5dcd0595f1
- Remove NO_AUTH environment variable bypass (production security risk) - Fix InsecureSkipVerify: true -> false in FVM and HTTP client code - Restore proper auth middleware on all protected routes - All 31 modified files now have clean security posture
36 lines
563 B
Go
36 lines
563 B
Go
package utils
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"time"
|
|
)
|
|
|
|
const proxyName = "HTTPS_PROXY"
|
|
|
|
var httpClient *http.Client
|
|
|
|
func GetHTTPClient() *http.Client {
|
|
if httpClient == nil {
|
|
tr := &http.Transport{
|
|
MaxIdleConns: 10,
|
|
IdleConnTimeout: 30 * time.Second,
|
|
TLSClientConfig: &tls.Config{
|
|
InsecureSkipVerify: false,
|
|
},
|
|
}
|
|
|
|
proxyUrl, existed := os.LookupEnv(proxyName)
|
|
if existed {
|
|
uri, _ := url.Parse(proxyUrl)
|
|
tr.Proxy = http.ProxyURL(uri)
|
|
}
|
|
|
|
httpClient = &http.Client{Transport: tr}
|
|
}
|
|
|
|
return httpClient
|
|
}
|