From 8678a04350b6113b440a7c0bf4b12e13714294a3 Mon Sep 17 00:00:00 2001
From: tamsin johnson <tomjohnson@ucsb.edu>
Date: Thu, 25 Jan 2024 15:43:07 -0800
Subject: [PATCH] lets-go:6.2 middleware

---
 snippetbox/cmd/web/handlers.go     | 10 ++++------
 snippetbox/cmd/web/helpers.go      |  9 +++++++++
 snippetbox/cmd/web/middleware.go   | 18 ++++++++++++++++++
 snippetbox/cmd/web/routes.go       |  4 ++--
 snippetbox/cmd/web/templates.go    | 13 ++++++++++++-
 snippetbox/ui/html/base.tmpl       |  4 +++-
 snippetbox/ui/html/pages/home.tmpl |  2 +-
 snippetbox/ui/html/pages/view.tmpl |  4 ++--
 8 files changed, 51 insertions(+), 13 deletions(-)
 create mode 100644 snippetbox/cmd/web/middleware.go

diff --git a/snippetbox/cmd/web/handlers.go b/snippetbox/cmd/web/handlers.go
index 5c77f5e..b574838 100644
--- a/snippetbox/cmd/web/handlers.go
+++ b/snippetbox/cmd/web/handlers.go
@@ -22,9 +22,8 @@ func (app *application) home(w http.ResponseWriter, r *http.Request)  {
 		return
 	}
 
-	data := templateData{
-		Snippets: snippets,
-	}
+	data := app.newTemplateData(r)
+	data.Snippets = snippets
 
 	app.render(w, r, http.StatusOK, "home.tmpl", data)
 }
@@ -47,9 +46,8 @@ func (app *application) snippetView(w http.ResponseWriter, r *http.Request)  {
 		return
 	}
 
-	data := templateData{
-		Snippet: snippet,
-	}
+	data := app.newTemplateData(r)
+	data.Snippet = snippet
 
 	app.render(w, r, http.StatusOK, "view.tmpl", data)
 }
diff --git a/snippetbox/cmd/web/helpers.go b/snippetbox/cmd/web/helpers.go
index 6b7e19c..13a9866 100644
--- a/snippetbox/cmd/web/helpers.go
+++ b/snippetbox/cmd/web/helpers.go
@@ -6,8 +6,17 @@ import (
 	"log/slog"
 	"net/http"
 	"runtime/debug"
+	"time"
 )
 
+// newTemplateData ...
+func (app *application )newTemplateData(r *http.Request) templateData {
+	return templateData{
+		CurrentYear: time.Now().Year(),
+	}
+
+}
+
 // render ...
 func (app *application) render(w http.ResponseWriter, r *http.Request, status int, page string, data templateData) {
 	ts, ok := app.templateCache[page]
diff --git a/snippetbox/cmd/web/middleware.go b/snippetbox/cmd/web/middleware.go
new file mode 100644
index 0000000..3cd0b1c
--- /dev/null
+++ b/snippetbox/cmd/web/middleware.go
@@ -0,0 +1,18 @@
+package main
+
+import (
+	"net/http"
+)
+
+func secureHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Security-Policy",
+			"default-src 'self'; style-src 'self' fonts.googleapis.com; font-src fonts.gstatic.com")
+		w.Header().Set("Referrer-Policy", "origin-when-cross-origin")
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		w.Header().Set("X-Frame-Options", "deny")
+		w.Header().Set("X-XSS-Protection", "0")
+
+		next.ServeHTTP(w, r)
+	})
+}
diff --git a/snippetbox/cmd/web/routes.go b/snippetbox/cmd/web/routes.go
index 9f67c0b..0641145 100644
--- a/snippetbox/cmd/web/routes.go
+++ b/snippetbox/cmd/web/routes.go
@@ -5,7 +5,7 @@ import (
 )
 
 // routes ...
-func (app *application) routes() *http.ServeMux {
+func (app *application) routes() http.Handler {
 	mux := http.NewServeMux()
 
 	// setup server for static files
@@ -16,5 +16,5 @@ func (app *application) routes() *http.ServeMux {
 	mux.HandleFunc("/snippet/view", app.snippetView)
 	mux.HandleFunc("/snippet/create", app.snippetCreate)
 
-	return mux
+	return secureHeaders(mux)
 }
diff --git a/snippetbox/cmd/web/templates.go b/snippetbox/cmd/web/templates.go
index 79e5d76..0f63951 100644
--- a/snippetbox/cmd/web/templates.go
+++ b/snippetbox/cmd/web/templates.go
@@ -3,15 +3,26 @@ package main
 import (
 	"html/template"
 	"path/filepath"
+	"time"
 
 	"snippetbox.chaosfem.tw/internal/models"
 )
 
 type templateData struct {
+	CurrentYear int
 	Snippet models.Snippet
 	Snippets []models.Snippet
 }
 
+// humanDate ...
+func humanDate(t time.Time) string {
+	return t.Format("02 Jan 2006 at 15:04")
+}
+
+var functions = template.FuncMap{
+	"humanDate": humanDate,
+}
+
 // newTemplateCache ...
 func newTemplateCache() (map[string]*template.Template, error) {
 	cache := map[string]*template.Template{}
@@ -24,7 +35,7 @@ func newTemplateCache() (map[string]*template.Template, error) {
 	for _, page := range pages {
 		name := filepath.Base(page)
 
-		ts, err := template.ParseFiles("./ui/html/base.tmpl")
+		ts, err := template.New(name).Funcs(functions).ParseFiles("./ui/html/base.tmpl")
 		if err != nil {
 			return nil, err
 		}
diff --git a/snippetbox/ui/html/base.tmpl b/snippetbox/ui/html/base.tmpl
index 3786d63..3e0369d 100644
--- a/snippetbox/ui/html/base.tmpl
+++ b/snippetbox/ui/html/base.tmpl
@@ -16,7 +16,9 @@
     <main>
       {{template "main" .}}
     </main>
-    <footer>Powered by <a href="https://golang.org">Go</a></footer>
+    <footer>
+    Powered by <a href="https://golang.org">Go</a> in {{.CurrentYear}}
+    </footer>
     <script src="/static/js/main.js" type="text/javascript"></script>
   </body>
 </html>
diff --git a/snippetbox/ui/html/pages/home.tmpl b/snippetbox/ui/html/pages/home.tmpl
index 53dc621..8679738 100644
--- a/snippetbox/ui/html/pages/home.tmpl
+++ b/snippetbox/ui/html/pages/home.tmpl
@@ -12,7 +12,7 @@
         {{range .Snippets}}
         <tr>
           <td><a href='/snippet/view?id={{.ID}}'>{{.Title}}</td>
-          <td>{{.Created}}</td>
+          <td>{{humanDate .Created}}</td>
           <td>{{.ID}}</td>
         </tr>
         {{else}}
diff --git a/snippetbox/ui/html/pages/view.tmpl b/snippetbox/ui/html/pages/view.tmpl
index f2111aa..58405e8 100644
--- a/snippetbox/ui/html/pages/view.tmpl
+++ b/snippetbox/ui/html/pages/view.tmpl
@@ -10,8 +10,8 @@
 
         <pre><code>{{.Content}}</code></pre>
         <div class="metadata">
-          <time>Created: {{.Created}}</time>
-          <time>Expires: {{.Expires}}</time>
+          <time>Created: {{humanDate .Created}}</time>
+          <time>Expires: {{humanDate .Expires}}</time>
         </div>
       </div>
       {{end}}