|
|
|
|
@ -67,17 +67,24 @@ func NewServer(ctx context.Context, profile *profile.Profile, store *store.Store
|
|
|
|
|
|
|
|
|
|
e.Use(middleware.CORS())
|
|
|
|
|
|
|
|
|
|
e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
|
|
|
|
|
Skipper: defaultGetRequestSkipper,
|
|
|
|
|
XSSProtection: "1; mode=block",
|
|
|
|
|
ContentTypeNosniff: "nosniff",
|
|
|
|
|
XFrameOptions: "SAMEORIGIN",
|
|
|
|
|
HSTSPreloadEnabled: false,
|
|
|
|
|
e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
|
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
|
|
|
|
|
ErrorMessage: "Request timeout",
|
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
|
e.Use(middleware.RateLimiterWithConfig(middleware.RateLimiterConfig{
|
|
|
|
|
Store: middleware.NewRateLimiterMemoryStoreWithConfig(
|
|
|
|
|
middleware.RateLimiterMemoryStoreConfig{Rate: 30, Burst: 60, ExpiresIn: 3 * time.Minute},
|
|
|
|
|
),
|
|
|
|
|
IdentifierExtractor: func(ctx echo.Context) (string, error) {
|
|
|
|
|
id := ctx.RealIP()
|
|
|
|
|
return id, nil
|
|
|
|
|
},
|
|
|
|
|
ErrorHandler: func(context echo.Context, err error) error {
|
|
|
|
|
return context.JSON(http.StatusForbidden, nil)
|
|
|
|
|
},
|
|
|
|
|
DenyHandler: func(context echo.Context, identifier string, err error) error {
|
|
|
|
|
return context.JSON(http.StatusTooManyRequests, nil)
|
|
|
|
|
},
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
serverID, err := s.getSystemServerID(ctx)
|
|
|
|
|
|
Steven
1 year ago