{"id":20578346,"url":"https://github.com/g1eng/httpfilter","last_synced_at":"2025-05-09T21:34:17.017Z","repository":{"id":45597061,"uuid":"433286283","full_name":"g1eng/httpfilter","owner":"g1eng","description":"Access control wrapper collections for httprouter and http.HandlerFunc (unstable)","archived":true,"fork":false,"pushed_at":"2021-12-06T11:21:24.000Z","size":111,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-06T11:43:20.835Z","etag":null,"topics":["access-control","golang","handlerfunc","httprouter"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/g1eng.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-30T03:59:17.000Z","updated_at":"2024-10-05T14:01:03.000Z","dependencies_parsed_at":"2022-09-07T22:23:43.419Z","dependency_job_id":null,"html_url":"https://github.com/g1eng/httpfilter","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g1eng%2Fhttpfilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g1eng%2Fhttpfilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g1eng%2Fhttpfilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g1eng%2Fhttpfilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/g1eng","download_url":"https://codeload.github.com/g1eng/httpfilter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253328778,"owners_count":21891526,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","golang","handlerfunc","httprouter"],"created_at":"2024-11-16T06:12:40.216Z","updated_at":"2025-05-09T21:34:16.732Z","avatar_url":"https://github.com/g1eng.png","language":"Go","readme":"## `HttpFilter`\n\n[![CircleCI](https://circleci.com/gh/g1eng/httpfilter/tree/master.svg?style=svg)](https://circleci.com/gh/g1eng/httpfilter/tree/master)\n[![codecov](https://codecov.io/gh/g1eng/httpfilter/branch/master/graph/badge.svg?token=EJZIHPRGNI)](https://codecov.io/gh/g1eng/httpfilter)\n\nA set of conditional access control wrappers for golang-based web application, written in [httprouter](https://github.com/julienschmidt/httprouter) or `http.HandlerFunc`.\n\n## Features\n\n* variety of handler wrappers implemented in `AuthWrapper` helps you to protect resources for `http.HandlerFunc` and `httprouter.Handle`.\n* several authentication providers and session management mechanisms are available in `auth` and `session` package for both of `http` and `httprouter` package.\n* simple IP-based filtering powered by `jpillora/ipfilter`. (thanks!)\n* **AND** or **OR** [synthetic wrapper](#function-synthesis-for-access-control) with `httpfilter/syntesis` package, which enables you to apply two or more `AuthWrapper` for single route. (`AuthWrapper` is also supported).\n* Additional header management and built-in CORS support with `header` package (now only supported for `httprouter`)\n\n## What is `AuthWrapper`?\n\n```go\n//in synthesis package\ntype AuthWrapper func (http.HandlerFunc, _ ...string) http.HandlerFunc\n\n//in synthesis/rt_synthesis package\ntype AuthWrapper func (httprouter.Handle, _ ...string) httprouter.Handle\n```\n\nAuthWrapper is the function type which receives `http.HandlerFunc` for its first argument, and returns `http.HandlerFunc`.\nIts counter part for httprouter, `AuthWrapper in rt_synthesis package` is the function type which receives `httprouter.Handle` for its first argument, and returns `http.HandlerFunc`.\nBoth of them can receive additional string parameter for internal conditional evaluation, but they are not essential in every `AuthWrapper` implementation.\n\nIf you feel `http.HandlerFunc` or `httprouter.Handle` friendly, maybe you should have been writing a number of wrappers for these handler functions. (also handler function itself). \nAuthWrappers (synthesys.AuthWrapper or rt_synthesis.AuthWrapper) are designed to be used as function generator which are acceptable for `http.HandleFunc` or `httprouter.Handle` like this:\n\n```go\nhttp.HandleFunc(\"/some/resource\", someAuthWrapper(yourHandler))\n//or\nrouter.GET(\"/api/path/somewhere\", someAuthWrapper(yourHandler))\n```\n\n## How to use `AuthWrappers`?\n\nMany of wrapper functions in this package are implemented in `AuthWrapper` type, including basic authentication, IP filtering, header validation, and so on.