blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-05-22 20:49:23 +08:00
Code Issues Projects Releases Wiki Activity

refactor: strengthen HTTPS security and improve code organization

Browse Source 
- Enforce a minimum TLS version of 1.2 for HTTPS servers in RunTLS
- Refactor regular expression variable declarations into a grouped var block

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
This commit is contained in:
Bo-Yi Wu 2025-05-20 17:33:47 +08:00
parent 75ccf94d60
commit b5af779653
No known key found for this signature in database
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
gin.go
View File

@ -5,6 +5,7 @@
package gin package gin
import ( import (
"crypto/tls"
"fmt" "fmt"
"html/template" "html/template"
"net" "net"
@ -41,8 +42,10 @@ var defaultTrustedCIDRs = []*net.IPNet{
}, },
} }
var regSafePrefix = regexp.MustCompile("[^a-zA-Z0-9/-]+") var (
var regRemoveRepeatedChar = regexp.MustCompile("/{2,}") regSafePrefix = regexp.MustCompile("[^a-zA-Z0-9/-]+")
regRemoveRepeatedChar = regexp.MustCompile("/{2,}")
)
// HandlerFunc defines the handler used by gin middleware as return value. // HandlerFunc defines the handler used by gin middleware as return value.
type HandlerFunc func(*Context) type HandlerFunc func(*Context)
@ -515,7 +518,15 @@ func (engine *Engine) RunTLS(addr, certFile, keyFile string) (err error) {
"Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.") "Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.")
} }
err = http.ListenAndServeTLS(addr, certFile, keyFile, engine.Handler()) server := &http.Server{
Addr: addr,
Handler: engine.Handler(),
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS12, // TLS 1.2 or higher
},
}
err = server.ListenAndServeTLS(certFile, keyFile)
return return
} }