refactor(server): use the decorator to control the CSP

nakrovati · nakrovati · commit d0f6a22bf697 · 2024-09-03T16:27:21.000+04:00
diff --git a/server/app.ts b/server/app.ts
@@ -9,6 +9,7 @@ import { Readable } from "node:stream";
 import zlib from "node:zlib";
 import { responseSizeRouter } from "./src/responseSize/responseSizeRouter.js";
 import { createResponseSizeDecorator } from "./src/responseSize/responseSizeDecorator.js";
+import { createCSPDecorator } from "./src/csp/cspDecorator.js";
 
 /**
  * Builds the server but does not start it. Need it for testing API
@@ -25,6 +26,7 @@ function buildServer(options: FastifyServerOptions = {}) {
     },
   });
 
+  fastify.decorate("csp", createCSPDecorator());
   fastify.decorate("responseSize", createResponseSizeDecorator());
 
   fastify.addHook("onSend", async function (request, reply, payload) {
diff --git a/server/src/csp/cspControllers.ts b/server/src/csp/cspControllers.ts
@@ -1,15 +1,15 @@
 import { FastifyReply, FastifyRequest } from "fastify";
 
-const violations: string[] = [];
-let isCSPEnabled = false;
-
 export function getCSP(request: FastifyRequest, reply: FastifyReply) {
+  const { violations } = request.server.csp;
+
   console.log("CSP violations recorded for", violations);
   reply.send(violations);
 }
 
 export function addCSP(request: FastifyRequest, reply: FastifyReply) {
   const { body } = request;
+  const { violations } = request.server.csp;
 
   console.log("/CSP", body);
 
@@ -27,16 +27,15 @@ export function addCSP(request: FastifyRequest, reply: FastifyReply) {
 
 export function enableCSP(request: FastifyRequest, reply: FastifyReply) {
   console.log("/enableCSP");
-  violations.length = 0;
-  isCSPEnabled = true;
+
+  request.server.csp.violations.length = 0;
+  request.server.csp.isEnabled = true;
   reply.send("OK");
 }
 
 export function disableCSP(request: FastifyRequest, reply: FastifyReply) {
   console.log("/disableCSP");
-  violations.length = 0;
-  isCSPEnabled = false;
+  request.server.csp.violations.length = 0;
+  request.server.csp.isEnabled = false;
   reply.send("OK");
 }
-
-export { isCSPEnabled };
diff --git a/server/src/csp/cspDecorator.ts b/server/src/csp/cspDecorator.ts
@@ -0,0 +1,6 @@
+export function createCSPDecorator() {
+  return {
+    isEnabled: false,
+    violations: [] as string[],
+  };
+}
diff --git a/server/src/fastify.d.ts b/server/src/fastify.d.ts
@@ -1,7 +1,9 @@
 import { createResponseSizeDecorator } from "./responseSize/responseSizeDecorator.js";
+import { createCSPDecorator } from "./csp/cspDecorator.js";
 
 declare module "fastify" {
   interface FastifyInstance {
     responseSize: ReturnType<typeof createResponseSizeDecorator>;
+    csp: ReturnType<typeof createCSPDecorator>;
   }
 }
diff --git a/server/src/static/staticRouter.ts b/server/src/static/staticRouter.ts
@@ -2,7 +2,6 @@ import fastifyStatic from "@fastify/static";
 import path from "node:path";
 import { cwd } from "node:process";
 
-import { isCSPEnabled } from "../csp/cspControllers.js";
 import { frameworksDirectory } from "../config/directories.js";
 import { generateAndServeIndex } from "../frameworks/frameworksControllers.js";
 import { FastifyInstance } from "fastify";
@@ -14,7 +13,7 @@ async function routes(fastify: FastifyInstance) {
     root: frameworksDirectory,
     prefix: "/frameworks",
     setHeaders: (res, path) => {
-      if (isCSPEnabled && path.endsWith("index.html")) {
+      if (fastify.csp.isEnabled && path.endsWith("index.html")) {
         res.setHeader("Content-Security-Policy", "default-src 'self'; report-uri /csp");
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,9 @@`
`1`	`1`	`import { createResponseSizeDecorator } from "./responseSize/responseSizeDecorator.js";`
	`2`	`+import { createCSPDecorator } from "./csp/cspDecorator.js";`
`2`	`3`
`3`	`4`	`declare module "fastify" {`
`4`	`5`	`interface FastifyInstance {`
`5`	`6`	`responseSize: ReturnType<typeof createResponseSizeDecorator>;`
	`7`	`+ csp: ReturnType<typeof createCSPDecorator>;`
`6`	`8`	`}`
`7`	`9`	`}`