selfhosted
/
padloc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
padloc/packages/pwa/webpack.config.js

242 lines
9.5 KiB
JavaScript
Raw Normal View History

Resolve assets dir relative to root dir, not current file
2021-11-19 14:58:09 +00:00
const { resolve, join } = require("path");
Automatically include manifest files in CSP when building PWA Fixes #471 The hardest part here was finding the right hook to tap into, and the silent error thing threw me off for a while as well.
2022-07-01 10:49:21 +00:00
const { readFileSync, writeFileSync } = require("fs");
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
const { EnvironmentPlugin } = require("webpack");
const { InjectManifest } = require("workbox-webpack-plugin");
const HtmlWebpackPlugin = require("html-webpack-plugin");
const { CleanWebpackPlugin } = require("clean-webpack-plugin");
const WebpackPwaManifest = require("webpack-pwa-manifest");
"Manually" generate favicon instead of using webpack plugin
2021-12-05 08:26:15 +00:00
const sharp = require("sharp");
Automatically include manifest files in CSP when building PWA Fixes #471 The hardest part here was finding the right hook to tap into, and the silent error thing threw me off for a while as well.
2022-07-01 10:49:21 +00:00
const { version } = require("../../package.json");
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
Resolve assets dir relative to root dir, not current file
2021-11-19 14:58:09 +00:00
const out = process.env.PL_PWA_DIR || resolve(__dirname, "dist");
Change default pwa port to 8080; use fallback server url in csp injection if none is set
2020-01-01 13:55:14 +00:00
const serverUrl = process.env.PL_SERVER_URL || `http://0.0.0.0:${process.env.PL_SERVER_PORT || 3000}`;
Checksums - Allow anyone to confirm source and delivered code (#467) * Checksums - Allow anyone to confirm source and delivered code For now this only has the initial step on making CSP stricter so we can use it to parse through used files. Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well. Related to #331 * Lint! * Add more instructions and CI to build checksums. * Fix typo and lint * Remove CSP package dependency, build it manually. Update commands in docs, fix web extension release. * Tweak docs and webpack. CI still isn't producing a matching checksum, though. * Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily. * Fix web checksum, add checksums and instructions for everything else Closes #467 * Fix tauri release + macos sha256sum * Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange. * Properly indent + fix sha256sum results (and windows line endings problem) * Include PWA for release, add instructions to change filenames when checksum fails. * Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now. Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now. * Add TypeScript (Deno) script to parse through CSP and download matched files. Also update docs. * Tweak web checksum examples. * Remove content hashes from font files. * Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
const pwaUrl = process.env.PL_PWA_URL || `http://localhost:${process.env.PL_PWA_PORT || 8080}`;
Resolve assets dir relative to root dir, not current file
2021-11-19 14:58:09 +00:00
const rootDir = resolve(__dirname, "../..");
const assetsDir = resolve(rootDir, process.env.PL_ASSETS_DIR || "assets");
Create new pwa package to separate webpack builds from ui package
2019-10-12 07:44:12 +00:00
Load terms of service url from manifest file
2022-01-31 11:02:35 +00:00
const { name, terms_of_service } = require(join(assetsDir, "manifest.json"));
Add support page
2021-10-14 13:58:24 +00:00
Tweak to allow simpler but stil strict CSP in dev mode
2022-07-01 11:11:36 +00:00
const isBuildingLocally = pwaUrl.startsWith("http://localhost");
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
module.exports = {
Resolve assets dir relative to root dir, not current file
2021-11-19 14:58:09 +00:00
