Added separate controller for CSP.

laurentmuller · Jun 3, 2022 · d9abb97 · d9abb97
1 parent eba6695
commit d9abb97
Show file tree

Hide file tree

Showing 45 changed files with 648 additions and 433 deletions.
diff --git a/.env b/.env
@@ -13,6 +13,11 @@ LOCK_DSN=flock
 DATABASE_URL=sqlite:///%kernel.project_dir%/tests/Data/db_test.sqlite
 ###< doctrine/doctrine-bundle ###
 
+###> symfony/mailer ###
+MAILER_USER_NAME=Calculation
+MAILER_USER_EMAIL=[email protected]
+###< symfony/mailer ###
+
 ###> assets ###
 ASSET_BASE=http://127.0.0.1:8000/
 ASSET_LOCALE=http://127.0.0.1:8000/

diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/twig.yaml b/config/packages/twig.yaml
@@ -12,9 +12,8 @@ twig:
         app_owner_city: '%app_owner_city%'
         app_description: '%app_description%'
         app_mode: '%app_mode%'
-        mailer_user_email: '%mailer_user_email%'
         cookie_path: '%cookie_path%'
-        google_recaptcha_site_key: '%google_recaptcha_site_key%'
+        mailer_user_email: '%mailer_user_email%'
         link_dev: '%link_dev%'
         link_prod: '%link_prod%'
 

diff --git a/public/css/calculation.css b/public/css/calculation.css
@@ -2,3 +2,31 @@
 @import '../js/vendor/contextmenu/jquery.contextMenu.css';
 
 /**! compression tag for ftp-deployment */
+
+@media (min-width: 1200px) {
+    .col-xl-4 {
+        -ms-flex: initial;
+        flex: initial;
+        max-width: initial;
+        width: 100%;
+    }
+    .col-xl-8 {
+        -ms-flex: initial;
+        flex: initial;
+        max-width: initial;
+        width: 100%;
+    }
+}
+
+@media (min-width: 1400px) {
+    .col-xl-4 {
+        -ms-flex: 0 0 33.333333%;
+        flex: 0 0 33.333333%;
+        max-width: 33.333333%;
+    }
+    .col-xl-8 {
+        -ms-flex: 0 0 66.666667%;
+        flex: 0 0 66.666667%;
+        max-width: 66.666667%;
+    }
+}
diff --git a/public/css/email.css b/public/css/email.css
@@ -17,3 +17,7 @@ table.body.wrapper {
     border-right: 1px solid #f3f3f3;
     border-bottom: 1px solid #f3f3f3;
 }
+
+#csp td {
+    padding-top: 5px;
+}
diff --git a/public/js/application/chart.js b/public/js/application/chart.js
@@ -21,13 +21,11 @@ function onMonthsChange($months) {
  */
 (function ($) {
     'use strict';
-
     // tooltip
     $('#data').tooltip({
         selector: '.has-tooltip',
         customClass: 'tooltip-danger overall-datatable'
     });
-
     // handle months change
     const $months = $('#months');
     if ($months.length) {

diff --git a/public/js/chart.js b/public/js/chart.js
@@ -9,6 +9,7 @@
  * Vendor Files
  */
 <!--#include file="vendor/highcharts/highcharts.js" -->
+<!--#include file="vendor/highcharts/accessibility.js" -->
 
 /**
  * Plugin Files

diff --git a/public/js/test/recaptcha.js b/public/js/test/recaptcha.js
@@ -14,7 +14,7 @@ grecaptcha.ready(function () {
     // execute
     const $form = $('#edit-form');
     const key = $form.data('key');
-    const action = $form.attr('action');
+    const action = $form.data('action');
     grecaptcha.execute(key, {
         action: action
     }).then(function (token) {

diff --git a/public/vendor.json b/public/vendor.json
@@ -64,6 +64,17 @@
                 "highcharts.src.js"
             ]
         },
+        {
+            "name": "highcharts",
+            "version": "10.1.0",
+            "source": "https://cdn.jsdelivr.net/npm/",
+            "format": "{source}{name}@{version}/modules/{file}",
+            "target": "highcharts",
+            "files": [
+                "accessibility.js",
+                "accessibility.js.map"
+            ]
+        },
         {
             "name": "html5sortable",
             "version": "0.13.3",

diff --git a/src/Chart/BaseChart.php b/src/Chart/BaseChart.php
@@ -72,6 +72,8 @@ class BaseChart extends Highchart
 
     /**
      * Constructor.
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     public function __construct(protected ApplicationService $application, ThemeService $service, TranslatorInterface $translator)
     {

