common

func AddCustomPIIPattern ¶

func AddCustomPIIPattern(name string, pattern string) error

AddCustomPIIPattern adds a custom pattern for PII detection and sanitization. This allows applications to define their own PII patterns.

func AddIfNotExists ¶

func AddIfNotExists(element string, list []string) []string

AddIfNotExists appends element to list only if the element is not already present. It is useful when constructing slices that must contain unique values.

func AddIfNotExistsGeneric ¶

func AddIfNotExistsGeneric(element interface{}, list []interface{}) []interface{}

AddIfNotExistsGeneric performs the same conditional append as AddIfNotExists but works with a slice of empty interfaces. It is used when the type of the elements is not known ahead of time.

func B2S ¶

func B2S(b []byte) (s string)

B2S converts a null terminated byte slice to a string. If no null byte is present the entire slice is used. It returns the resulting string.

func CamelCase ¶

func CamelCase(txt string) string

CamelCase converts a string containing separators into camel case. Any character found in the punctuation list starts a new word.

func Clean ¶

func Clean(txt string) string

Clean lowercases a string, replaces spaces with underscores and URL escapes the result.

func ClearCookie ¶

func ClearCookie(w http.ResponseWriter, r *http.Request)

ClearCookie removes the visitor ID cookie from the client by sending an expired cookie back to the browser.

func Debug ¶

func Debug(format string, v ...interface{})

Debug writes a formatted debug message when ISDEBUG is true. A newline is appended so callers do not have to include one.

func DebugInfo ¶

func DebugInfo(r *http.Request)

func DebugSafe ¶

func DebugSafe(format string, v ...interface{})

DebugSafe writes a formatted debug message with PII sanitization. This is a PII-safe version of Debug that should be used when logging potentially sensitive information.

func Decrypt ¶

func Decrypt(c context.Context, key string, message string) string

Decrypt decrypts a message encrypted with Encrypt. Note: For backward compatibility, this function returns empty string on error and logs the error. New code should check for empty return value.

func DoesCookieExists ¶

func DoesCookieExists(r *http.Request) bool

DoesCookieExists reports whether the request contains a non-empty visitor ID cookie.

func DumpCookie ¶

func DumpCookie(c context.Context, cookie *http.Cookie)

DumpCookie logs the details of a single cookie for debugging. Do not log cookies in production as they may contain session or tracking information.

func DumpCookies ¶

func DumpCookies(r *http.Request)

DumpCookies logs all cookies present on the request. Use with caution and never in production if cookies contain private data.

func DumpRequest ¶

func DumpRequest(r *http.Request, withBody bool)

DumpRequest logs the incoming HTTP request at debug level. If withBody is true, the request body is included and closed after logging. This helper should only be used during development as it may expose sensitive data.

func DumpRequestOut ¶

func DumpRequestOut(r *http.Request, withBody bool)

DumpRequestOut logs an outbound client request. If withBody is true the request body is included. Only use in non-production environments as headers or bodies may contain private information.

func DumpResponse ¶

func DumpResponse(c context.Context, r *http.Response)

DumpResponse logs an HTTP response. The response body is left open so callers may still read it and must be closed by the caller. Avoid using this helper in production if the response contains sensitive data.

func Encrypt ¶

func Encrypt(c context.Context, key string, message string) string

Encrypt encrypts message using AES-256-GCM and returns a hex encoded nonce followed by ciphertext. Note: For backward compatibility, this function returns empty string on error and logs the error. New code should check for empty return value.

func Error ¶

func Error(format string, v ...interface{})

Error writes a formatted error message with an "ERROR:" prefix. The prefix helps grep for errors in log files. If ERROR_DATASTORE_ENTITY is set, also stores the error in Datastore.

func ErrorSafe ¶

func ErrorSafe(format string, v ...interface{})

ErrorSafe writes a formatted error message with PII sanitization. This should be used instead of Error when the message might contain PII.

func F2S ¶

func F2S(f float64) (s string)

F2S converts a float64 to a string using fixed notation with eight digits of precision. The returned string is suitable for display or logging purposes.

func Fatal ¶

func Fatal(format string, v ...interface{})

