Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/tsurai/amber

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/tsurai/amber

  • v0.0.0-20150725095000-aefdbbffc86d
  • Source
  • Go
  • Socket score

Version published
Created
Source

Jantar Build Status GoDoc

Jantar is a lightweight mvc web framework with emphasis on security written in golang. It has initially been largely inspired by Martini but prefers performance over syntactic sugar and aims to provide crucial security settings and features right out of the box.

DEPRECATED

WARNING: This project is deprecated and is not maintained anymore. The default security settings and feature are out of date and not secure anymore! Use this as reference only!

Features

  • RESTful pattern with protection against cross-site request forgery
  • Secure default settings for TLS
    • No RC4, DES or similar insecure cipher
    • No SSL, requires at least TLS 1.1
    • Prefered cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • Secure default HTTP header
    • Strict-Transport-Security: max-age=31536000;includeSubDomains
    • X-Frame-Options: sameorigin
    • X-XSS-Protection: 1;mode=block
    • X-Content-Type-Options: nosniff
  • Encrypted and signed cookies using AES256 and HMAC(SHA256)
  • Simple Middleware interface
  • Compatible with http.HandlerFunc
  • Responsive to current events
    • Preview

Requirements

  • go >= 1.2

Table of Contents

Getting Started

First you have to download and install the package into the import path. This can easily be done with go get:

go get github.com/tsurai/jantar

Now you can import jantar and create a simple website

package main

import (
	"net/http"
	"github.com/tsurai/jantar"
)

func main() {
	j := jantar.New(&jantar.Config {
		Hostname: "localhost",
		Port:     3000,
	})

	j.AddRoute("GET", "/", func(respw http.ResponseWriter, req *http.Request) {
		respw.Write([]byte("Hello World"))
	})

	j.Run()
}

Controller

Using Controller and rendering Templates is very easy with Jantar. For this simple example I'm going to assume the following directory structure. A detailed description will follow soon.

|- controllers/
|-- app.go
|- views/
|-- app/
|--- index.html
| main.go

-- controllers/app.go

package controller

import (
	"github.com/tsurai/jantar"
)

type App struct {
	jantar.Controller
}

func (c *App) Index() {
	c.Render()
}

-- views/app/index.html

<h1>Hello Controller</h1>

-- main.go

package main

import (
	"github.com/tsurai/jantar"
	c "controllers"
)

func main() {
	j := jantar.New(&jantar.Config {
		Hostname: "localhost",
		Port:     3000,
	})

	j.AddRoute("GET", "/", (*c.App).Index)

	j.Run()
}

A note on security

Jantar is by no means secure in the literal sense of the word. What it does is providing easy and fast ways to protect against the most common vulnerabilities. Security should never be left out because it is too troublesome to implement.

/dev/urandom

Some might wonder why Jantar is using /dev/urandom instead of the seemingly more secure /dev/random. Please take some minutes and read this interesting article about /dev/urandom/

Todo List

  • more consistency in error handling
  • flexible config
    • custom public directory
    • custom cookie names for internal modules
  • more hooks and a better middleware interface
  • better routing for static files
  • better test coverage

Inspirations

These frameworks have been a source of inspiration and ideas during Jantars development.

FAQs

Package last updated on 25 Jul 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc