first draft of a simple integrity plugin

2021-11-09 21:48:46 +00:00 · 2021-11-09 21:48:46 +00:00 · 9aab83b889
commit 9aab83b889
--- a/plugins/static-integrity.js
+++ b/plugins/static-integrity.js
@ -0,0 +1,64 @@
+/* ========================================================================= *\
+|* === static-integrity: pre-configured subresource integrity for content=== *|
+\* ========================================================================= */
+
+/**
+ * this plugin does not implement any push method
+ */
+
+// no polluting of the global namespace please
+(function(LRPC){
+    // this never changes
+    const pluginName = "static-integrity"
+    LRPC.set(pluginName, (LR, init={})=>{
+    
+        /*
+         * plugin config settings
+         */
+        
+        // sane defaults
+        let defaultConfig = {
+            // list of plugins to wrap
+            uses: {
+                name: "alt-fetch"
+            },
+            // integrity data for each piece of content
+            // relative URL -> integrity data
+            integrity: {},
+            // if an URL has no integrity data associated with it, should it be allowed or not?
+            requireIntegrity: true
+        }
+        
+        // merge the defaults with settings from LibResilientConfig
+        let config = {...defaultConfig, ...init}
+        
+        /**
+         * getting content using regular HTTP(S) fetch()
+         */
+        let fetchContent = (url, init={}) => {
+            
+            // TODO: get integrity data for the URL
+            // TODO: bail (or not) if integrity data is not available
+            
+            // log
+            LR.log(pluginName, `integrity for: ${url}\n- `)
+            
+            // fetch
+            // TODO: what if the plugin doesn't verify integrity itself?
+            // TODO: what if it does? we should not re-verify, wasteful
+            return config.uses.fetch(url, init)
+        }
+
+        // and add ourselves to it
+        // with some additional metadata
+        return {
+            name: pluginName,
+            description: `fetching resources with pre-configured subresource integrity data`,
+            version: 'COMMIT_UNKNOWN',
+            fetch: fetchContent,
+            uses: config.uses
+        }
+
+    })
+// done with not polluting the global namespace
+})(LibResilientPluginConstructors)