init from gitlab

internal/server/middleware/security.go

@@ -0,0 +1,30 @@
+package middleware
+
+import (
+	"github.com/labstack/echo/v4"
+	echoMiddleware "github.com/labstack/echo/v4/middleware"
+	"net/http"
+)
+
+func Secure() echo.MiddlewareFunc {
+	// logger := e.Logger.Desugar()
+	// debug := e.DebugMode
+
+	// cfg := echomiddleware.SecureConfig{}
+	cfg := echoMiddleware.DefaultSecureConfig
+	return echoMiddleware.SecureWithConfig(cfg)
+}
+
+func CSRF() echo.MiddlewareFunc {
+	// we skip requests where cookie authentication was not used,
+	// as these are api requests - not from the browser
+	cfg := echoMiddleware.CSRFConfig{
+		CookieName:     "_csrf",
+		CookiePath:     "/",
+		CookieSameSite: http.SameSiteStrictMode,
+		Skipper: func(c echo.Context) bool {
+			return !CheckCookieAuthUsed(c)
+		},
+	}
+	return echoMiddleware.CSRFWithConfig(cfg)
+}