Merge pull request #1 from Flowpack/fix-path

TASK: fix paths

Author: t-heuser

.gitignore

@@ -0,0 +1,4 @@
+.idea
+composer.lock
+vendor
+Packages

Classes/Command/CspConfigCommandController.php

@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Flowpack\ContentSecurityPolicy\Command;
+
+use Flowpack\ContentSecurityPolicy\Exceptions\InvalidDirectiveException;
+use Flowpack\ContentSecurityPolicy\Factory\PolicyFactory;
+use Flowpack\ContentSecurityPolicy\Model\Nonce;
+use Flowpack\ContentSecurityPolicy\Model\Policy;
+use Neos\Flow\Annotations as Flow;
+use Neos\Flow\Cli\CommandController;
+use Neos\Flow\Cli\Exception\StopCommandException;
+
+class CspConfigCommandController extends CommandController
+{
+    /**
+     * @Flow\InjectConfiguration(path="enabled")
+     */
+    protected bool $enabled;
+
+    /**
+     * @Flow\Inject
+     */
+    protected Nonce $nonce;
+
+    /**
+     * @Flow\InjectConfiguration(path="content-security-policy")
+     * @var mixed[]
+     */
+    protected array $configuration;
+
+    /**
+     * Show CSP config
+     *
+     * Shows the generated config for the CSP.
+     * @throws StopCommandException
+     */
+    public function showCommand(): void
+    {
+        try {
+            $backendPolicy = PolicyFactory::create(
+                $this->nonce,
+                $this->configuration['backend'],
+                $this->configuration['custom-backend']
+            );
+
+            $frontendPolicy = PolicyFactory::create(
+                $this->nonce,
+                $this->configuration['default'],
+                $this->configuration['custom']
+            );
+        } catch (InvalidDirectiveException $exception) {
+            $this->outputLine(
+                sprintf('<error>Invalid directive "%s" in configuration file.</error>', $exception->getMessage())
+            );
+
+            $this->quit(1);
+        }
+
+        $this->outputLine('<b>Backend CSP</b>');
+        $this->printPolicy($backendPolicy);
+
+        $this->outputLine("\n<b>Frontend CSP</b>");
+        $this->printPolicy($frontendPolicy);
+        $this->quit();
+    }
+
+    private function printPolicy(Policy $policy): void
+    {
+        $directives = $policy->getDirectives();
+        $keys = array_keys($directives);
+
+        $items = array_map(function ($values, $directive) {
+            $value = implode(', ', $values);
+
+            return "$directive: $value";
+        }, $directives, $keys);
+        foreach ($items as $item) {
+            $this->outputLine($item);
+        }
+    }
+}

Classes/Exceptions/InvalidDirectiveException.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Flowpack\ContentSecurityPolicy\Exceptions;
+
+use Neos\Flow\Exception;
+
+class InvalidDirectiveException extends Exception
+{
+    public function __construct(string $invalidDirective)
+    {
+        parent::__construct(
+            "Invalid directive '{$invalidDirective}' provided. Please check your settings.",
+        );
+    }
+}

Classes/Factory/PolicyFactory.php

@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Flowpack\ContentSecurityPolicy\Factory;
+
+use Flowpack\ContentSecurityPolicy\Exceptions\InvalidDirectiveException;
+use Flowpack\ContentSecurityPolicy\Model\Nonce;
+use Flowpack\ContentSecurityPolicy\Model\Policy;
+
+class PolicyFactory
+{
+    /**
+     * @throws InvalidDirectiveException
+     */
+    public static function create(Nonce $nonce, array $defaultDirective, array $customDirective): Policy
+    {
+        $directiveCollections = [$defaultDirective, $customDirective];
+        $defaultDirective = array_shift($directiveCollections);
+
+        array_walk($defaultDirective, function (array &$item, string $key) use ($directiveCollections) {
+            foreach ($directiveCollections as $collection) {
+                if (array_key_exists($key, $collection)) {
+                    $item = array_unique([...$item, ...$collection[$key]]);
+                }
+            }
+        });
+
+        $policy = new Policy();
+        $policy->setNonce($nonce);
+
+        foreach ($defaultDirective as $directive => $values) {
+            $policy->addDirective($directive, $values);
+        }
+
+        return $policy;
+    }
+}

Classes/Helpers/TagHelper.php

@@ -0,0 +1,115 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Flowpack\ContentSecurityPolicy\Helpers;
+
+class TagHelper
+{
+    public const NONCE = 'nonce';
+
+    public static function tagHasAttribute(
+        string $tag,
+        string $name,
+        string $value = null
+    ): bool {
+        if (! $value) {
+            return ! ! preg_match(
+                self::buildMatchAttributeNameReqex($name),
+                $tag
+            );
+        } else {
+            return ! ! preg_match(
+                self::buildMatchAttributeNameWithSpecificValueReqex(
+                    $name,
+                    $value
+                ),
+                $tag
+            );
+        }
+    }
+
+    public static function tagChangeAttributeValue(
+        string $tag,
+        string $name,
+        string $newValue
+    ): string {
+        return preg_replace_callback(
+            self::buildMatchAttributeNameWithAnyValueReqex($name),
+            function ($hits) use ($newValue) {
+                return $hits["pre"].
+                    $hits["name"].
+                    $hits["glue"].
+                    $newValue.
+                    $hits["post"];
+            },
+            $tag
+        );
+    }
+
+    public static function tagAddAttribute(
+        string $tag,
+        string $name,
+        string $value = null
+    ): string {
+        return preg_replace_callback(
+            self::buildMatchEndOfOpeningTagReqex(),
+            function ($hits) use ($name, $value) {
+                if ($value) {
+                    return $hits["start"].
+                        ' '.
+                        $name.
+                        '="'.
+                        $value.
+                        '"'.
+                        $hits["end"];
+                } else {
+                    return $hits["start"].' '.$name.$hits["end"];
+                }
+            },
+            $tag
+        );
+    }
+
+    private static function escapeReqexCharsInString(string $value): string
+    {
+        // for some reason "/" is not escaped
+        return str_replace("/", "\/", preg_quote($value));
+    }
+
+    private static function buildMatchEndOfOpeningTagReqex(): string
+    {
+        return '/(?<start><[a-z]+.*?)(?<end>>|\/>)/';
+    }
+
+    private static function buildMatchAttributeNameWithAnyValueReqex(
+        string $name
+    ): string {
+        $nameQuoted = self::escapeReqexCharsInString($name);
+
+        return '/(?<pre><.*? )(?<name>'.
+            $nameQuoted.
+            ')(?<glue>=")(?<value>.*?)(?<post>".*?>)/';
+    }
+
+    private static function buildMatchAttributeNameReqex(string $name): string
+    {
+        $nameQuoted = self::escapeReqexCharsInString($name);
+
+        return '/(?<pre><.*? )(?<name>'.$nameQuoted.')(?<post>.*?>)/';
+    }
+
+    private static function buildMatchAttributeNameWithSpecificValueReqex(
+        string $name,
+        string $value
+    ): string {
+        $nameQuoted = self::escapeReqexCharsInString($name);
+        $valueQuoted = self::escapeReqexCharsInString($value);
+
+        return '/(?<pre><.*? )(?<name>'.
+            $nameQuoted.
+            ')(?<glue>=")(?<value>'.
+            $valueQuoted.
+            ')(?<post>".*?>)/';
+    }
+}