traefik/middlewares/headers/headers.go

// Package headers Middleware based on https://github.com/unrolled/secure.
package headers

import (
	"context"
	"errors"
	"net/http"

	"github.com/containous/traefik/config"
	"github.com/containous/traefik/middlewares"
	"github.com/containous/traefik/tracing"
	"github.com/opentracing/opentracing-go/ext"
	"github.com/unrolled/secure"
)

const (
	typeName = "Headers"
)

type headers struct {
	name    string
	handler http.Handler
}

// New creates a Headers middleware.
func New(ctx context.Context, next http.Handler, config config.Headers, name string) (http.Handler, error) {
	// HeaderMiddleware -> SecureMiddleWare -> next
	logger := middlewares.GetLogger(ctx, name, typeName)
	logger.Debug("Creating middleware")

	if !config.HasSecureHeadersDefined() && !config.HasCustomHeadersDefined() {
		return nil, errors.New("headers configuration not valid")
	}

	var handler http.Handler
	nextHandler := next

	if config.HasSecureHeadersDefined() {
		logger.Debug("Setting up secureHeaders from %v", config)
		handler = newSecure(next, config)
		nextHandler = handler
	}

	if config.HasCustomHeadersDefined() {
		logger.Debug("Setting up customHeaders from %v", config)
		handler = newHeader(nextHandler, config)
	}

	return &headers{
		handler: handler,
		name:    name,
	}, nil
}

func (h *headers) GetTracingInformation() (string, ext.SpanKindEnum) {
	return h.name, tracing.SpanKindNoneEnum
}

func (h *headers) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	h.handler.ServeHTTP(rw, req)
}

type secureHeader struct {
	next   http.Handler
	secure *secure.Secure
}

// newSecure constructs a new secure instance with supplied options.
func newSecure(next http.Handler, headers config.Headers) *secureHeader {
	opt := secure.Options{
		BrowserXssFilter:        headers.BrowserXSSFilter,
		ContentTypeNosniff:      headers.ContentTypeNosniff,
		ForceSTSHeader:          headers.ForceSTSHeader,
		FrameDeny:               headers.FrameDeny,
		IsDevelopment:           headers.IsDevelopment,
		SSLRedirect:             headers.SSLRedirect,
		SSLForceHost:            headers.SSLForceHost,
		SSLTemporaryRedirect:    headers.SSLTemporaryRedirect,
		STSIncludeSubdomains:    headers.STSIncludeSubdomains,
		STSPreload:              headers.STSPreload,
		ContentSecurityPolicy:   headers.ContentSecurityPolicy,
		CustomBrowserXssValue:   headers.CustomBrowserXSSValue,
		CustomFrameOptionsValue: headers.CustomFrameOptionsValue,
		PublicKey:               headers.PublicKey,
		ReferrerPolicy:          headers.ReferrerPolicy,
		SSLHost:                 headers.SSLHost,
		AllowedHosts:            headers.AllowedHosts,
		HostsProxyHeaders:       headers.HostsProxyHeaders,
		SSLProxyHeaders:         headers.SSLProxyHeaders,
		STSSeconds:              headers.STSSeconds,
	}

	return &secureHeader{
		next:   next,
		secure: secure.New(opt),
	}
}

func (s secureHeader) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	s.secure.HandlerFuncWithNextForRequestOnly(rw, req, s.next.ServeHTTP)
}

// Header is a middleware that helps setup a few basic security features. A single headerOptions struct can be
// provided to configure which features should be enabled, and the ability to override a few of the default values.
type header struct {
	next http.Handler
	// If Custom request headers are set, these will be added to the request
	customRequestHeaders map[string]string
}

// NewHeader constructs a new header instance from supplied frontend header struct.
func newHeader(next http.Handler, headers config.Headers) *header {
	return &header{
		next:                 next,
		customRequestHeaders: headers.CustomRequestHeaders,
	}
}

func (s *header) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	s.modifyRequestHeaders(req)
	s.next.ServeHTTP(rw, req)
}

// modifyRequestHeaders set or delete request headers.
func (s *header) modifyRequestHeaders(req *http.Request) {
	// Loop through Custom request headers
	for header, value := range s.customRequestHeaders {
		if value == "" {
			req.Header.Del(header)
		} else {
			req.Header.Set(header, value)
		}
	}
}
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`// Package headers Middleware based on https://github.com/unrolled/secure.`
			`package headers`

			`import (`
			`"context"`
			`"errors"`
			`"net/http"`

			`"github.com/containous/traefik/config"`
			`"github.com/containous/traefik/middlewares"`
			`"github.com/containous/traefik/tracing"`
			`"github.com/opentracing/opentracing-go/ext"`
			`"github.com/unrolled/secure"`
			`)`