entry: resolve(__dirname, "src/index.ts"),
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
output: {
Create new pwa package to separate webpack builds from ui package
2019-10-12 07:44:12 +00:00
path: out,
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
filename: "[name].js",
Use dynamic imports and code splitting for asynchronously loaded libraries
2019-07-14 20:16:39 +00:00
chunkFilename: "[name].chunk.js",
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
publicPath: "/",
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
},
mode: "development",
devtool: "source-map",
Implement consistent defaults for configuration variables Update npm scripts Update readme
2019-11-01 13:39:00 +00:00
stats: "minimal",
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
resolve: {
Add mechanism for switching out themes
2021-10-08 08:09:48 +00:00
extensions: [".ts", ".js", ".css", ".svg", ".png", ".jpg"],
alias: {
Resolve assets dir relative to root dir, not current file
2021-11-19 14:58:09 +00:00
assets: assetsDir,
Add mechanism for switching out themes
2021-10-08 08:09:48 +00:00
},
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
},
module: {
rules: [
{
test: /\.ts$/,
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
loader: "ts-loader",
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
},
{
test: /\.css$/,
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
use: ["style-loader", "css-loader"],
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
},
{
test: /\.(woff|woff2|eot|ttf|otf|svg)$/,
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
use: ["file-loader"],
},
Add support page
2021-10-14 13:58:24 +00:00
{
test: /\.txt|md$/i,
use: "raw-loader",
},
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
],
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
},
plugins: [
new EnvironmentPlugin({
Add support page
2021-10-14 13:58:24 +00:00
PL_APP_NAME: name,
Checksums - Allow anyone to confirm source and delivered code (#467) * Checksums - Allow anyone to confirm source and delivered code For now this only has the initial step on making CSP stricter so we can use it to parse through used files. Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well. Related to #331 * Lint! * Add more instructions and CI to build checksums. * Fix typo and lint * Remove CSP package dependency, build it manually. Update commands in docs, fix web extension release. * Tweak docs and webpack. CI still isn't producing a matching checksum, though. * Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily. * Fix web checksum, add checksums and instructions for everything else Closes #467 * Fix tauri release + macos sha256sum * Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange. * Properly indent + fix sha256sum results (and windows line endings problem) * Include PWA for release, add instructions to change filenames when checksum fails. * Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now. Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now. * Add TypeScript (Deno) script to parse through CSP and download matched files. Also update docs. * Tweak web checksum examples. * Remove content hashes from font files. * Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
PL_PWA_URL: pwaUrl,
Change default pwa port to 8080; use fallback server url in csp injection if none is set
2020-01-01 13:55:14 +00:00
PL_SERVER_URL: serverUrl,
Add option to disable editing payment method (to comply with iOS app store regulations)
2019-09-15 15:31:24 +00:00
PL_BILLING_ENABLED: null,
PL_BILLING_DISABLE_PAYMENT: null,
PL_BILLING_STRIPE_PUBLIC_KEY: null,
Add better error reporting
2019-09-15 08:51:08 +00:00
PL_SUPPORT_EMAIL: "support@padloc.app",
Disable web worker in cordova apps
2019-09-15 16:55:14 +00:00
PL_VERSION: version,
CI: Full Release (#376) * CI: Full Release This implements a full release action that takes care of creating a tag, release, then building and uploading builds for all targets.
