Feature: added a lot of security-related middlewares

main.go

@@ -1,16 +1,18 @@
 package main
 
 import (
-	"fmt"
 	"net"
 	"pixivfe/configs"
 	"pixivfe/handler"
 	"pixivfe/views"
 	"strings"
+	"time"
 
 	"github.com/goccy/go-json"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cache"
+	"github.com/gofiber/fiber/v2/middleware/csrf"
+	"github.com/gofiber/fiber/v2/middleware/helmet"
 	"github.com/gofiber/fiber/v2/middleware/logger"
 	"github.com/gofiber/fiber/v2/utils"
 	"github.com/gofiber/template/jet/v2"
@@ -40,6 +42,14 @@ func setupRouter() *fiber.App {
 			},
 		},
 	))
+	server.Use(helmet.New())
+	server.Use(csrf.New(csrf.Config{
+		KeyLookup:      "header:X-Csrf-Token", // string in the form of '<source>:<key>' that is used to extract token from the request
+		CookieName:     "my_csrf_",            // name of the session cookie
+		CookieSameSite: "Strict",              // indicates if CSRF cookie is requested by SameSite
+		Expiration:     3 * time.Hour,         // expiration is the duration before CSRF token will expire
+		KeyGenerator:   utils.UUID,            // creates a new CSRF token
+	}))
 
 	// Static files
 	server.Static("/favicon.ico", "./template/favicon.ico")

template/layout.jet.html

@@ -39,7 +39,6 @@
 
                 <a href="/" class="navbar-brand">
                     <img src="/favicon.ico" alt="PixivFE's logo" />
-                    <b>{{ OriginalURL }}</b>
                 </a>
             </li>
             <li class="navbar-item search-bar">