Fixed the device sign
This commit is contained in:
@@ -1,86 +1,29 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"log"
|
||||
"mime"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func init() {
|
||||
// Ensure common types are known (some distros are sparse by default)
|
||||
_ = mime.AddExtensionType(".js", "application/javascript; charset=utf-8")
|
||||
_ = mime.AddExtensionType(".css", "text/css; charset=utf-8")
|
||||
_ = mime.AddExtensionType(".html", "text/html; charset=utf-8")
|
||||
_ = mime.AddExtensionType(".map", "application/json; charset=utf-8")
|
||||
}
|
||||
|
||||
func (s *Server) MountStatic(dir string, baseURL string) {
|
||||
if dir == "" {
|
||||
return
|
||||
}
|
||||
if baseURL == "" {
|
||||
baseURL = "/"
|
||||
}
|
||||
s.mux.Handle(baseURL, s.staticHandler(dir, baseURL))
|
||||
if !strings.HasSuffix(baseURL, "/") {
|
||||
s.mux.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) ListenFrontendHTTP(addr, dir, baseURL string) error {
|
||||
if dir == "" || addr == "" {
|
||||
return nil
|
||||
}
|
||||
log.Printf("frontend listening on %s (dir=%s base=%s)", addr, dir, baseURL)
|
||||
mx := http.NewServeMux()
|
||||
mx.Handle(baseURL, s.staticHandler(dir, baseURL))
|
||||
if !strings.HasSuffix(baseURL, "/") {
|
||||
mx.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
|
||||
}
|
||||
server := &http.Server{
|
||||
Addr: addr,
|
||||
Handler: mx,
|
||||
ReadHeaderTimeout: 5 * time.Second,
|
||||
}
|
||||
return server.ListenAndServe()
|
||||
}
|
||||
|
||||
func (s *Server) staticHandler(dir, baseURL string) http.Handler {
|
||||
if baseURL == "" {
|
||||
baseURL = "/"
|
||||
}
|
||||
// secureHeaders adds strict, privacy-preserving headers to static responses.
|
||||
func (s *Server) secureHeaders(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
s.secureHeaders(w)
|
||||
|
||||
up := strings.TrimPrefix(r.URL.Path, baseURL)
|
||||
if up == "" || strings.HasSuffix(r.URL.Path, "/") {
|
||||
up = "index.html"
|
||||
}
|
||||
full := filepath.Join(dir, filepath.FromSlash(up))
|
||||
if !strings.HasPrefix(filepath.Clean(full), filepath.Clean(dir)) {
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Serve file if it exists, else SPA-fallback to index.html
|
||||
if st, err := os.Stat(full); err == nil && !st.IsDir() {
|
||||
// Set Content-Type explicitly based on extension
|
||||
if ctype := mime.TypeByExtension(filepath.Ext(full)); ctype != "" {
|
||||
w.Header().Set("Content-Type", ctype)
|
||||
}
|
||||
http.ServeFile(w, r, full)
|
||||
return
|
||||
}
|
||||
fallback := filepath.Join(dir, "index.html")
|
||||
if _, err := os.Stat(fallback); err == nil {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
http.ServeFile(w, r, fallback)
|
||||
return
|
||||
}
|
||||
http.NotFound(w, r)
|
||||
w.Header().Set("Referrer-Policy", "no-referrer")
|
||||
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-site")
|
||||
w.Header().Set("Permissions-Policy", "camera=(), microphone=(), geolocation=(), interest-cohort=(), browsing-topics=()")
|
||||
w.Header().Set("X-Frame-Options", "DENY")
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
// MountStatic mounts a static file server under a prefix onto the provided mux.
|
||||
// Usage (from main): s.MountStatic(mux, "/", http.Dir(staticDir))
|
||||
func (s *Server) MountStatic(mux *http.ServeMux, prefix string, fs http.FileSystem) {
|
||||
if prefix == "" {
|
||||
prefix = "/"
|
||||
}
|
||||
h := http.StripPrefix(prefix, http.FileServer(fs))
|
||||
mux.Handle(prefix, s.secureHeaders(h))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user