2022-01-17 17:32:21 +00:00
PL_VENDOR_VERSION: version,
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
PL_DISABLE_SW: false,
Add better implementation for "ad hoc" default authenticators; allow client to specify which authentication types it supports
2021-09-28 13:41:22 +00:00
PL_CLIENT_SUPPORTED_AUTH_TYPES: "email",
Load terms of service url from manifest file
2022-01-31 11:02:35 +00:00
PL_TERMS_OF_SERVICE: terms_of_service,
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
}),
new CleanWebpackPlugin(),
Checksums - Allow anyone to confirm source and delivered code (#467) * Checksums - Allow anyone to confirm source and delivered code For now this only has the initial step on making CSP stricter so we can use it to parse through used files. Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well. Related to #331 * Lint! * Add more instructions and CI to build checksums. * Fix typo and lint * Remove CSP package dependency, build it manually. Update commands in docs, fix web extension release. * Tweak docs and webpack. CI still isn't producing a matching checksum, though. * Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily. * Fix web checksum, add checksums and instructions for everything else Closes #467 * Fix tauri release + macos sha256sum * Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange. * Properly indent + fix sha256sum results (and windows line endings problem) * Include PWA for release, add instructions to change filenames when checksum fails. * Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now. Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now. * Add TypeScript (Deno) script to parse through CSP and download matched files. Also update docs. * Tweak web checksum examples. * Remove content hashes from font files. * Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
{
apply(compiler) {
Tweak to allow simpler but stil strict CSP in dev mode
2022-07-01 11:11:36 +00:00
compiler.hooks.compilation.tap("Update CSP - dev", (compilation) => {
HtmlWebpackPlugin.getHooks(compilation).beforeEmit.tapAsync(
"Update CSP - dev",
(data, callback) => {
if (!isBuildingLocally) {
callback(null, data);
return;
}
const builtFilesForCsp = new Map([
["script-src", [""]],
["font-src", [""]],
["img-src", [""]],
["manifest-src", [""]],
]);
// Manually add the root for the CSP meta tag
for (const cspRule of builtFilesForCsp.keys()) {
const files = builtFilesForCsp.get(cspRule);
data.html = data.html.replace(
`[REPLACE_${cspRule.replace("-src", "").toUpperCase()}]`,
`${files.map((file) => `${pwaUrl}/${file}`).join(" ")}`
);
}
// Add the websocket URL + PWA URL of webpack-dev-server to connect-src when building locally, or nothing otherwise
Replace unnecessary let
2022-07-01 11:15:19 +00:00
const connectReplacement = `ws://localhost:${process.env.PL_PWA_PORT || 8080}/ws ${pwaUrl}`;
Tweak to allow simpler but stil strict CSP in dev mode
2022-07-01 11:11:36 +00:00
data.html = data.html.replace("[REPLACE_CONNECT]", connectReplacement);
callback(null, data);
}
);
return true;
});
},
},
new HtmlWebpackPlugin({
title: name,
template: resolve(__dirname, "src/index.html"),
meta: {
"Content-Security-Policy": {
"http-equiv": "Content-Security-Policy",
content: `default-src 'none'; base-uri 'none'; script-src blob: [REPLACE_SCRIPT]; connect-src ${serverUrl} https://api.pwnedpasswords.com [REPLACE_CONNECT]; style-src 'unsafe-inline'; font-src [REPLACE_FONT]; object-src blob:; frame-src 'none'; img-src [REPLACE_IMG] blob: data: https://icons.duckduckgo.com; manifest-src [REPLACE_MANIFEST]; worker-src ${pwaUrl}/sw.js;`,
},
},
}),
new WebpackPwaManifest({
name: name,
short_name: name,
icons: [
{
src: resolve(__dirname, assetsDir, "app-icon.png"),
sizes: [96, 128, 192, 256, 384, 512],
},
],
}),
new InjectManifest({
swSrc: resolve(__dirname, "../app/src/sw.ts"),
swDest: "sw.js",
exclude: [/favicon\.png$/, /\.map$/],
}),
{
apply(compiler) {
compiler.hooks.emit.tapPromise("Generate Favicon", async (compilation) => {
const icon = await sharp(resolve(__dirname, assetsDir, "app-icon.png"))
.resize({
width: 256,
height: 256,
})
.toBuffer();
compilation.assets["favicon.png"] = {
source: () => icon,
size: () => Buffer.byteLength(icon),
};
return true;
});
},
},
{
apply(compiler) {
compiler.hooks.afterEmit.tapPromise("Store Built Files for CSP - non-dev", async (compilation) => {
if (isBuildingLocally) {
// Skip
return true;
}
Automatically include manifest files in CSP when building PWA Fixes #471 The hardest part here was finding the right hook to tap into, and the silent error thing threw me off for a while as well.
