ts: lib/csp.js

a60814billy · a60814billy · commit f532cb4fa07a · 2021-06-12T12:08:35.000+08:00
diff --git a/lib/csp.ts b/lib/csp.ts
@@ -1,5 +1,5 @@
-var config = require('./config')
-var uuid = require('uuid')
+import * as config from "./config";
+import * as uuid from "uuid";
 
 var CspStrategy = {}
 
@@ -52,7 +52,7 @@ CspStrategy.computeDirectives = function () {
   return directives
 }
 
-function mergeDirectives (existingDirectives, newDirectives) {
+function mergeDirectives(existingDirectives, newDirectives) {
   for (var propertyName in newDirectives) {
     var newDirective = newDirectives[propertyName]
     if (newDirective) {
@@ -62,36 +62,36 @@ function mergeDirectives (existingDirectives, newDirectives) {
   }
 }
 
-function mergeDirectivesIf (condition, existingDirectives, newDirectives) {
+function mergeDirectivesIf(condition, existingDirectives, newDirectives) {
   if (condition) {
     mergeDirectives(existingDirectives, newDirectives)
   }
 }
 
-function areAllInlineScriptsAllowed (directives) {
+function areAllInlineScriptsAllowed(directives) {
   return directives.scriptSrc.indexOf('\'unsafe-inline\'') !== -1
 }
 
-function addInlineScriptExceptions (directives) {
+function addInlineScriptExceptions(directives) {
   directives.scriptSrc.push(getCspNonce)
   // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
   // Any more clean solution appreciated.
   directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')
 }
 
-function getCspNonce (req, res) {
+function getCspNonce(req, res) {
   return "'nonce-" + res.locals.nonce + "'"
 }
 
-function addUpgradeUnsafeRequestsOptionTo (directives) {
+function addUpgradeUnsafeRequestsOptionTo(directives) {
   if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
     directives.upgradeInsecureRequests = true
   } else if (config.csp.upgradeInsecureRequests === true) {
     directives.upgradeInsecureRequests = true
   }
 }
 
-function addReportURI (directives) {
+function addReportURI(directives) {
   if (config.csp.reportURI) {
     directives.reportUri = config.csp.reportURI
   }
@@ -102,4 +102,4 @@ CspStrategy.addNonceToLocals = function (req, res, next) {
   next()
 }
 
-module.exports = CspStrategy
+export = CspStrategy

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`		`-var config = require('./config')`
`2`		`-var uuid = require('uuid')`
	`1`	`+import * as config from "./config";`
	`2`	`+import * as uuid from "uuid";`
`3`	`3`
`4`	`4`	`var CspStrategy = {}`
`5`	`5`
`@@ -52,7 +52,7 @@ CspStrategy.computeDirectives = function () {`
`52`	`52`	`return directives`
`53`	`53`	`}`
`54`	`54`
`55`		`-function mergeDirectives (existingDirectives, newDirectives) {`
	`55`	`+function mergeDirectives(existingDirectives, newDirectives) {`
`56`	`56`	`for (var propertyName in newDirectives) {`
`57`	`57`	`var newDirective = newDirectives[propertyName]`
`58`	`58`	`if (newDirective) {`
`@@ -62,36 +62,36 @@ function mergeDirectives (existingDirectives, newDirectives) {`
`62`	`62`	`}`
`63`	`63`	`}`
`64`	`64`
`65`		`-function mergeDirectivesIf (condition, existingDirectives, newDirectives) {`
	`65`	`+function mergeDirectivesIf(condition, existingDirectives, newDirectives) {`
`66`	`66`	`if (condition) {`
`67`	`67`	`mergeDirectives(existingDirectives, newDirectives)`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`
`71`		`-function areAllInlineScriptsAllowed (directives) {`
	`71`	`+function areAllInlineScriptsAllowed(directives) {`
`72`	`72`	`return directives.scriptSrc.indexOf('\'unsafe-inline\'') !== -1`
`73`	`73`	`}`
`74`	`74`
`75`		`-function addInlineScriptExceptions (directives) {`
	`75`	`+function addInlineScriptExceptions(directives) {`
`76`	`76`	`directives.scriptSrc.push(getCspNonce)`
`77`	`77`	`// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html`
`78`	`78`	`// Any more clean solution appreciated.`
`79`	`79`	`directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')`
`80`	`80`	`}`
`81`	`81`
`82`		`-function getCspNonce (req, res) {`
	`82`	`+function getCspNonce(req, res) {`
`83`	`83`	`return "'nonce-" + res.locals.nonce + "'"`
`84`	`84`	`}`
`85`	`85`
`86`		`-function addUpgradeUnsafeRequestsOptionTo (directives) {`
	`86`	`+function addUpgradeUnsafeRequestsOptionTo(directives) {`
`87`	`87`	`if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {`
`88`	`88`	`directives.upgradeInsecureRequests = true`
`89`	`89`	`} else if (config.csp.upgradeInsecureRequests === true) {`
`90`	`90`	`directives.upgradeInsecureRequests = true`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`
`94`		`-function addReportURI (directives) {`
	`94`	`+function addReportURI(directives) {`
`95`	`95`	`if (config.csp.reportURI) {`
`96`	`96`	`directives.reportUri = config.csp.reportURI`
`97`	`97`	`}`
`@@ -102,4 +102,4 @@ CspStrategy.addNonceToLocals = function (req, res, next) {`
`102`	`102`	`next()`
`103`	`103`	`}`
`104`	`104`
`105`		`-module.exports = CspStrategy`
	`105`	`+export = CspStrategy`