			`const (`
			`typeName = "Headers"`
			`)`

			`type headers struct {`
			`name string`
			`handler http.Handler`
			`}`

			`// New creates a Headers middleware.`
			`func New(ctx context.Context, next http.Handler, config config.Headers, name string) (http.Handler, error) {`
			`// HeaderMiddleware -> SecureMiddleWare -> next`
			`logger := middlewares.GetLogger(ctx, name, typeName)`
			`logger.Debug("Creating middleware")`

			`if !config.HasSecureHeadersDefined() && !config.HasCustomHeadersDefined() {`
			`return nil, errors.New("headers configuration not valid")`
			`}`

			`var handler http.Handler`
			`nextHandler := next`

			`if config.HasSecureHeadersDefined() {`
			`logger.Debug("Setting up secureHeaders from %v", config)`
			`handler = newSecure(next, config)`
			`nextHandler = handler`
			`}`

			`if config.HasCustomHeadersDefined() {`
			`logger.Debug("Setting up customHeaders from %v", config)`
			`handler = newHeader(nextHandler, config)`
			`}`

			`return &headers{`
			`handler: handler,`
			`name: name,`
			`}, nil`
			`}`

			`func (h *headers) GetTracingInformation() (string, ext.SpanKindEnum) {`
			`return h.name, tracing.SpanKindNoneEnum`
			`}`

			`func (h headers) ServeHTTP(rw http.ResponseWriter, req http.Request) {`
			`h.handler.ServeHTTP(rw, req)`
			`}`

			`type secureHeader struct {`
			`next http.Handler`
			`secure *secure.Secure`
			`}`

			`// newSecure constructs a new secure instance with supplied options.`
			`func newSecure(next http.Handler, headers config.Headers) *secureHeader {`
			`opt := secure.Options{`
			`BrowserXssFilter: headers.BrowserXSSFilter,`
			`ContentTypeNosniff: headers.ContentTypeNosniff,`
			`ForceSTSHeader: headers.ForceSTSHeader,`
			`FrameDeny: headers.FrameDeny,`
			`IsDevelopment: headers.IsDevelopment,`
			`SSLRedirect: headers.SSLRedirect,`
			`SSLForceHost: headers.SSLForceHost,`
			`SSLTemporaryRedirect: headers.SSLTemporaryRedirect,`
			`STSIncludeSubdomains: headers.STSIncludeSubdomains,`
			`STSPreload: headers.STSPreload,`
			`ContentSecurityPolicy: headers.ContentSecurityPolicy,`
			`CustomBrowserXssValue: headers.CustomBrowserXSSValue,`
			`CustomFrameOptionsValue: headers.CustomFrameOptionsValue,`
			`PublicKey: headers.PublicKey,`
			`ReferrerPolicy: headers.ReferrerPolicy,`
			`SSLHost: headers.SSLHost,`
			`AllowedHosts: headers.AllowedHosts,`
			`HostsProxyHeaders: headers.HostsProxyHeaders,`
			`SSLProxyHeaders: headers.SSLProxyHeaders,`
			`STSSeconds: headers.STSSeconds,`
			`}`

			`return &secureHeader{`
			`next: next,`
			`secure: secure.New(opt),`
			`}`
			`}`

			`func (s secureHeader) ServeHTTP(rw http.ResponseWriter, req *http.Request) {`
			`s.secure.HandlerFuncWithNextForRequestOnly(rw, req, s.next.ServeHTTP)`
			`}`

			`// Header is a middleware that helps setup a few basic security features. A single headerOptions struct can be`
			`// provided to configure which features should be enabled, and the ability to override a few of the default values.`
			`type header struct {`
			`next http.Handler`
			`// If Custom request headers are set, these will be added to the request`
			`customRequestHeaders map[string]string`
			`}`

			`// NewHeader constructs a new header instance from supplied frontend header struct.`
			`func newHeader(next http.Handler, headers config.Headers) *header {`
			`return &header{`
			`next: next,`
			`customRequestHeaders: headers.CustomRequestHeaders,`
			`}`
			`}`

			`func (s header) ServeHTTP(rw http.ResponseWriter, req http.Request) {`
			`s.modifyRequestHeaders(req)`
			`s.next.ServeHTTP(rw, req)`
			`}`

			`// modifyRequestHeaders set or delete request headers.`
			`func (s header) modifyRequestHeaders(req http.Request) {`
			`// Loop through Custom request headers`
			`for header, value := range s.customRequestHeaders {`
			`if value == "" {`
			`req.Header.Del(header)`
			`} else {`
			`req.Header.Set(header, value)`
			`}`
			`}`
			`}`