From 20307a7a24513180ef03f1bc6f5fddfd6640189e Mon Sep 17 00:00:00 2001
From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com>
Date: Fri, 30 Jun 2023 10:18:09 -0400
Subject: [PATCH] split into folder

---
 src/server/index.tsx                          |  3 +-
 .../set-cache-control.ts}                     | 31 ++++++-------------
 src/server/middleware/set-default-csp.ts      | 16 ++++++++++
 3 files changed, 28 insertions(+), 22 deletions(-)
 rename src/server/{middleware.ts => middleware/set-cache-control.ts} (69%)
 create mode 100644 src/server/middleware/set-default-csp.ts

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 458d7f03..91363ebb 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -10,7 +10,8 @@ import SecurityHandler from "./handlers/security-handler";
 import ServiceWorkerHandler from "./handlers/service-worker-handler";
 import ThemeHandler from "./handlers/theme-handler";
 import ThemesListHandler from "./handlers/themes-list-handler";
-import { setCacheControl, setDefaultCsp } from "./middleware";
+import { setCacheControl } from "./middleware/set-cache-control";
+import { setDefaultCsp } from "./middleware/set-default-csp";
 
 const server = express();
 
diff --git a/src/server/middleware.ts b/src/server/middleware/set-cache-control.ts
similarity index 69%
rename from src/server/middleware.ts
rename to src/server/middleware/set-cache-control.ts
index 0420e47e..616a3995 100644
--- a/src/server/middleware.ts
+++ b/src/server/middleware/set-cache-control.ts
@@ -1,20 +1,5 @@
 import type { NextFunction, Request, Response } from "express";
-import { hasJwtCookie } from "./utils/has-jwt-cookie";
-
-export function setDefaultCsp({
-  res,
-  next,
-}: {
-  res: Response;
-  next: NextFunction;
-}) {
-  res.setHeader(
-    "Content-Security-Policy",
-    `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
-  );
-
-  next();
-}
+import { hasJwtCookie } from "../utils/has-jwt-cookie";
 
 // Set cache-control headers. If user is logged in, set `private` to prevent storing data in
 // shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
@@ -22,11 +7,15 @@ export function setDefaultCsp({
 // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
 //
 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
-export function setCacheControl(
-  req: Request,
-  res: Response,
-  next: NextFunction
-) {
+export function setCacheControl({
+  res,
+  req,
+  next,
+}: {
+  res: Response;
+  req: Request;
+  next: NextFunction;
+}) {
   if (process.env.NODE_ENV !== "production") {
     return next();
   }
diff --git a/src/server/middleware/set-default-csp.ts b/src/server/middleware/set-default-csp.ts
new file mode 100644
index 00000000..691036eb
--- /dev/null
+++ b/src/server/middleware/set-default-csp.ts
@@ -0,0 +1,16 @@
+import type { NextFunction, Response } from "express";
+
+export function setDefaultCsp({
+  res,
+  next,
+}: {
+  res: Response;
+  next: NextFunction;
+}) {
+  res.setHeader(
+    "Content-Security-Policy",
+    `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
+  );
+
+  next();
+}