\nYou can apply single basic authentication for a simple but a little secured route with the following snippet: \n\n```go\npackage example\n\nimport (\n\t\"github.com/g1eng/httpfilter/auth/basic\"\n\t\"github.com/julienschmidt/httprouter\"\n\t\"net/http\"\n)\n\nfunc yourHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {\n\t//some code here\n}\n\nfunc herHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {\n\t//any code here\n}\n\nfunc route() *httprouter.Router {\n\trouter := httprouter.New()\n\tb := basic.NewBasicAuth(\"/path/to/htpasswd/or/credential/line\")\n\trouter.GET(\"/some/public/resource\", yourHandler)\n\trouter.GET(\"/some/secured/resource\", b.RouterAuthenticate(herHandler))\n\treturn router\n}\n```\n\n## Function Synthesis for Access Control\n\nSometime, we need two or more request validators for a protected/hardened resource(s).\nIn such cases you can use `httpfilter/synthesis` to apply multiple authorization/validation mechanisms to users' traffic.\n\nTwo or more effects of `AuthWrapper` can be **synthesized** with `AuthAnd`, `AuthOR` or `AuthAll`.\n\nYou can write the synthesis of conditional checks with several `AuthWrappers` like this:\n\n```go\npackage example\n\nimport (\n\t\"github.com/g1eng/httpfilter/auth/basic\"\n\t\"github.com/g1eng/httpfilter/ipfilter\"\n\t\"github.com/g1eng/httpfilter/synthesis\"\n\t\"net/http\"\n)\n\nfunc yourHandler(w http.ResponseWriter, r *http.Request) {\n\t//some code here\n}\n\nfunc herHandler(w http.ResponseWriter, r *http.Request) {\n\t//any code here\n}\n\nfunc Serve() {\n\ts := http.Server{\n\t\tAddr: \"0.0.0.0:8080\",\n\t}\n\tAND := synthesis.AuthAND\n\n\tdefaultFilter := ipfilter.NewIPFilter(true, []string{\"192.0.0.0/24\"}).Authorize\n\tmanagedFilter := basic.NewBasicAuth(\"/path/to/htpasswd/or/credential/line\").Authenticate\n\n\t//users must be authorized with two factor to access to protected resources for dualAuth\n\tdualAuth := AND(defaultFilter, managedFilter)\n\t\n\thttp.HandleFunc(\"/o/ha\", defaultFilter(yourHandler))\n\thttp.HandleFunc(\"/o/con\", dualAuth(herHandler))\n\n\t_ = s.ListenAndServe()\n}\n\n```\n\nFor `httprouter`, import `synthesis/rt_synthesis` package and use `Auth*` declared in that package:\n\n```go\npackage example\n\nimport (\n\t\"github.com/g1eng/httpfilter/auth/basic\"\n\t\"github.com/g1eng/httpfilter/ipfilter\"\n\t\"github.com/g1eng/httpfilter/synthesis/rt_synthesis\"\n\t\"github.com/julienschmidt/httprouter\"\n\t\"net/http\"\n)\n\nfunc yourHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {\n\t//some code here\n}\n\nfunc herHandler(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {\n\t//any code here\n}\n\nfunc Route() *httprouter.Router {\n\trouter := httprouter.New()\n\tdefaultFilter := ipfilter.NewIPFilter(true, []string{\"192.0.0.0/24\"}).RouterAuthorize\n\tmanagerFilter := basic.NewBasicAuth(\"/path/to/htpasswd/or/credential/line\").RouterAuthenticate\n\t\n\tdualAuth := rt_synthesis.AuthAND(defaultFilter, managerFilter)\n\t\n\trouter.GET(\"/some/corp/resource\", defaultFilter(yourHandler))\n\trouter.GET(\"/some/mgnt/resource\", dualAuth(herHandler))\n\treturn router\n}\n```\n\n## Background\n\nOn my nearest experience, different project in different requirements with different stakeholders, share similar access control mechanisms that satisfy any of VIP's request within possible costs.\nHow do you think about such shared implementation can be reliable, full-featured, open and popular one?\n\nThis project is a proposal for generic access control wrapper mechanism on golang-based web applications.\n\n## ToDo\n\n* hardening on local session storage (and planning to import external popular session management mechanisms)\n* redis token caching\n\n## DOCUMENTATION\n\nIf you need any documentation enhancement, make issue or PR and post your request about desired additional topics!\n\n## Contributing\n\nYou are welcomed to propose any type of commitment to this project! Contact from the issue page in open style and share your ideas about this package.\n\n### LICENSE\n\nApache 2.0.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg1eng%2Fhttpfilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fg1eng%2Fhttpfilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg1eng%2Fhttpfilter/lists"}