auth | ||
cookie | ||
indentalUserDB | ||
middleware | ||
rateLimiter | ||
renderer | ||
router | ||
testData | ||
util | ||
.gitignore | ||
go.mod | ||
go.sum | ||
LICENSE | ||
quartzgun.png | ||
quartzgun_test.go | ||
README.md |
quartzgun
A lightweight web framework for Go
philosophy/design
quartzgun
is designed to enable speedy development of efficient web sites and APIs in Go. There are no dependencies outside of the standard library except for bcrypt
, and the library is modular -- you can use any part of it independently. The router uses the func(http.Handler) http.Handler
middleware pattern so that you can plug and play existing middleware.
There are pre-made renderers
which are designed as plug and play endpoints in your middleware chains. They are used for providing the basic functionality of the route, rendering an HTML template in the case of a normal page, or JSON or XML for API endpoints.
The auth
system is designed from scratch to provide a modular system where new authentication/authorization backends can be added easily by satisfying the auth.UserStore
interface.
about the name
Thinking about URL routes reminded me of the tree of light the fictional Quartz Gun emits when fired, so I named the library quartzgun
.
usage
You can check out the quartzgun_test.go file for an overview of how to use it, or see projects like nirvash and felt which use quartzgun extensively.
roadmap/features
Features may be added here at any time as things are in early stages right now:
core functionality
- router (static service trees, paramaterized routes, and per-method handlers on routes)
- basic renderers (HTML template, JSON, XML)
- rate limiters (one by IP and one that is indiscriminate)
auth
- top-level wrapper for attaching
UserStore
backends to cookie handler - POC indental
UserStore
implementation - both cookie- and token-based authentication (use one but not both together)
etc
- middleware for easing auth flow:
Protected
: require loginAuthorize
: login and redirectBunt
: logout and redirectFortify
: setup CSRF protection (use on the form)Defend
: enact CSRF protection (use on the endpoint)Provision
: use BASIC authentication to provision an access tokenValidate
: valiate the bearer token against theUserStore
Throttle
: rate limit using afunc(*http.Request)bool
license
quartzgun
is licensed under the MIT license -- see the LICENSE file for details but the long and short of it is you can use/modify it for any reason, but give me (and other authors where applicable) credit for writing it.
contributing
Send patches to nilix@nilfm.cc using git format-patch -s HEAD~<however many commits>
. The -s
flag ensures that your name makes it into the commit log.