jekyll-kw-sri 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2973377b85291043610eda6a787a2e0b90cd8a5bacc1e97307e12141d506922c
+  data.tar.gz: 0ce8ffe029793579111eb924cd2da6ae01542b597a8a8a1203275eefa2cb4302
+SHA512:
+  metadata.gz: 562282c803da6ee51304bc436d2186b5f06e9ca66dca84453207570b9db17881be5d73ffbc5fc0bffaeaf3be77e2d56d2cd99f415a0295536e98640554850c0c
+  data.tar.gz: e6c3f3650a781d0391729bac08fc3ebe812c46fee4fe81b2a836d3810da207000b08a51bd3cdfec7eb5a54a45bd70d5d3494cef6c271cdda165fa9256b390ba5

data/README.md

@@ -0,0 +1,115 @@
+# jekyll-kw-sri
+
+A plugin for jekyll to calculate [Subresource Integrity][Wikipedia SRI] (SRI) hashes for CSS (even SCSS and SASS) and JS files during build time.
+
+> **Subresource Integrity** (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
+
+from [Mozilla docs][Mozilla Subresource Integrity]
+
+## Configuration
+
+Add `kw-sri` section to `_config.yml` configure the plugin globally.
+
+```yaml
+kw-sri:
+  createTmpfile: false
+  hash_type: 'sha384'
+  write_source_mapping_url: true
+```
+
+ Configuration values
+
+| Key                      | Description                                       | Values (**default**)       |
+|--------------------------|---------------------------------------------------|----------------------------|
+| createTmpfile            | Debug-Only, save the rendered sass or scss as css | **false**, true            |
+| hash_type                | Which kind of integrity hash                      | sha256, **sha384**, sha512 |
+| write_source_mapping_url | Add the map-file like to the css                  | false, **true**            |              
+
+Add `sri: true` to **Front Matter** of  `<page>` or `<post>` to activate the sri plugin.
+
+## Build gem
+
+## Publish gem
+
+## Run tests
+
+```sh
+bundle exec rake test
+```
+
+### Appraisal - Gemfile Generator
+
+[GitHub](https://github.com/thoughtbot/appraisal)
+
+1. Create a `Appraisals` file
+2. Generate `Gemfiles`
+
+```sh
+bundle exec appraisal generate
+```
+
+## Notes / Hints
+
+### Site context is empty
+
+Inside the `render(context)` function of a `Liquid::Tag` there is a context object. With that context you can get the `site` object, anyhow when you want to cretae your temporry **site** and **context** you need a workaround.
+
+Normal way to get the site object from the render function of a custom tag
+
+```ruby
+site = context.registers[:site]
+```
+
+Create a temporary site and context of a **jekyll** environment
+
+```ruby
+site = Jekyll::Site.new(Jekyll::Configuration::DEFAULTS)
+context = Liquid::Context.new({}, {}, { site: site })
+```         
+
+### Base class for custom tag
+Use `Jekyll::Tags::IncludeRelativeTag` instead of `Liquid::Tag` as base class of the custom jekyll tag `SriScssHashTag` will help to read the content of the scss or sass files.
+
+### Find Scss converter
+
+Sometimes, especially during testing, the site object is not perfectly setup. So the function `find_converter_instance` will throw an error. 
+
+**Default** implementation to find the converter.
+
+```ruby
+converter = site.find_converter_instance(Jekyll::Converters::Scss)
+```
+
+**Workaround** implementation to find the converter.
+
+```ruby
+converter = if defined? site.find_converter_instance
+              site.find_converter_instance(Jekyll::Converters::Scss)
+            else
+              site.getConverterImpl(::Jekyll::Converters::Scss)
+            end
+```
+
+## SRI Integrity
+
+```shell
+openssl dgst -sha256 -binary ./style.css | openssl base64 -A
+```
+
+## Setup Steps
+
+```sh
+bundle init
+bundle add rake
+bundle add simplecov
+bundle add minitest
+bundle add minitest-reporters
+bundle add minitest-profile
+bundle add rspec-mocks
+bundle add rdiscount
+bundle add redcarpet
+bundle add shoulda
+```
+
+[Wikipedia SRI]: https://en.wikipedia.org/wiki/Subresource_Integrity
+[Mozilla Subresource Integrity]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