Fatal logs an error message with "FATAL: " prefix and exits the program. This is used for unrecoverable errors during startup or critical failures. The function logs the message and then calls os.Exit(1).

func FirstPart ¶

func FirstPart(s string) string

FirstPart returns the first semi-colon separated component of a string.

func GenerateSecureID ¶

func GenerateSecureID() (string, error)

GenerateSecureID creates a cryptographically secure random identifier Use this for session IDs, cookie IDs, tokens, or any security-sensitive identifier Returns a 64-character hex string (32 bytes of entropy / 256 bits)

func GetBody ¶

func GetBody(r *http.Request) []byte

GetBody reads the entire body from the provided HTTP request and returns it as a byte slice. The caller remains responsible for closing r.Body:

body := GetBody(r)
defer r.Body.Close()

func GetBodyResponse ¶

func GetBodyResponse(r *http.Response) []byte

GetBodyResponse reads the entire body from the given HTTP response and returns it. Always close r.Body after calling this helper:

body := GetBodyResponse(resp)
defer resp.Body.Close()

func GetCSRFToken ¶

func GetCSRFToken(r *http.Request) string

GetCSRFToken returns the CSRF token from the request for template injection This is a convenience wrapper around csrf.GetToken() for use in templates

func GetContent ¶

func GetContent(c context.Context, filename string) (*[]byte, error)

GetContent reads the file named by filename and returns its contents. Any errors encountered are logged and returned.

SECURITY NOTE: This function does NOT validate paths. If accepting user input, use ValidatePath() first to prevent path traversal attacks.

func GetContentByUrl ¶

func GetContentByUrl(c context.Context, url string) ([]byte, error)

func GetCookieID ¶

func GetCookieID(w http.ResponseWriter, r *http.Request) string

GetCookieID retrieves the visitor ID cookie or creates a new one if missing.

The created cookie is secured with the following attributes:

• Path is always set to "/" so the ID is sent for all application routes.
• Expires is 30 days in the future, giving the cookie a one month lifetime.
• HttpOnly is true to prevent JavaScript access.
• Secure is true for production (false for localhost/127.0.0.1) to support local development.
• SameSite is Lax to protect against CSRF while allowing normal navigation.
• Domain is only set when the host is neither localhost nor 127.0.0.1.

func GetServiceAccountClient ¶

func GetServiceAccountClient(c context.Context) *http.Client

func GetSuffix ¶

func GetSuffix(s string, split string) string

GetSuffix returns the portion of a string after the final occurrence of the supplied split delimiter.

func HandleEcho ¶

func HandleEcho(w http.ResponseWriter, r *http.Request)

HandleEcho is an undocumented debug endpoint that echoes the first 255 characters of the request body to the logs and returns a simple response. This is useful for debugging request payloads without storing sensitive data.

Request:

• Method: POST
• Body: Any content (application/json, text/plain, etc.)

Response (200 OK):

{
  "status": "ok"
}

func Hash ¶

func Hash(data string) uint32

func HashIP ¶

func HashIP(ip string) string

HashIP creates a one-way hash of an IP address for privacy-compliant logging This function is used to comply with GDPR/CCPA requirements by not storing plain IP addresses in logs. The hash is consistent for the same IP within a deployment (using the IP_HASH_SALT), allowing for session tracking while protecting user privacy.

func I2S ¶

func I2S(i int64) string

I2S converts an int64 to its decimal string representation. It returns the formatted string for the provided integer.

func Info ¶

func Info(format string, v ...interface{})

Info writes a formatted informational message. A newline is appended to keep log lines consistent.

func InfoSafe ¶

func InfoSafe(format string, v ...interface{})

InfoSafe writes a formatted informational message with PII sanitization. This should be used instead of Info when the message might contain PII.

func InitErrorDatastore ¶

func InitErrorDatastore() error

InitErrorDatastore initializes the error logging datastore client

func IsBot ¶

func IsBot(useragent string) bool

IsBot reports whether the agent is a known crawler. The heuristics rely on the user_agent library and a small list of custom user agents.

func IsCrawler ¶

func IsCrawler(r *http.Request) bool

func IsHacker ¶

func IsHacker(r *http.Request) bool

func IsMobile ¶

func IsMobile(useragent string) bool

IsMobile returns true when the user agent represents a mobile device. It uses the github.com/mssola/user_agent library to parse the UA string.

