29 lines
820 B
Go
29 lines
820 B
Go
package main;
|
|
|
|
import "net/http";
|
|
|
|
func secure_headers(next http.Handler) http.Handler {
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("X-XSS-Protection", "1; mode=block");
|
|
w.Header().Set("X-Frame-Options", "deny");
|
|
|
|
next.ServeHTTP(w, r);
|
|
}
|
|
|
|
return http.HandlerFunc(fn);
|
|
}
|
|
|
|
func require_authenticated_user(next http.HandlerFunc) http.HandlerFunc {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// If the user is not authenticated, redirect them to the login page and;
|
|
// return from the middleware chain so that no subsequent handlers in;
|
|
// the chain are executed.;
|
|
if authenticated_user(w, r) == 0 {
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther);
|
|
return;
|
|
}
|
|
// Otherwise call the next handler in the chain.;
|
|
next.ServeHTTP(w, r);
|
|
});
|
|
}
|