diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..faee715 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +[*] +indent_style = tab +indent_size = 4 +insert_final_newline = true +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true + +[*.{json,{babel,eslint,stylelint}rc}] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false diff --git a/.eslintrc.js b/.eslintrc.js new file mode 100644 index 0000000..8fc6798 --- /dev/null +++ b/.eslintrc.js @@ -0,0 +1,56 @@ +module.exports = { + env: { + browser: true, + commonjs: true, + es6: true, + node: true + }, + extends: [ + 'xo', + 'xo-react' + ], + parserOptions: { + ecmaFeatures: { + experimentalObjectRestSpread: true, + jsx: true + }, + ecmaVersion:'2017', + sourceType: 'module' + }, + plugins: [ + 'react' + ], + ext: [ + '.js', + '.jsx' + ], + rules: { + 'quotes': ['error', 'single', {'avoidEscape': true}], + 'operator-linebreak': [ + 'error', + 'after', + { + overrides: { + '?': 'before', + ':': 'before' + } + } + ], + 'generator-star-spacing': ['error', 'after'], + 'react/no-danger': 0, + 'react/forbid-component-props': 0, + 'react/no-did-update-set-state': 0, + 'no-floating-decimal': 0, + 'spaced-comment': [ + 'error', + 'always', + { + "markers": [ + ":", + "?:", + "::" + ] + } + ] + } +} diff --git a/index.js b/index.js index f9457b8..0597fc0 100644 --- a/index.js +++ b/index.js @@ -30,24 +30,24 @@ const allowedPolicies = [ * @param policies {object} Policies * @returns {string} */ -function buildCSPString(policies, reportUri){ +function buildCSPString(policies, reportUri) { let cspString = Object.keys(policies).map(policyName => { - if(policies[policyName] === true || policies[policyName].length === 0){ + if (policies[policyName] === true || policies[policyName].length === 0) { return policyName; } return `${policyName} ${policies[policyName].join(' ')}`; }).join('; '); - if(typeof reportUri === 'string'){ + if (typeof reportUri === 'string') { cspString += `; report-uri ${reportUri}`; } return `${cspString};`; } -function csp(params){ +function csp(params) { // params should be an object - if(typeof params !== 'object'){ + if (typeof params !== 'object') { return; } @@ -61,8 +61,8 @@ function csp(params){ // filter disallowed policies let policies = Object.keys(params.policies).reduce((policies, policyName) => { - if(allowedPolicies.indexOf(policyName) > -1){ - if(params.policies[policyName] !== false){ + if (allowedPolicies.indexOf(policyName) > -1) { + if (params.policies[policyName] !== false) { policies[policyName] = params.policies[policyName]; } } @@ -100,15 +100,14 @@ function resolvePreset(presetName) { if (isFullModuleName) { return presetName; - } else { - return `csp-preset-${presetName}`; } + return `csp-preset-${presetName}`; } function requirePreset(presetName) { try { return require(resolvePreset(presetName)); - } catch(err) { + } catch (err) { throw new Error(`CSP preset ${presetName} is not found`); } } @@ -119,7 +118,7 @@ function requirePreset(presetName) { * @param {Object} extension Additional policies * @returns {Object} Extended policies */ -function extendPolicies(original, extension){ +function extendPolicies(original, extension) { const extended = Object.assign(original); Object.keys(extension).forEach(policyName => { @@ -128,9 +127,9 @@ function extendPolicies(original, extension){ if (origPolicy === undefined) { extended[policyName] = extPolicy; - } else if(Array.isArray(extPolicy) && extPolicy.length > 0 && Array.isArray(origPolicy)){ + } else if (Array.isArray(extPolicy) && extPolicy.length > 0 && Array.isArray(origPolicy)) { extPolicy.forEach(rule => { - if(typeof rule === 'string' && origPolicy.indexOf(rule) === -1){ + if (typeof rule === 'string' && origPolicy.indexOf(rule) === -1) { extended[policyName].push(rule); } }); @@ -147,7 +146,7 @@ function extendPolicies(original, extension){ * @param nonceId {string} Nonce param id * @returns {string} Nonce param */ -csp.nonce = function(nonceId){ +csp.nonce = function (nonceId) { return `'nonce-${nonceId}'`; }; @@ -158,4 +157,4 @@ csp.SELF = "'self'"; csp.INLINE = "'unsafe-inline'"; csp.EVAL = "'unsafe-eval'"; -module.exports = csp; \ No newline at end of file +module.exports = csp; diff --git a/test/index.test.js b/test/index.test.js index 00bc816..3d85d6d 100644 --- a/test/index.test.js +++ b/test/index.test.js @@ -16,8 +16,8 @@ test('Empty policies', t => { test('Disallowed policies', t => { const actual = csp({ policies: { - 'script-src': [ 'test.com', csp.SELF ], - 'foo-bar-src': [ 'foo', 'bar' ] + 'script-src': ['test.com', csp.SELF], + 'foo-bar-src': ['foo', 'bar'] } }); const expected = "script-src test.com 'self';"; @@ -27,10 +27,10 @@ test('Disallowed policies', t => { test('report-uri', t => { const actual = csp({ policies: { - 'script-src': [ csp.SELF ] + 'script-src': [csp.SELF] }, 'report-uri': 'https://test.com/cspreport' - }) + }); const expected = "script-src 'self'; report-uri https://test.com/cspreport;"; t.is(actual, expected); }); @@ -80,10 +80,10 @@ test('Presets | resolve', t => { test('Extend | new rule', t => { const actual = csp({ policies: { - 'script-src': [ 'myhost.com' ] + 'script-src': ['myhost.com'] }, extend: { - 'script-src': [ 'additional.host.com' ] + 'script-src': ['additional.host.com'] } }); @@ -93,10 +93,10 @@ test('Extend | new rule', t => { test('Extend | duplicating', t => { const actual = csp({ policies: { - 'script-src': [ 'myhost.com' ] + 'script-src': ['myhost.com'] }, extend: { - 'script-src': [ 'myhost.com' ] + 'script-src': ['myhost.com'] } }); @@ -106,10 +106,10 @@ test('Extend | duplicating', t => { test('Extend | new policy', t => { const actual = csp({ policies: { - 'script-src': [ 'myhost.com' ] + 'script-src': ['myhost.com'] }, extend: { - 'style-src': [ 'newhost.com' ] + 'style-src': ['newhost.com'] } }); @@ -118,7 +118,7 @@ test('Extend | new policy', t => { test('Nonce', t => { const actual = csp.nonce('vg3eer#E4gEbw34gwq3fgqGQWBWQh'); - const expected = "'nonce-vg3eer#E4gEbw34gwq3fgqGQWBWQh'" + const expected = "'nonce-vg3eer#E4gEbw34gwq3fgqGQWBWQh'"; t.is(actual, expected); }); @@ -127,4 +127,4 @@ test('Constants', t => { t.is(csp.INLINE, "'unsafe-inline'"); t.is(csp.EVAL, "'unsafe-eval'"); t.is(csp.NONE, "'none'"); -}); \ No newline at end of file +});