USe compile-time environment checks

This commit is contained in:
Liam 2024-05-03 21:06:15 -04:00
parent 70cde5d4b2
commit 852f870ccf
6 changed files with 32 additions and 23 deletions

View file

@ -72,6 +72,12 @@ config :philomena, PhilomenaWeb.Endpoint,
]
]
# Relax CSP rules in development
config :philomena, csp_relaxed: true
# Enable Vite HMR
config :philomena, vite_reload: true
# Do not include metadata nor timestamps in development logs
config :logger, :console, format: "[$level] $message\n"

View file

@ -134,22 +134,10 @@ if config_env() == :prod do
url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
server: not is_nil(System.get_env("START_ENDPOINT"))
# Do not relax CSP in production
config :philomena, csp_relaxed: false
# Disable Vite HMR in prod
config :philomena, vite_reload: false
else
# Don't send email in development
config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
# Use this to debug slime templates
# config :slime, :keep_lines, true
# Relax CSP rules in development and test servers
config :philomena, csp_relaxed: true
# Enable Vite HMR
config :philomena, vite_reload: true
end

View file

@ -0,0 +1,12 @@
defmodule PhilomenaWeb.Config do
@reload_enabled Application.compile_env(:philomena, :vite_reload, false)
@csp_relaxed Application.compile_env(:philomena, :csp_relaxed, false)
defmacro vite_hmr?(do: do_clause, else: else_clause) do
if(@reload_enabled, do: do_clause, else: else_clause)
end
defmacro csp_relaxed?(do: do_clause, else: else_clause) do
if(@csp_relaxed, do: do_clause, else: else_clause)
end
end

View file

@ -1,4 +1,5 @@
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
import PhilomenaWeb.Config
import Plug.Conn
@allowed_sources [
@ -42,13 +43,17 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|> Enum.map(&cspify_element/1)
|> Enum.join("; ")
if conn.status == 500 and allow_relaxed_csp() do
csp_relaxed? do
if conn.status == 500 do
# Allow Plug.Debugger to function in this case
delete_resp_header(conn, "content-security-policy")
else
# Enforce CSP otherwise
put_resp_header(conn, "content-security-policy", csp_value)
end
else
put_resp_header(conn, "content-security-policy", csp_value)
end
end)
end
@ -64,14 +69,13 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
defp vite_reload?, do: Application.get_env(:philomena, :vite_reload)
defp default_script_src, do: if(vite_reload?(), do: "'self' localhost:5173", else: "'self'")
defp default_script_src, do: vite_hmr?(do: "'self' localhost:5173", else: "'self'")
defp default_connect_src,
do: if(vite_reload?(), do: "'self' localhost:5173 ws://localhost:5173", else: "'self'")
do: vite_hmr?(do: "'self' localhost:5173 ws://localhost:5173", else: "'self'")
defp default_style_src, do: if(vite_reload?(), do: "'self' 'unsafe-inline'", else: "'self'")
defp default_style_src, do: vite_hmr?(do: "'self' 'unsafe-inline'", else: "'self'")
defp to_uri(host) when host in [nil, ""], do: ""
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
@ -84,6 +88,4 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
Enum.join([key | value], " ")
end
defp allow_relaxed_csp, do: Application.get_env(:philomena, :csp_relaxed, false)
end

View file

@ -20,7 +20,7 @@ html lang="en"
meta name="format-detection" content="telephone=no"
= csrf_meta_tag()
= if vite_reload?() do
= vite_hmr? do
script type="module" src="http://localhost:5173/@vite/client"
script type="module" src="http://localhost:5173/js/app.js"
- else

View file

@ -1,6 +1,7 @@
defmodule PhilomenaWeb.LayoutView do
use PhilomenaWeb, :view
import PhilomenaWeb.Config
alias PhilomenaWeb.ImageView
alias Philomena.Config
alias Plug.Conn