fix: move middleware to handlers, as it belongs there
This commit was merged in pull request #298.
This commit is contained in:
29
handler/middleware/content_security_policiy.go
Normal file
29
handler/middleware/content_security_policiy.go
Normal file
@@ -0,0 +1,29 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
||||
|
||||
values := map[string]string{
|
||||
"default-src": "'none'",
|
||||
"script-src": "'self' https://umami.me-fit.eu",
|
||||
"connect-src": "'self' https://umami.me-fit.eu",
|
||||
"img-src": "'self'",
|
||||
"style-src": "'self'",
|
||||
"form-action": "'self'",
|
||||
"frame-ancestors": "'none'",
|
||||
}
|
||||
|
||||
var headerValue string
|
||||
for key, value := range values {
|
||||
headerValue += key + " " + value + "; "
|
||||
}
|
||||
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
|
||||
// because if the response writer get's closed, the headers can't be set anymore
|
||||
w.Header().Set("Content-Security-Policy", headerValue)
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
13
handler/middleware/coop.go
Normal file
13
handler/middleware/coop.go
Normal file
@@ -0,0 +1,13 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func Coop(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
13
handler/middleware/corp.go
Normal file
13
handler/middleware/corp.go
Normal file
@@ -0,0 +1,13 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func Corp(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
23
handler/middleware/cors.go
Normal file
23
handler/middleware/cors.go
Normal file
@@ -0,0 +1,23 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"me-fit/types"
|
||||
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func Cors(serverSettings *types.ServerSettings) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Access-Control-Allow-Origin", serverSettings.BaseUrl)
|
||||
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
|
||||
|
||||
if r.Method == "OPTIONS" {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
}
|
||||
47
handler/middleware/logger.go
Normal file
47
handler/middleware/logger.go
Normal file
@@ -0,0 +1,47 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"me-fit/log"
|
||||
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
)
|
||||
|
||||
var (
|
||||
metrics = promauto.NewCounterVec(
|
||||
prometheus.CounterOpts{
|
||||
Name: "mefit_request_total",
|
||||
Help: "The total number of requests processed",
|
||||
},
|
||||
[]string{"path", "method", "status"},
|
||||
)
|
||||
)
|
||||
|
||||
type WrappedWriter struct {
|
||||
http.ResponseWriter
|
||||
StatusCode int
|
||||
}
|
||||
|
||||
func (w *WrappedWriter) WriteHeader(code int) {
|
||||
w.ResponseWriter.WriteHeader(code)
|
||||
w.StatusCode = code
|
||||
}
|
||||
|
||||
func Log(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
start := time.Now()
|
||||
|
||||
wrapped := &WrappedWriter{
|
||||
ResponseWriter: w,
|
||||
StatusCode: http.StatusOK,
|
||||
}
|
||||
next.ServeHTTP(wrapped, r)
|
||||
|
||||
log.Info(r.RemoteAddr + " " + strconv.Itoa(wrapped.StatusCode) + " " + r.Method + " " + r.URL.Path + " " + time.Since(start).String())
|
||||
metrics.WithLabelValues(r.URL.Path, r.Method, http.StatusText(wrapped.StatusCode)).Inc()
|
||||
})
|
||||
}
|
||||
13
handler/middleware/wrapper.go
Normal file
13
handler/middleware/wrapper.go
Normal file
@@ -0,0 +1,13 @@
|
||||
package middleware
|
||||
|
||||
import "net/http"
|
||||
|
||||
func Wrapper(next http.Handler, handlers ...func(http.Handler) http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
lastHandler := next
|
||||
for i := len(handlers) - 1; i >= 0; i-- {
|
||||
lastHandler = handlers[i](lastHandler)
|
||||
}
|
||||
lastHandler.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user