backend-service/internal/middleware/security.go

package middleware

import (
	"github.com/gin-gonic/gin"
)

// SecurityMiddleware adds security headers to responses
func SecurityMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		// Security headers
		c.Header("X-Content-Type-Options", "nosniff")
		c.Header("X-Frame-Options", "DENY")
		c.Header("X-XSS-Protection", "1; mode=block")
		c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
		c.Header("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; manifest-src 'self'")

		// Remove server information
		c.Header("Server", "")

		c.Next()
	}
}

// NoIndexMiddleware adds no-index header for non-production environments
func NoIndexMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Header("X-Robots-Tag", "noindex, nofollow, noarchive, nosnippet")
		c.Next()
	}
}
chore(dependencies): Update project dependencies and middleware packages - Upgrade Go module dependencies to latest versions - Add new middleware packages for CORS, logging, rate limiting, and security - Update go.mod and go.sum with latest package versions - Integrate new middleware components into server configuration - Improve project dependency management and middleware infrastructure 2025-11-06 09:31:51 +00:00			`package middleware`

			`import (`
			`"github.com/gin-gonic/gin"`
			`)`

			`// SecurityMiddleware adds security headers to responses`
			`func SecurityMiddleware() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`// Security headers`
			`c.Header("X-Content-Type-Options", "nosniff")`
			`c.Header("X-Frame-Options", "DENY")`
			`c.Header("X-XSS-Protection", "1; mode=block")`
			`c.Header("Referrer-Policy", "strict-origin-when-cross-origin")`
			`c.Header("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; manifest-src 'self'")`

			`// Remove server information`
			`c.Header("Server", "")`

			`c.Next()`
			`}`
			`}`

			`// NoIndexMiddleware adds no-index header for non-production environments`
			`func NoIndexMiddleware() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`c.Header("X-Robots-Tag", "noindex, nofollow, noarchive, nosnippet")`
			`c.Next()`
			`}`
			`}`