-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.go
119 lines (100 loc) · 2.88 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package main
import (
"io/ioutil"
"net/http"
"time"
"github.com/cryptag/gosecure/content"
"github.com/cryptag/gosecure/csp"
"github.com/cryptag/gosecure/frame"
"github.com/cryptag/gosecure/hsts"
"github.com/cryptag/gosecure/referrer"
"github.com/cryptag/gosecure/xss"
log "github.com/sirupsen/logrus"
"github.com/gorilla/mux"
"github.com/justinas/alice"
"golang.org/x/crypto/acme/autocert"
)
func NewRouter() *mux.Router {
r := mux.NewRouter()
// Hack to make up for the fact that
// r.NotFoundHandler = http.HandlerFunc(GetIndex)
// doesn't do anything, since the below
// r.PathPrefix("/").Handler(...)
// call returns its own 404, ignoring the value of
// r.NotFoundHandler
urlPrefixes := []string{
"/about",
"/step",
"/privacy",
"/terms",
}
for _, prefix := range urlPrefixes {
r.PathPrefix(prefix).HandlerFunc(GetIndex)
}
handleBuildDir := http.FileServer(http.Dir("./public"))
r.PathPrefix("/").Handler(gzipHandler(handleBuildDir)).Methods("GET")
http.Handle("/", r)
return r
}
func NewServer(listenAddr, domain string) *http.Server {
r := NewRouter()
middleware := alice.New(
hsts.PreloadHandler,
content.GetHandler,
xss.GetHandler,
referrer.NoHandler,
)
if domain != "" {
middleware = middleware.Append(
csp.GetCustomHandlerStyleUnsafeInline(domain, "www."+domain),
frame.GetHandler("www."+domain),
)
} else {
log.Warn("No -domain specified so can't add all security headers")
}
return &http.Server{
Addr: listenAddr,
ReadTimeout: 1000 * time.Second,
WriteTimeout: 1000 * time.Second,
IdleTimeout: 120 * time.Second,
Handler: middleware.Then(r),
}
}
func ProductionServer(httpsAddr string, domain string, manager *autocert.Manager) *http.Server {
srv := NewServer(httpsAddr, domain)
// Enable TLS
srv.Handler = manager.HTTPHandler(srv.Handler)
srv.TLSConfig = manager.TLSConfig()
return srv
}
func GetIndex(w http.ResponseWriter, req *http.Request) {
contents, err := ioutil.ReadFile("public/index.html")
if err != nil {
log.Errorf("Error serving index.html: %v", err)
w.WriteHeader(http.StatusInternalServerError)
w.Write([]byte("Error: couldn't serve you index.html!"))
return
}
w.Write(contents)
}
func redirectToHTTPS(httpAddr, myDomain, httpsPort string) {
srv := &http.Server{
Addr: httpAddr,
ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second,
Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Connection", "close")
url := "https://" + myDomain + ":" + httpsPort + req.URL.Path
http.Redirect(w, req, url, http.StatusFound)
}),
}
log.Infof("Listening on %v", httpAddr)
log.Fatal(srv.ListenAndServe())
}
func getAutocertManager(domain string) *autocert.Manager {
return &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(domain),
Cache: autocert.DirCache("./" + domain),
}
}