mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-23 20:18:00 +01:00
USe compile-time environment checks
This commit is contained in:
Liam
parent
70cde5d4b2
commit
852f870ccf
6 changed files with 32 additions and 23 deletions
|
|
@ -72,6 +72,12 @@ config :philomena, PhilomenaWeb.Endpoint,
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# Relax CSP rules in development
|
||||||
|
config :philomena, csp_relaxed: true
|
||||||
|
|
||||||
|
# Enable Vite HMR
|
||||||
|
config :philomena, vite_reload: true
|
||||||
|
|
||||||
# Do not include metadata nor timestamps in development logs
|
# Do not include metadata nor timestamps in development logs
|
||||||
config :logger, :console, format: "[$level] $message\n"
|
config :logger, :console, format: "[$level] $message\n"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -134,22 +134,10 @@ if config_env() == :prod do
|
||||||
url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
|
url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
|
||||||
secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
|
secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
|
||||||
server: not is_nil(System.get_env("START_ENDPOINT"))
|
server: not is_nil(System.get_env("START_ENDPOINT"))
|
||||||
|
|
||||||
# Do not relax CSP in production
|
|
||||||
config :philomena, csp_relaxed: false
|
|
||||||
|
|
||||||
# Disable Vite HMR in prod
|
|
||||||
config :philomena, vite_reload: false
|
|
||||||
else
|
else
|
||||||
# Don't send email in development
|
# Don't send email in development
|
||||||
config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
|
config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
|
||||||
|
|
||||||
# Use this to debug slime templates
|
# Use this to debug slime templates
|
||||||
# config :slime, :keep_lines, true
|
# config :slime, :keep_lines, true
|
||||||
|
|
||||||
# Relax CSP rules in development and test servers
|
|
||||||
config :philomena, csp_relaxed: true
|
|
||||||
|
|
||||||
# Enable Vite HMR
|
|
||||||
config :philomena, vite_reload: true
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
12
lib/philomena_web/config.ex
Normal file
12
lib/philomena_web/config.ex
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
defmodule PhilomenaWeb.Config do
|
||||||
|
@reload_enabled Application.compile_env(:philomena, :vite_reload, false)
|
||||||
|
@csp_relaxed Application.compile_env(:philomena, :csp_relaxed, false)
|
||||||
|
|
||||||
|
defmacro vite_hmr?(do: do_clause, else: else_clause) do
|
||||||
|
if(@reload_enabled, do: do_clause, else: else_clause)
|
||||||
|
end
|
||||||
|
|
||||||
|
defmacro csp_relaxed?(do: do_clause, else: else_clause) do
|
||||||
|
if(@csp_relaxed, do: do_clause, else: else_clause)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||||
|
import PhilomenaWeb.Config
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
|
||||||
@allowed_sources [
|
@allowed_sources [
|
||||||
|
|
@ -42,13 +43,17 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||||
|> Enum.map(&cspify_element/1)
|
|> Enum.map(&cspify_element/1)
|
||||||
|> Enum.join("; ")
|
|> Enum.join("; ")
|
||||||
|
|
||||||
if conn.status == 500 and allow_relaxed_csp() do
|
csp_relaxed? do
|
||||||
|
if conn.status == 500 do
|
||||||
# Allow Plug.Debugger to function in this case
|
# Allow Plug.Debugger to function in this case
|
||||||
delete_resp_header(conn, "content-security-policy")
|
delete_resp_header(conn, "content-security-policy")
|
||||||
else
|
else
|
||||||
# Enforce CSP otherwise
|
# Enforce CSP otherwise
|
||||||
put_resp_header(conn, "content-security-policy", csp_value)
|
put_resp_header(conn, "content-security-policy", csp_value)
|
||||||
end
|
end
|
||||||
|
else
|
||||||
|
put_resp_header(conn, "content-security-policy", csp_value)
|
||||||
|
end
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -64,14 +69,13 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||||
|
|
||||||
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
|
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
|
||||||
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
|
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
|
||||||
defp vite_reload?, do: Application.get_env(:philomena, :vite_reload)
|
|
||||||
|
|
||||||
defp default_script_src, do: if(vite_reload?(), do: "'self' localhost:5173", else: "'self'")
|
defp default_script_src, do: vite_hmr?(do: "'self' localhost:5173", else: "'self'")
|
||||||
|
|
||||||
defp default_connect_src,
|
defp default_connect_src,
|
||||||
do: if(vite_reload?(), do: "'self' localhost:5173 ws://localhost:5173", else: "'self'")
|
do: vite_hmr?(do: "'self' localhost:5173 ws://localhost:5173", else: "'self'")
|
||||||
|
|
||||||
defp default_style_src, do: if(vite_reload?(), do: "'self' 'unsafe-inline'", else: "'self'")
|
defp default_style_src, do: vite_hmr?(do: "'self' 'unsafe-inline'", else: "'self'")
|
||||||
|
|
||||||
defp to_uri(host) when host in [nil, ""], do: ""
|
defp to_uri(host) when host in [nil, ""], do: ""
|
||||||
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
|
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
|
||||||
|
|
@ -84,6 +88,4 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||||
|
|
||||||
Enum.join([key | value], " ")
|
Enum.join([key | value], " ")
|
||||||
end
|
end
|
||||||
|
|
||||||
defp allow_relaxed_csp, do: Application.get_env(:philomena, :csp_relaxed, false)
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ html lang="en"
|
||||||
meta name="format-detection" content="telephone=no"
|
meta name="format-detection" content="telephone=no"
|
||||||
= csrf_meta_tag()
|
= csrf_meta_tag()
|
||||||
|
|
||||||
= if vite_reload?() do
|
= vite_hmr? do
|
||||||
script type="module" src="http://localhost:5173/@vite/client"
|
script type="module" src="http://localhost:5173/@vite/client"
|
||||||
script type="module" src="http://localhost:5173/js/app.js"
|
script type="module" src="http://localhost:5173/js/app.js"
|
||||||
- else
|
- else
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
defmodule PhilomenaWeb.LayoutView do
|
defmodule PhilomenaWeb.LayoutView do
|
||||||
use PhilomenaWeb, :view
|
use PhilomenaWeb, :view
|
||||||
|
|
||||||
|
import PhilomenaWeb.Config
|
||||||
alias PhilomenaWeb.ImageView
|
alias PhilomenaWeb.ImageView
|
||||||
alias Philomena.Config
|
alias Philomena.Config
|
||||||
alias Plug.Conn
|
alias Plug.Conn
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue