Added CSRF & YouTube and dark mode
This commit is contained in:
cdricms
@@ -2,29 +2,34 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/joho/godotenv"
|
||||
"github.com/uptrace/bun/extra/bundebug"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
"github.com/joho/godotenv"
|
||||
"github.com/uptrace/bun/extra/bundebug"
|
||||
|
||||
_ "github.com/lib/pq"
|
||||
|
||||
api "fr.latosa-escrima/api"
|
||||
"fr.latosa-escrima/api"
|
||||
"fr.latosa-escrima/api/core"
|
||||
"github.com/gorilla/csrf"
|
||||
)
|
||||
|
||||
var CORS_AllowOrigin string
|
||||
|
||||
func handler(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "<html><body><h1>Hello, World!</h1></body></html>")
|
||||
}
|
||||
func Cors(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// Allow all origins (can restrict to specific origins)
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
w.Header().Set("Access-Control-Allow-Origin", CORS_AllowOrigin)
|
||||
// Allow certain HTTP methods (you can customize these as needed)
|
||||
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
|
||||
// Allow certain headers (you can add more as needed)
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-CSRF-Token")
|
||||
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
||||
// Handle OPTIONS pre-flight request
|
||||
if r.Method == http.MethodOptions {
|
||||
return
|
||||
@@ -43,6 +48,7 @@ func main() {
|
||||
port := os.Getenv("BACKEND_DOCKER_PORT")
|
||||
hostname := os.Getenv("DATABASE_HOSTNAME")
|
||||
postgres_port := os.Getenv("POSTGRES_DOCKER_PORT")
|
||||
CORS_AllowOrigin = os.Getenv("CORS_AllowOrigin")
|
||||
if environ == "DEV" {
|
||||
port = os.Getenv("BACKEND_PORT")
|
||||
hostname = "localhost"
|
||||
@@ -66,6 +72,12 @@ func main() {
|
||||
|
||||
defer core.DB.Close()
|
||||
|
||||
CSRFMiddleware := csrf.Protect(
|
||||
core.CSRF_KEY,
|
||||
csrf.Secure(environ != "DEV"),
|
||||
csrf.HttpOnly(true),
|
||||
)
|
||||
|
||||
mux := http.NewServeMux()
|
||||
|
||||
core.HandleRoutes(mux, map[string]core.Handler{
|
||||
@@ -108,6 +120,14 @@ func main() {
|
||||
Handler: api.HandleVerifyMedia,
|
||||
Middlewares: []core.Middleware{api.Methods("POST"), api.AuthJWT},
|
||||
},
|
||||
"/contact": {
|
||||
Handler: api.HandleContact,
|
||||
Middlewares: []core.Middleware{api.Methods("POST"), CSRFMiddleware},
|
||||
},
|
||||
"/csrf-token": {
|
||||
Handler: api.HandleCSRF,
|
||||
Middlewares: []core.Middleware{api.Methods("GET"), CSRFMiddleware},
|
||||
},
|
||||
})
|
||||
|
||||
fmt.Printf("Serving on port %s\n", port)
|
||||
|
||||
Reference in New Issue
Block a user