Server and Extension Points
aah framework uses an enhanced version of forge syntax (very similar to HOCON syntax) for application, route, project, security and i18n config files, etc.
- Environment profiles are supported. For e.g: dev, qa, prod, etc.
- Organize your config files as you need, you can always add
URL Routing and Reverse Route
- Customized version of High performance httprouter.
- Flexible routes configuration for application, static files and namespace/group.
- Supports Domains and Sub-domains. Since v0.6 Wildcard subdomain supported. Refer to tutorial.
- Flexible reverse route URL by
- Access root domain and subdomain reverse routes easily from view templates and application codebase.
- Adding Controllers with or without sub-package names for routes. So
v2, sub-packages are possible.
- Redirect Trailing Slash, Auto Options, and Method Not Allowed.
- Custom Not Found handling via Centralized Error Handler.
- Max Body Size configuration at route level and global level.
Request Parameters - Auto Parse and Bind
aah provides very flexible way to auto parse and bind request values into appropriate Go data types. It supports following:
- Bind any
Query into controller action parameters.
XML request body into
- Bind any
Query into controller action
- Bind any
Query into nested
. notation convention.
- Bind supports bind of pointer and non-pointer target.
- And you can also do combinations of above options
- You can added your own custom Value Parser by Type
Security - Authentication and Authorization
- aah framework focus on flexible and powerful security implementation, easy to use and understand, it was inspired by Shiro security library. You can design your application secure, stable with authentication, authorization and session management.
- Exposes clean and intuitive API that simplifies the developer’s effort to make their application secure.
- Terminology - Security can be really confusing because of the terminology used. To make life easier by clarifying some core concepts, so you understand how they’re reflected in the aah framework. Refer to security terminology.
- aah security design goals to simplify application security by being intuitive and easy to use. Refer to security design details.
- Highlights - Authentication, Authorization, Session Management
- Very flexible, you can implement Role based or Permission based or Role and Permissions based secured application.
- Out-of-the-box aah framework supports following auth schemes -
Basic Auth and
- You can define one or more
Auth Scheme for your application and can be mapped per route basis.
Security - Session Management
- aah framework provides
stateless HTTP state management. Default is
stateless. It is perfect fit for Web and API application, refer to security configuration.
- Session data is Signed using HMAC and Encrypted using AES.
file session store is supported.
- You can easily add your own session store.
Security - Anti-CSRF
Since v0.9 aah provides automatic Anti-CSRF (Cross Site Request Forgery) protection for the aah web application. It protects all the HTML forms on the page. Anti-CSRF protection is enabled by default, refer to documentation.
- Go view engine with partial inheritance support (Default engine).
- Multiple view layouts for your unique use case.
- Framework provided template funcs, Plus you can add your own easily.
- Custom template delimiter for templates.
- You can add your own view engine into the framework, refer here.
- Since v0.6 You can use without layout too and take full-control of directory structure
pages/* along with view rendering via
i18n Internalization and Localization
- Message files (aka Translation) supported with
Language ID + Region ID or
- Language ID follows the two-letter
ISO 639-1 standard.
- Region ID follows the two-letter
ISO 3166-1 standard.
- Default fallback
i18n.default if requested
Locale is not found.
- Messages are accessible from View template files, controller as well as anywhere in the application codebase.
- Organize your message files with sub-directories as you like.
- Zero coding efforts on localizing your application via header
Accept-Language, by URL Query Parameter or by Path Parameter.
aah provides application secure headers with many safe defaults for Web and RESTful API application. Know more about configuration.
- Strict-Transport-Security (STS, aka HSTS)
- Content-Security-Policy (CSP)
- Public-Key-Pins (PKP, aka HPKP)
- Simple, efficient and chained Reply builder to compose your response.
- Supports rich reply types
Redirect, Custom Render, etc.
Simple and efficient Event Publisher with Asynchronous and Synchronous publish.
- aah Server extension points built around event publisher.
- Supports Publish Once mode too.
Content negotiation feature is used to place
MIME type restriction on HTTP header
Accept for your REST API application. Some cases useful for web application too.
How to configure one, refer to documentation.
Centralized Error Handling
Since v0.8 aah provides centralized error handling for your application.
- Framework utilizes this error handler across for all the HTTP error responses. Refer to documentation.
- Framework propagates all Error responses to Centralized Error Handler, you can control and customized the response.
Static File Delivery
aah framework supports flexible and easy to use and configure static file delivery.
- Serves directory and it’s subtree files.
- Serves individual files.
- Directory listing.
- Since v0.6 Static files
Cache-Control by mime types and default one. It gets applied only to
prod environment profile. Refer to documentation.
- Since v0.7 Cache Busting using file name. Refer to documentation.
- All capabilities of
- Simple to use log library and it’s configuration.
- Supported Log
- You can create multiple log instances besides the default one.
File receivers are supported, use
Hook for exporting your log to systems like splunk, kibana, etc.
File receiver supports
daily log rotation, etc.
- Define your custom log message format (text, json) in the config.
- Since v0.6 you can bind standard Go logger enabled libraries with aah logger (
log.ToGoLogger()), unified log at one place.
- Since v0.7 supports logger
- Since v0.6 Framework provides HTML minify feature, refer to minify tutorial.
- HTML minify gets applied only to
prod environment profile.
Easy to use Application Binary
- Easy to build and deploy aah application binary.
- Cross compile build is supported (aah is only recognizes cross compile build request and setting the appropriate values, Go lang does the rest for you).
aah helps to increase your productivity, the framework’s essentials library provides a lot of useful helper/util methods in the following areas:
- GUID (Globally Unique Identifier)
- Crypto random string, Math random string, random byte generation at fixed length
- archive (zip)
Refer to godoc.
Hot-Reload for Development
- Since v0.7 aah provides Hot-Reload for Development purpose.
- Fire the
aah run and forget the terminal. You can focus on your code and refresh the browser to see your changes.
- Still lot of improvements can come-in; in-terms of formatted error display, watch files optimization, etc. So keep me posted on your issues. Gradually I will bring improvements :)
Spread the word of
aah, the web framework for Go. Thank you!