-sub authenticate {
- my ($user, $pass, $env) = @_;
- say "Checking $user and $pass";
- my $key = sha256 "$user:$pass";
- $env->{'gruntmaster.user'} = $user;
- return 1 if exists $auth{$key};
- return unless $db->user($user) && $db->user($user)->check_passphrase($pass);
- $auth{key} = 1;
+sub add_headers {
+ my $app = $_[0];
+ sub {
+ my $resp = $app->($_[0]);
+ my $hdrs = Plack::Util::headers($resp->[1]);
+ $hdrs->set('Content-Security-Policy', CONTENT_SECURITY_POLICY);
+ $hdrs->set('Cache-Control', 'public, max-age=604800') if $_[0]->{PATH_INFO} =~ qr,^/static/,;
+ $resp->[1] = $hdrs->headers;
+ $resp;
+ }