-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
57 lines (48 loc) · 1.67 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package main
import (
"WebRest/controller"
"WebRest/helper"
"net/http"
"github.com/gin-gonic/gin"
csrf "github.com/utrack/gin-csrf"
)
func main() {
serverApplication()
}
func serverApplication() {
route := gin.Default()
route.Static("public", "./public")
route.StaticFile("/favicon.ico", "./favicon.ico")
route.LoadHTMLGlob("templates/*")
route.MaxMultipartMemory = 8 << 20
route.Use(func(g *gin.Context) {
csrf.Middleware(csrf.Options{
Secret: "my_key",
ErrorFunc: func(g *gin.Context) {
g.HTML(http.StatusBadRequest, "index.html", gin.H{
"error": "CSRF token mismatch",
})
g.Abort()
},
})
g.Header("X-Frame-Options", "DENY")
g.Header("Content-Security-Policy", "default-src 'self'; connect-src *; font-src *; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline';")
g.Header("X-XSS-Protection", "1; mode=block")
g.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
g.Header("Referrer-Policy", "strict-origin")
g.Header("X-Content-Type-Options", "nosniff")
g.Header("Permissions-Policy", "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()")
g.Next()
})
route.GET("/", controller.HomePage)
route.POST("/", helper.MiddlewareJWT(), controller.RespBook)
route.GET("/login", controller.LoginGet)
route.POST("/login", controller.Login)
route.GET("/register", controller.RegGet)
route.POST("/register", controller.Resgister)
route.GET("/logout", controller.LogOut)
route.GET("/people", controller.BookPeople)
route.GET("/menu", controller.Menu)
route.POST("/menu", controller.MenuIns)
route.Run("localhost:8080")
}