pluginkit, route:before hook

Signed-off-by: Bruno Meilick <b@bnomei.com>
bnomei · Feb 6, 2019 · f58dbc3 · f58dbc3
1 parent c96ee59
commit f58dbc3
Show file tree

Hide file tree

Showing 21 changed files with 1,608 additions and 754 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,22 @@
+[*.{css,scss,less,js,json,ts,sass,html,hbs,mustache,phtml,html.twig,md,yml}]
+charset = utf-8
+indent_style = space
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false
+
+[site/templates/**.php]
+indent_size = 2
+
+[site/snippets/**.php]
+indent_size = 2
+
+[package.json,.{babelrc,editorconfig,eslintrc,lintstagedrc,stylelintrc}]
+indent_style = space
+indent_size = 2
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,24 @@
-vendor/
-/kirby3-security-headers.zip
-/kirby
+# OS files
+.DS_Store
+.php_cs.cache
+
+# files of Composer dependencies that are not needed for the plugin
+/vendor/**/.*
+/vendor/**/*.json
+/vendor/**/*.txt
+/vendor/**/*.md
+/vendor/**/*.yml
+/vendor/**/*.yaml
+/vendor/**/*.xml
+/vendor/**/*.dist
+/vendor/**/readme.php
+/vendor/**/LICENSE
+/vendor/**/COPYING
+/vendor/**/VERSION
+/vendor/**/docs/*
+/vendor/**/example/*
+/vendor/**/examples/*
+/vendor/**/test/*
+/vendor/**/tests/*
+/vendor/**/php4/*
+/vendor/getkirby/composer-installer
diff --git a/classes/SecurityHeaders.php b/classes/SecurityHeaders.php
@@ -2,6 +2,8 @@
 
 namespace Bnomei;
 
+use Phpcsp\Security\ContentSecurityPolicyHeaderBuilder;
+
 class SecurityHeaders
 {
     private static function enabled()
@@ -52,4 +54,46 @@ private static function isLocalhost()
     {
         return in_array($_SERVER['REMOTE_ADDR'], array( '127.0.0.1', '::1' ));
     }
+
+    public static function apply() {
+        // https://github.com/Martijnc/php-csp
+
+        $policy = new ContentSecurityPolicyHeaderBuilder();
+
+        $csp = option('bnomei.securityheaders.csp', []);
+        if (!$csp) {
+            $sourcesetID = kirby()->site()->title()->value();
+            $policy->defineSourceSet($sourcesetID, [kirby()->site()->url()]);
+
+            $directives = [
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_DEFAULT_SRC,
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_STYLE_SRC,
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_SCRIPT_SRC,
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_IMG_SRC,
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_FONT_SRC,
+                ContentSecurityPolicyHeaderBuilder::DIRECTIVE_CONNECT_SRC,
+            ];
+            foreach ($directives as $d) {
+                $policy->addSourceSet($d, $sourcesetID);
+            }
+        } elseif (is_callable($csp)) {
+            $policy = $csp($policy);
+        }
+
+        $nc = ['loadjs.min.js', 'loadjs.min.js-fn', 'webfontloader.js']; // https://github.com/bnomei/kirby3-htmlhead
+        $nc = array_merge($nc, option('bnomei.securityheaders.nonces', []));
+        foreach ($nc as $id) {
+            $nonceArr = [$id, time(), \filemtime(__FILE__), kirby()->roots()->assets()];
+            shuffle($nonceArr);
+            $nonce = 'nonce-'.base64_encode(sha1(implode('', $nonceArr)));
+            static::nonce($id, $nonce);
+            $policy->addNonce(ContentSecurityPolicyHeaderBuilder::DIRECTIVE_SCRIPT_SRC, $nonce);
+        }
+        foreach (option('bnomei.securityheaders.hashes', []) as $h) {
+            $policy->addHash(ContentSecurityPolicyHeaderBuilder::HASH_SHA_256, $h);
+            // hash(ContentSecurityPolicyHeaderBuilder::HASH_SHA_256, $script, true)
+        }
+
+        static::headers($policy->getHeaders(true));
+    }
 }
diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "bnomei/kirby3-security-headers",
-    "type": "plugin",
-    "version": "1.0.4",
+    "type": "kirby-plugin",
+    "version": "1.1.1",
     "license": "MIT",
     "description": "Kirby 3 Plugin for easier Security Headers setup",
     "authors": [
@@ -18,12 +18,7 @@
         "security-headers",
         "csp"
     ],
-    "suggest": {
-    },
     "autoload": {
-        "files": [
-            "config.php"
-        ],
         "psr-4": {
             "Bnomei\\": "classes/"
         }
@@ -32,28 +27,9 @@
         "optimize-autoloader": true,
         "sort-packages": true
     },
-    "repositories": [
-        {
-            "type": "vcs",
-            "url": "https://github.com/k-next/kirby"
-        }
-    ],
     "require": {
         "php": ">=7.1.0",
         "Martijnc/php-csp": "^1.0",
-        "getkirby/cms": "^3.0.0-RC-2.0"
-    },
-    "conflict": {
-        "getkirby/kirby": "<3.0"
-    },
-    "scripts": {
-        "zip": [
-            "rm kirby3-security-headers.zip",
-            "composer install --no-dev",
-            "composer remove getkirby/cms",
-            "composer dumpautoload -o",
-            "zip -r kirby3-security-headers.zip . -x *.git*",
-            "composer require getkirby/cms:'^3.0.0-RC-2.0'"
-        ]
+        "getkirby/composer-installer": "^1.1"
     }
 }