Adding gzip compression for HTTP and Headers for tracker's sec (#181)

Thanks @ViBiOh!
usefathom · Nov 13, 2018 · 40ba2e2 · 40ba2e2
1 parent 21c0f97
commit 40ba2e2
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 0 deletions.
diff --git a/.env.example b/.env.example
@@ -1,3 +1,4 @@
+FATHOM_GZIP=true
 FATHOM_DEBUG=true
 FATHOM_DATABASE_DRIVER="sqlite3"
 FATHOM_DATABASE_NAME="./fathom.db"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,7 @@ services:
       - "8080:8080"
     environment:
       - "FATHOM_SERVER_ADDR=:8080"
+      - "FATHOM_GZIP=true"
       - "FATHOM_DEBUG=false"
       - "FATHOM_DATABASE_DRIVER=mysql"
       - "FATHOM_DATABASE_NAME=fathom"

diff --git a/docs/Configuration.md b/docs/Configuration.md
@@ -13,6 +13,7 @@ fathom --config=/home/john/fathom.env server
 The default configuration looks like this:
 
 ```
+FATHOM_GZIP=true
 FATHOM_DEBUG=true
 FATHOM_DATABASE_DRIVER="sqlite3"
 FATHOM_DATABASE_NAME="./fathom.db"
@@ -29,6 +30,7 @@ FATHOM_SECRET="random-secret-string"
 | :---- | :---| :---
 | FATHOM_DEBUG | `false` | If `true` will write more log messages.
 | FATHOM_SERVER_ADDR | `:8080` | The server address to listen on
+| FATHOM_GZIP | `false` | if `true` will HTTP content gzipped
 | FATHOM_DATABASE_DRIVER | `sqlite3` | The database driver to use: `mysql`, `postgres` or `sqlite3`
 | FATHOM_DATABASE_NAME |  | The name of the database to connect to (or path to database file if using sqlite3)
 | FATHOM_DATABASE_USER |  | Database connection user

diff --git a/docs/Installation instructions.md b/docs/Installation instructions.md
@@ -29,6 +29,7 @@ Then, create a file named `.env` with the following contents.
 
 ```
 FATHOM_SERVER_ADDR=9000
+FATHOM_GZIP=true
 FATHOM_DEBUG=true
 FATHOM_DATABASE_DRIVER="sqlite3"
 FATHOM_DATABASE_NAME="fathom.db"

diff --git a/pkg/api/http.go b/pkg/api/http.go
@@ -63,6 +63,11 @@ func serveFile(box *packr.Box, filename string) Handler {
 			return err
 		}
 
+		// setting security and cache headers
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		w.Header().Set("X-Xss-Protection", "1; mode=block")
+		w.Header().Set("Cache-Control", "max-age=432000") // 5 days
+
 		http.ServeContent(w, r, filename, d.ModTime(), f)
 		return nil
 	}

diff --git a/pkg/cli/server.go b/pkg/cli/server.go
@@ -31,6 +31,12 @@ var serverCmd = cli.Command{
 			Name:   "lets-encrypt",
 		},
 
+		cli.BoolFlag{
+			EnvVar: "FATHOM_GZIP",
+			Name:   "gzip",
+			Usage:  "enable gzip compression",
+		},
+
 		cli.StringFlag{
 			EnvVar: "FATHOM_HOSTNAME",
 			Name:   "hostname",
@@ -57,6 +63,11 @@ func server(c *cli.Context) error {
 		log.SetLevel(log.WarnLevel)
 	}
 
+	// set gzip compression if --gzip was passed
+	if c.Bool("gzip") {
+		h = handlers.CompressHandler(h)
+	}
+
 	// if addr looks like a number, prefix with :
 	addr := c.String("addr")
 	if _, err := strconv.Atoi(addr); err == nil {