hlfw.ca

webbing

Download patch

ref: d4a4ac2fde975f2160f53491f515b2b18efa1eff
parent: f0e9c3dbda90cfdbda3c8a22325849fa72054577
author: EC2 Default User <ec2-user@ip-172-31-32-134.us-east-2.compute.internal>
date: Thu Dec 5 12:39:36 PST 2019 

Move to tls


--- a/router/run.go
+++ b/router/run.go
@@ -1,6 +1,7 @@
 package router
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net/http"
 
@@ -31,12 +32,12 @@
 	mux.HandleFunc("/logout.html", d.logout)
 	mux.HandleFunc("/profile.html", d.profile)
 	mux.HandleFunc("/", d.normal)
-	/* Pending certificates - from https://github.com/denji/golang-tls (creative commons)
+	//from https://github.com/denji/golang-tls (creative commons)
 	cfg := &tls.Config{
 		MinVersion: tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		PreferServerCipherSuites: true,
-		CipherSuites: []int16{
+		CipherSuites: []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
             tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
             tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
@@ -44,17 +45,16 @@
         },
 	}
 	srv := &http.Server{
-		Addr: ":443",
+		Addr: ":4443",
 		Handler: mux,
 		TLSConfig: cfg,
 		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
 	}
-	return srv.ListenAndServeTLS("tls.crt", "tls.key") */
-	return http.ListenAndServe(":8080", mux)
+	return srv.ListenAndServeTLS("cert.pem", "key.pem")
 }
 
 func (d *handle) activate(w http.ResponseWriter, r *http.Request) {
-	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	if len(r.URL.Path) != 46 && r.URL.Path[:9] != "/activate" {
 		http.Error(w, "Bad Request", 400)
 		return
@@ -106,7 +106,7 @@
 }
 
 func (d *handle) normal(w http.ResponseWriter, r *http.Request) {
-	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	if r.URL.Path == "/" {
 		http.Redirect(w, r, "/index.html", 302)
 		return
@@ -132,7 +132,7 @@
 
 func (d *handle) logout(w http.ResponseWriter, r *http.Request) {
 	d.manager.Destroy(w, r)
-	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	http.Redirect(w, r, "/index.html", 302)
 }
 
@@ -200,7 +200,7 @@
 
 // TODO: This will require actual client data from the database to populate the page
 func (d *handle) profile(w http.ResponseWriter, r *http.Request) {
-	//w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+	w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
 	user, status, us, role := getUser(d, w, r)
 	if status == "false" {
 		http.Redirect(w, r, "/login.html", 302)