YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-04-15 18:07:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: add skipper for secure (#913)

Browse Source
This commit is contained in:
boojack 2023-01-07 10:51:34 +08:00 committed by GitHub
parent 96798e10b4
commit 46c13a4b7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 74 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/common.go
View File

@ -1,6 +1,8 @@
package server package server
import ( import (
"net/http"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
"github.com/usememos/memos/api" "github.com/usememos/memos/api"
"github.com/usememos/memos/common" "github.com/usememos/memos/common"
@ -16,6 +18,10 @@ func composeResponse(data interface{}) response {
} }
} }
func DefaultGetRequestSkipper(c echo.Context) bool {
return c.Request().Method == http.MethodGet
}
func (server *Server) DefaultAuthSkipper(c echo.Context) bool { func (server *Server) DefaultAuthSkipper(c echo.Context) bool {
ctx := c.Request().Context() ctx := c.Request().Context()
path := c.Path() path := c.Path()

7
server/resource.go
View File

@ -7,6 +7,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strconv" "strconv"
"strings"
"time" "time"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -266,7 +267,11 @@ func (s *Server) registerResourcePublicRoutes(g *echo.Group) {
return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to fetch resource ID: %v", resourceID)).SetInternal(err) return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to fetch resource ID: %v", resourceID)).SetInternal(err)
} }
c.Response().Writer.Header().Set("Content-Type", resource.Type) if strings.HasPrefix(resource.Type, "text") || strings.HasPrefix(resource.Type, "application") {
c.Response().Writer.Header().Set("Content-Type", echo.MIMETextPlain)
} else {
c.Response().Writer.Header().Set("Content-Type", resource.Type)
}
c.Response().Writer.WriteHeader(http.StatusOK) c.Response().Writer.WriteHeader(http.StatusOK)
c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=31536000, immutable") c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=31536000, immutable")
c.Response().Writer.Header().Set(echo.HeaderContentSecurityPolicy, "default-src 'self'") c.Response().Writer.Header().Set(echo.HeaderContentSecurityPolicy, "default-src 'self'")

8
server/server.go
View File

@ -64,7 +64,13 @@ func NewServer(ctx context.Context, profile *profile.Profile) (*Server, error) {
e.Use(middleware.CORS()) e.Use(middleware.CORS())
e.Use(middleware.Secure()) e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
Skipper: DefaultGetRequestSkipper,
XSSProtection: "1; mode=block",
ContentTypeNosniff: "nosniff",
XFrameOptions: "SAMEORIGIN",
HSTSPreloadEnabled: false,
}))
e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{ e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
Skipper: middleware.DefaultSkipper, Skipper: middleware.DefaultSkipper,

5
server/version/version.go
View File

@ -7,10 +7,10 @@ import (
// Version is the service current released version. // Version is the service current released version.
// Semantic versioning: https://semver.org/ // Semantic versioning: https://semver.org/
var Version = "0.9.1" var Version = "0.10.0"
// DevVersion is the service current development version. // DevVersion is the service current development version.
var DevVersion = "0.9.1" var DevVersion = "0.10.0"
func GetCurrentVersion(mode string) string { func GetCurrentVersion(mode string) string {
if mode == "dev" { if mode == "dev" {
@ -29,7 +29,6 @@ func GetMinorVersion(version string) string {
func GetSchemaVersion(version string) string { func GetSchemaVersion(version string) string {
minorVersion := GetMinorVersion(version) minorVersion := GetMinorVersion(version)
return minorVersion + ".0" return minorVersion + ".0"
} }

33
server/version/version_test.go Normal file
View File

@ -0,0 +1,33 @@
package version
import "testing"
func TestIsVersionGreaterOrEqualThan(t *testing.T) {
tests := []struct {
version string
target string
want bool
}{
{
version: "0.9.1",
target: "0.9.1",
want: true,
},
{
version: "0.10.0",
target: "0.9.1",
want: true,
},
{
version: "0.9.0",
target: "0.9.1",
want: false,
},
}
for _, test := range tests {
result := IsVersionGreaterOrEqualThan(test.version, test.target)
if result != test.want {
t.Errorf("got result %v, want %v.", result, test.want)
}
}
}

9
store/db/migration/prod/0.10/00__activity.sql Normal file
View File

@ -0,0 +1,9 @@
-- activity
CREATE TABLE activity (
id INTEGER PRIMARY KEY AUTOINCREMENT,
creator_id INTEGER NOT NULL,
created_ts BIGINT NOT NULL DEFAULT (strftime('%s', 'now')),
type TEXT NOT NULL DEFAULT '',
level TEXT NOT NULL CHECK (level IN ('INFO', 'WARN', 'ERROR')) DEFAULT 'INFO',
payload TEXT NOT NULL DEFAULT '{}'
);

10
store/db/migration/prod/LATEST__SCHEMA.sql
View File

@ -93,3 +93,13 @@ CREATE TABLE tag (
creator_id INTEGER NOT NULL, creator_id INTEGER NOT NULL,
UNIQUE(name, creator_id) UNIQUE(name, creator_id)
); );
-- activity
CREATE TABLE activity (
id INTEGER PRIMARY KEY AUTOINCREMENT,
creator_id INTEGER NOT NULL,
created_ts BIGINT NOT NULL DEFAULT (strftime('%s', 'now')),
type TEXT NOT NULL DEFAULT '',
level TEXT NOT NULL CHECK (level IN ('INFO', 'WARN', 'ERROR')) DEFAULT 'INFO',
payload TEXT NOT NULL DEFAULT '{}'
);

2
web/src/components/EmbedMemoDialog.tsx
View File

@ -34,7 +34,7 @@ const EmbedMemoDialog: React.FC<Props> = (props: Props) => {
<code className="w-full break-all whitespace-pre-wrap">{memoEmbeddedCode()}</code> <code className="w-full break-all whitespace-pre-wrap">{memoEmbeddedCode()}</code>
</pre> </pre>
<p className="w-full text-sm leading-6 flex flex-row justify-between items-center mt-2"> <p className="w-full text-sm leading-6 flex flex-row justify-between items-center mt-2">
* Only the public memo supports. <span className="italic opacity-80">* Only the public memo supports.</span>
<span className="btn-primary" onClick={handleCopyCode}> <span className="btn-primary" onClick={handleCopyCode}>
Copy Copy
</span> </span>