data/lib/jekyll-kw-sri.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'jekyll-kw-sri/configuration'
+require 'jekyll-kw-sri/parser'
+
+require 'jekyll'
+
+module Jekyll
+  module KargWare
+    # jekyll-kw-sri custom tag
+    class SriScssHashTag < Jekyll::Tags::IncludeRelativeTag
+      # class SriScssHashTag < Liquid::Tag
+      def initialize(tag_name, input, tokens)
+        super
+
+        raise 'Please enter a file path' if input.length <= 0
+
+        @scss_file = strip_or_self(input)
+        # File.exists? is file?
+
+        @tag_name = tag_name
+      end
+
+      # def syntax_example
+      #     "{% #{@tag_name} css/main.scss %}"
+      # end
+
+      def render(context)
+        # return '' unless context.registers[:page]['sri']
+
+        # # Read the global configuration
+        # @sri_config = context.registers[:site].config['kw-sri'] || {}
+
+        cache_compiled_scss(@file, context, lambda {
+          if context.nil? || context.registers[:site].nil?
+            puts 'WARNING: There was no context, generate default site and context'
+            site = Jekyll::Site.new(Jekyll::Configuration::DEFAULTS)
+            context = Liquid::Context.new({}, {}, { site: site })
+          else
+            site = context.registers[:site]
+          end
+
+          converter = site.find_converter_instance(Jekyll::Converters::Scss)
+
+          result = super(context)
+          scss = result.gsub(/^---.*---/m, '')
+          data = converter.convert(scss)
+
+          Integrity::Parser.new(@sri_config).calc_integrity(@scss_file, data)
+        })
+      end
+
+      def cache_compiled_scss(path, _context, compute)
+        # @@cached_scss ||= {}
+        # if @@cached_scss.key?(path)
+        #   @@cached_scss[path]
+        # else
+        #   @@cached_scss[path] = compute.call
+        # end
+
+        @cached_scss ||= {}
+        if @cached_scss.key?(path)
+          @cached_scss[path]
+        else
+          @cached_scss[path] = compute.call
+        end
+      end
+
+      # https://stackoverflow.com/a/1000975
+      def strip_or_self(str)
+        str.strip! || str
+      end
+
+      def tag_includes_dirs(context)
+        [context.registers[:site].source].freeze
+      end
+    end
+  end
+end
+
+Liquid::Template.register_tag('sri_scss_hash', Jekyll::KargWare::SriScssHashTag)

data/lib/jekyll-kw-sri/configuration.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Jekyll
+  module KargWare
+    module Integrity
+      # jekyll-kw-sri configuration class
+      class Configuration
+        attr_accessor :hash_type, :write_source_mapping_url, :create_tmpfile
+
+        DEFAULT_CONFIG = {
+          'hashType' => 'sha384',
+          'writeSourceMappingURL' => true,
+          'createTmpfile' => false
+        }.freeze
+
+        def initialize(options)
+          options = generate_option_hash(options)
+
+          @hash_type = options['hashType']
+          @write_source_mapping_url = options['writeSourceMappingURL']
+          @create_tmpfile = options['createTmpfile']
+        end
+
+        private
+
+        def generate_option_hash(options)
+          DEFAULT_CONFIG.merge(options)
+        rescue TypeError
+          DEFAULT_CONFIG
+        end
+      end
+    end
+  end
+end

data/lib/jekyll-kw-sri/parser.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module Jekyll
+  module KargWare
+    module Integrity
+      # jekyll-kw-sri parser class
+      class Parser
+        attr_reader :configuration
+
+        def initialize(options = {})
+          @configuration = Configuration.new(options)
+        end
+
+        def calc_integrity(filename, data)
+          hash_type = @configuration.hash_type
+
+          data_modified = add_source_mapping_url(filename, data)
+
+          # Debuging, save rendered css file as tmp file
+          File.open(".#{filename}.tmp", 'w') { |file| file.write(data_modified) } if @configuration.create_tmpfile
+
+          case hash_type
+          when 'sha256'
+            "sha256-#{Digest::SHA256.base64digest data_modified}"
+          when 'sha384'
+            "sha384-#{Digest::SHA384.base64digest data_modified}"
+          when 'sha512'
+            "sha512-#{Digest::SHA512.base64digest data_modified}"
+          else
+            raise Jekyll::KargWare::Integrity::InvalidHashTypeException, "The type of the hash '#{hash_type}' is invalid!'"
+          end
+        end
+
+        def add_source_mapping_url(filename, data)
+          if @configuration.write_source_mapping_url
+            base = File.basename(filename)
+            base = base.sub! 'scss', 'css'
+
+            data + "\n/*# sourceMappingURL=#{base}.map */"
+          else
+            data
+          end
+        end
+      end
+
+      class InvalidHashTypeException < Gem::Exception; end
+    end
+  end
+end

data/lib/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module JekyllKwSri
+  VERSION = '0.0.1'
+end

metadata

@@ -0,0 +1,63 @@
+--- !ruby/object:Gem::Specification
+name: jekyll-kw-sri
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Nicolas Karg
+- n13.org - Open-Source by KargWare
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-11-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jekyll
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+description: Jekyll plugin which calculate the integrity hash of CSS (SCSS, SASS)
+  and JS.
+email: rubygems.org@n13.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/jekyll-kw-sri.rb
+- lib/jekyll-kw-sri/configuration.rb
+- lib/jekyll-kw-sri/parser.rb
+- lib/version.rb
+homepage: https://github.com/n13org/jekyll-kw-sri
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Jekyll CSS/JS integrity hash plugin
+test_files: []