Skip to content

aerth/webd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits

config

config

 
 

i

i

 
 

scripts

scripts

 
 

system

system

 
 

www/templates

www/templates

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

Procfile

Procfile

 
 

README.md

README.md

 
 

VERSION

VERSION

 
 

config.example.json

config.example.json

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

version.go

version.go

 
 

webassets.zip

webassets.zip

 
 

Repository files navigation

stupid web app

Features

  • Easy to add new features?
  • Signup, Login, Logout
  • Members-only dashboard (open or close registration)
  • Hit Counter
  • Brute-force protection (via temporary blacklisting)
  • Encrypted Cookies (gorilla/securecookie)
  • Fast, Lightweight
  • CSRF protection (gorilla/csrf)
  • Anti-frame protection via Content-Security-Policy
  • Persistent sessions across reboots (BoltDB)
  • Templates! (docs)
  • Reload templates from file by sending USR2 signal (pkill -usr2 webd)
  • Reload config from file by sending USR1 signal (pkill -usr1 webd)

Config (config.json)

Variables exposed in templates

SiteURL is used for content-security-policy headers

templatedata used exclusively in templates

  "Meta": {
    "siteurl": "http://127.0.0.1:8080",
    "sitename": "Test Application",
    "copyright-name": "My Company, Inc",
    "templatedata": {
      "arbitrary-variable-name": "value",
      "var2": "string-value",
      "varNum": 123,
      "varNested": {
        "nest": 321
      }
    }
  },

Security variables that should be randomized, cookie-name replaced

  "Security": {
    "cookie-name": "cookie-name",
    "csrf-key": "32-byte-long-auth-key",
    "hash-key": "755d813685f17a1d3a74f984b5111840",
    "block-key": "caa7040d2f00aaa548d5bab3aaa72100",

Whitelist and Blacklist are file paths to read. Whitelisted IPs will never be banned, Blacklisted IPs won't be able to do POST requests. After 3 attempts, users are temporarily banned.

If ServePublic is true, all files in ./www/public are served. They are routed after normal pages, so file names can't collide with templated paths (such as "/login" or "/dashboard")

    "whitelist": "whitelist.txt",
    "blacklist": "blacklist.txt",
    "servepublic": false
  },

Using encrypted config.json

  1. encrypt it with pgp or age
age -p config.json > config.json.enc
  1. decrypt and pipe into webd
age -d config.json.enc | webd -conf -

Using Reverse Proxies

In the config.json, /bin/xxx will fetch https://httpbin.org/xxx and /usr/bin/xxx will also fetch https://httpbin.org/xxx

Easy to change in config.json, to serve other applications under subdirectories.

Cookies are removed from the fetch.

Example: https://webd-example.herokuapp.com/bin/get

(note: we don't add X-Amzn-Trace-Id, thats httpbin.)

  "ReverseProxy": {
    "/bin/": "https://httpbin.org",
    "/usr/bin/": "https://httpbin.org"
  },

About

Go Boilerplate Web Application

webd-example.herokuapp.com/

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages