jekyll-kw-sri 0.0.1 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2973377b85291043610eda6a787a2e0b90cd8a5bacc1e97307e12141d506922c
4
- data.tar.gz: 0ce8ffe029793579111eb924cd2da6ae01542b597a8a8a1203275eefa2cb4302
3
+ metadata.gz: 8105f15bb469e5ce9f911724cca9d4c0f91a5c5562c57cf19d0175c99f1f6937
4
+ data.tar.gz: 56ec904adb6f25f4e837d7666b25a6beda5fee4ce6fc61d731fee22354442282
5
5
  SHA512:
6
- metadata.gz: 562282c803da6ee51304bc436d2186b5f06e9ca66dca84453207570b9db17881be5d73ffbc5fc0bffaeaf3be77e2d56d2cd99f415a0295536e98640554850c0c
7
- data.tar.gz: e6c3f3650a781d0391729bac08fc3ebe812c46fee4fe81b2a836d3810da207000b08a51bd3cdfec7eb5a54a45bd70d5d3494cef6c271cdda165fa9256b390ba5
6
+ metadata.gz: 4c295991eb27a6f634f2781f6016d94e66651a067d0f25eaf961e6e3d3ea9597cec1793756eb34969609e7dc41627f787498a8745948bfc866c87609a67697ba
7
+ data.tar.gz: 802d07f5d15b93bbccc0af363e33ebff5752a7e8764bb1679a7e15e7d28f3445c90adf8eac26b3fe7a3d789ef9712619368be74e97d53ca092fd122f75838a31
data/README.md CHANGED
@@ -1,5 +1,7 @@
1
1
  # jekyll-kw-sri
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/jekyll-kw-sri.svg)](https://badge.fury.io/rb/jekyll-kw-sri)
4
+
3
5
  A plugin for jekyll to calculate [Subresource Integrity][Wikipedia SRI] (SRI) hashes for CSS (even SCSS and SASS) and JS files during build time.
4
6
 
5
7
  > **Subresource Integrity** (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
@@ -8,7 +10,7 @@ from [Mozilla docs][Mozilla Subresource Integrity]
8
10
 
9
11
  ## Configuration
10
12
 
11
- Add `kw-sri` section to `_config.yml` configure the plugin globally.
13
+ Add `kw-sri` section to `_config.yml` configure the plugin globally. If you want to use defauls you can ommit the config-section.
12
14
 
13
15
  ```yaml
14
16
  kw-sri:
@@ -25,18 +27,46 @@ kw-sri:
25
27
  | hash_type | Which kind of integrity hash | sha256, **sha384**, sha512 |
26
28
  | write_source_mapping_url | Add the map-file like to the css | false, **true** |
27
29
 
28
- Add `sri: true` to **Front Matter** of `<page>` or `<post>` to activate the sri plugin.
30
+ ## Action Items / Shell commands
29
31
 
30
- ## Build gem
32
+ Run linting and tests
31
33
 
32
- ## Publish gem
34
+ ```sh
35
+ bundle exec rubocop
36
+ bundle exec rake test
37
+ ```
33
38
 
34
- ## Run tests
39
+ Build gem package
35
40
 
36
41
  ```sh
37
- bundle exec rake test
42
+ bundle exec rake build
43
+ ```
44
+
45
+ Publish gem package
46
+
47
+ ```sh
48
+ bundle exec rake release
49
+ ```
50
+
51
+ Calc a SRI Integrity hash of `./style.css` in format `sha256`
52
+
53
+ ```shell
54
+ openssl dgst -sha256 -binary ./style.css | openssl base64 -A
55
+ ```
56
+
57
+ Calc different **SRI integrity** hash-files from `css-files` (same is valid for `js-files`) in format `sha256`, `sha384` and `sha512` inside a **Makefile**
58
+
59
+ ```plain
60
+ calc-integrity-files:
61
+ for strength in 256 384 512 ; do \
62
+ cat ./assets/css/style.min.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/style.min.css.sha$$strength ; \
63
+ cat ./assets/css/main.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/main.css.sha$$strength ; \
64
+ cat ./assets/js/script.js | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/script.js.sha$$strength ; \
65
+ done
38
66
  ```
39
67
 
68
+ ## Notes / Hints
69
+
40
70
  ### Appraisal - Gemfile Generator
41
71
 
42
72
  [GitHub](https://github.com/thoughtbot/appraisal)
@@ -48,8 +78,6 @@ bundle exec rake test
48
78
  bundle exec appraisal generate
49
79
  ```
50
80
 
