcovo/go-chpr-middlewaresand:
govendor fetch github.com/dgrijalva/jwt-go- standard way (not recommended)
go get -u github.com/transcovo/go-chpr-middlewaresThis function is a helper to apply a list of middlewares to a given handler.
Note: The middlewares are applied in the reverse order, which means that the first one in the list will be the last one applied on the handler, and the first one to be executed when handling a request.
Example:
import (
"github.com/transcovo/go-chpr-middlewares"
)
func main() {
// when handling a request, `RecoveryMiddleware` will be called first, then
// `JwtAuthenticationMiddleware`, `RoleAuthorizationMiddleware` and `ParamsMiddleware`, and then
// the handler will be called.
handler := middleware.ChainMiddlewares([]middleware.Middleware{
middleware.RecoveryMiddleware(someLogger),
middleware.JwtAuthenticationMiddleware("some public key string", someLogger),
middleware.RoleAuthorizationMiddleware("cp:client:rider:", "cp:employee:tech:"),
middleware.ParamsMiddleware(requestParamsGetter),
}, myHandler)
registerHandler("/some/route", handler)
}logger := getMyLogger()
publicKeysListAsString := getMyPublicKeysFromConfig()
authMiddleware := middleware.JwtAuthenticationMiddleware(publicKeysListAsString, logger)
func MyHandler(http.ResponseWriter, *http.Request) {
/* does something */
}
wrappedHandler := authMiddleware(MyHandler)Based on the jwt go lib.
NB: You can provide a list of public keys (one to n keys), the middleware will handle it, and loop through the keys to try and validate a token. The config variable should be a string with all the public keys, separated by a ";\n" (cf the
RawRsaPublicListKeysinfixtures.jsonfor an example).
- Important ! * Needs to be added after a JwtAuthenticationMiddleware to be able to access the user roles from the token claims.
logger := getMyLogger()
authMiddleware := middleware.JwtAuthenticationMiddleware(publicKeyString, logger)
adminOnlyMiddleware := middleware.RoleAuthorizationMiddleware("cp:employee:", "cp:machine:")
func MyHandler(http.ResponseWriter, *http.Request) {
/* does something */
}
wrappedHandler := authMiddleware(adminOnlyMiddleware(MyHandler))Middleware used to set the request params in the request context.
The controller will have to use GetParamsFromRequest to get the params in the request.
It will mainly be used with mux.
paramsMiddleware := middleware.ParamsMiddleware(mux.Vars)
func MyHandler(http.ResponseWriter, req *http.Request) {
params := GetParamsFromRequest(req)
/* does something */
}
wrappedHandler := paramsMiddleware(MyHandler)Middleware used to catch panics that can happen during the request handling.
On panic, this middleware will catch it and reply a 500 to the client.
logger := getMyLogger()
recoveryMiddleware := middleware.RecoveryMiddleware(logger)
func MyHandler(http.ResponseWriter, *http.Request) {
/* does something */
}
wrappedHandler := recoveryMiddleware(MyHandler)The policy for this lib regarding vendoring is not to include any dependency, unlike server code. The main reason for this is to avoid any conflict between your project and go-chpr-middlewares. For more explanations: https://peter.bourgon.org/go-best-practices-2016/#dependency-management
Set the following environment variable to bypass the authentication and authorization process. ⚠ This variable should be set to true only for development purpose ⚠
export IGNORE_AUTH=true
Dependencies for developing on this project will be automatically installed when running tests:
- via
./tools/test.sh - via
./tools/coverage.sh