mirror of https://github.com/0xERR0R/blocky.git
refactor(server): move middleware setup to `httpServer`
This commit is contained in:
parent
35b1c16878
commit
36d443728d
|
@ -5,6 +5,9 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/go-chi/chi/v5"
|
||||||
|
"github.com/go-chi/cors"
|
||||||
)
|
)
|
||||||
|
|
||||||
type httpServer struct {
|
type httpServer struct {
|
||||||
|
@ -26,7 +29,7 @@ func newHTTPServer(name string, handler http.Handler) *httpServer {
|
||||||
ReadHeaderTimeout: readHeaderTimeout,
|
ReadHeaderTimeout: readHeaderTimeout,
|
||||||
WriteTimeout: writeTimeout,
|
WriteTimeout: writeTimeout,
|
||||||
|
|
||||||
Handler: handler,
|
Handler: withCommonMiddleware(handler),
|
||||||
},
|
},
|
||||||
|
|
||||||
name: name,
|
name: name,
|
||||||
|
@ -46,3 +49,48 @@ func (s *httpServer) Serve(ctx context.Context, l net.Listener) error {
|
||||||
|
|
||||||
return s.inner.Serve(l)
|
return s.inner.Serve(l)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func withCommonMiddleware(inner http.Handler) *chi.Mux {
|
||||||
|
// Middleware must be defined before routes, so
|
||||||
|
// create a new router and mount the inner handler
|
||||||
|
mux := chi.NewMux()
|
||||||
|
|
||||||
|
mux.Use(
|
||||||
|
secureHeadersMiddleware,
|
||||||
|
newCORSMiddleware(),
|
||||||
|
)
|
||||||
|
|
||||||
|
mux.Mount("/", inner)
|
||||||
|
|
||||||
|
return mux
|
||||||
|
}
|
||||||
|
|
||||||
|
type httpMiddleware = func(http.Handler) http.Handler
|
||||||
|
|
||||||
|
func secureHeadersMiddleware(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if r.TLS != nil {
|
||||||
|
w.Header().Set("strict-transport-security", "max-age=63072000")
|
||||||
|
w.Header().Set("x-frame-options", "DENY")
|
||||||
|
w.Header().Set("x-content-type-options", "nosniff")
|
||||||
|
w.Header().Set("x-xss-protection", "1; mode=block")
|
||||||
|
}
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func newCORSMiddleware() httpMiddleware {
|
||||||
|
const corsMaxAge = 5 * time.Minute
|
||||||
|
|
||||||
|
options := cors.Options{
|
||||||
|
AllowCredentials: true,
|
||||||
|
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
|
||||||
|
AllowedMethods: []string{"GET", "POST"},
|
||||||
|
AllowedOrigins: []string{"*"},
|
||||||
|
ExposedHeaders: []string{"Link"},
|
||||||
|
MaxAge: int(corsMaxAge.Seconds()),
|
||||||
|
}
|
||||||
|
|
||||||
|
return cors.New(options).Handler
|
||||||
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/0xERR0R/blocky/metrics"
|
"github.com/0xERR0R/blocky/metrics"
|
||||||
"github.com/0xERR0R/blocky/resolver"
|
"github.com/0xERR0R/blocky/resolver"
|
||||||
|
@ -23,7 +22,6 @@ import (
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
"github.com/go-chi/chi/v5/middleware"
|
"github.com/go-chi/chi/v5/middleware"
|
||||||
"github.com/go-chi/cors"
|
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -33,22 +31,8 @@ const (
|
||||||
dnsContentType = "application/dns-message"
|
dnsContentType = "application/dns-message"
|
||||||
htmlContentType = "text/html; charset=UTF-8"
|
htmlContentType = "text/html; charset=UTF-8"
|
||||||
yamlContentType = "text/yaml"
|
yamlContentType = "text/yaml"
|
||||||
corsMaxAge = 5 * time.Minute
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func secureHeader(next http.Handler) http.Handler {
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
if r.TLS != nil {
|
|
||||||
w.Header().Set("strict-transport-security", "max-age=63072000")
|
|
||||||
w.Header().Set("x-frame-options", "DENY")
|
|
||||||
w.Header().Set("x-content-type-options", "nosniff")
|
|
||||||
w.Header().Set("x-xss-protection", "1; mode=block")
|
|
||||||
}
|
|
||||||
|
|
||||||
next.ServeHTTP(w, r)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) createOpenAPIInterfaceImpl() (impl api.StrictServerInterface, err error) {
|
func (s *Server) createOpenAPIInterfaceImpl() (impl api.StrictServerInterface, err error) {
|
||||||
bControl, err := resolver.GetFromChainWithType[api.BlockingControl](s.queryResolver)
|
bControl, err := resolver.GetFromChainWithType[api.BlockingControl](s.queryResolver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -175,10 +159,6 @@ func (s *Server) Query(
|
||||||
func createHTTPRouter(cfg *config.Config, openAPIImpl api.StrictServerInterface) *chi.Mux {
|
func createHTTPRouter(cfg *config.Config, openAPIImpl api.StrictServerInterface) *chi.Mux {
|
||||||
router := chi.NewRouter()
|
router := chi.NewRouter()
|
||||||
|
|
||||||
configureSecureHeaderHandler(router)
|
|
||||||
|
|
||||||
configureCorsHandler(router)
|
|
||||||
|
|
||||||
api.RegisterOpenAPIEndpoints(router, openAPIImpl)
|
api.RegisterOpenAPIEndpoints(router, openAPIImpl)
|
||||||
|
|
||||||
configureDebugHandler(router)
|
configureDebugHandler(router)
|
||||||
|
@ -265,22 +245,6 @@ func logAndResponseWithError(err error, message string, writer http.ResponseWrit
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureSecureHeaderHandler(router *chi.Mux) {
|
|
||||||
router.Use(secureHeader)
|
|
||||||
}
|
|
||||||
|
|
||||||
func configureDebugHandler(router *chi.Mux) {
|
func configureDebugHandler(router *chi.Mux) {
|
||||||
router.Mount("/debug", middleware.Profiler())
|
router.Mount("/debug", middleware.Profiler())
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureCorsHandler(router *chi.Mux) {
|
|
||||||
crs := cors.New(cors.Options{
|
|
||||||
AllowedOrigins: []string{"*"},
|
|
||||||
AllowedMethods: []string{"GET", "POST"},
|
|
||||||
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
|
|
||||||
ExposedHeaders: []string{"Link"},
|
|
||||||
AllowCredentials: true,
|
|
||||||
MaxAge: int(corsMaxAge.Seconds()),
|
|
||||||
})
|
|
||||||
router.Use(crs.Handler)
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue