~mna/kick-archived-see-github

kickstart my code
get stack before call

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~mna/kick-archived-see-github
read/write
git@git.sr.ht:~mna/kick-archived-see-github

You can also use your local clone with git send-email.

#kick builds.sr.ht status

Kick streamlines configuration of a robust, hardened, production-ready Go web server. Its core is based on net/http and standard library packages, and it integrates proven, high-quality community Go packages for commonly-needed additional features. It favors a data-driven, declarative approach to defining a web server and its routes.

Through the use of the Builders type, it provides some flexibility and "pluggability" in the choice of third-party packages used to deliver those extra features, but it is not the goal of this package to be fully customizable

  • it is opinionated and as much as possible, provides an out-of-the-box encoding of best practices.

#Testing

The tests require a valid TLS certificate for localhost. The recommended approach is to use mkcert to create a local Certificate Authority and generate a locally-trusted certificate for localhost.

The following enviroment variables should be set:

  • KICK_TEST_LOCALHOST_CERT should point to the localhost certificate file.
  • KICK_TEST_LOCALHOST_KEY should point to the localhost certificate key file.

E.g.:

$ mkcert -cert-file ${KICK_TEST_LOCALHOST_CERT} -key-file ${KICK_TEST_LOCALHOST_KEY} localhost 127.0.0.1 ::1

Additionally, to use Go modules with Go 1.11+:

  • GO111MODULE=on

Then run the tests:

$ go test ./...
$ go test ./... -cover
$ go test ./... -race

#Packages

Kick automatically builds a robust, DOS-hardened web server based on proven, established and widely used Go packages:

  • github.com/gorilla/handlers for panic recovery, CORS, canonical host, content-type validation, method override, trust proxy headers
  • github.com/gorilla/csrf for CSRF
  • github.com/julienschmidt/httprouter for route multiplexing
  • golang.org/x/crypto/acme/autocert for production TLS certificate
  • github.com/FiloSottile/mkcert for localhost/development TLS certificate
  • github.com/juju/ratelimit for absolute endpoint rate-limiting
  • github.com/NYTimes/gziphandler for gzip compression
  • github.com/felixge/httpsnoop for wrapping http.ResponseWriter