✨ updated

app/core/api/common/middleware/cors_middleware.go

@@ -0,0 +1,12 @@
+package middleware
+
+import "net/http"
+
+func CORSMiddleware() func(http.Header) {
+	return func(header http.Header) {
+		header.Set("Access-Control-Allow-Origin", "*")
+		header.Add("Access-Control-Allow-Headers", "UserHeader1, UserHeader2")
+		header.Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
+		header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type")
+	}
+}

app/core/api/common/middleware/i18n_middleware.go

@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/text/language"
+
+	"schisandra-album-cloud-microservices/app/core/api/common/i18n"
+)
+
+func I18nMiddleware(next http.HandlerFunc) http.HandlerFunc {
+	cwd, err := os.Getwd()
+	if err != nil {
+		panic(err)
+	}
+	zhPath := filepath.Join(cwd, "/resources/language/", "active.zh.toml")
+	enPath := filepath.Join(cwd, "/resources/language/", "active.en.toml")
+	return i18n.NewI18nMiddleware([]language.Tag{
+		language.English,
+		language.Chinese,
+	}, []string{enPath, zhPath}).Handle(next)
+}

app/core/api/common/middleware/security_headers_middleware.go

@@ -0,0 +1,13 @@
+package middleware
+
+import "net/http"
+
+func SecurityHeadersMiddleware(w http.ResponseWriter, r *http.Request) {
+	r.Header.Set("X-Frame-Options", "DENY")
+	r.Header.Set("Content-Security-Policy", "default-src 'self'; connect-src *; font-src *; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline';")
+	r.Header.Set("X-XSS-Protection", "1; mode=block")
+	r.Header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
+	r.Header.Set("Referrer-Policy", "strict-origin")
+	r.Header.Set("X-Content-Type-Options", "nosniff")
+	r.Header.Set("Permissions-Policy", "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()")
+}