kickstart my code
Merge branch 'master' of git.sr.ht:~mna/kick
builder: add form field name option for csrf
add request id to logging fields

refs

master
browse log

clone

read-only
https://git.sr.ht/~mna/kick
read/write
git@git.sr.ht:~mna/kick

kick builds.sr.ht status

Kick streamlines configuration of a robust, hardened, production-ready Go web server. Its core is based on net/http and standard library packages, and it integrates proven, high-quality community Go packages for commonly-needed additional features.

Through the use of the Builders type, it provides some flexibility and pluggability in the choice of third-party packages used to deliver those extra features, but it is not the goal of this package to be fully customizable - it is opinionated and as much as possible, provides an out-of-the-box encoding of best practices.

Testing

The tests require a valid TLS certificate for localhost. The recommended approach is to use mkcert to create a local Certificate Authority and generate a locally-trusted certificate for localhost.

The following enviroment variables should be set:

  • KICK_TEST_LOCALHOST_CERT should point to the localhost certificate file.
  • KICK_TEST_LOCALHOST_KEY should point to the localhost certificate key file.

Additionally, to use Go modules with Go 1.11+:

  • GO111MODULE=on

Then run the tests:

$ go test ./...
$ go test ./... -cover
$ go test ./... -race

Packages

Kick automatically builds a robust, DOS-hardened web server based on proven, established and widely used Go packages:

  • github.com/gorilla/sessions for sessions with github.com/boj/redistore (?) as backing store
  • github.com/gorilla/websocket for websocket
  • github.com/gorilla/handlers for panic recovery, CORS, canonical host, content-type validation, method override, trust proxy headers
  • github.com/gorilla/csrf for CSRF
  • github.com/julienschmidt/httprouter for route multiplexing and static file serving
  • github.com/sirupsen/logrus for structured logging
  • github.com/gomodule/redigo for Redis
  • github.com/gorilla/schema for decoding form values to structs, and github.com/mna/httpparms for streamlined API with validation
  • github.com/sony/gobreaker for the circuit breaker
  • golang.org/x/crypto/acme/autocert for production TLS certificate
  • github.com/FiloSottile/mkcert for localhost/development TLS certificate
  • github.com/throttled/throttled for session-based rate-limiting
  • github.com/juju/ratelimit for absolute endpoint rate-limiting
  • github.com/NYTimes/gziphandler for gzip compression
  • github.com/go-sql-driver/mysql for mysql DB support
  • github.com/jmoiron/sqlx for added SQL and struct support
  • github.com/kelseyhightower/envconfig for configuration, overridable via flags