Skip to content

Commit

Permalink
feat(frontend): set CSP
Browse files Browse the repository at this point in the history 
issue #1920
  • Loading branch information
@frankiejol
frankiejol committed Oct 26, 2023
1 parent cb12508 commit 14a1e15
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 9 deletions.
25 changes: 24 additions & 1 deletion public/js/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1250,7 +1250,27 @@ ravadaApp.directive("solShowMachine", swMach)

function settings_global_ctrl($scope, $http) {
$scope.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
$scope.init = function() {
$scope.csp_locked = false;
$scope.set_csp_locked=function() {
var keys = Object.keys($scope.settings.frontend.content_security_policy);
var found = 0;
for ( var n_key=0 ; n_key<keys.length ; n_key++) {
var field=keys[n_key];
if ( field != 'all' && field != 'id' && field != 'value'
&& $scope.settings.frontend.content_security_policy[field].value) {
found++;
}
}
$scope.csp_locked = found>0;
if ($scope.csp_locked && !$scope.csp_advanced) {
$scope.csp_advanced = true;
}
};
$scope.init = function(url, csp_advanced) {
$scope.csp_advanced=false;
if (csp_advanced) {
$scope.csp_advanced=true;
}
$http.get('/settings_global.json').then(function(response) {
$scope.settings = response.data;
var now = new Date();
Expand All @@ -1269,17 +1289,20 @@ ravadaApp.directive("solShowMachine", swMach)
$scope.settings.frontend.maintenance_end.value
=new Date($scope.settings.frontend.maintenance_end.value);
}
$scope.set_csp_locked();
});
};
$scope.load_settings = function() {
$scope.init();
$scope.set_csp_locked();
$scope.formSettings.$setPristine();
};
$scope.update_settings = function() {
$scope.formSettings.$setPristine();
$http.post('/settings_global'
,JSON.stringify($scope.settings)
).then(function(response) {
$scope.set_csp_locked();
if (response.data.reload) {
window.location.reload();
}
Expand Down
6 changes: 5 additions & 1 deletion script/rvd_front
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2672,7 +2672,11 @@ sub admin {
return access_denied($c) unless $USER->is_admin;
my $url = $c->req->url->to_abs->path;
my $host = $c->req->url->to_abs->host;
$c->stash(csp => $RAVADA->_settings_by_parent("/frontend/content_security_policy"));
my $csp = $RAVADA->_settings_by_parent("/frontend/content_security_policy");
my $csp_advanced = 0;
$csp_advanced = grep $csp->{$_}, grep /-/,keys %$csp;

$c->stash( csp => $csp , csp_advanced => $csp_advanced);
$c->stash(url_login => "/login");
}
$c->render( template => 'main/admin_'.$page);
Expand Down
26 changes: 19 additions & 7 deletions templates/main/admin_settings.html.ep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
%= include 'bootstrap/navigation'
<div id="page-wrapper"
ng-controller="settings_global"
ng-init="init('<%= url_for('ws_subscribe')->to_abs %>')"
ng-init="init('<%= url_for('ws_subscribe')->to_abs %>'
,<%= ($csp_advanced or 0 ) %>)"
>
<div class="page-header">
<div class="card">
Expand Down Expand Up @@ -45,8 +46,7 @@
</div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-2">
<div class="col-md-3" align="right">
<label for="maintenance"><%=l 'Maintenance' %></label>
</div>
<div class="col-md-6">
Expand All @@ -71,7 +71,7 @@

<div class="row" ng-show="settings.frontend.maintenance.value == 1">
<div class="col-md-1"></div>
<div class="col-md-2">
<div class="col-md-2" align="right">
<label for="maintenance_end"><%=l 'Maintenance End' %></label>
</div>
<div class="col-md-4">
Expand All @@ -81,7 +81,7 @@
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-2"><%=l 'Widget' %>
<div class="col-md-2" align="right"><%=l 'Widget' %>
<a href="https://ravada.readthedocs.io/en/latest/docs/chatwoot.html"><i class="fa fa-info"></i></a>
</div>
<div class="col-md-6">
Expand All @@ -92,9 +92,20 @@
</div>

<div class="row">
<div class="col-md-1"></div>
<div class="col-md-4">Content Security Policy</div>
<div class="col-md-3" align="right">Content Security Policy</div>
<div class="col-md-4" ng-show="!csp_advanced" >
<input name="csp_all" type="text" ng-model="settings.frontend.content_security_policy.all.value"/><br/>
</div>
</div>
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-5" ng-hide="csp_locked">
<input type="checkbox" ng-model="csp_advanced"
name="csp_advanced"/>
<label for="csp_advanced"><%=l 'Advanced CSP' %></label>
</div>
</div>
<div ng-show="csp_advanced">
% for my $item (sort keys %$csp) {
<div class="row">
<div class="col-md-1"></div>
Expand All @@ -104,6 +115,7 @@
</div>
</div>
% }
</div>

%= include "/main/admin_settings_submit"

Expand Down

0 comments on commit 14a1e15

Please sign in to comment.