-
Notifications
You must be signed in to change notification settings - Fork 28
/
routes.go
100 lines (86 loc) · 3.41 KB
/
routes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package portal
import (
"net/http"
graphqlhandler "github.com/graphql-go/handler"
"github.com/authgear/authgear-server/pkg/portal/deps"
"github.com/authgear/authgear-server/pkg/portal/transport"
"github.com/authgear/authgear-server/pkg/util/httproute"
"github.com/authgear/authgear-server/pkg/util/httputil"
)
func NewRouter(p *deps.RootProvider) *httproute.Router {
router := httproute.NewRouter()
router.Add(httproute.Route{
Methods: []string{"GET"},
PathPattern: "/healthz",
}, http.HandlerFunc(httputil.HealthCheckHandler))
securityMiddleware := httproute.Chain(
httproute.MiddlewareFunc(httputil.XContentTypeOptionsNosniff),
httproute.MiddlewareFunc(httputil.XFrameOptionsDeny),
httputil.StaticCSPHeader{
CSPDirectives: []string{
// FIXME(regeneratorRuntime)
// parcel-2.0.0-rc.0 requires us to use ES6 module when the browser supports it.
// ES6 module assumes strict mode.
// regeneratorRuntime is not compatible with strict mode because
// it uses Function to generate function, which is considered as eval.
"script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com www.googletagmanager.com cdn.mxpnl.com eu.posthog.com eu-assets.i.posthog.com cmp.osano.com",
// monaco editor create worker with blob:
"worker-src 'self' 'unsafe-inline' cdn.jsdelivr.net blob:",
"object-src 'none'",
"base-uri 'none'",
"block-all-mixed-content",
// This must be kept in sync with httputil.XFrameOptionsDeny
"frame-ancestors 'none'",
},
},
httproute.MiddlewareFunc(httputil.PermissionsPolicyHeader),
)
rootChain := httproute.Chain(
p.Middleware(newPanicMiddleware),
p.Middleware(newBodyLimitMiddleware),
p.Middleware(newSentryMiddleware),
p.Middleware(newSessionInfoMiddleware),
securityMiddleware,
)
systemConfigJSONChain := httproute.Chain(
rootChain,
httproute.MiddlewareFunc(httputil.NoCache),
)
graphqlChain := httproute.Chain(
rootChain,
httproute.MiddlewareFunc(httputil.NoStore),
httputil.CheckContentType([]string{
graphqlhandler.ContentTypeJSON,
graphqlhandler.ContentTypeGraphQL,
}),
)
adminAPIChain := httproute.Chain(
rootChain,
httproute.MiddlewareFunc(httputil.NoStore),
p.Middleware(newSessionRequiredMiddleware),
httputil.CheckContentType([]string{
graphqlhandler.ContentTypeJSON,
graphqlhandler.ContentTypeGraphQL,
}),
)
incomingWebhookChain := httproute.Chain(
rootChain,
httproute.MiddlewareFunc(httputil.NoStore),
)
notFoundChain := httproute.Chain(
securityMiddleware,
httputil.GzipMiddleware{},
)
systemConfigJSONRoute := httproute.Route{Middleware: systemConfigJSONChain}
graphqlRoute := httproute.Route{Middleware: graphqlChain}
adminAPIRoute := httproute.Route{Middleware: adminAPIChain}
incomingWebhookRoute := httproute.Route{Middleware: incomingWebhookChain}
notFoundRoute := httproute.Route{Middleware: notFoundChain}
router.Add(transport.ConfigureSystemConfigRoute(systemConfigJSONRoute), p.Handler(newSystemConfigHandler))
router.Add(transport.ConfigureGraphQLRoute(graphqlRoute), p.Handler(newGraphQLHandler))
router.Add(transport.ConfigureAdminAPIRoute(adminAPIRoute), p.Handler(newAdminAPIHandler))
router.Add(transport.ConfigureStripeWebhookRoute(incomingWebhookRoute), p.Handler(newStripeWebhookHandler))
router.Add(transport.ConfigureOsanoRoute(notFoundRoute), p.Handler(newOsanoHandler))
router.NotFound(notFoundRoute, p.Handler(newStaticAssetsHandler))
return router
}