furu04/Super-HomeworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

CAPTCHAと2FAを実装

Browse Source
This commit is contained in:
furu04
2026-03-24 18:40:38 +09:00
parent 080bd1f8d7
commit 1113477111
17 changed files with 798 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/middleware/security.go
View File

@@ -7,21 +7,33 @@ import (
)
type SecurityConfig struct {
HTTPS bool
HTTPS bool
TurnstileEnabled bool
}
func SecurityHeaders(config SecurityConfig) gin.HandlerFunc {
return func(c *gin.Context) {
if config.HTTPS {
c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
scriptSrc := "'self' 'unsafe-inline' https://cdn.jsdelivr.net"
frameSrc := "'none'"
connectSrc := "'self'"
if config.TurnstileEnabled {
scriptSrc += " https://challenges.cloudflare.com"
frameSrc = "https://challenges.cloudflare.com"
connectSrc += " https://challenges.cloudflare.com"
}
csp := []string{
"default-src 'self'",
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
"script-src " + scriptSrc,
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net",
"font-src 'self' https://cdn.jsdelivr.net",
"img-src 'self' data:",
"connect-src 'self'",
"connect-src " + connectSrc,
"frame-src " + frameSrc,
"frame-ancestors 'none'",
}
c.Header("Content-Security-Policy", strings.Join(csp, "; "))