From 2d8ad9389cd465e9822904ddb05b7e83e78a66c2 Mon Sep 17 00:00:00 2001 From: "Konni (im Schloss)" Date: Wed, 7 Jun 2023 20:35:24 +0200 Subject: [PATCH] fixes #10284, fixes #10208; passing in all pugVariables needed in base.pug, fixes csp --- packages/backend/src/misc/fetch-meta.ts | 26 +++++++++ packages/backend/src/server/web/index.ts | 73 ++++++------------------ 2 files changed, 43 insertions(+), 56 deletions(-) diff --git a/packages/backend/src/misc/fetch-meta.ts b/packages/backend/src/misc/fetch-meta.ts index 32c45813ca..c354ae6d9f 100644 --- a/packages/backend/src/misc/fetch-meta.ts +++ b/packages/backend/src/misc/fetch-meta.ts @@ -3,6 +3,32 @@ import { Meta } from "@/models/entities/meta.js"; let cache: Meta; +export function metaToPugArgs(meta: Meta) : object { + let motd = ["Loading..."]; + if (meta.customMOTD.length > 0) { + motd = meta.customMOTD; + } + let splashIconUrl = meta.iconUrl; + if (meta.customSplashIcons.length > 0) { + splashIconUrl = + meta.customSplashIcons[ + Math.floor(Math.random() * meta.customSplashIcons.length) + ]; + } + + return { + img: meta.bannerUrl, + title: meta.name || "Calckey", + instanceName: meta.name || "Calckey", + desc: meta.description, + icon: meta.iconUrl, + splashIcon: splashIconUrl, + themeColor: meta.themeColor, + randomMOTD: motd[Math.floor(Math.random() * motd.length)], + privateMode: meta.privateMode, + } +} + export async function fetchMeta(noCache = false): Promise { if (!noCache && cache) return cache; diff --git a/packages/backend/src/server/web/index.ts b/packages/backend/src/server/web/index.ts index c876635a3c..123c41d031 100644 --- a/packages/backend/src/server/web/index.ts +++ b/packages/backend/src/server/web/index.ts @@ -16,7 +16,7 @@ import { BullAdapter } from "@bull-board/api/bullAdapter.js"; import { KoaAdapter } from "@bull-board/koa"; import { In, IsNull } from "typeorm"; -import { fetchMeta } from "@/misc/fetch-meta.js"; +import { fetchMeta, metaToPugArgs } from "@/misc/fetch-meta.js"; import config from "@/config/index.js"; import { Users, @@ -362,15 +362,12 @@ const userPage: Router.Middleware = async (ctx, next) => { : []; const userDetail = { + ...metaToPugArgs(meta), user, profile, me, avatarUrl: await Users.getAvatarUrl(user), - sub: subParam, - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - themeColor: meta.themeColor, - privateMode: meta.privateMode, + sub: subParam }; await ctx.render("user", userDetail); @@ -408,6 +405,7 @@ router.get("/notes/:note", async (ctx, next) => { }); const meta = await fetchMeta(); await ctx.render("note", { + ...metaToPugArgs(meta), note: _note, profile, avatarUrl: await Users.getAvatarUrl( @@ -415,16 +413,12 @@ router.get("/notes/:note", async (ctx, next) => { ), // TODO: Let locale changeable by instance setting summary: getNoteSummary(_note), - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - privateMode: meta.privateMode, - themeColor: meta.themeColor, }); ctx.set("Cache-Control", "public, max-age=15"); ctx.set( "Content-Security-Policy", - "default-src 'self'; frame-ancestors '*'", + "default-src 'self' 'unsafe-inline'; img-src '*'; frame-ancestors '*'", ); return; @@ -445,17 +439,14 @@ router.get("/posts/:note", async (ctx, next) => { const profile = await UserProfiles.findOneByOrFail({ userId: note.userId }); const meta = await fetchMeta(); await ctx.render("note", { + ...metaToPugArgs(meta), note: _note, profile, avatarUrl: await Users.getAvatarUrl( await Users.findOneByOrFail({ id: note.userId }), ), // TODO: Let locale changeable by instance setting - summary: getNoteSummary(_note), - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - privateMode: meta.privateMode, - themeColor: meta.themeColor, + summary: getNoteSummary(_note) }); ctx.set("Cache-Control", "public, max-age=15"); @@ -486,15 +477,12 @@ router.get("/@:user/pages/:page", async (ctx, next) => { const profile = await UserProfiles.findOneByOrFail({ userId: page.userId }); const meta = await fetchMeta(); await ctx.render("page", { + ...metaToPugArgs(meta), page: _page, profile, avatarUrl: await Users.getAvatarUrl( await Users.findOneByOrFail({ id: page.userId }), - ), - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - themeColor: meta.themeColor, - privateMode: meta.privateMode, + ) }); if (["public"].includes(page.visibility)) { @@ -521,15 +509,12 @@ router.get("/clips/:clip", async (ctx, next) => { const profile = await UserProfiles.findOneByOrFail({ userId: clip.userId }); const meta = await fetchMeta(); await ctx.render("clip", { + ...metaToPugArgs(meta), clip: _clip, profile, avatarUrl: await Users.getAvatarUrl( await Users.findOneByOrFail({ id: clip.userId }), - ), - instanceName: meta.name || "Calckey", - privateMode: meta.privateMode, - icon: meta.iconUrl, - themeColor: meta.themeColor, + ) }); ctx.set("Cache-Control", "public, max-age=15"); @@ -549,15 +534,12 @@ router.get("/gallery/:post", async (ctx, next) => { const profile = await UserProfiles.findOneByOrFail({ userId: post.userId }); const meta = await fetchMeta(); await ctx.render("gallery-post", { + ...metaToPugArgs(meta), post: _post, profile, avatarUrl: await Users.getAvatarUrl( await Users.findOneByOrFail({ id: post.userId }), - ), - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - themeColor: meta.themeColor, - privateMode: meta.privateMode, + ) }); ctx.set("Cache-Control", "public, max-age=15"); @@ -578,11 +560,8 @@ router.get("/channels/:channel", async (ctx, next) => { const _channel = await Channels.pack(channel); const meta = await fetchMeta(); await ctx.render("channel", { - channel: _channel, - instanceName: meta.name || "Calckey", - icon: meta.iconUrl, - themeColor: meta.themeColor, - privateMode: meta.privateMode, + ...metaToPugArgs(meta), + channel: _channel }); ctx.set("Cache-Control", "public, max-age=15"); @@ -633,27 +612,9 @@ router.get("/api/v1/streaming", async (ctx) => { // Render base html for all requests router.get("(.*)", async (ctx) => { const meta = await fetchMeta(); - let motd = ["Loading..."]; - if (meta.customMOTD.length > 0) { - motd = meta.customMOTD; - } - let splashIconUrl = meta.iconUrl; - if (meta.customSplashIcons.length > 0) { - splashIconUrl = - meta.customSplashIcons[ - Math.floor(Math.random() * meta.customSplashIcons.length) - ]; - } + await ctx.render("base", { - img: meta.bannerUrl, - title: meta.name || "Calckey", - instanceName: meta.name || "Calckey", - desc: meta.description, - icon: meta.iconUrl, - splashIcon: splashIconUrl, - themeColor: meta.themeColor, - randomMOTD: motd[Math.floor(Math.random() * motd.length)], - privateMode: meta.privateMode, + ...metaToPugArgs(meta) }); ctx.set("Cache-Control", "public, max-age=3"); });