-
Notifications
You must be signed in to change notification settings - Fork 0
/
webserver.go
79 lines (68 loc) · 2.36 KB
/
webserver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package webserver
import (
"net/http"
"os"
"github.com/gin-contrib/cors"
"github.com/gin-contrib/gzip"
"github.com/gin-contrib/secure"
"github.com/gin-contrib/sessions"
"github.com/gin-contrib/sessions/postgres"
"github.com/gin-gonic/autotls"
"github.com/gin-gonic/gin"
"github.com/jackc/pgx/v4/stdlib"
"github.com/kmulvey/trashmap/internal/app/config"
log "github.com/sirupsen/logrus"
)
func StartWebServer(config *config.Config) error {
var router = gin.Default()
// Recovery middleware recovers from any panics and writes a 500 if there was one.
router.Use(gin.Recovery())
// compress
router.Use(gzip.Gzip(gzip.DefaultCompression))
// CORS
var corsConfig = cors.DefaultConfig()
var hostname, err = os.Hostname()
if err != nil {
log.Fatal(err)
}
corsConfig.AllowOrigins = []string{"https://" + hostname}
router.Use(cors.New(corsConfig))
// secure headers
router.Use(secure.New(secure.Config{
// AllowedHosts: []string{config.HTTPAddr},
// SSLRedirect: true,
STSSeconds: 315360000,
STSIncludeSubdomains: true,
FrameDeny: true,
ContentTypeNosniff: true,
BrowserXssFilter: true,
ContentSecurityPolicy: "default-src 'self'",
IENoOpen: true,
ReferrerPolicy: "strict-origin-when-cross-origin",
SSLProxyHeaders: map[string]string{"X-Forwarded-Proto": "https"},
}))
// session
var sqlDB = stdlib.OpenDB(*config.DBConn.Config())
store, err := postgres.NewStore(sqlDB, []byte(config.PasswordSalt))
if err != nil {
return err
}
// auth'd routes
router.Use(sessions.Sessions("web-session", store))
router.DELETE("/user/:id", IsLoggedIn, func(c *gin.Context) { DeleteUser(config, c) })
router.POST("/areas", IsLoggedIn, func(c *gin.Context) { GetPickupAreasWithinArea(config, c) })
router.PUT("/area", IsLoggedIn, func(c *gin.Context) { CreatePickupArea(config, c) })
// open routes
router.StaticFS("/assets", http.Dir("./web"))
router.POST("/login", func(c *gin.Context) { Login(config, c) })
router.PUT("/user", func(c *gin.Context) { CreateUser(config, c) })
if !config.HTTPS {
log.Fatal(router.Run(config.HTTPBindAddr))
} else if config.Development {
log.Warn("Development server, using insecure certs")
log.Fatal(router.RunTLS(":8000", "./keys/cert.pem", "./keys/key.pem"))
} else {
log.Fatal(autotls.Run(router, config.HTTPBindAddr))
}
return nil
}