func IsSpam ¶

func IsSpam(c context.Context, referer string) bool

func IsValidHTTPURL ¶

func IsValidHTTPURL(dest string) bool

IsValidHTTPURL verifies that dest is an absolute HTTP or HTTPS URL.

func Join ¶ added in v1.16.0

func Join(rawBase, path string) string

Join concatenates the provided path with the normalized base URL. The base URL is normalized using NormalizeBase, and the path is joined safely. If the base is empty after normalization, an empty string is returned. If the path is empty, the normalized base is returned.

func Left ¶

func Left(s string, n int) string

Left returns the first n characters of s. If s is shorter than n it returns s unchanged. Example:

prefix := Left("abcdef", 3) // "abc"

func MarkdownToHTML ¶ added in v1.25.0

func MarkdownToHTML(markdown string) (string, error)

MarkdownToHTML converts markdown text to HTML. It uses GitHub Flavored Markdown extensions including tables, strikethrough, auto-linking, and task lists.

func MarkdownToHTMLWithWrapper ¶ added in v1.25.0

func MarkdownToHTMLWithWrapper(markdown string) (string, error)

MarkdownToHTMLWithWrapper converts markdown text to HTML and wraps it in a basic HTML document structure suitable for email. The wrapper includes minimal styling for readability.

func Marshal ¶

func Marshal(c context.Context, value interface{}) string

Marshal returns the JSON encoding of value as a string, logging any error. Example:

jsonStr := Marshal(ctx, data)

func MessageHandler ¶

func MessageHandler(c context.Context, w http.ResponseWriter, message string, redirectUrl string, timeoutSec int64)

MessageHandler renders a minimal HTML page using messagelTemplate. The page displays a message and performs a client-side redirect to redirectUrl after timeoutSec seconds via a meta-refresh tag.

func MonetaryToString ¶

func MonetaryToString(f float64) string

MonetaryToString formats a float as a currency like value with two decimal places.

func NULLIfEmpty ¶

func NULLIfEmpty(x string) string

NULLIfEmpty returns the provided string or the literal "NULL" if the value is empty or represents a NaN marker.

func NormalizeBase ¶ added in v1.16.0

func NormalizeBase(raw string) string

NormalizeBase returns a sanitized base URL with scheme and no trailing slash. If the input is empty, an empty string is returned. If the input lacks an http:// or https:// prefix, https:// is added.

func NumberToString ¶

func NumberToString(n int, sep rune) string

http://stackoverflow.com/questions/13020308/how-to-fmt-printf-an-integer-with-thousands-comma NumberToString formats an integer with a thousands separator. The separator rune is inserted every three digits.

func ReadJSON ¶

func ReadJSON(b []byte, d interface{}) error

ReadJSON unmarshals the JSON byte slice into the destination value. Example:

var out MyStruct
if err := ReadJSON(data, &out); err != nil { ... }

func ReadXML ¶

func ReadXML(b []byte, d interface{}) error

ReadXML unmarshals the provided XML bytes into the destination structure. Example:

var out MyStruct
if err := ReadXML(data, &out); err != nil { ... }

func Reverse ¶

func Reverse(s string) string

Reverse returns the string with its characters in reverse order.

func Round ¶

func Round(num float64, precision int) float64

Round rounds a float to the given precision using round. Negative numbers are handled correctly thanks to math.Copysign in round.

func S2B ¶

func S2B(s string) []byte

S2B converts a string to a byte slice. It returns the byte representation of the string.

func S2F ¶

func S2F(s string) float64

S2F parses a float value from the provided string. It returns the parsed number or 0 if the string cannot be interpreted as a number.

func S2I ¶

func S2I(s string) int64

S2I converts a string to an int64. If parsing fails the returned value is 0.

func SanitizeMessage ¶

func SanitizeMessage(message string) string

SanitizeMessage applies PII sanitization to a message. This can be used to sanitize messages before logging them.

func SecureHash ¶

func SecureHash(data string) string

SecureHash generates a SHA-256 hash of the input string Use this for hashing non-secret data where integrity matters (e.g., asset versioning) For secret data, use HMAC or password hashing functions like bcrypt

func SecurityHeadersMiddleware ¶

func SecurityHeadersMiddleware(next http.Handler) http.Handler

SecurityHeadersMiddleware adds security headers to all HTTP responses This middleware should be applied to all HTTP handlers to protect against common web vulnerabilities including XSS, clickjacking, and MIME-sniffing attacks.

