1 files changed, 75 insertions, 0 deletions
diff --git a/echo/tplfuncs/embed_csp.go b/echo/tplfuncs/embed_csp.go
new file mode 100644
index 0000000..44930c4
--- /dev/null
+++ b/echo/tplfuncs/embed_csp.go
@@ -0,0 +1,75 @@
+package tplfuncs
+import (
+        "fmt"
+        "html/template"
+        "io"
+        "io/fs"
+        "path"
+        "code.crute.us/mcrute/golib/echo/middleware"
+        "github.com/labstack/echo/v4"
+)
+type TemplateEmbeder struct {
+        templateStore fs.FS
+}
+func (t *TemplateEmbeder) ConfigureTemplateStore(store fs.FS) {
+        t.templateStore = store
+}
+func (t *TemplateEmbeder) Embed(filename string) ([]byte, error) {
+        if t.templateStore == nil {
+                return nil, fmt.Errorf("EmbedWithCSP: has not been setup with template store")
+        }
+        fd, err := t.templateStore.Open(filename)
+        if err != nil {
+                return nil, err
+        }
+        defer fd.Close()
+        fc, err := io.ReadAll(fd)
+        if err != nil {
+                return nil, err
+        }
+        return fc, nil
+}
+func (t *TemplateEmbeder) EmbedHTML(filename string) (any, error) {
+        d, err := t.Embed(filename)
+        return template.HTML(d), err
+}
+func (t *TemplateEmbeder) embedWithCSP(filename string, c echo.Context) ([]byte, error) {
+        fc, err := t.Embed(filename)
+        if err != nil {
+                return nil, err
+        }
+        csp := &middleware.ContentSecurityPolicyConfig{}
+        switch path.Ext(filename) {
+        case ".js", ".json":
+                csp.ScriptSrc = []middleware.CSPDirective{
+                        middleware.CSPSha256FromBytes(fc),
+                }
+        case ".css":
+                csp.StyleSrc = []middleware.CSPDirective{
+                        middleware.CSPSha256FromBytes(fc),
+                }
+        default:
+                return nil, fmt.Errorf("EmbedWithCSP: file %s can not be embedded", filename)
+        }
+        middleware.ExtendCSP(c, csp)
+        return fc, nil
+}
+func (t *TemplateEmbeder) EmbedJSWithCSP(filename string, c echo.Context) (any, error) {
+        d, err := t.embedWithCSP(filename, c)
+        return template.JS(d), err
+}

diff --git a/echo/tplfuncs/embed_csp.go b/echo/tplfuncs/embed_csp.go new file mode 100644 index 0000000..44930c4 --- /dev/null +++ b/echo/tplfuncs/embed_csp.go
@@ -0,0 +1,75 @@
	1	package tplfuncs
	2
	3	import (
	4	"fmt"
	5	"html/template"
	6	"io"
	7	"io/fs"
	8	"path"
	9
	10	"code.crute.us/mcrute/golib/echo/middleware"
	11
	12	"github.com/labstack/echo/v4"
	13	)
	14
	15	type TemplateEmbeder struct {
	16	templateStore fs.FS
	17	}
	18
	19	func (t *TemplateEmbeder) ConfigureTemplateStore(store fs.FS) {
	20	t.templateStore = store
	21	}
	22
	23	func (t *TemplateEmbeder) Embed(filename string) ([]byte, error) {
	24	if t.templateStore == nil {
	25	return nil, fmt.Errorf("EmbedWithCSP: has not been setup with template store")
	26	}
	27
	28	fd, err := t.templateStore.Open(filename)
	29	if err != nil {
	30	return nil, err
	31	}
	32	defer fd.Close()
	33
	34	fc, err := io.ReadAll(fd)
	35	if err != nil {
	36	return nil, err
	37	}
	38
	39	return fc, nil
	40	}
	41
	42	func (t *TemplateEmbeder) EmbedHTML(filename string) (any, error) {
	43	d, err := t.Embed(filename)
	44	return template.HTML(d), err
	45	}
	46
	47	func (t *TemplateEmbeder) embedWithCSP(filename string, c echo.Context) ([]byte, error) {
	48	fc, err := t.Embed(filename)
	49	if err != nil {
	50	return nil, err
	51	}
	52
	53	csp := &middleware.ContentSecurityPolicyConfig{}
	54	switch path.Ext(filename) {
	55	case ".js", ".json":
	56	csp.ScriptSrc = []middleware.CSPDirective{
	57	middleware.CSPSha256FromBytes(fc),
	58	}
	59	case ".css":
	60	csp.StyleSrc = []middleware.CSPDirective{
	61	middleware.CSPSha256FromBytes(fc),
	62	}
	63	default:
	64	return nil, fmt.Errorf("EmbedWithCSP: file %s can not be embedded", filename)
	65	}
	66
	67	middleware.ExtendCSP(c, csp)
	68
	69	return fc, nil
	70	}
	71
	72	func (t *TemplateEmbeder) EmbedJSWithCSP(filename string, c echo.Context) (any, error) {
	73	d, err := t.embedWithCSP(filename, c)
	74	return template.JS(d), err
	75	}