Standard Go web server, with lots of added extras to get you up and running fast and securely.
Switch branches/tags
Nothing to show
Clone or download
K Cartlidge
Latest commit 00587a0 Oct 15, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Mention fonts in CSP info box Jul 9, 2018
example Add CSP fonts example, and extra template date/time formatters Jul 10, 2018
vendor Added vendoring and updated Black Friday. Apr 9, 2018
.editorconfig Server. Hostnames. HTTPS. Static assets. Template cache/usage/functions. Mar 14, 2018
.gitignore Server. Hostnames. HTTPS. Static assets. Template cache/usage/functions. Mar 14, 2018
Gopkg.lock Added vendoring and updated Black Friday. Apr 9, 2018
Gopkg.toml Added vendoring and updated Black Friday. Apr 9, 2018
LICENSE Server. Hostnames. HTTPS. Static assets. Template cache/usage/functions. Mar 14, 2018
README.md Add session-based flash message support Oct 15, 2018
cookies.go Renamed. Added MySQL support (other DBs can be used with standard Go). Mar 28, 2018
csrf.go Renamed. Added MySQL support (other DBs can be used with standard Go). Mar 28, 2018
middleware.go Add font-src to CSP. Apr 22, 2018
misc.go Switched error page handler to optional middleware using error template. Apr 4, 2018
server-config.go Add font-src to CSP. Apr 22, 2018
server.go Switched error page handler to optional middleware using error template. Apr 4, 2018
sessions.go Add session-based flash message support Oct 15, 2018
sqldb.go Renamed. Added MySQL support (other DBs can be used with standard Go). Mar 28, 2018
templating.go Add CSP fonts example, and extra template date/time formatters Jul 10, 2018
tls.go Renamed. Added MySQL support (other DBs can be used with standard Go). Mar 28, 2018
user.go Renamed. Added MySQL support (other DBs can be used with standard Go). Mar 28, 2018

README.md

FORTRESS GO

Go Report Card

Visit the Fortress Go web site.

Easily write secure, fast, production-ready web sites and servers in Golang.

Want to create a secure site in Go? It's a fantastic choice but unlike Ruby (with Rails), C# (with Asp.Net MVC), or Python (with Django or Flask) it isn't obvious where to start if you want to go beyond the (excellent) tutorials on request routing, handlers, and middleware.

Include Fortress Go in your own application and with a simple set of configuration options you get a standard server with masses of extras built in. Deploy with confidence.

  • Standard HTTP(S) server with standard handlers and routing.
  • Automatic LetsEncrypt (HTTPS) by specifying port 443.
  • Restrict the server by hostname.
  • Serve static assets (CSS, JavaScript etc) from a specified folder.
  • HTML templates automatically loaded and cached.
  • Helper method executes any cached template with any data.
  • Built-in template functions including Markdown rendering.
  • Panic handling (server continues).
  • Request logging in Apache format (stdout or custom destination).
  • Secure and encrypted cookies with explicit lifetimes and easy usage.
  • Cookie based session support.
  • User login/logout/get current.
  • Public and signed-in routes.
  • Per request cookie based CSRF.
  • CORS with support for headers, methods, and origins.
  • CSP (content security policy) for default, styles, and scripts.
  • Optional middleware converts from status codes to displaying an error template.
  • Optional database (MySQL/MariaDB currently) ping at startup with connection made available to all handlers.
  • Load server configuration from a config file.
  • Enforce JSON or XML content types for a request (and set response content type).
  • Session-based flash messages with optional remove-on-retrieval.

Note that although MySQL/MariaDB is mentioned above, the server is standard Go so other database options can be used as normal.

How do I use it?

It's ready and fully usable, though not yet documented. In the meantime the example folder (see below) shows how incredibly simple it can be.

Requirements

  • Go v1.7 or later

What does it use in the background?

Standing on the shoulders of giants ...

  • The Go standard library authors
  • Gorilla web toolkit - cookies, sessions, routing, logging, panics
  • Russ Ross - Black Friday for Markdown rendering
  • LetsEncrypt - issuers for auto-renewing certificates
  • Julian Schmidt and others for the MySQL library
  • Jason Moiron for the SQLX extensions

Custom code has been kept to a minimum and mostly consists of setup/orchestration/simplification of the above. The exceptions are CSRF, CORS, CSP, simple user protection, and configuration loading. These were added by myself.

Possibly incoming (in no particular order)

  • Error logging (possibly to a third party).
  • Response caching.

Running the example

The example folder contains an example of how to use the Fortress Go package.

There are pre-built cross-platform versions, but do not run them directly from the example/builds subfolder as they will be unable to find their templates and static content due to the path. Run them like so:

cd example

./builds/macos/example  # Mac OS
./builds/linux/example  # Linux
builds/windows/example  # Windows

There are a few sample handlers, the routes to which can be found in example/main.go. They are also mostly linked to on a menu when the example runs. Press Ctrl-C to stop the server.


Changing Fortress Go itself

If you are writing your own site and are including Fortress Go as it stands then you don't need to read any further. What follows is for people who want to make changes to Fortress Go's own behaviour.

Build and run the example for your current system

dep ensure
cd example

go build -o builds/macos/example && ./builds/macos/example  # Mac OS
go build -o builds/linux/example && ./builds/linux/example  # Linux
go build -o builds\windows\example.exe && .\builds\windows\example.exe  # Windows

Create cross-platform builds of the example

Run the script (below) that corresponds to your system. Each of the three scripts builds for all three platforms.

dep ensure
cd example

./scripts/macos.sh  # Mac OS
./scripts/linux.sh  # Linux
.\scripts\windows.bat  # Windows