hippofish/packages/backend/src/server/file/index.ts
shibao 380d14f406
Add img-src and media-src to Content-Security-Policy header for files and media proxy (#8188)
* add img-src and media-src to csp in file and media proxy

* add csp changes to changelog

* sort and remove trailing semicolon
2022-01-29 02:23:18 +09:00

41 lines
1 KiB
TypeScript

/**
* File Server
*/
import * as fs from 'fs';
import { fileURLToPath } from 'url';
import { dirname } from 'path';
import * as Koa from 'koa';
import * as cors from '@koa/cors';
import * as Router from '@koa/router';
import sendDriveFile from './send-drive-file';
//const _filename = fileURLToPath(import.meta.url);
const _filename = __filename;
const _dirname = dirname(_filename);
// Init app
const app = new Koa();
app.use(cors());
app.use(async (ctx, next) => {
ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`);
await next();
});
// Init router
const router = new Router();
router.get('/app-default.jpg', ctx => {
const file = fs.createReadStream(`${_dirname}/assets/dummy.png`);
ctx.body = file;
ctx.set('Content-Type', 'image/jpeg');
ctx.set('Cache-Control', 'max-age=31536000, immutable');
});
router.get('/:key', sendDriveFile);
router.get('/:key/(.*)', sendDriveFile);
// Register router
app.use(router.routes());
module.exports = app;