lets-go:6.2 middleware

snippetbox/cmd/web/handlers.go

@@ -22,9 +22,8 @@ func (app *application) home(w http.ResponseWriter, r *http.Request)  {
 		return
 	}
 
-	data := templateData{
+	data := app.newTemplateData(r)
-		Snippets: snippets,
+	data.Snippets = snippets
-	}
 
 	app.render(w, r, http.StatusOK, "home.tmpl", data)
 }
@@ -47,9 +46,8 @@ func (app *application) snippetView(w http.ResponseWriter, r *http.Request)  {
 		return
 	}
 
-	data := templateData{
+	data := app.newTemplateData(r)
-		Snippet: snippet,
+	data.Snippet = snippet
-	}
 
 	app.render(w, r, http.StatusOK, "view.tmpl", data)
 }

snippetbox/cmd/web/helpers.go

@@ -6,8 +6,17 @@ import (
 	"log/slog"
 	"net/http"
 	"runtime/debug"
+	"time"
 )
 
+// newTemplateData ...
+func (app *application )newTemplateData(r *http.Request) templateData {
+	return templateData{
+		CurrentYear: time.Now().Year(),
+	}
+
+}
+
 // render ...
 func (app *application) render(w http.ResponseWriter, r *http.Request, status int, page string, data templateData) {
 	ts, ok := app.templateCache[page]

snippetbox/cmd/web/middleware.go

@@ -0,0 +1,18 @@
+package main
+
+import (
+	"net/http"
+)
+
+func secureHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Security-Policy",
+			"default-src 'self'; style-src 'self' fonts.googleapis.com; font-src fonts.gstatic.com")
+		w.Header().Set("Referrer-Policy", "origin-when-cross-origin")
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		w.Header().Set("X-Frame-Options", "deny")
+		w.Header().Set("X-XSS-Protection", "0")
+
+		next.ServeHTTP(w, r)
+	})
+}

snippetbox/cmd/web/routes.go

@@ -5,7 +5,7 @@ import (
 )
 
 // routes ...
-func (app *application) routes() *http.ServeMux {
+func (app *application) routes() http.Handler {
 	mux := http.NewServeMux()
 
 	// setup server for static files
@@ -16,5 +16,5 @@ func (app *application) routes() *http.ServeMux {
 	mux.HandleFunc("/snippet/view", app.snippetView)
 	mux.HandleFunc("/snippet/create", app.snippetCreate)
 
-	return mux
+	return secureHeaders(mux)
 }

snippetbox/cmd/web/templates.go

@@ -3,15 +3,26 @@ package main
 import (
 	"html/template"
 	"path/filepath"
+	"time"
 
 	"snippetbox.chaosfem.tw/internal/models"
 )
 
 type templateData struct {
+	CurrentYear int
 	Snippet models.Snippet
 	Snippets []models.Snippet
 }
 
+// humanDate ...
+func humanDate(t time.Time) string {
+	return t.Format("02 Jan 2006 at 15:04")
+}
+
+var functions = template.FuncMap{
+	"humanDate": humanDate,
+}
+
 // newTemplateCache ...
 func newTemplateCache() (map[string]*template.Template, error) {
 	cache := map[string]*template.Template{}
@@ -24,7 +35,7 @@ func newTemplateCache() (map[string]*template.Template, error) {
 	for _, page := range pages {
 		name := filepath.Base(page)
 
-		ts, err := template.ParseFiles("./ui/html/base.tmpl")
+		ts, err := template.New(name).Funcs(functions).ParseFiles("./ui/html/base.tmpl")
 		if err != nil {
 			return nil, err
 		}

snippetbox/ui/html/base.tmpl

@@ -16,7 +16,9 @@
     <main>
       {{template "main" .}}
     </main>
-    <footer>Powered by <a href="https://golang.org">Go</a></footer>
+    <footer>
+    Powered by <a href="https://golang.org">Go</a> in {{.CurrentYear}}
+    </footer>
     <script src="/static/js/main.js" type="text/javascript"></script>
   </body>
 </html>

snippetbox/ui/html/pages/home.tmpl

@@ -12,7 +12,7 @@
         {{range .Snippets}}
         <tr>
           <td><a href='/snippet/view?id={{.ID}}'>{{.Title}}</td>
-          <td>{{.Created}}</td>
+          <td>{{humanDate .Created}}</td>
           <td>{{.ID}}</td>
         </tr>
         {{else}}

snippetbox/ui/html/pages/view.tmpl

@@ -10,8 +10,8 @@
 
         <pre><code>{{.Content}}</code></pre>
         <div class="metadata">
-          <time>Created: {{.Created}}</time>
+          <time>Created: {{humanDate .Created}}</time>
-          <time>Expires: {{.Expires}}</time>
+          <time>Expires: {{humanDate .Expires}}</time>
         </div>
       </div>
       {{end}}