2023-07-10 18:26:41 +00:00
|
|
|
import * as crypto from "crypto";
|
2023-06-29 17:14:48 +00:00
|
|
|
import type { NextFunction, Request, Response } from "express";
|
2023-12-05 03:07:36 +00:00
|
|
|
import { getJwtCookie } from "./utils/has-jwt-cookie";
|
2023-06-28 20:32:07 +00:00
|
|
|
|
|
|
|
export function setDefaultCsp({
|
|
|
|
res,
|
|
|
|
next,
|
|
|
|
}: {
|
|
|
|
res: Response;
|
|
|
|
next: NextFunction;
|
|
|
|
}) {
|
2023-07-10 18:26:41 +00:00
|
|
|
res.locals.cspNonce = crypto.randomBytes(16).toString("hex");
|
|
|
|
|
2023-06-28 20:32:07 +00:00
|
|
|
res.setHeader(
|
|
|
|
"Content-Security-Policy",
|
2023-07-10 18:26:41 +00:00
|
|
|
`default-src 'self';
|
|
|
|
manifest-src *;
|
|
|
|
connect-src *;
|
2023-11-28 14:56:28 +00:00
|
|
|
img-src * data: blob:;
|
2023-07-10 18:26:41 +00:00
|
|
|
script-src 'self' 'nonce-${res.locals.cspNonce}';
|
|
|
|
style-src 'self' 'unsafe-inline';
|
|
|
|
form-action 'self';
|
|
|
|
base-uri 'self';
|
|
|
|
frame-src *;
|
2023-07-28 20:15:42 +00:00
|
|
|
media-src * data:`.replace(/\s+/g, " "),
|
2023-06-28 20:32:07 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set cache-control headers. If user is logged in, set `private` to prevent storing data in
|
|
|
|
// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
|
2023-06-29 17:33:30 +00:00
|
|
|
// all responses for 5 seconds to reduce load on backend and database. The specific cache
|
2023-06-28 20:32:07 +00:00
|
|
|
// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
|
|
|
|
//
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
|
2023-06-30 14:04:01 +00:00
|
|
|
export function setCacheControl(
|
|
|
|
req: Request,
|
|
|
|
res: Response,
|
2023-07-28 20:15:42 +00:00
|
|
|
next: NextFunction,
|
2023-06-30 14:04:01 +00:00
|
|
|
) {
|
2023-06-30 13:42:09 +00:00
|
|
|
if (process.env.NODE_ENV !== "production") {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
2023-06-30 14:04:19 +00:00
|
|
|
let caching: string;
|
|
|
|
|
2023-06-29 17:14:48 +00:00
|
|
|
if (
|
2023-06-30 13:42:09 +00:00
|
|
|
req.path.match(/\.(js|css|txt|manifest\.webmanifest)\/?$/) ||
|
|
|
|
req.path.includes("/css/themelist")
|
2023-06-29 17:14:48 +00:00
|
|
|
) {
|
|
|
|
// Static content gets cached publicly for a day
|
|
|
|
caching = "public, max-age=86400";
|
2023-06-28 20:32:07 +00:00
|
|
|
} else {
|
2023-12-05 03:07:36 +00:00
|
|
|
if (getJwtCookie(req.headers)) {
|
2023-06-29 17:14:48 +00:00
|
|
|
caching = "private";
|
|
|
|
} else {
|
2023-09-12 19:27:56 +00:00
|
|
|
caching = "public, max-age=60";
|
2023-06-29 17:14:48 +00:00
|
|
|
}
|
2023-06-28 20:32:07 +00:00
|
|
|
}
|
2023-06-29 17:33:30 +00:00
|
|
|
|
2023-06-28 20:32:07 +00:00
|
|
|
res.setHeader("Cache-Control", caching);
|
|
|
|
|
|
|
|
next();
|
|
|
|
}
|