From 317a2edc051a64bfc0a24e7cac860c7635985d3f Mon Sep 17 00:00:00 2001
From: VnPower <vnpower@disroot.org>
Date: Mon, 19 Jun 2023 14:58:36 +0700
Subject: [PATCH] Feature: added a lot of security-related middlewares

---
 main.go                  | 12 +++++++++++-
 template/layout.jet.html |  1 -
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 3985563..2b5711d 100644
--- a/main.go
+++ b/main.go
@@ -1,16 +1,18 @@
 package main
 
 import (
-	"fmt"
 	"net"
 	"pixivfe/configs"
 	"pixivfe/handler"
 	"pixivfe/views"
 	"strings"
+	"time"
 
 	"github.com/goccy/go-json"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cache"
+	"github.com/gofiber/fiber/v2/middleware/csrf"
+	"github.com/gofiber/fiber/v2/middleware/helmet"
 	"github.com/gofiber/fiber/v2/middleware/logger"
 	"github.com/gofiber/fiber/v2/utils"
 	"github.com/gofiber/template/jet/v2"
@@ -40,6 +42,14 @@ func setupRouter() *fiber.App {
 			},
 		},
 	))
+	server.Use(helmet.New())
+	server.Use(csrf.New(csrf.Config{
+		KeyLookup:      "header:X-Csrf-Token", // string in the form of '<source>:<key>' that is used to extract token from the request
+		CookieName:     "my_csrf_",            // name of the session cookie
+		CookieSameSite: "Strict",              // indicates if CSRF cookie is requested by SameSite
+		Expiration:     3 * time.Hour,         // expiration is the duration before CSRF token will expire
+		KeyGenerator:   utils.UUID,            // creates a new CSRF token
+	}))
 
 	// Static files
 	server.Static("/favicon.ico", "./template/favicon.ico")
diff --git a/template/layout.jet.html b/template/layout.jet.html
index 12f5055..66f30ea 100644
--- a/template/layout.jet.html
+++ b/template/layout.jet.html
@@ -39,7 +39,6 @@
 
                 <a href="/" class="navbar-brand">
                     <img src="/favicon.ico" alt="PixivFE's logo" />
-                    <b>{{ OriginalURL }}</b>
                 </a>
             </li>
             <li class="navbar-item search-bar">