Make it public!

2024-03-16 08:40:24 +00:00
commit a5cafdddca
114 changed files with 9569 additions and 0 deletions
--- a/routes/_middleware.tsx
+++ b/routes/_middleware.tsx
@@ -0,0 +1,73 @@
+import { FreshContext } from 'fresh/server.ts';
+
+import { FreshContextState } from '/lib/types.ts';
+import { getDataFromRequest } from '/lib/auth.ts';
+
+export const handler = [
+  async function handleCors(request: Request, context: FreshContext<FreshContextState>) {
+    if (request.method == 'OPTIONS') {
+      const response = new Response(null, {
+        status: 204,
+      });
+      const origin = request.headers.get('Origin') || '*';
+      const headers = response.headers;
+      headers.set('Access-Control-Allow-Origin', origin);
+      headers.set('Access-Control-Allow-Methods', 'DELETE');
+      return response;
+    }
+
+    const origin = request.headers.get('Origin') || '*';
+    const response = await context.next();
+    const headers = response.headers;
+
+    headers.set('Access-Control-Allow-Origin', origin);
+    headers.set('Access-Control-Allow-Credentials', 'true');
+    headers.set(
+      'Access-Control-Allow-Headers',
+      'Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With',
+    );
+    headers.set(
+      'Access-Control-Allow-Methods',
+      'POST, OPTIONS, GET, PUT, DELETE',
+    );
+    headers.set(
+      'Content-Security-Policy',
+      "default-src 'self'; child-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'",
+    );
+    headers.set('X-Frame-Options', 'DENY');
+    headers.set('X-Content-Type-Options', 'nosniff');
+    headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
+
+    return response;
+  },
+
+  async function handleContextState(request: Request, context: FreshContext<FreshContextState>) {
+    const { user, session } = (await getDataFromRequest(request)) || {};
+
+    if (user) {
+      context.state.user = user;
+    }
+
+    if (session) {
+      context.state.session = session;
+    }
+
+    const response = await context.next();
+
+    return response;
+  },
+
+  async function handleLogging(request: Request, context: FreshContext<FreshContextState>) {
+    const response = await context.next();
+
+    console.info(`${new Date().toISOString()} - ${request.method} ${request.url} [${response.status}]`);
+    if (request.url.includes('/dav/')) {
+      console.info(`Request`, request.headers);
+      console.info((await request.clone().text()) || '<No Body>');
+      console.info(`Response`, response.headers);
+      console.info(`Status`, response.status);
+    }
+
+    return response;
+  },
+];