golang static service hidden

When using Go language to develop projects or services, we sometimes need to provide static files or resources in the project, such as style sheets, pictures, HTML files, etc. However, while providing these resources, we do not want to expose these files to the public network as this may cause some security issues. So, in this article, we will explore how to use Go language to serve static files or resources and hide them.

Traditional method

In the traditional method, we can serve static files or resources by reading the paths of static files or resources in the program and sending these paths to the browser. resource. This process often includes the following steps:

1. Create a route processor.
2. Parse the request path and map it to a local file path.
3. If the file exists, open it and send it to the browser.
4. If the file does not exist, return 404 error code.

The disadvantage of this method is that when the file is accessed, the full file path will be exposed in the browser's address bar. This security flaw may lead to vulnerabilities because attackers can obtain path information from the browser to launch attacks.

Hide files

In order to hide the file directory, we can use the FileServer function in the built-in net/http package of Go language. The FileServer function can access the local file system directory and return the file content, and also automatically handles HTTP requests and so on. To use the FileServer function, we first need to create a new route processor and map it to our file server:

func main() {
    http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
    http.ListenAndServe(":8080", nil)
}

where /static/ is the virtual directory we want to use, and static is the local file The actual directory in the system. Using the http.StripPrefix() function can help us remove the path prefix of static files. The http.FileServer() function creates a new file server instance.

File path

When using this method, the path displayed on the browser will only show the virtual directory we set. In this way, our file directory can be hidden. For example, for a file called test.html, if we place it in the /static directory of the local file system, then it will be accessible through http://localhost:8080/static/test.html.

Use gzip compression

In addition to hiding file paths, we can also use gzip compression technology to further improve performance. By using gzip compression, we can reduce the file size sent to the client, thus improving loading speed and client response time. To use gzip compression, we need to add some code to the route processor:

func main() {
    staticHandler := http.StripPrefix("/static/", http.FileServer(http.Dir("static")))
    http.Handle("/static/", gzipFileServer(staticHandler))
    http.ListenAndServe(":8080", nil)
}

func gzipFileServer(handler http.Handler) http.HandlerFunc {
    return func(w http.ResponseWriter, r *http.Request) {
        if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
            w.Header().Set("Content-Encoding", "gzip")
            gz := gzip.NewWriter(w)
            defer gz.Close()
            gzr := gzipResponseWriter{Writer: gz, ResponseWriter: w}
            handler.ServeHTTP(gzr, r)
            return
        }
        handler.ServeHTTP(w, r)
    }
}

type gzipResponseWriter struct {
    io.Writer
    http.ResponseWriter
}

func (w gzipResponseWriter) Write(b []byte) (int, error) {
    return w.Writer.Write(b)
}

This route processor is still similar to the previous one, except that we use a new gzipFileServer function to handle the request. In it, we parse the Accept-Encoding field in the request header and, if it contains gzip, process the file using gzip compression. Otherwise, we will use the original file for processing.

When the compression is completed, we need to set the Content-Encoding in the response header to gzip to ensure that the client can correctly decompress the response.

In fact, this is just a simple example. In practice, we need to integrate the above code into our own service and conduct more testing and optimization.

Summary

By using the FileServer function provided by the Go language, we can hide static files or resources to protect their security. In addition, we can also use gzip compression technology to improve performance. These technologies can help us build more secure and efficient static files or resource services, and they are all very practical skills when developing using the Go language.

The above is the detailed content of golang static service hidden. For more information, please follow other related articles on the PHP Chinese website!