hlfw.ca

webbing

Download patch

ref: 2e6f71bf840185ab322d75a5af0f71b8befc5039
parent: b30df29dbfe1e2ea934017653375deb88031beba
author: halfwit <michaelmisch1985@gmail.com>
date: Wed Dec 4 02:58:48 PST 2019 

Add in commented code for when we have certs live


--- a/TODO
+++ b/TODO
@@ -92,4 +92,6 @@
 TODO (halfwit) - Cookie pop up
 [ ] We use cookies to track login sessions, etc popup
 
-TODO (halfwit) - TLS + SSL certs for the whole site
\ No newline at end of file
+TODO (halfwit) - TLS + SSL certs for the whole site
+[x] Create local certs for testing
+[x] Move to tls functions - commented out for now
\ No newline at end of file
--- a/router/run.go
+++ b/router/run.go
@@ -31,10 +31,30 @@
 	mux.HandleFunc("/logout.html", d.logout)
 	mux.HandleFunc("/profile.html", d.profile)
 	mux.HandleFunc("/", d.normal)
+	/* Pending certificates - from https://github.com/denji/golang-tls (creative commons)
+	cfg := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+		PreferServerCipherSuites: true,
+		CipherSuites: []int16{
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+            tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+        },
+	}
+	srv := &http.Server{
+		Addr: ":443",
+		Handler: mux,
+		TLSConfig: cfg,
+		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
+	}
+	return srv.ListenAndServeTLS("tls.crt", "tls.key") */
 	return http.ListenAndServe(":8080", mux)
 }
 
 func (d *handle) activate(w http.ResponseWriter, r *http.Request) {
+	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	if len(r.URL.Path) != 46 && r.URL.Path[:9] != "/activate" {
 		http.Error(w, "Bad Request", 400)
 		return
@@ -86,6 +106,7 @@
 }
 
 func (d *handle) normal(w http.ResponseWriter, r *http.Request) {
+	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	if r.URL.Path == "/" {
 		http.Redirect(w, r, "/index.html", 302)
 		return
@@ -111,6 +132,7 @@
 
 func (d *handle) logout(w http.ResponseWriter, r *http.Request) {
 	d.manager.Destroy(w, r)
+	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	http.Redirect(w, r, "/index.html", 302)
 }
 
@@ -178,6 +200,7 @@
 
 // TODO: This will require actual client data from the database to populate the page
 func (d *handle) profile(w http.ResponseWriter, r *http.Request) {
+	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	user, status, us, role := getUser(d, w, r)
 	if status == "false" {
 		http.Redirect(w, r, "/login.html", 302)
--- a/templates/help/paymentmethods.tpl
+++ b/templates/help/paymentmethods.tpl
@@ -2,9 +2,9 @@
 	<main>
 	<h1>{{.mainHeader}}</h1>
 	<h2>{{.paymentHeader}}</h2>
-		<p>{{.paymentBody}}<a href="https:/bitcoin.org">Bitcoin</a></p>
+		<p>{{.paymentBody}} <a href="https:/bitcoin.org">Bitcoin</a></p>
 	<h4>{{.whatBTCHeader}}</h4>
-		<p>{{.whatBTCBody}}<a href="https://en.wikipedia.org/wiki/Bitcoin">Bitcoin</a></p>
+		<p>{{.whatBTCBody}} <a href="https://en.wikipedia.org/wiki/Bitcoin">Bitcoin</a></p>
 		<br>
 	<h4>{{.chargedHeader}}</h4>
 		<p>{{.chargedBody}}</p>