Headers set:

• X-Frame-Options: DENY (prevents clickjacking)
• X-Content-Type-Options: nosniff (prevents MIME-sniffing)
• X-XSS-Protection: 1; mode=block (legacy XSS protection)
• Content-Security-Policy: restricts resource loading (configurable via env)
• Referrer-Policy: strict-origin-when-cross-origin (controls referrer info)
• Strict-Transport-Security: enforces HTTPS (when using HTTPS)
• Permissions-Policy: restricts browser features

Usage:

mux := http.NewServeMux()
mux.HandleFunc("/", homeHandler)
secureHandler := common.SecurityHeadersMiddleware(mux)
http.ListenAndServe(":8080", secureHandler)

func SetPIIProtection ¶

func SetPIIProtection(enabled bool)

SetPIIProtection enables or disables PII protection globally

func StringInSlice ¶

func StringInSlice(a string, list []string) bool

StringInSlice reports whether the string a exists in list.

func TS ¶

func TS(unixTime int64) (timeFormated string)

TS converts a Unix timestamp in milliseconds to an ANSI formatted time string.

func ToNumber ¶

func ToNumber(s string) (bool, float64)

ToNumber attempts to parse the provided string as either a float64 or an integer. The first return value indicates success and the second contains the parsed number. When parsing fails for both float and int, the function returns false and 0.

func ToSQLString ¶

func ToSQLString(x interface{}) string

ToSQLString converts an arbitrary value to a string using ToString and then escapes single quotes so the result can be embedded safely in SQL queries.

func ToString ¶

func ToString(x interface{}) string

ToString converts a variety of primitive types to their string representation. Supported types are int, int64, float64 and string. For any other type fmt.Sprint is used. Nil values return an empty string.

func Trunc500 ¶

func Trunc500(s string) string

Trunc500 truncates a string to a maximum length of 500 characters.

func UnmarshalRequest ¶

func UnmarshalRequest(c context.Context, r *http.Request, value interface{}) error

UnmarshalRequest reads the HTTP request body and decodes the JSON payload into value. Example:

var in MyStruct
if err := UnmarshalRequest(ctx, r, &in); err != nil { ... }

func UnmarshalResponse ¶

func UnmarshalResponse(c context.Context, resp *http.Response, value interface{}) error

UnmarshalResponse dumps the response to the debug log, reads the body and unmarshals JSON into value. Example:

var out MyStruct
if err := UnmarshalResponse(ctx, resp, &out); err != nil { ... }

func ValidatePath ¶

func ValidatePath(basePath, userPath string) (string, error)

ValidatePath validates that a user-provided path is safe and within basePath Returns the absolute, validated path or an error if validation fails This function prevents path traversal attacks by:

1. Cleaning the path (removes .., resolves ./, etc.)
2. Rejecting paths containing .. after cleaning
3. Rejecting absolute paths in user input
4. Ensuring the final path is within the base directory
5. Handling symlinks securely

func Warn ¶

func Warn(format string, v ...interface{})

Warn writes a formatted warning message with an "WARNING:" prefix. The prefix helps grep for warnings in log files.

func WarnSafe ¶

func WarnSafe(format string, v ...interface{})

WarnSafe writes a formatted warning message with PII sanitization. This should be used instead of Warn when the message might contain PII.

func WriteJSON ¶

func WriteJSON(w http.ResponseWriter, d interface{}) error

WriteJSON marshals d to JSON and writes it to the response writer. Example:

_ = WriteJSON(w, data)

func WriteJSONWithStatus ¶

func WriteJSONWithStatus(w http.ResponseWriter, statusCode int, d interface{}) error

func WriteXML ¶

func WriteXML(w http.ResponseWriter, d interface{}, withHeader bool) error

WriteXML writes d to the http.ResponseWriter as XML. If withHeader is true the standard XML header is included. Example:

_ = WriteXML(w, data, true)