better http server settings

klice.go

@@ -8,6 +8,7 @@ import (
 	"html/template"
 	"net/http"
 	"strings"
+	"time"
 
 	_ "github.com/mattn/go-sqlite3"
 )
@@ -66,7 +67,7 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 	case http.MethodGet:
-		http.ServeFile(w, r, "templates/login.html")
+		http.ServeFileFS(w, r, templatesFS, "templates/login.html")
 	default:
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 	}
@@ -146,8 +147,8 @@ func teamInfoHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func qrHandler(w http.ResponseWriter, r *http.Request) {
-	uid, found := strings.CutPrefix(r.URL.Path, "/qr/")
+	uid := r.PathValue("qr")
-	if !found || uid == "" {
+	if uid == "" {
 		http.Error(w, "Invalid QR code", http.StatusBadRequest)
 		return
 	}
@@ -343,7 +344,7 @@ func main() {
 	http.HandleFunc("/login", loginHandler)
 	http.HandleFunc("/logout", logoutHandler)
 	http.HandleFunc("/team", teamInfoHandler)
-	http.HandleFunc("/qr/", qrHandler)
+	http.HandleFunc("/qr/{qr...}", qrHandler)
 	// admin app
 	http.HandleFunc("/admin/login", adminLoginHandler)
 	http.HandleFunc("/admin/logout", adminLogoutHandler)
@@ -360,6 +361,15 @@ func main() {
 	// static files
 	http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
 
+	srv := &http.Server{
+		Addr:           ":8080",
+		Handler:        nil,
+		ReadTimeout:    10 * time.Second, // zabrání Slowloris útokům
+		WriteTimeout:   15 * time.Second, // omezení dlouhých odpovědí
+		IdleTimeout:    60 * time.Second, // ukončení nečinných spojení
+		MaxHeaderBytes: 1 << 20,          // max. 1 MB hlavičky
+	}
+
 	fmt.Println("Server started at :8080")
-	http.ListenAndServe(":8080", nil)
+	srv.ListenAndServe()
 }

templates.go

@@ -1,9 +1,13 @@
 package main
 
 import (
+	"embed"
 	"html/template"
 )
 
+//go:embed templates/*.html
+var templatesFS embed.FS
+
 type CipherTemplateS struct {
 	ID           int
 	Order        uint
@@ -86,12 +90,12 @@ type AdminPenaltiesTemplateS struct {
 	Minutes   int
 }
 
-var CipherTemplate = template.Must(template.ParseFiles("templates/assignment.html"))
+var CipherTemplate = template.Must(template.ParseFS(templatesFS, "templates/assignment.html"))
-var TeamTemplate = template.Must(template.ParseFiles("templates/team.html"))
+var TeamTemplate = template.Must(template.ParseFS(templatesFS, "templates/team.html"))
-var AdminTeamsTemplate = template.Must(template.ParseFiles("templates/adminTeams.html"))
+var AdminTeamsTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminTeams.html"))
-var AdminRoutesTemplate = template.Must(template.ParseFiles("templates/adminRoutes.html"))
+var AdminRoutesTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminRoutes.html"))
-var AdminLevelTemplate = template.Must(template.ParseFiles("templates/adminLevels.html"))
+var AdminLevelTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminLevels.html"))
-var AdminCipherTemplate = template.Must(template.ParseFiles("templates/adminCiphers.html"))
+var AdminCipherTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminCiphers.html"))
-var AdminPositionsTemplate = template.Must(template.ParseFiles("templates/adminPositions.html"))
+var AdminPositionsTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminPositions.html"))
-var AdminQRsTemplate = template.Must(template.ParseFiles("templates/adminQR.html"))
+var AdminQRsTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminQR.html"))
-var AdminPenaltiesTemplate = template.Must(template.ParseFiles("templates/adminPenalties.html"))
+var AdminPenaltiesTemplate = template.Must(template.ParseFS(templatesFS, "templates/adminPenalties.html"))