✨ add security headers
This commit is contained in:
@@ -1,40 +0,0 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"github.com/ArtisanCloud/PowerWeChat/v3/src/kernel/messages"
|
||||
ginI18n "github.com/gin-contrib/i18n"
|
||||
"github.com/gin-gonic/gin"
|
||||
"schisandra-cloud-album/common/result"
|
||||
"schisandra-cloud-album/global"
|
||||
"schisandra-cloud-album/utils"
|
||||
"time"
|
||||
)
|
||||
|
||||
// ExceptionNotification 异常通知中间件
|
||||
func ExceptionNotification() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
openID := global.CONFIG.Wechat.OpenID
|
||||
content := `
|
||||
系统异常通知:
|
||||
请求时间:` + time.Now().Format("2006-01-02 15:04:05") + `
|
||||
请求IP:` + utils.GetClientIP(c) + `
|
||||
请求地址:` + c.Request.URL.String() + `
|
||||
请求方法:` + c.Request.Method + `
|
||||
请求参数:` + c.Request.Form.Encode() + `
|
||||
错误信息:` + err.(error).Error() + `
|
||||
`
|
||||
messages.NewRaw(`
|
||||
{
|
||||
"touser":"` + openID + `",
|
||||
"msgtype":"text",
|
||||
"text":{"content":"` + content + `"}"}
|
||||
}
|
||||
`)
|
||||
result.FailWithMessage(ginI18n.MustGetMessage(c, "SystemError"), c)
|
||||
}
|
||||
}()
|
||||
c.Next()
|
||||
}
|
||||
}
|
@@ -1,6 +1,7 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
ginI18n "github.com/gin-contrib/i18n"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/juju/ratelimit"
|
||||
"schisandra-cloud-album/common/result"
|
||||
@@ -12,7 +13,7 @@ func RateLimitMiddleware(fillInterval time.Duration, cap int64) func(c *gin.Cont
|
||||
return func(c *gin.Context) {
|
||||
// 如果取不到令牌就中断本次请求返回 rate limit...
|
||||
if bucket.TakeAvailable(1) < 1 {
|
||||
result.FailWithMessage("rate limit...", c)
|
||||
result.FailWithMessage(ginI18n.MustGetMessage(c, "RequestLimit"), c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
29
middleware/security_headers.go
Normal file
29
middleware/security_headers.go
Normal file
@@ -0,0 +1,29 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
ginI18n "github.com/gin-contrib/i18n"
|
||||
"github.com/gin-gonic/gin"
|
||||
"schisandra-cloud-album/common/result"
|
||||
"schisandra-cloud-album/global"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func SecurityHeaders() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
url := strings.TrimPrefix(global.CONFIG.System.Web, "https://")
|
||||
requestHost := c.Request.Host
|
||||
if requestHost != url {
|
||||
result.FailWithMessage(ginI18n.MustGetMessage(c, "IllegalRequests"), c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
c.Header("X-Frame-Options", "DENY")
|
||||
c.Header("Content-Security-Policy", "default-src 'self'; connect-src *; font-src *; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline';")
|
||||
c.Header("X-XSS-Protection", "1; mode=block")
|
||||
c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
|
||||
c.Header("Referrer-Policy", "strict-origin")
|
||||
c.Header("X-Content-Type-Options", "nosniff")
|
||||
c.Header("Permissions-Policy", "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()")
|
||||
c.Next()
|
||||
}
|
||||
}
|
12
middleware/validate_sign.go
Normal file
12
middleware/validate_sign.go
Normal file
@@ -0,0 +1,12 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func ValidateSignMiddleware() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user