Skip to content
/ obscurer Public

A compact library for equipping HTTP APIs with URL obscuring capabilities.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

freerware/obscurer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
internal/mock
internal/mock
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.txt
LICENSE.txt
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
example_test.go
example_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handler.go
handler.go
 
 
handler_test.go
handler_test.go
 
 
obscurer.go
obscurer.go
 
 
obscurer_test.go
obscurer_test.go
 
 
response_writer.go
response_writer.go
 
 
store.go
store.go
 
 

Repository files navigation

obscurer

A compact library for equipping HTTP APIs with URL obscuring capabilities.

GoDoc Build Status Coverage Status License

What is it?

obscurer gives your HTTP API the ability to utilize obscure URLs, which provides additional abstraction that is beneficial when implementing level 3 RESTful APIs.

What are obscure URLs?

Typically when creating a RESTful API using HTTP, the API defines URLs that provide a predictable structure. For example, an API with a product resource might have /api/products/1/ URL path, where 1 is the ID of the product being interacted with.

When creating level 3 hypermedia APIs, the API is responsible for defining and managing the state of an application through links. As such, any time a consumer is able to bypass this responsibility by issuing a request to a URL that it wasn't given in the response of a previous request, it actually undermines what a hypermedia API represents.

To prevent URLs from being "hackable" (or guessable), we obscure them. A common method involves taking the normal URL path and running it through a simple hashing algorithm, such as MD5. These obscured URLs are then returned to consumers in response representations, that they then use to issue additional downstream requests.

Why use it?

  • can be extended to support any store of your choice (Redis, MySQL, etc.).
  • immediately compatible with any request multiplexer.
  • increased privacy of API interfaces.
  • reduced "hackability" of API interfaces, promoting loose coupling.
  • side-by-side support for unobscured and obscured URLs.
  • automatically discards obscured URLs resulting in HTTP 404.

How do I use it?

Quickstart

// create your mux.
mux := http.NewServeMux()
mux.HandleFunc("/this/is/the/way", func(w http.ResponseWriter, r *http.Request) {
	fmt.Println("i'm mando!")
})

// choose your store. 🎉
store := obscurer.DefaultStore

// choose your obscurer. 🎉
obscurer := obscurer.Default

// add obscured URL support. 🎉
handler := obscurer.NewHandler(obscurer, store, mux)

// create your server.
server := &http.Server{
	Addr: ":8080",
	Handler: handler, // 🎉
}

// start your server!
log.Fatal(server.ListenAndServe())

Contribute

Want to lend us a hand? Check out our guidelines for contributing.

License

We are rocking an Apache 2.0 license for this project.

Code of Conduct

Please check out our code of conduct to get up to speed how we do things.

About

A compact library for equipping HTTP APIs with URL obscuring capabilities.

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages