@things-factory/shell 7.0.44 → 7.0.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_index.html +1 -7
- package/_index.js +5 -0
- package/config/config.development.js +54 -0
- package/config/config.production.js +56 -0
- package/dist-server/server-dev.js +40 -0
- package/dist-server/server-dev.js.map +1 -1
- package/dist-server/server.js +12 -0
- package/dist-server/server.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -2
- package/server/server-dev.ts +51 -0
- package/server/server.ts +19 -0
- package/views/dependencies-view-graphviz.html +2 -2
- package/views/dependencies-view.html +6 -2
- package/views/graphql.html +1 -1
- package/views/public/home.html +1 -7
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/shell",
|
|
3
|
-
"version": "7.0.
|
|
3
|
+
"version": "7.0.48",
|
|
4
4
|
"description": "Core module for framework",
|
|
5
5
|
"bin": {
|
|
6
6
|
"things-factory": "bin/things-factory",
|
|
@@ -133,5 +133,5 @@
|
|
|
133
133
|
"pg": "^8.7.3",
|
|
134
134
|
"sqlite3": "^5.0.8"
|
|
135
135
|
},
|
|
136
|
-
"gitHead": "
|
|
136
|
+
"gitHead": "516772ebee08900790bcc43477419d60adcb4dcd"
|
|
137
137
|
}
|
package/server/server-dev.ts
CHANGED
|
@@ -28,6 +28,9 @@ import http from 'http'
|
|
|
28
28
|
|
|
29
29
|
import koaWebpack from '@hatiolab/koa-webpack'
|
|
30
30
|
import cors from '@koa/cors'
|
|
31
|
+
|
|
32
|
+
import crypto from 'crypto'
|
|
33
|
+
|
|
31
34
|
import { config, loader, logger, orderedModuleNames } from '@things-factory/env'
|
|
32
35
|
import { initLicense, checkValidity } from '@things-factory/operato-license-checker'
|
|
33
36
|
|
|
@@ -118,6 +121,54 @@ const bootstrap = async () => {
|
|
|
118
121
|
})
|
|
119
122
|
)
|
|
120
123
|
|
|
124
|
+
// // Nonce 생성 미들웨어
|
|
125
|
+
// app.use(async (ctx, next) => {
|
|
126
|
+
// const nonce = crypto.randomBytes(16).toString('base64')
|
|
127
|
+
// ctx.state.nonce = nonce
|
|
128
|
+
|
|
129
|
+
// const cspDirectives = {
|
|
130
|
+
// defaultSrc: ["'self'", `http://localhost:${PORT}`, 'data:'],
|
|
131
|
+
// scriptSrc: [
|
|
132
|
+
// "'self'",
|
|
133
|
+
// `'nonce-${nonce}'`,
|
|
134
|
+
// `http://localhost:${PORT}`,
|
|
135
|
+
// 'https://trusted.cdn.com',
|
|
136
|
+
// 'https://ajax.googleapis.com',
|
|
137
|
+
// 'https://www.googletagmanager.com',
|
|
138
|
+
// 'https://chancejs.com/chance.min.js'
|
|
139
|
+
// ],
|
|
140
|
+
// connectSrc: [
|
|
141
|
+
// "'self'",
|
|
142
|
+
// 'ws://localhost:*',
|
|
143
|
+
// `http://localhost:${PORT}`,
|
|
144
|
+
// 'https://www.google-analytics.com',
|
|
145
|
+
// 'data:'
|
|
146
|
+
// ],
|
|
147
|
+
// fontSrc: ["'self'", `http://localhost:${PORT}`, 'https://fonts.gstatic.com']
|
|
148
|
+
// }
|
|
149
|
+
// // 개발 모드에서는 'unsafe-eval'을 허용 (비추천)
|
|
150
|
+
// cspDirectives.scriptSrc.push("'unsafe-eval'")
|
|
151
|
+
|
|
152
|
+
// await helmet.contentSecurityPolicy({ directives: cspDirectives })(ctx, next)
|
|
153
|
+
// })
|
|
154
|
+
|
|
155
|
+
app.use(async (ctx, next) => {
|
|
156
|
+
ctx.set('X-Content-Type-Options', 'nosniff')
|
|
157
|
+
|
|
158
|
+
const { directives = {} } = config.get('CSP') || {}
|
|
159
|
+
|
|
160
|
+
const nonce = crypto.randomBytes(16).toString('base64')
|
|
161
|
+
ctx.state.nonce = nonce
|
|
162
|
+
|
|
163
|
+
const cspHeader = Object.entries(directives as { [key: string]: string[] })
|
|
164
|
+
.map(([key, value]) => `${key} ${value.join(' ')}`)
|
|
165
|
+
.join('; ')
|
|
166
|
+
|
|
167
|
+
ctx.set('Content-Security-Policy', cspHeader)
|
|
168
|
+
|
|
169
|
+
await next()
|
|
170
|
+
})
|
|
171
|
+
|
|
121
172
|
var subscriptionMiddleware = []
|
|
122
173
|
process.emit('bootstrap-module-subscription' as any, app, subscriptionMiddleware)
|
|
123
174
|
|
package/server/server.ts
CHANGED
|
@@ -28,6 +28,8 @@ import co from 'co'
|
|
|
28
28
|
import http from 'http'
|
|
29
29
|
|
|
30
30
|
import cors from '@koa/cors'
|
|
31
|
+
import crypto from 'crypto'
|
|
32
|
+
|
|
31
33
|
import { config, loader, logger, orderedModuleNames } from '@things-factory/env'
|
|
32
34
|
import { initLicense, checkValidity } from '@things-factory/operato-license-checker'
|
|
33
35
|
|
|
@@ -95,6 +97,23 @@ const bootstrap = async () => {
|
|
|
95
97
|
})
|
|
96
98
|
)
|
|
97
99
|
|
|
100
|
+
app.use(async (ctx, next) => {
|
|
101
|
+
ctx.set('X-Content-Type-Options', 'nosniff')
|
|
102
|
+
|
|
103
|
+
const { directives = {} } = config.get('CSP') || {}
|
|
104
|
+
|
|
105
|
+
const nonce = crypto.randomBytes(16).toString('base64')
|
|
106
|
+
ctx.state.nonce = nonce
|
|
107
|
+
|
|
108
|
+
const cspHeader = Object.entries(directives as { [key: string]: string[] })
|
|
109
|
+
.map(([key, value]) => `${key} ${value.join(' ')}`)
|
|
110
|
+
.join('; ')
|
|
111
|
+
|
|
112
|
+
ctx.set('Content-Security-Policy', cspHeader)
|
|
113
|
+
|
|
114
|
+
await next()
|
|
115
|
+
})
|
|
116
|
+
|
|
98
117
|
var subscriptionMiddleware = []
|
|
99
118
|
process.emit('bootstrap-module-subscription' as any, app, subscriptionMiddleware)
|
|
100
119
|
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
<script src="https://unpkg.com/viz.js@1.8.0/viz.js" type="javascript/worker"></script>
|
|
3
3
|
<script src="https://unpkg.com/d3-graphviz@1.3.1/build/d3-graphviz.min.js"></script>
|
|
4
4
|
|
|
5
|
-
<div id="graph" style="text-align: center; width: 100%; height: 100
|
|
5
|
+
<div id="graph" style="text-align: center; width: 100%; height: 100%"></div>
|
|
6
6
|
|
|
7
|
-
<script>
|
|
7
|
+
<script nonce="<%= nonce %>">
|
|
8
8
|
var model = <%- JSON.stringify(model) %>;
|
|
9
9
|
|
|
10
10
|
var { edges, nodes } = model
|
|
@@ -27,14 +27,18 @@
|
|
|
27
27
|
text {
|
|
28
28
|
font: 10px sans-serif;
|
|
29
29
|
pointer-events: none;
|
|
30
|
-
text-shadow:
|
|
30
|
+
text-shadow:
|
|
31
|
+
0 1px 0 #fff,
|
|
32
|
+
1px 0 0 #fff,
|
|
33
|
+
0 -1px 0 #fff,
|
|
34
|
+
-1px 0 0 #fff;
|
|
31
35
|
}
|
|
32
36
|
</style>
|
|
33
37
|
|
|
34
38
|
<script src="//d3js.org/d3.v3.min.js"></script>
|
|
35
39
|
<script src="//cdn.jsdelivr.net/npm/d3-graphviz@2.6.1/build/d3-graphviz.min.js"></script>
|
|
36
40
|
|
|
37
|
-
<script>
|
|
41
|
+
<script nonce="<%= nonce %>">
|
|
38
42
|
var model = <%- JSON.stringify(model) %>;
|
|
39
43
|
|
|
40
44
|
var { edges: links, nodes } = model
|
package/views/graphql.html
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
|
|
7
7
|
<div style="width: 100%; height: 100%" id="embedded-sandbox"></div>
|
|
8
8
|
<script src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js"></script>
|
|
9
|
-
<script>
|
|
9
|
+
<script nonce="<%= nonce %>">
|
|
10
10
|
new window.EmbeddedSandbox({
|
|
11
11
|
target: '#embedded-sandbox',
|
|
12
12
|
initialEndpoint: '<%- initialEndpoint %>',
|
package/views/public/home.html
CHANGED
|
@@ -72,13 +72,7 @@
|
|
|
72
72
|
}
|
|
73
73
|
</style>
|
|
74
74
|
|
|
75
|
-
<script>
|
|
76
|
-
if ('serviceWorker' in navigator) {
|
|
77
|
-
navigator.serviceWorker.register('/service-worker.js', {
|
|
78
|
-
scope: '/'
|
|
79
|
-
})
|
|
80
|
-
}
|
|
81
|
-
</script>
|
|
75
|
+
<script src="/index.js" defer></script>
|
|
82
76
|
|
|
83
77
|
<!--- prefetch -->
|
|
84
78
|
<link rel="prefetch" href="/public/home.js" />
|