diff options
Diffstat (limited to 'echo/tplfuncs/embed_csp.go')
-rw-r--r-- | echo/tplfuncs/embed_csp.go | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/echo/tplfuncs/embed_csp.go b/echo/tplfuncs/embed_csp.go new file mode 100644 index 0000000..44930c4 --- /dev/null +++ b/echo/tplfuncs/embed_csp.go | |||
@@ -0,0 +1,75 @@ | |||
1 | package tplfuncs | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "html/template" | ||
6 | "io" | ||
7 | "io/fs" | ||
8 | "path" | ||
9 | |||
10 | "code.crute.us/mcrute/golib/echo/middleware" | ||
11 | |||
12 | "github.com/labstack/echo/v4" | ||
13 | ) | ||
14 | |||
15 | type TemplateEmbeder struct { | ||
16 | templateStore fs.FS | ||
17 | } | ||
18 | |||
19 | func (t *TemplateEmbeder) ConfigureTemplateStore(store fs.FS) { | ||
20 | t.templateStore = store | ||
21 | } | ||
22 | |||
23 | func (t *TemplateEmbeder) Embed(filename string) ([]byte, error) { | ||
24 | if t.templateStore == nil { | ||
25 | return nil, fmt.Errorf("EmbedWithCSP: has not been setup with template store") | ||
26 | } | ||
27 | |||
28 | fd, err := t.templateStore.Open(filename) | ||
29 | if err != nil { | ||
30 | return nil, err | ||
31 | } | ||
32 | defer fd.Close() | ||
33 | |||
34 | fc, err := io.ReadAll(fd) | ||
35 | if err != nil { | ||
36 | return nil, err | ||
37 | } | ||
38 | |||
39 | return fc, nil | ||
40 | } | ||
41 | |||
42 | func (t *TemplateEmbeder) EmbedHTML(filename string) (any, error) { | ||
43 | d, err := t.Embed(filename) | ||
44 | return template.HTML(d), err | ||
45 | } | ||
46 | |||
47 | func (t *TemplateEmbeder) embedWithCSP(filename string, c echo.Context) ([]byte, error) { | ||
48 | fc, err := t.Embed(filename) | ||
49 | if err != nil { | ||
50 | return nil, err | ||
51 | } | ||
52 | |||
53 | csp := &middleware.ContentSecurityPolicyConfig{} | ||
54 | switch path.Ext(filename) { | ||
55 | case ".js", ".json": | ||
56 | csp.ScriptSrc = []middleware.CSPDirective{ | ||
57 | middleware.CSPSha256FromBytes(fc), | ||
58 | } | ||
59 | case ".css": | ||
60 | csp.StyleSrc = []middleware.CSPDirective{ | ||
61 | middleware.CSPSha256FromBytes(fc), | ||
62 | } | ||
63 | default: | ||
64 | return nil, fmt.Errorf("EmbedWithCSP: file %s can not be embedded", filename) | ||
65 | } | ||
66 | |||
67 | middleware.ExtendCSP(c, csp) | ||
68 | |||
69 | return fc, nil | ||
70 | } | ||
71 | |||
72 | func (t *TemplateEmbeder) EmbedJSWithCSP(filename string, c echo.Context) (any, error) { | ||
73 | d, err := t.embedWithCSP(filename, c) | ||
74 | return template.JS(d), err | ||
75 | } | ||