Feature: added a lot of security-related middlewares
This commit is contained in:
parent
4be289b876
commit
317a2edc05
2 changed files with 11 additions and 2 deletions
12
main.go
12
main.go
|
@ -1,16 +1,18 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"pixivfe/configs"
|
||||
"pixivfe/handler"
|
||||
"pixivfe/views"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/goccy/go-json"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
"github.com/gofiber/fiber/v2/middleware/cache"
|
||||
"github.com/gofiber/fiber/v2/middleware/csrf"
|
||||
"github.com/gofiber/fiber/v2/middleware/helmet"
|
||||
"github.com/gofiber/fiber/v2/middleware/logger"
|
||||
"github.com/gofiber/fiber/v2/utils"
|
||||
"github.com/gofiber/template/jet/v2"
|
||||
|
@ -40,6 +42,14 @@ func setupRouter() *fiber.App {
|
|||
},
|
||||
},
|
||||
))
|
||||
server.Use(helmet.New())
|
||||
server.Use(csrf.New(csrf.Config{
|
||||
KeyLookup: "header:X-Csrf-Token", // string in the form of '<source>:<key>' that is used to extract token from the request
|
||||
CookieName: "my_csrf_", // name of the session cookie
|
||||
CookieSameSite: "Strict", // indicates if CSRF cookie is requested by SameSite
|
||||
Expiration: 3 * time.Hour, // expiration is the duration before CSRF token will expire
|
||||
KeyGenerator: utils.UUID, // creates a new CSRF token
|
||||
}))
|
||||
|
||||
// Static files
|
||||
server.Static("/favicon.ico", "./template/favicon.ico")
|
||||
|
|
|
@ -39,7 +39,6 @@
|
|||
|
||||
<a href="/" class="navbar-brand">
|
||||
<img src="/favicon.ico" alt="PixivFE's logo" />
|
||||
<b>{{ OriginalURL }}</b>
|
||||
</a>
|
||||
</li>
|
||||
<li class="navbar-item search-bar">
|
||||
|
|
Loading…
Reference in a new issue