npm - zsyp - Versions diffs - 0.0.1 → 1.0.1 - Mend

zsyp 0.0.1 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/Readme.md CHANGED Viewed

@@ -1,38 +1,81 @@
 [![NPM version][npm-image]][npm-url]
-[![Build Status][travis-image]][travis-url]
+[![Build Status][build-image]][build-url]
 [![Dependency Status][deps-image]][deps-url]
-[![Dev Dependency Status][deps-dev-image]][deps-dev-url]
 # zsyp
-CSP violation reports logger.
+[CSP] violation reports logger. Zsyp is a simple standalone web service that parses CPS violation reports
+and stores them in MongoDB collection.
 ## Install
 ```sh
-$ npm install --save zsyp
+npm install --global zsyp
 ```
-## Usage
+## Environment
-```js
-var zsyp = require('zsyp');
+Zsyp is using [dotenv] and by default reads its environment from `/etc/default/zsyp`
-zsyp('Rainbow');
+- `ZSYP_PORT` - port number on which, defaults to 3090
+- `ZSYP_DB` - [mongo URI] connection string, defaults to `mongodb://localhost/zsyp`
+- `ZSYP_DOMAINS` - domain name or a regular expression used to filter CSP violation reports - can be left empty in which case all reports for all domains are logged
+## Report format
+```json5
+{
+  "from": {
+    "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS...",   // User-Agent string
+    "browser": {                                       // browser brand and version
+      "name": "Safari",
+      "version": "13"
+    },
+    "os": {                                            // operating system info
+      "name": "Mac OS X",
+      "version": "10"
+    },
+    "ip": "1.2.3.4"                                    // originator IP address
+  },
+  "csp-report": {                                      // original CSP report
+    "document-uri": "https://example.com/page",
+    "referrer": "https://example.com/",
+    "violated-directive": "...",
+    "effective-directive": "...",
+    "original-policy": "...",
+    "blocked-uri": "",
+    "status-code": 0,
+    "source-file": "..."
+  }
+}
 ```
+## Logger
+Reports are stored in `csp` collection. If you want to use [capped collection] create it
+manually before running zsyp.
+```javascript
+db.createCollection( "csp", { capped: true, size: 100000 } );
+```
 ## License
 MIT © [Damian Krzeminski](https://pirxpilot.me)
-[npm-image]: https://img.shields.io/npm/v/zsyp.svg
-[npm-url]: https://npmjs.org/package/zsyp
-[travis-url]: https://travis-ci.org/pirxpilot/zsyp
-[travis-image]: https://img.shields.io/travis/pirxpilot/zsyp.svg
+[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+[mongo URI]: https://docs.mongodb.com/manual/reference/connection-string
+[capped collection]: https://docs.mongodb.com/manual/core/capped-collections/
+[dotenv]: https://www.npmjs.com/package/dotenv
+[npm-image]: https://img.shields.io/npm/v/zsyp
+[npm-url]: https://npmjs.org/package/zsyp
-[deps-image]: https://img.shields.io/david/pirxpilot/zsyp.svg
-[deps-url]: https://david-dm.org/pirxpilot/zsyp
+[build-url]: https://travis-ci.com/pirxpilot/zsyp
+[build-image]: https://img.shields.io/travis/com/pirxpilot/zsyp
-[deps-dev-image]: https://img.shields.io/david/dev/pirxpilot/zsyp.svg
-[deps-dev-url]: https://david-dm.org/pirxpilot/zsyp?type=dev
+[deps-image]: https://img.shields.io/librariesio/release/npm/zsyp
+[deps-url]: https://libraries.io/npm/zsyp

package/lib/csp.js CHANGED Viewed

@@ -2,8 +2,7 @@ const Router = require('router');
 const { json } = require('body-parser');
 const from = require('./from');
-/* global URL */
+const makeFilter = require('./filter');
 function respond(req, res, next) {
   res.statusCode = 204; // empty
@@ -12,38 +11,24 @@ function respond(req, res, next) {
 }
-module.exports = function ({ domains }) {
-  const router = new Router();
-  const domainRe = domains && new RegExp(domains);
-  function filter(csp) {
-    if (!domainRe) {
-      return true;
-    }
-    const { hostname } = new URL(csp['document-uri']);
-    return domainRe.test(hostname);
-  }
-  function log({ from, body: csp, log }) {
-    if (!filter(csp)) {
-      // skip reports for domains we are not interested in
-      return;
-    }
+function log({ from, body: csp, log }) {
+  const report = {
+    from,
+    ...csp
+  };
-    const report = {
-      from,
-      ...csp
-    };
+  log(report);
+}
-    log(report);
-  }
+module.exports = function (opts) {
+  const router = new Router();
+  const filter = makeFilter(opts);
   router.post('/csp',
     from,
     json({ limit: 5000, type: [ '*/json', 'application/csp-report' ] }),
     respond,
+    filter,
     log
   );

package/lib/filter.js ADDED Viewed

@@ -0,0 +1,23 @@
+module.exports = makeFilter;
+/* global URL */
+function makeFilter({ domains }) {
+  const domainRe = domains && new RegExp(domains);
+  return filter;
+  function filter({ body: csp }, res, next) {
+    if (!domainRe) {
+      return next();
+    }
+    const uri = csp['csp-report']['document-uri'];
+    const { hostname } = new URL(uri);
+    if (domainRe.test(hostname)) {
+      console.log('OK!!!!!!!!');
+      return next();
+    }
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "zsyp",
-  "version": "0.0.1",
+  "version": "1.0.1",
   "description": "CSP violation reports logger.",
   "author": {
     "name": "Damian Krzeminski",
@@ -19,14 +19,14 @@
     "@pirxpilot/connect": "^4.0.0",
     "body-parser": "~1",
     "debug": "~2 || ~3 || ~4",
-    "dotenv": "~8",
+    "dotenv": "~16",
     "mniam": "^2.1.0",
     "router": "~1",
     "useragent": "^2.3.0"
   },
   "devDependencies": {
     "jshint": "~2",
-    "tape": "~4"
+    "tape": "~5"
   },
   "scripts": {
     "test": "make check"

package/History.md DELETED Viewed

@@ -1,5 +0,0 @@
-0.0.1 / 2019-07-15
-==================
- * basic implementation: UA parsing, domain filtering, mongo backend