SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Additional security and hardening.

Browse Source
This commit is contained in:
Ross Healy
2025-03-31 15:14:16 +01:00
parent c3a7480c65
commit 7eefb9ced0
13 changed files with 274 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
main.go
View File

@@ -18,6 +18,8 @@ func main() {
db := storage.InitDB("synlotto.db")
models.SetDB(db)
var isProduction = false
csrfMiddleware := csrf.Protect(
[]byte("abcdefghijklmnopqrstuvwx12345678"), // TodO: Make Global
csrf.Secure(true),
@@ -33,22 +35,28 @@ func main() {
mux.HandleFunc("/", handlers.Home(db))
wrapped := helpers.RateLimit(csrfMiddleware(mux))
wrapped = middleware.EnforceHTTPS(wrapped, isProduction)
wrapped = middleware.SecureHeaders(wrapped)
wrapped = middleware.Recover(wrapped)
log.Println("🌐 Running on http://localhost:8080")
http.ListenAndServe(":8080", helpers.RateLimit(csrfMiddleware(mux)))
http.ListenAndServe(":8080", wrapped)
}
func setupAdminRoutes(mux *http.ServeMux, db *sql.DB) {
mux.HandleFunc("/admin/dashboard", admin.AdminDashboardHandler(db))
mux.HandleFunc("/admin/triggers", admin.AdminTriggersHandler(db))
mux.HandleFunc("/admin/access", middleware.AdminOnly(db, admin.AdminAccessLogHandler(db)))
mux.HandleFunc("/admin/dashboard", middleware.AdminOnly(db, admin.AdminDashboardHandler(db)))
mux.HandleFunc("/admin/triggers", middleware.AdminOnly(db, admin.AdminTriggersHandler(db)))
// Draw management
mux.HandleFunc("/admin/draws/new", admin.NewDrawHandler(db))
mux.HandleFunc("/admin/draws/modify", admin.ModifyDrawHandler(db))
mux.HandleFunc("/admin/draws/delete", admin.DeleteDrawHandler(db))
mux.HandleFunc("/admin/draws/new", middleware.AdminOnly(db, admin.NewDrawHandler(db)))
mux.HandleFunc("/admin/draws/modify", middleware.AdminOnly(db, admin.ModifyDrawHandler(db)))
mux.HandleFunc("/admin/draws/delete", middleware.AdminOnly(db, admin.DeleteDrawHandler(db)))
// Prize management
mux.HandleFunc("/admin/draws/prizes/add", admin.AddPrizesHandler(db))
mux.HandleFunc("/admin/draws/prizes/modify", admin.ModifyPrizesHandler(db))
mux.HandleFunc("/admin/draws/prizes/add", middleware.AdminOnly(db, admin.AddPrizesHandler(db)))
mux.HandleFunc("/admin/draws/prizes/modify", middleware.AdminOnly(db, admin.ModifyPrizesHandler(db)))
}
func setupAccountRoutes(mux *http.ServeMux, db *sql.DB) {