Exemplo n.º 1
0
func main() {
	goji.Get("/", IndexHandler) // Doesn't need CSRF protection (no POST/PUT/DELETE actions).

	signup := web.New()
	goji.Handle("/signup/*", signup)
	// But our signup forms do, so we add nosurf to their middleware stack (only).
	signup.Use(nosurf.NewPure)
	signup.Get("/signup/new", ShowSignupForm)
	signup.Post("/signup/submit", SubmitSignupForm)

	admin := web.New()
	// A more advanced example: we enforce secure cookies (HTTPS only),
	// set a domain and keep the expiry time low.
	a := nosurf.New(admin)
	a.SetBaseCookie(http.Cookie{
		Name:     "csrf_token",
		Domain:   "localhost",
		Path:     "/admin",
		MaxAge:   3600 * 4,
		HttpOnly: true,
		Secure:   true,
	})

	// Our /admin/* routes now have CSRF protection.
	goji.Handle("/admin/*", a)

	goji.Serve()
}
Exemplo n.º 2
0
func TestNoCache(t *testing.T) {

	rr := httptest.NewRecorder()
	s := web.New()

	s.Use(NoCache)
	r, err := http.NewRequest("GET", "/", nil)
	if err != nil {
		t.Fatal(err)
	}

	s.ServeHTTP(rr, r)

	for k, v := range noCacheHeaders {
		if rr.HeaderMap[k][0] != v {
			t.Errorf("%s header not set by middleware.", k)
		}
	}
}
Exemplo n.º 3
0
// StartServer starts the web server
func StartServer(bind string) {
	secureMiddleware := secure.New(secure.Options{
		AllowedHosts:       []string{"example.com", "ssl.example.com"},
		FrameDeny:          true,
		ContentTypeNosniff: true,
		BrowserXssFilter:   true,
		IsDevelopment:      true,
	})

	m := web.New()

	m.Use(middleware.RealIP)
	m.Use(gojistatic.Static("web/public", gojistatic.StaticOptions{SkipLogging: true}))
	m.Use(middleware.EnvInit)
	m.Use(secureMiddleware.Handler)
	m.Use(SessionMiddleware)
	m.Use(nosurf.NewPure)

	m.Get("/", controllers.Home)
	m.Get("/about", controllers.About)

	m.Get("/ip", controllers.IP)

	m.Get("/oauth/authorize", controllers.OAuthAuthorize)
	m.Get("/oauth/callback", controllers.OAuthCallback)
	m.Get("/sign_out", controllers.SignOut)

	m.Get("/checks", controllers.ChecksIndex)
	m.Get("/checks/new", controllers.NewCheck)
	m.Get("/checks/:id", controllers.ShowCheck)
	m.Post("/checks/:id/delete", controllers.DeleteCheck)
	m.Post("/checks", controllers.CreateCheck)

	m.Get("/checks/:check_id/results", controllers.ResultsIndex)

	m.NotFound(controllers.NotFound)

	go graceful.ListenAndServe(bind, m)
}