diff --git a/src/Controller/CspController.php b/src/Controller/CspController.php
@@ -0,0 +1,117 @@
+<?php
+/*
+ * This file is part of the Calculation package.
+ *
+ * (c) bibi.nu <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Mime\CspViolationEmail;
+use App\Util\Utils;
+use Psr\Log\LoggerInterface;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Symfony\Bridge\Twig\Mime\NotificationEmail;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Attribute\AsController;
+use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+/**
+ * Controller to handle CSP violation.
+ */
+#[AsController]
+#[IsGranted('ROLE_USER')]
+class CspController extends AbstractController
+{
+    #[Route(path: '/csp', name: 'log_csp')]
+    public function invoke(LoggerInterface $logger, MailerInterface $mailer): Response
+    {
+        if (false !== $context = $this->getContext()) {
+            try {
+                $title = $this->trans('notification.csp_title');
+                $this->logContext($title, $context, $logger);
+                $this->sendNotification($title, $context, $mailer);
+            } catch (TransportExceptionInterface $e) {
+                $context = Utils::getExceptionContext($e);
+                $logger->error($e->getMessage(), $context);
+            }
+        }
+
+        return new Response('', Response::HTTP_NO_CONTENT);
+    }
+
+    private function explodeOriginalPolicy(string $value): array
+    {
+        $result = [];
+        $policies = \array_filter(\explode(';', $value));
+        foreach ($policies as $policy) {
+            $entries = \array_filter(\explode(' ', $policy));
+            if (\count($entries) > 1) {
+                $key = \reset($entries);
+                $values = \array_map(static fn (string $entry): string => \trim($entry, "'"), \array_slice($entries, 1));
+                \sort($values);
+                $result[$key] = \implode("\n", $values);
+            }
+        }
+
+        return $result;
+    }
+
+    private function getActionUrl(): string
+    {
+        return $this->generateUrl(self::HOME_PAGE, [], UrlGeneratorInterface::ABSOLUTE_URL);
+    }
+
+    private function getContext(): array|false
+    {
+        $content = (string) \file_get_contents('php://input');
+        /** @psalm-var bool|array{csp-report: string[]} $data */
+        $data = \json_decode($content, true);
+        if (\is_array($data)) {
+            $context = \array_filter($data['csp-report']);
+            if (isset($context['original-policy'])) {
+                $context['original-policy'] = $this->explodeOriginalPolicy($context['original-policy']);
+            }
+
+            return $context;
+        }
+
+        return false;
+    }
+
+    private function getFooterText(): string
+    {
+        return $this->trans('notification.footer', ['%name%' => $this->getApplicationName()]);
+    }
+
+    private function logContext(string $title, array $context, LoggerInterface $logger): void
+    {
+        $logger->error($title, $context);
+    }
+
+    /**
+     * @throws TransportExceptionInterface
+     */
+    private function sendNotification(string $title, array $context, MailerInterface $mailer): void
+    {
+        $notification = new CspViolationEmail($this->getTranslator());
+        $notification->importance(NotificationEmail::IMPORTANCE_HIGH)
+            ->subject($title)
+            ->to($this->getAddressFrom())
+            ->from($this->getAddressFrom())
+            ->setFooterText($this->getFooterText())
+            ->action($this->trans('index.title'), $this->getActionUrl())
+            ->context([
+                'context' => $context,
+            ]);
+        $mailer->send($notification);
+    }
+}
diff --git a/src/Controller/LogController.php b/src/Controller/LogController.php
@@ -24,9 +24,6 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Attribute\AsController;
-use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Email;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
@@ -39,45 +36,10 @@ class LogController extends AbstractController
 {
     use TableTrait;
 
-    /**
-     * Logs a Content Security Policy report.
-     */
-    #[IsGranted('ROLE_USER')]
-    #[Route(path: '/csp', name: 'log_csp')]
-    public function cspViolation(LoggerInterface $logger, MailerInterface $mailer): Response
-    {
-        $content = (string) \file_get_contents('php://input');
-        /** @psalm-var bool|array{csp-report: string[]} $data */
-        $data = \json_decode($content, true);
-        if (\is_array($data)) {
-            $title = 'CSP Violation';
-            $csp_report = $data['csp-report'];
-            $context = \array_filter($csp_report, 'strlen');
-            if (isset($context['document-uri'])) {
-                $title .= ': ' . $context['document-uri'];
-            } elseif (isset($context['source-file'])) {
-                $title .= ': ' . $context['source-file'];
-            }
-            $logger->error($title, $context);
-
-            try {
-                $text = (string) \json_encode($context, \JSON_PRETTY_PRINT | \JSON_UNESCAPED_SLASHES);
-                $email = (new Email())
-                    ->subject($title)
-                    ->text($text);
-                $mailer->send($email);
-            } catch (TransportExceptionInterface $e) {
-                $context = Utils::getExceptionContext($e);
-                $logger->error($e->getMessage(), $context);
-            }
-        }
-
-        // no content
-        return new Response('', Response::HTTP_NO_CONTENT);
-    }
-
     /**
      * Delete the content of the log file (if any).
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     #[Route(path: '/delete', name: 'log_delete')]
     public function delete(Request $request, LogService $service, LoggerInterface $logger): Response
@@ -126,6 +88,8 @@ public function delete(Request $request, LogService $service, LoggerInterface $l
 
     /**
      * Export the logs to a Spreadsheet document.
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     #[Route(path: '/excel', name: 'log_excel')]
     public function excel(LogService $service): Response
@@ -143,6 +107,8 @@ public function excel(LogService $service): Response
 
     /**
      * Export to PDF the content of the log file.
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     #[Route(path: '/pdf', name: 'log_pdf')]
     public function pdf(LogService $service): Response
@@ -160,6 +126,8 @@ public function pdf(LogService $service): Response
 
     /**
      * Clear the log file cache.
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     #[Route(path: '/refresh', name: 'log_refresh')]
     public function refresh(Request $request, LogService $service): Response
@@ -172,6 +140,8 @@ public function refresh(Request $request, LogService $service): Response
 
     /**
      * Show properties of a log entry.
+     *
+     * @throws \Psr\Cache\InvalidArgumentException
      */
     #[Route(path: '/show/{id}', name: 'log_show', requirements: ['id' => self::DIGITS])]
     public function show(Request $request, int $id, LogService $service): Response
-Original file line number
+Diff line change
@@ Expand Up / @@ -72,6 +72,8 @@ class BaseChart extends Highchart @@
         /**
          * Constructor.
+         *
+         * @throws \Psr\Cache\InvalidArgumentException
          */
         public function __construct(protected ApplicationService $application, ThemeService $service, TranslatorInterface $translator)
         {
@@ Expand Down @@