/
ssl_hsts.go
63 lines (55 loc) · 1.48 KB
/
ssl_hsts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package sslconfigs
import (
"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
"strconv"
"strings"
)
// HSTS设置
// 参考: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type HSTSConfig struct {
IsOn bool `yaml:"isOn" json:"isOn"`
MaxAge int `yaml:"maxAge" json:"maxAge"` // 单位秒
IncludeSubDomains bool `yaml:"includeSubDomains" json:"includeSubDomains"`
Preload bool `yaml:"preload" json:"preload"`
Domains []string `yaml:"domains" json:"domains"`
hasDomains bool
headerValue string
}
// 校验
func (this *HSTSConfig) Init() error {
this.hasDomains = len(this.Domains) > 0
this.headerValue = this.asHeaderValue()
return nil
}
// 判断是否匹配域名
func (this *HSTSConfig) Match(domain string) bool {
if !this.hasDomains {
return true
}
return configutils.MatchDomains(this.Domains, domain)
}
// Header Key
func (this *HSTSConfig) HeaderKey() string {
return "Strict-Transport-Security"
}
// 取得当前的Header值
func (this *HSTSConfig) HeaderValue() string {
return this.headerValue
}
// 转换为Header值
func (this *HSTSConfig) asHeaderValue() string {
b := strings.Builder{}
b.WriteString("max-age=")
if this.MaxAge > 0 {
b.WriteString(strconv.Itoa(this.MaxAge))
} else {
b.WriteString("31536000") // 1 year
}
if this.IncludeSubDomains {
b.WriteString("; includeSubDomains")
}
if this.Preload {
b.WriteString("; preload")
}
return b.String()
}