Cosmos-Server/src/utils/middleware.go

package utils

import (
	"context"
	"net/http"
	"time"
)

// https://github.com/go-chi/chi/blob/master/middleware/timeout.go

func MiddlewareTimeout(timeout time.Duration) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		fn := func(w http.ResponseWriter, r *http.Request) {
			ctx, cancel := context.WithTimeout(r.Context(), timeout)
			defer func() {
				cancel()
				if ctx.Err() == context.DeadlineExceeded {
					Error("Request Timeout. Cancelling.", ctx.Err())
					HTTPError(w, "Gateway Timeout", 
						http.StatusGatewayTimeout, "HTTP002")
					return 
				}
			}()

			r = r.WithContext(ctx)
			next.ServeHTTP(w, r)
		}
		return http.HandlerFunc(fn)
	}
}

func SetSecurityHeaders(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if(IsHTTPS) {
			// TODO: Add preload if we have a valid certificate
			w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
		}
	
		w.Header().Set("X-Content-Type-Options", "nosniff")
		w.Header().Set("X-Frame-Options", "DENY")
		w.Header().Set("X-XSS-Protection", "1; mode=block")
		// w.Header().Set("Referrer-Policy", "no-referrer")

		next.ServeHTTP(w, r)
	})
}

func CORSHeader(origin string) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.Header().Set("Access-Control-Allow-Origin", origin)
			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
			w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
			w.Header().Set("Access-Control-Allow-Credentials", "true")

			next.ServeHTTP(w, r)
		})
	}
}

func AcceptHeader(accept string) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.Header().Set("Content-Type", accept)

			next.ServeHTTP(w, r)
		})
	}
}
Wrote user management 2023-03-10 20:59:56 +00:00			`package utils`

			`import (`
			`"context"`
			`"net/http"`
			`"time"`
			`)`

			`// https://github.com/go-chi/chi/blob/master/middleware/timeout.go`

			`func MiddlewareTimeout(timeout time.Duration) func(next http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
			`ctx, cancel := context.WithTimeout(r.Context(), timeout)`
			`defer func() {`
			`cancel()`
			`if ctx.Err() == context.DeadlineExceeded {`
			`Error("Request Timeout. Cancelling.", ctx.Err())`
			`HTTPError(w, "Gateway Timeout",`
			`http.StatusGatewayTimeout, "HTTP002")`
			`return`
			`}`
			`}()`

			`r = r.WithContext(ctx)`
			`next.ServeHTTP(w, r)`
			`}`
			`return http.HandlerFunc(fn)`
			`}`
			`}`

			`func SetSecurityHeaders(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if(IsHTTPS) {`
			`// TODO: Add preload if we have a valid certificate`
			`w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")`
			`}`

			`w.Header().Set("X-Content-Type-Options", "nosniff")`
			`w.Header().Set("X-Frame-Options", "DENY")`
			`w.Header().Set("X-XSS-Protection", "1; mode=block")`
			`// w.Header().Set("Referrer-Policy", "no-referrer")`

			`next.ServeHTTP(w, r)`
			`})`
			`}`

			`func CORSHeader(origin string) func(next http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`w.Header().Set("Access-Control-Allow-Origin", origin)`
			`w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")`
			`w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")`
			`w.Header().Set("Access-Control-Allow-Credentials", "true")`

			`next.ServeHTTP(w, r)`
			`})`
			`}`
			`}`

			`func AcceptHeader(accept string) func(next http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`w.Header().Set("Content-Type", accept)`

			`next.ServeHTTP(w, r)`
			`})`
			`}`
			`}`