51
- ## Notes / Hints
52
-
53
81
  ### Site context is empty
54
82
 
55
83
  Inside the `render(context)` function of a `Liquid::Tag` there is a context object. With that context you can get the `site` object, anyhow when you want to cretae your temporry **site** and **context** you need a workaround.
@@ -90,12 +118,6 @@ converter = if defined? site.find_converter_instance
90
118
  end
91
119
  ```
92
120
 
93
- ## SRI Integrity
94
-
95
- ```shell
96
- openssl dgst -sha256 -binary ./style.css | openssl base64 -A
97
- ```
98
-
99
121
  ## Setup Steps
100
122
 
101
123
  ```sh
@@ -10,15 +10,14 @@ module Jekyll
10
10
  # jekyll-kw-sri custom tag
11
11
  class SriScssHashTag < Jekyll::Tags::IncludeRelativeTag
12
12
  # class SriScssHashTag < Liquid::Tag
13
+
14
+ # alias super_render render
15
+
13
16
  def initialize(tag_name, input, tokens)
14
17
  super
15
18
 
16
19
  raise 'Please enter a file path' if input.length <= 0
17
-
18
- @scss_file = strip_or_self(input)
19
20
  # File.exists? is file?
20
-
21
- @tag_name = tag_name
22
21
  end
23
22
 
24
23
  # def syntax_example
@@ -26,11 +25,6 @@ module Jekyll
26
25
  # end
27
26
 
28
27
  def render(context)
29
- # return '' unless context.registers[:page]['sri']
30
-
31
- # # Read the global configuration
32
- # @sri_config = context.registers[:site].config['kw-sri'] || {}
33
-
34
28
  cache_compiled_scss(@file, context, lambda {
35
29
  if context.nil? || context.registers[:site].nil?
36
30
  puts 'WARNING: There was no context, generate default site and context'
@@ -38,15 +32,25 @@ module Jekyll
38
32
  context = Liquid::Context.new({}, {}, { site: site })
39
33
  else
40
34
  site = context.registers[:site]
35
+ # Read the global configuration
36
+ @sri_config = context.registers[:site].config['kw-sri'] || {}
41
37
  end
42
38
 
39
+ # Render the context with the base-class
43
40
  converter = site.find_converter_instance(Jekyll::Converters::Scss)
44
-
45
- result = super(context)
41
+ result = super(context) # super_render(context)
46
42
  scss = result.gsub(/^---.*---/m, '')
47
43
  data = converter.convert(scss)
48
44
 
49
- Integrity::Parser.new(@sri_config).calc_integrity(@scss_file, data)
45
+ # Get path out of the file object
46
+ file = render_variable(context) || @file
47
+ validate_file_name(file)
48
+ path = locate_include_file(context, file, site.safe)
49
+
50
+ # Use default config for kw-sri if it is nil
51
+ @sri_config ||= Jekyll::KargWare::Integrity::Configuration::DEFAULT_CONFIG
52
+
53
+ Integrity::Parser.new(@sri_config).calc_integrity(path, data)
50
54
  })
51
55
  end
52
56
 
@@ -66,11 +70,7 @@ module Jekyll
66
70
  end
67
71
  end
68
72
 
69
- # https://stackoverflow.com/a/1000975
70
- def strip_or_self(str)
71
- str.strip! || str
72
- end
73
-
73
+ # Register the sccs file as include folder
74
74
  def tag_includes_dirs(context)
75
75
  [context.registers[:site].source].freeze
76
76
  end
@@ -19,7 +19,7 @@ module Jekyll
19
19
  data_modified = add_source_mapping_url(filename, data)
20
20
 
21
21
  # Debuging, save rendered css file as tmp file
22
- File.open(".#{filename}.tmp", 'w') { |file| file.write(data_modified) } if @configuration.create_tmpfile
22
+ File.open("#{filename}.tmp", 'w') { |file| file.write(data_modified) } if @configuration.create_tmpfile
23
23
 
24
24
  case hash_type
25
25
  when 'sha256'
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JekyllKwSri
4
- VERSION = '0.0.1'
4
+ VERSION = '0.0.6'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jekyll-kw-sri
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nicolas Karg