Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
server.go
// Gist associated with http://0xdabbad00.com/2015/04/03/choosing_libraries_for_go_web_servers/
package main
import (
"flag"
"fmt"
"net/http"
log "github.com/Sirupsen/logrus"
"github.com/goji/glogrus"
"github.com/unrolled/secure"
"github.com/zenazn/goji"
"github.com/zenazn/goji/graceful"
gojiweb "github.com/zenazn/goji/web"
"github.com/zenazn/goji/web/middleware"
// Replace these with your paths
"summitroute/webserver/controllers/api"
"summitroute/webserver/controllers/web"
"summitroute/webserver/system"
)
func main() {
configfile := flag.String("config", "config.json", "Path to configuration file")
flag.Parse()
var application = &system.Application{}
application.Init(configfile)
application.LoadTemplates()
application.ConnectToDatabase()
//
// Setup static files
//
static := gojiweb.New()
static.Get("/assets/*", http.StripPrefix("/assets/", http.FileServer(http.Dir(application.Configuration.PublicPath))))
http.Handle("/assets/", static)
//
// Setup logging
//
// If debug, use text, else use json.
type LogInterface func() log.Formatter
var getLogger LogInterface
getLogger = func() log.Formatter { return new(log.JSONFormatter) }
if application.Configuration.Environment == "debug" {
getLogger = func() log.Formatter { return new(log.TextFormatter) }
}
// Setup logging for our code
log.SetFormatter(getLogger())
// Setup logging for goji
goji.Abandon(middleware.Logger)
logr := log.New()
logr.Formatter = getLogger()
applicationName := "webserver"
goji.Use(glogrus.NewGlogrus(logr, applicatonName))
//
// Add HTTP security headers via github.com/unrolled/secure
//
secureMiddleware := secure.New(secure.Options{
// STSSeconds is the max-age of the Strict-Transport-Security header.
// Default is 0, which would NOT include the header.
STSSeconds: 315360000,
// If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header.
// Default is false.
STSIncludeSubdomains: true,
// If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`.
// Default is false.
FrameDeny: true,
// CustomFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value.
// This overrides the FrameDeny option.
CustomFrameOptionsValue: "SAMEORIGIN",
// If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`.
// Default is false.
ContentTypeNosniff: true,
// If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`.
// Default is false.
BrowserXssFilter: true,
// ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value.
// Default is "".
ContentSecurityPolicy: "default-src 'self'",
})
goji.Use(secureMiddleware.Handler)
//
// Apply other middleware
//
goji.Use(application.ApplyTemplates)
goji.Use(application.ApplySessions)
goji.Use(application.ApplyDatabase)
goji.Use(application.ApplyAuth)
goji.Use(application.ApplyProtectionFromCSRF)
controller := &web.Controller{}
//
// Setup routes
//
goji.Get("/", application.Route(controller, "Index"))
// ... Add more routes ...
//
// Perform graceful shutdown procedures
//
graceful.PostHook(func() {
application.Close()
})
// Allow us to run on different ports
flag.Set("bind", fmt.Sprintf(":%s", application.Configuration.ListeningPort))
// Start the server
goji.Serve()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment