https://github.com/sionpixley/go-mux-rest-middleware

Go library that provides middleware that adds HTTP response headers for REST APIs when using gorilla/mux. This library follows OWASP REST security guidelines. It only provides middleware for REST APIs that do not return any HTML. If your API returns HTML, please implement your own middleware based on OWASP's guidelines.
https://github.com/sionpixley/go-mux-rest-middleware

go middleware owasp rest rest-api

Last synced: 3 months ago
JSON representation

Go library that provides middleware that adds HTTP response headers for REST APIs when using gorilla/mux. This library follows OWASP REST security guidelines. It only provides middleware for REST APIs that do not return any HTML. If your API returns HTML, please implement your own middleware based on OWASP's guidelines.

• Host: GitHub
• URL: https://github.com/sionpixley/go-mux-rest-middleware
• Owner: sionpixley
• License: mit
• Created: 2024-11-24T13:55:07.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2025-03-06T21:26:46.000Z (3 months ago)
• Last Synced: 2025-03-06T22:26:36.948Z (3 months ago)
• Topics: go, middleware, owasp, rest, rest-api
• Language: Go
• Homepage:
• Size: 20.5 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

        
# go-mux-rest-middleware

Go library that provides middleware that adds HTTP response headers for REST APIs when using [gorilla/mux](https://github.com/gorilla/mux). This library follows [OWASP REST security guidelines](https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#security-headers). It only provides middleware for REST APIs that **do not** return any HTML. If your API returns HTML, please implement your own middleware based on OWASP's guidelines.

## Table of contents

1. [Project structure](#project-structure)

2. [How to install](#how-to-install)

3. [How to use](#how-to-use)

4. [Contributing](#contributing)

## Project structure

```

.

├── CODE_OF_CONDUCT.md

├── LICENSE

├── README.md

├── SECURITY.md

├── go.mod

├── go.sum

└── pkg

    └── gmrm

        └── gmrm.go

```

## How to install

`go get github.com/sionpixley/go-mux-rest-middleware`

## How to use

```

package main

import (

    "encoding/json"

    "log"

    "net/http"

    "github.com/gorilla/mux"

    "github.com/sionpixley/go-mux-rest-middleware/pkg/gmrm"

)

func main() {

    router := mux.NewRouter()

    router.HandleFunc("/api/example", getExample).Methods(http.MethodGet, http.MethodOptions)

    router.Use(mux.CORSMethodMiddleware(router))

    // These are the functions provided by the gmrm package.

    router.Use(gmrm.CorsOriginMiddleware("https://example.com"))

    router.Use(gmrm.CacheControlMiddleware())

    router.Use(gmrm.ContentTypeMiddleware("application/json"))

    router.Use(gmrm.FrameMiddleware())

    // Only add this one if you want HSTS.

    router.Use(gmrm.HstsMiddleware("max-age=63072000; includeSubDomains; preload"))

    go http.ListenAndServe(":80", http.HandlerFunc(redirectToHttps))

    log.Fatalln(http.ListenAndServeTLS(":443", "certfile", "keyfile", router))

}

func getExample(w http.ResponseWriter, r *http.Request) {

    if r.Method == http.MethodOptions {

        return

    }

    err := json.NewEncoder(w).Encode("example")

    if err != nil {

        w.WriteHeader(http.StatusInternalServerError)

        return

    }

}

func redirectToHttps(w http.ResponseWriter, r *http.Request) {

    http.Redirect(w, r, "https://example.com"+r.RequestURI, http.StatusMovedPermanently)

}

```

## Contributing

All contributions are welcome! If you wish to contribute to the project, the best way would be forking this repo and making a pull request from your fork with all of your suggested changes.