diff --git a/go.mod b/go.mod index 4f3ae31..1c7da79 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( github.com/aead/chacha20poly1305 v0.0.0-20201124145622-1a5aba2a8b29 github.com/golang-jwt/jwt/v5 v5.1.0 github.com/gorilla/csrf v1.7.2 + github.com/gorilla/handlers v1.5.2 github.com/gorilla/mux v1.8.1 github.com/gorilla/securecookie v1.1.2 github.com/lib/pq v1.10.9 @@ -22,6 +23,7 @@ require ( github.com/BurntSushi/toml v1.3.2 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/magiconair/properties v1.8.7 // indirect diff --git a/go.sum b/go.sum index 71a74e3..ad09278 100644 --- a/go.sum +++ b/go.sum @@ -11,6 +11,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -23,6 +25,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/gorilla/csrf v1.7.2 h1:oTUjx0vyf2T+wkrx09Trsev1TE+/EbDAeHtSTbtC2eI= github.com/gorilla/csrf v1.7.2/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk= +github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= +github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= diff --git a/internal/handlers/render.go b/internal/handlers/render.go index 4e84556..1053e6b 100644 --- a/internal/handlers/render.go +++ b/internal/handlers/render.go @@ -35,6 +35,42 @@ func (server *Server) renderLayout(w http.ResponseWriter, r *http.Request, data }) tpl := template.Must(t.Clone()) + + // compress + // "github.com/tdewolff/minify/v2" + // "github.com/tdewolff/minify/v2/css" + // "github.com/tdewolff/minify/v2/html" + // "github.com/tdewolff/minify/v2/js" + // m := minify.New() + // m.AddFunc("text/css", css.Minify) + // m.AddFunc("text/html", html.Minify) + // m.AddFuncRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"), js.Minify) + // pages := []string{ + // tmpl, + // "base/header.html.tmpl", + // "base/footer.html.tmpl", + // } + // for _, page := range pages { + // b, err := fs.ReadFile(server.templateFS, page) + // if err != nil { + // logger.Logger.Errorf("fs read file: %s, %v", page, err) + // w.WriteHeader(http.StatusInternalServerError) + // return + // } + // mb, err := m.Bytes("text/html", b) + // if err != nil { + // logger.Logger.Errorf("minify bytes: %s, %v", page, err) + // w.WriteHeader(http.StatusInternalServerError) + // return + // } + // tpl, err = tpl.Parse(string(mb)) + // if err != nil { + // logger.Logger.Errorf("template parse: %s, %v", page, err) + // w.WriteHeader(http.StatusInternalServerError) + // return + // } + // } + tpl, err := tpl.ParseFS(server.templateFS, tmpl, "base/header.html.tmpl", "base/footer.html.tmpl") if err != nil { logger.Logger.Errorf("template parse: %s, %v", tmpl, err) @@ -42,8 +78,7 @@ func (server *Server) renderLayout(w http.ResponseWriter, r *http.Request, data return } - err = tpl.Execute(w, data) - if err != nil { + if err := tpl.Execute(w, data); err != nil { logger.Logger.Errorf("template execute: %s, %v", tmpl, err) w.WriteHeader(http.StatusInternalServerError) return diff --git a/internal/handlers/server.go b/internal/handlers/server.go index a87e08e..3a2d22c 100644 --- a/internal/handlers/server.go +++ b/internal/handlers/server.go @@ -14,6 +14,7 @@ import ( "time" "github.com/gorilla/csrf" + hds "github.com/gorilla/handlers" "github.com/gorilla/mux" "github.com/gorilla/securecookie" "github.com/zhang2092/mediahls/internal/db" @@ -70,13 +71,19 @@ func (server *Server) setupRouter() { []byte(securecookie.GenerateRandomKey(32)), csrf.Secure(false), csrf.HttpOnly(true), + csrf.FieldName("csrf_token"), + csrf.CookieName("authorize_csrf"), ) router.Use(csrfMiddleware) - router.HandleFunc("/register", server.registerView).Methods(http.MethodGet) - router.HandleFunc("/register", server.register).Methods(http.MethodPost) - router.HandleFunc("/login", server.loginView).Methods(http.MethodGet) - router.HandleFunc("/login", server.login).Methods(http.MethodPost) + router.Handle("/register", hds.MethodHandler{ + http.MethodGet: http.HandlerFunc(server.registerView), + http.MethodPost: http.HandlerFunc(server.register), + }) + router.Handle("/login", hds.MethodHandler{ + http.MethodGet: http.HandlerFunc(server.loginView), + http.MethodPost: http.HandlerFunc(server.login), + }) router.HandleFunc("/logout", server.logout).Methods(http.MethodGet) router.HandleFunc("/", server.homeView).Methods(http.MethodGet) @@ -106,7 +113,7 @@ func (server *Server) setupRouter() { func (server *Server) Start(db *sql.DB) { srv := &http.Server{ Addr: server.conf.ServerAddress, - Handler: server.router, + Handler: hds.CompressHandler(server.router), } go func() { diff --git a/web/templates/video/videos.html.tmpl b/web/templates/video/videos.html.tmpl index bb45dea..27bd106 100644 --- a/web/templates/video/videos.html.tmpl +++ b/web/templates/video/videos.html.tmpl @@ -47,7 +47,7 @@ let that = $(this) that.attr("disable", true).html('转码中...') let id = that.attr("data-id") - let csrfToken = $('input[name="gorilla.csrf.Token"]').val() + let csrfToken = $('input[name="csrf_token"]').val() $.ajax({ url: '/transfer/' + id, type: 'post', @@ -66,7 +66,7 @@ let that = $(this) that.attr("disable", true).html('删除中...') let id = that.attr("data-id") - let csrfToken = $('input[name="gorilla.csrf.Token"]').val() + let csrfToken = $('input[name="csrf_token"]').val() $.ajax({ url: '/me/videos/delete', type: 'post',