Middleware to configure response headers

README.md

@@ -16,6 +16,7 @@ Yeah, decided to drop support of unsecured HTTPS. Two-years ago, when I started
  * Light container
  * More secure than official images (see below)
  * Log enabled
+ * Specify custom response headers per path and filetype [(info)](./docs/header-config.md) 
 
 ### Why?
 Because the official Golang image is wayyyy too big (around 1/2Gb as you can see below) and could be insecure.

customHeaders.go

@@ -0,0 +1,106 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// HeaderConfigArray is the array which contains all the custom header rules
+type HeaderConfigArray struct {
+	Configs []HeaderConfig `json:"configs"`
+}
+
+// HeaderConfig is a single header rule specification
+type HeaderConfig struct {
+	Path          string            `json:"path"`
+	FileExtension string            `json:"fileExtension"`
+	Headers       []HeaderDefiniton `json:"headers"`
+}
+
+// HeaderDefiniton is a key value pair of a specified header rule
+type HeaderDefiniton struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
+
+var headerConfigs HeaderConfigArray
+
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		return false
+	}
+	return !info.IsDir()
+}
+
+func logHeaderConfig(config HeaderConfig) {
+	fmt.Println("Path: " + config.Path)
+	fmt.Println("FileExtension: " + config.FileExtension)
+
+	for j := 0; j < len(config.Headers); j++ {
+		headerRule := config.Headers[j]
+		fmt.Println(headerRule.Key, ":", headerRule.Value)
+	}
+
+	fmt.Println("------------------------------")
+}
+
+func initHeaderConfig() bool {
+	headerConfigValid := false
+
+	if fileExists("/config/headerConfig.json") {
+		jsonFile, err := os.Open("/config/headerConfig.json")
+		if err != nil {
+			fmt.Println("Cant't read header config file. Error:")
+			fmt.Println(err)
+		} else {
+			byteValue, _ := ioutil.ReadAll(jsonFile)
+
+			json.Unmarshal(byteValue, &headerConfigs)
+
+			if len(headerConfigs.Configs) > 0 {
+				headerConfigValid = true
+				fmt.Println("Found header config file. Rules:")
+				fmt.Println("------------------------------")
+
+				for i := 0; i < len(headerConfigs.Configs); i++ {
+					configEntry := headerConfigs.Configs[i]
+					logHeaderConfig(configEntry)
+				}
+			} else {
+				fmt.Println("No rules found in header config file.")
+			}
+
+		}
+		jsonFile.Close()
+	}
+
+	return headerConfigValid
+}
+
+func customHeadersMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		reqFileExtension := filepath.Ext(r.URL.Path)
+
+		for i := 0; i < len(headerConfigs.Configs); i++ {
+			configEntry := headerConfigs.Configs[i]
+
+			fileMatch := configEntry.FileExtension == "*" || reqFileExtension == "."+configEntry.FileExtension
+			pathMatch := configEntry.Path == "*" || strings.HasPrefix(r.URL.Path, configEntry.Path)
+
+			if fileMatch && pathMatch {
+				for j := 0; j < len(configEntry.Headers); j++ {
+					headerEntry := configEntry.Headers[j]
+					w.Header().Set(headerEntry.Key, headerEntry.Value)
+				}
+			}
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}

docs/header-config.md

@@ -0,0 +1,74 @@
+# Header Config
+
+With the header config, you can specify custom [HTTP Header](https://developer.mozilla.org/de/docs/Web/HTTP/Headers) for the responses of certain file types and paths.
+
+## Config
+
+You have to create a JSON file that serves as a config. The JSON must contain a `configs` array. For every entry, you can specify a certain path that must be matched as well as a file extension. You can use the `*` symbol to use the config entry for any path or filename. Note that the path option only matches the requested path from the start. Thatswhy you have to start with a `/` and can use paths like `/files/static/css`. The `headers` array includes a key-value pair of the actual header rule. The headers are not parsed so double check your spelling and test your site.
+
+The created JSON config has to be mounted into the container via a volume into `/config/headerConfig.json`. When this file does not exist inside the container, the header middleware will not be active.
+
+Example command to add to the docker run command:
+
+```
+-v /your/path/to/the/config/myConfig.json:/config/headerConfig.json
+```
+
+On startup, the container will log the found header rules.
+
+## Example headerConfig.json
+
+```json
+{
+  "configs": [
+    {
+      "path": "*",
+      "fileExtension": "html",
+      "headers": [
+        {
+          "key": "cache-control",
+          "value": "public, max-age=0, must-revalidate"
+        },
+        {
+          "key": "Strict-Transport-Security",
+          "value": "max-age=31536000; includeSubDomains;"
+        }
+      ]
+    },
+    {
+      "path": "*",
+      "fileExtension": "css",
+      "headers": [
+        {
+          "key": "cache-control",
+          "value": "public, max-age=31536000, immutable"
+        }
+      ]
+    },
+    {
+      "path": "/page-data",
+      "fileExtension": "json",
+      "headers": [
+        {
+          "key": "cache-control",
+          "value": "public, max-age=0, must-revalidate"
+        },
+        {
+          "key": "content-language",
+          "value": "en"
+        }
+      ]
+    },
+    {
+      "path": "/static/",
+      "fileExtension": "*",
+      "headers": [
+        {
+          "key": "cache-control",
+          "value": "public, max-age=31536000, immutable"
+        }
+      ]
+    }
+  ]
+}
+```

main.go

@@ -80,6 +80,7 @@ func handleReq(h http.Handler) http.Handler {
 		if *logRequest {
 			log.Println(r.Method, r.URL.Path)
 		}
+
 		h.ServeHTTP(w, r)
 	})
 }
@@ -122,6 +123,11 @@ func main() {
 		handler = authMiddleware(handler)
 	}
 
+	headerConfigValid := initHeaderConfig()
+	if headerConfigValid {
+		handler = customHeadersMiddleware(handler)
+	}
+
 	// Extra headers.
 	if len(*headerFlag) > 0 {
 		header, headerValue := parseHeaderFlag(*headerFlag)