Botanical/BotanSS
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Added CSP support

Browse Source
This commit is contained in:
斟酌 鵬兄 2022-04-09 20:40:34 +08:00
parent 5674f3936c
commit 06635acb72
3 changed files with 79 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dragonfly.js
View File

@ -166,12 +166,12 @@ class Dragonfly
Warning( mesg, visibility ) Warning( mesg, visibility )
{ {
this.Log( mesg, Dragonfly.Spheres.HYDRO, visibility ); this.Log( "\x1b[33m" + mesg + "\x1b[0m", Dragonfly.Spheres.HYDRO, visibility );
} }
Error( mesg, visibility ) Error( mesg, visibility )
{ {
this.Log( mesg, Dragonfly.Spheres.LITHO, visibility ); this.Log( "\x1b[31m" + mesg + "\x1b[0m", Dragonfly.Spheres.LITHO, visibility );
} }
Log( mesg, sphere, visibility ) Log( mesg, sphere, visibility )

76
net/Http.js
View File

@ -5,6 +5,68 @@ const Dragonfly = global.Dragonfly;
const Cookie = cl.load( "botanss.net.components.Cookie" ); const Cookie = cl.load( "botanss.net.components.Cookie" );
class ContentSecurityPolicy
{
constructor()
{
this.sources = {};
}
any()
{
return 0 < Object.keys( this.sources ).length;
}
add( src, scope )
{
this.sources[ src ] ||= {};
this._add( this.sources[ src ], scope, src );
}
_add( s, scope, _name )
{
if( scope.startsWith( "'nonce-" ) && "'unsafe-inline'" in s )
{
Dragonfly.Warning( `Removing 'unsafe-inline' from ${_name} for ${scope}` );
delete s[ "'unsafe-inline'" ];
}
s[ scope ] = true;
}
merge( cspStr )
{
for( let src of cspStr.split( ";" ) )
{
src = src.trim();
if( !src )
continue;
var d = src.indexOf( " " );
var name = src.substr( 0, d );
this.sources[ name ] ||= {};
for( let val of src.substr( d + 1 ).split( " " ) )
{
this.sources[ name ][ val ] = true;
}
}
}
toString()
{
var s = "";
for( let name in this.sources )
{
if( s )
s += " ";
s += `${name} ${Object.keys( this.sources[ name ] ).join( " " )};`;
}
return s;
}
}
class CResponse class CResponse
{ {
constructor( res, Http ) constructor( res, Http )
@ -13,15 +75,29 @@ class CResponse
this.canExit = true; this.canExit = true;
this.statusCode = 200; this.statusCode = 200;
this.contentSecurityPolicy = new ContentSecurityPolicy();
this.headers = { this.headers = {
"Content-Type": "text/html; charset=utf-8" "Content-Type": "text/html; charset=utf-8"
, "Powered-By": "Botanical Framework (Node.js)" , "Powered-By": "Botanical Framework (Node.js)"
, "Content-Security-Policy": this.contentSecurityPolicy
}; };
this.content = ""; this.content = "";
this.cookie = new Cookie( "", Http ); this.cookie = new Cookie( "", Http );
} }
mergeHeader( key, value )
{
switch( key )
{
case "Content-Security-Policy":
this.headers[ key ] = this.headers[ key ] + ' ' + value;
break;
default:
throw new Error( `Merge header not implemented: ${key}` );
}
}
end() end()
{ {
if( this.canExit ) if( this.canExit )

2
package.js
View File

@ -47,7 +47,7 @@ class Package
{ {
global.Dragonfly.Info( `Change detected: ${this.src}, reloading` ); global.Dragonfly.Info( `Change detected: ${this.src}, reloading` );
cluster.worker.disconnect(); cluster.worker.disconnect();
setTimeout( () => process.exit(0), 1000 ).unref(); setTimeout( () => process.exit(0), 3000 ).unref();
} , 200 ); } , 200 );
} }
} }