quartzgun/README.md

# quartzgun

A lightweight web framework for Go

![Quartz Gun effect from Eureka Seven AO, showing a tree of light spanning down to the earth with its root in low orbit](./quartzgun.png)

## philosophy/design

`quartzgun` is designed to enable speedy development of efficient web sites and APIs in Go. There are no dependencies outside of the standard library except for `bcrypt`, and the library is modular -- you can use any part of it independently. The router uses the `func(http.Handler) http.Handler` middleware pattern so that you can plug and play existing middleware.

There are pre-made `renderers` which are designed as plug and play endpoints in your middleware chains. They are used for providing the basic functionality of the route, rendering an HTML template in the case of a normal page, or JSON or XML for API endpoints.

The `auth` system is designed from scratch to provide a modular system where new authentication/authorization backends can be added easily by satisfying the `auth.UserStore` interface.

### about the name

Thinking about URL routes reminded me of the tree of light the fictional [Quartz Gun](https://eurekaseven.fandom.com/wiki/Quartz_Gun) emits when fired, so I named the library `quartzgun`.

## usage

You can check out the [quartzgun_test.go](./quartzgun_test.go) file for an overview of how to use it, or see projects like [nirvash](https://forge.lightcrystal.system/nilix/nirvash) and [felt](https://forge.lightcrystal.systems/nilix/felt) which use quartzgun extensively.

## roadmap/features

Features may be added here at any time as things are in early stages right now:

### core functionality

* [x] router (static service trees, paramaterized routes, and per-method handlers on routes)
* [x] basic renderers (HTML template, JSON, XML)
* [x] rate limiters (one by IP and one that is indiscriminate)

### auth

* [x] top-level wrapper for attaching `UserStore` backends to cookie handler
* [x] POC [indental](https://wiki.xxiivv.com/site/indental.html) `UserStore` implementation
* [x] both cookie- and token-based authentication (use one but not both together)

### etc

* [x] middleware for easing auth flow:
  - [x] `Protected`: require login
  - [x] `Authorize`: login and redirect
  - [x] `Bunt`: logout and redirect
  - [x] `Fortify`: setup CSRF protection (use on the form)
  - [x] `Defend`: enact CSRF protection (use on the endpoint)
  - [x] `Provision`: use BASIC authentication to provision an access token
  - [x] `Validate`: valiate the bearer token against the `UserStore`
  - [x] `Throttle`: rate limit using a `func(*http.Request)bool`

## license

`quartzgun` is licensed under the MIT license -- see the [LICENSE](./LICENSE) file for details but the long and short of it is you can use/modify it for any reason, but give me (and other authors where applicable) credit for writing it.

## contributing

Send patches to [nilix@nilfm.cc](mailto:nilix@nilfm.cc) using `git format-patch -s HEAD~<however many commits>`. The `-s` flag ensures that your name makes it into the commit log.
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00			`# quartzgun`

			`A lightweight web framework for Go`

			`![Quartz Gun effect from Eureka Seven AO, showing a tree of light spanning down to the earth with its root in low orbit](./quartzgun.png)`

			`## philosophy/design`

			`quartzgun` is designed to enable speedy development of efficient web sites and APIs in Go. There are no dependencies outside of the standard library except for `bcrypt`, and the library is modular -- you can use any part of it independently. The router uses the `func(http.Handler) http.Handler` middleware pattern so that you can plug and play existing middleware.

			There are pre-made `renderers` which are designed as plug and play endpoints in your middleware chains. They are used for providing the basic functionality of the route, rendering an HTML template in the case of a normal page, or JSON or XML for API endpoints.

			The `auth` system is designed from scratch to provide a modular system where new authentication/authorization backends can be added easily by satisfying the `auth.UserStore` interface.

			`### about the name`

update README.md 2022-01-11 06:38:19 +00:00			Thinking about URL routes reminded me of the tree of light the fictional [Quartz Gun](https://eurekaseven.fandom.com/wiki/Quartz_Gun) emits when fired, so I named the library `quartzgun`.
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00
			`## usage`

add rateLimiters and Throttle middleware 2024-11-28 16:54:35 +00:00			`You can check out the [quartzgun_test.go](./quartzgun_test.go) file for an overview of how to use it, or see projects like [nirvash](https://forge.lightcrystal.system/nilix/nirvash) and [felt](https://forge.lightcrystal.systems/nilix/felt) which use quartzgun extensively.`
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00
			`## roadmap/features`

update README.md 2022-01-11 06:38:19 +00:00			`Features may be added here at any time as things are in early stages right now:`

add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00			`### core functionality`

			`* [x] router (static service trees, paramaterized routes, and per-method handlers on routes)`
			`* [x] basic renderers (HTML template, JSON, XML)`
add rateLimiters and Throttle middleware 2024-11-28 16:54:35 +00:00			`* [x] rate limiters (one by IP and one that is indiscriminate)`
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00
			`### auth`

update README.md 2022-01-11 06:38:19 +00:00			* [x] top-level wrapper for attaching `UserStore` backends to cookie handler
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00			* [x] POC [indental](https://wiki.xxiivv.com/site/indental.html) `UserStore` implementation
add subtree renderer, fix static routing for index pages, don't log sessionId when authenticating, and add token auth 2022-08-01 00:08:05 +00:00			`* [x] both cookie- and token-based authentication (use one but not both together)`
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00
			`### etc`

fine tune existing and add more middleware 2022-05-21 03:36:54 +00:00			`* [x] middleware for easing auth flow:`
update README 2022-05-18 04:48:17 +00:00			- [x] `Protected`: require login
			- [x] `Authorize`: login and redirect
fine tune existing and add more middleware 2022-05-21 03:36:54 +00:00			- [x] `Bunt`: logout and redirect
			- [x] `Fortify`: setup CSRF protection (use on the form)
			- [x] `Defend`: enact CSRF protection (use on the endpoint)
add subtree renderer, fix static routing for index pages, don't log sessionId when authenticating, and add token auth 2022-08-01 00:08:05 +00:00			- [x] `Provision`: use BASIC authentication to provision an access token
			- [x] `Validate`: valiate the bearer token against the `UserStore`
add rateLimiters and Throttle middleware 2024-11-28 16:54:35 +00:00			- [x] `Throttle`: rate limit using a `func(*http.Request)bool`
add README and LICENSE, and refactor IndentalUserDB to support Data map 2022-01-10 03:16:30 +00:00
			`## license`

			`quartzgun` is licensed under the MIT license -- see the [LICENSE](./LICENSE) file for details but the long and short of it is you can use/modify it for any reason, but give me (and other authors where applicable) credit for writing it.

			`## contributing`

			Send patches to [nilix@nilfm.cc](mailto:nilix@nilfm.cc) using `git format-patch -s HEAD~<however many commits>`. The `-s` flag ensures that your name makes it into the commit log.