mirror of
https://codeberg.org/likwid/likwid.git
synced 2026-02-09 21:13:09 +00:00
dev: harden dev-start and add security headers
This commit is contained in:
parent
e42bdfb4aa
commit
4443e84eb7
2 changed files with 47 additions and 7 deletions
|
|
@ -9,7 +9,9 @@ mod voting;
|
|||
|
||||
use std::net::SocketAddr;
|
||||
use std::sync::Arc;
|
||||
use axum::Extension;
|
||||
use axum::{middleware, Extension};
|
||||
use axum::http::{HeaderName, HeaderValue};
|
||||
use axum::response::Response;
|
||||
use chrono::{Datelike, Timelike, Utc, Weekday};
|
||||
use serde_json::json;
|
||||
use thiserror::Error;
|
||||
|
|
@ -205,7 +207,8 @@ async fn run() -> Result<(), StartupError> {
|
|||
.layer(Extension(plugins))
|
||||
.layer(Extension(config.clone()))
|
||||
.layer(cors)
|
||||
.layer(TraceLayer::new_for_http());
|
||||
.layer(TraceLayer::new_for_http())
|
||||
.layer(middleware::map_response(add_security_headers));
|
||||
|
||||
let host: std::net::IpAddr = config.server_host.parse()
|
||||
.unwrap_or_else(|_| std::net::IpAddr::V4(std::net::Ipv4Addr::new(127, 0, 0, 1)));
|
||||
|
|
@ -219,3 +222,30 @@ async fn run() -> Result<(), StartupError> {
|
|||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn add_security_headers(mut res: Response) -> Response {
|
||||
let headers = res.headers_mut();
|
||||
|
||||
if !headers.contains_key("x-content-type-options") {
|
||||
headers.insert(
|
||||
HeaderName::from_static("x-content-type-options"),
|
||||
HeaderValue::from_static("nosniff"),
|
||||
);
|
||||
}
|
||||
|
||||
if !headers.contains_key("x-frame-options") {
|
||||
headers.insert(
|
||||
HeaderName::from_static("x-frame-options"),
|
||||
HeaderValue::from_static("DENY"),
|
||||
);
|
||||
}
|
||||
|
||||
if !headers.contains_key("referrer-policy") {
|
||||
headers.insert(
|
||||
HeaderName::from_static("referrer-policy"),
|
||||
HeaderValue::from_static("no-referrer"),
|
||||
);
|
||||
}
|
||||
|
||||
res
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,11 +53,21 @@ try {
|
|||
Write-Host "Starting PostgreSQL..."
|
||||
$composeFile = Join-Path $root 'compose/dev.yml'
|
||||
|
||||
podman-compose -f $composeFile up -d 2>$null
|
||||
$composeExitCode = $LASTEXITCODE
|
||||
$composeExitCode = 0
|
||||
try {
|
||||
podman-compose -f $composeFile up -d 2>$null
|
||||
$composeExitCode = $LASTEXITCODE
|
||||
} catch {
|
||||
$composeExitCode = $LASTEXITCODE
|
||||
}
|
||||
if ($composeExitCode -ne 0) {
|
||||
podman container exists likwid-postgres 2>$null
|
||||
$containerExistsExitCode = $LASTEXITCODE
|
||||
$containerExistsExitCode = 0
|
||||
try {
|
||||
podman container exists likwid-postgres 2>$null
|
||||
$containerExistsExitCode = $LASTEXITCODE
|
||||
} catch {
|
||||
$containerExistsExitCode = $LASTEXITCODE
|
||||
}
|
||||
if ($containerExistsExitCode -ne 0) {
|
||||
throw "Failed to start PostgreSQL via podman-compose (exit code: $composeExitCode)."
|
||||
}
|
||||
|
|
@ -75,7 +85,7 @@ for ($i = 0; $i -lt $maxWait; $i++) {
|
|||
Write-Host "Running database migrations..."
|
||||
Push-Location (Join-Path $root 'backend')
|
||||
try {
|
||||
sqlx migrate run
|
||||
sqlx migrate run --ignore-missing
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
throw "Failed to run database migrations (sqlx migrate run)."
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue