feat(observability): #360 remove umami to reduce complexity
This commit is contained in:
@@ -9,7 +9,7 @@ stackFAST includes everything you need to build your App. Focus yourself on deve
|
||||
|
||||
The blueprint contains the following features:
|
||||
- Authentication: Users can login, logout, register and reset their password. For increased security TOTP is available aswell.
|
||||
- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone. For web analytics umami is included, which is an lighweight self hosted alternative to google analytics.
|
||||
- Observability: The stack contains an Grafana+Prometheus instance for basic monitoring. You are able to add alerts and get notified on your phone.
|
||||
- Mail: You are able to send mail with SMTP. You still need an external Mail Server, but a guide on how to set that up with a custom domain is included.
|
||||
- SSL: This is included by using traefik as reverse proxy. It handles SSL certificates automatically. Furthermore all services are accessible through subdomains. Best thing is, you can add your more with 3 lines of code
|
||||
- Actual Stack: SSG SvelteKit + Tailwindcss + DaisyUI + GO Backend for easy and fast feature development
|
||||
|
||||
@@ -15,14 +15,14 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
|
||||
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
|
||||
w.Header().Set("Content-Security-Policy",
|
||||
"default-src 'none'; "+
|
||||
"script-src 'self' https://umami.me-fit.eu; "+
|
||||
"connect-src 'self' https://umami.me-fit.eu; "+
|
||||
"script-src 'self'; "+
|
||||
"connect-src 'self'; "+
|
||||
"img-src 'self'; "+
|
||||
"style-src 'self'; "+
|
||||
"form-action 'self'; "+
|
||||
"frame-ancestors 'none'; ",
|
||||
)
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-site") // same-site, as same origin prohibits umami
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
|
||||
w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=(), interest-cohort=()")
|
||||
|
||||
@@ -12,13 +12,10 @@ import (
|
||||
)
|
||||
|
||||
type Render struct {
|
||||
settings *types.Settings
|
||||
}
|
||||
|
||||
func NewRender(settings *types.Settings) *Render {
|
||||
return &Render{
|
||||
settings: settings,
|
||||
}
|
||||
func NewRender() *Render {
|
||||
return &Render{}
|
||||
}
|
||||
|
||||
func (render *Render) RenderWithStatus(r *http.Request, w http.ResponseWriter, comp templ.Component, status int) {
|
||||
@@ -41,7 +38,7 @@ func (render *Render) RenderLayout(r *http.Request, w http.ResponseWriter, slot
|
||||
|
||||
func (render *Render) RenderLayoutWithStatus(r *http.Request, w http.ResponseWriter, slot templ.Component, user *types.User, status int) {
|
||||
userComp := render.getUserComp(user)
|
||||
layout := template.Layout(slot, userComp, render.settings.Environment)
|
||||
layout := template.Layout(slot, userComp)
|
||||
|
||||
render.RenderWithStatus(r, w, layout, status)
|
||||
}
|
||||
|
||||
2
main.go
2
main.go
@@ -113,7 +113,7 @@ func createHandler(d *sql.DB, serverSettings *types.Settings) http.Handler {
|
||||
authService := service.NewAuthImpl(authDb, randomService, clockService, mailService, serverSettings)
|
||||
workoutService := service.NewWorkoutImpl(workoutDb, randomService, clockService, mailService, serverSettings)
|
||||
|
||||
render := handler.NewRender(serverSettings)
|
||||
render := handler.NewRender()
|
||||
indexHandler := handler.NewIndex(authService, render)
|
||||
authHandler := handler.NewAuth(authService, render)
|
||||
workoutHandler := handler.NewWorkout(workoutService, authService, render)
|
||||
|
||||
@@ -82,15 +82,15 @@ func TestIntegrationSecurityHeader(t *testing.T) {
|
||||
|
||||
value = resp.Header.Get("Content-Security-Policy")
|
||||
assert.Equal(t, "default-src 'none'; "+
|
||||
"script-src 'self' https://umami.me-fit.eu; "+
|
||||
"connect-src 'self' https://umami.me-fit.eu; "+
|
||||
"script-src 'self'; "+
|
||||
"connect-src 'self'; "+
|
||||
"img-src 'self'; "+
|
||||
"style-src 'self'; "+
|
||||
"form-action 'self'; "+
|
||||
"frame-ancestors 'none';", value)
|
||||
|
||||
value = resp.Header.Get("Cross-Origin-Resource-Policy")
|
||||
assert.Equal(t, "same-site", value)
|
||||
assert.Equal(t, "same-origin", value)
|
||||
|
||||
value = resp.Header.Get("Cross-Origin-Opener-Policy")
|
||||
assert.Equal(t, "same-origin", value)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package template
|
||||
|
||||
templ Layout(slot templ.Component, user templ.Component, environment string) {
|
||||
templ Layout(slot templ.Component, user templ.Component) {
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
@@ -10,9 +10,6 @@ templ Layout(slot templ.Component, user templ.Component, environment string) {
|
||||
<link rel="icon" href="/static/favicon.svg" />
|
||||
<link rel="stylesheet" href="/static/css/tailwind.css" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
if environment == "prod" {
|
||||
<script defer src="https://umami.me-fit.eu/script.js" data-website-id="3c8efb09-44e4-4372-8a1e-c3bc675cd89a"></script>
|
||||
}
|
||||
<meta name="htmx-config" content='{
|
||||
"includeIndicatorStyles": false,
|
||||
"selfRequestsOnly": true,
|
||||
|
||||
Reference in New Issue
Block a user