70 lines
2 KiB
Go
70 lines
2 KiB
Go
|
package utils
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"net/http"
|
||
|
"time"
|
||
|
)
|
||
|
|
||
|
// https://github.com/go-chi/chi/blob/master/middleware/timeout.go
|
||
|
|
||
|
func MiddlewareTimeout(timeout time.Duration) func(next http.Handler) http.Handler {
|
||
|
return func(next http.Handler) http.Handler {
|
||
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
||
|
ctx, cancel := context.WithTimeout(r.Context(), timeout)
|
||
|
defer func() {
|
||
|
cancel()
|
||
|
if ctx.Err() == context.DeadlineExceeded {
|
||
|
Error("Request Timeout. Cancelling.", ctx.Err())
|
||
|
HTTPError(w, "Gateway Timeout",
|
||
|
http.StatusGatewayTimeout, "HTTP002")
|
||
|
return
|
||
|
}
|
||
|
}()
|
||
|
|
||
|
r = r.WithContext(ctx)
|
||
|
next.ServeHTTP(w, r)
|
||
|
}
|
||
|
return http.HandlerFunc(fn)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func SetSecurityHeaders(next http.Handler) http.Handler {
|
||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
if(IsHTTPS) {
|
||
|
// TODO: Add preload if we have a valid certificate
|
||
|
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
|
||
|
}
|
||
|
|
||
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||
|
w.Header().Set("X-Frame-Options", "DENY")
|
||
|
w.Header().Set("X-XSS-Protection", "1; mode=block")
|
||
|
// w.Header().Set("Referrer-Policy", "no-referrer")
|
||
|
|
||
|
next.ServeHTTP(w, r)
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func CORSHeader(origin string) func(next http.Handler) http.Handler {
|
||
|
return func(next http.Handler) http.Handler {
|
||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
w.Header().Set("Access-Control-Allow-Origin", origin)
|
||
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
||
|
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||
|
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
||
|
|
||
|
next.ServeHTTP(w, r)
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func AcceptHeader(accept string) func(next http.Handler) http.Handler {
|
||
|
return func(next http.Handler) http.Handler {
|
||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
w.Header().Set("Content-Type", accept)
|
||
|
|
||
|
next.ServeHTTP(w, r)
|
||
|
})
|
||
|
}
|
||
|
}
|