2022-07-01 10:49:21 +00:00
const fileExtensionsToCspRule = new Map([
["js", "script-src"],
["map", "script-src"],
["woff2", "font-src"],
["svg", "img-src"],
["png", "img-src"],
["json", "manifest-src"],
]);
const builtFilesForCsp = new Map([
["script-src", []],
["font-src", []],
["img-src", []],
["manifest-src", []],
]);
const assets = compilation.getAssets();
const htmlFilePath = resolve(out, "index.html");
let htmlFileContents = readFileSync(htmlFilePath, "utf-8");
for (const asset of assets) {
// Skip the file we're writing to!
if (asset.name === "index.html") {
continue;
}
const fileExtension = asset.name.split(".").pop();
if (!fileExtensionsToCspRule.has(fileExtension)) {
// NOTE: Throwing an error in this hook is silently ignored, so we need to just log it and keep going
console.error(`No CSP rule found for ".${fileExtension}"! (${asset.name})`);
continue;
Checksums - Allow anyone to confirm source and delivered code (#467) * Checksums - Allow anyone to confirm source and delivered code For now this only has the initial step on making CSP stricter so we can use it to parse through used files. Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well. Related to #331 * Lint! * Add more instructions and CI to build checksums. * Fix typo and lint * Remove CSP package dependency, build it manually. Update commands in docs, fix web extension release. * Tweak docs and webpack. CI still isn't producing a matching checksum, though. * Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily. * Fix web checksum, add checksums and instructions for everything else Closes #467 * Fix tauri release + macos sha256sum * Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange. * Properly indent + fix sha256sum results (and windows line endings problem) * Include PWA for release, add instructions to change filenames when checksum fails. * Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now. Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now. * Add TypeScript (Deno) script to parse through CSP and download matched files. Also update docs. * Tweak web checksum examples. * Remove content hashes from font files. * Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
}
Automatically include manifest files in CSP when building PWA Fixes #471 The hardest part here was finding the right hook to tap into, and the silent error thing threw me off for a while as well.
2022-07-01 10:49:21 +00:00
const cspRule = fileExtensionsToCspRule.get(fileExtension);
if (!builtFilesForCsp.has(cspRule)) {
// NOTE: Throwing an error in this hook is silently ignored, so we need to just log it and keep going
console.error(`No CSP rule found for "${cspRule}"! (${fileExtension})`);
continue;
}
builtFilesForCsp.get(cspRule).push(asset.name);
}
// Manually add the files in for the CSP meta tag
for (const cspRule of builtFilesForCsp.keys()) {
// Sort all files first
const files = builtFilesForCsp.get(cspRule);
files.sort();
htmlFileContents = htmlFileContents.replace(
`[REPLACE_${cspRule.replace("-src", "").toUpperCase()}]`,
`${files.map((file) => `${pwaUrl}/${file}`).join(" ")}`
);
}
Fix connect_replace ending up in non-dev now
2022-07-01 11:28:18 +00:00
// Nothing more to connect to, in non-dev
htmlFileContents = htmlFileContents.replace("[REPLACE_CONNECT]", "");
Automatically include manifest files in CSP when building PWA Fixes #471 The hardest part here was finding the right hook to tap into, and the silent error thing threw me off for a while as well.
2022-07-01 10:49:21 +00:00
writeFileSync(htmlFilePath, htmlFileContents, "utf-8");
Checksums - Allow anyone to confirm source and delivered code (#467) * Checksums - Allow anyone to confirm source and delivered code For now this only has the initial step on making CSP stricter so we can use it to parse through used files. Very much WIP for now, but now it should just be a matter of writing up concise docs on how to go through the process, after generating and publishing the checksums via CI as well. Related to #331 * Lint! * Add more instructions and CI to build checksums. * Fix typo and lint * Remove CSP package dependency, build it manually. Update commands in docs, fix web extension release. * Tweak docs and webpack. CI still isn't producing a matching checksum, though. * Tweak docs for web checksums, add debugging in the checksum action, make it faster, temporarily. * Fix web checksum, add checksums and instructions for everything else Closes #467 * Fix tauri release + macos sha256sum * Remove .app checksum, since it's a directory and checksum'ing the .tar.gz seems strange. * Properly indent + fix sha256sum results (and windows line endings problem) * Include PWA for release, add instructions to change filenames when checksum fails. * Include _everything_ in the CSP now, and tweak the verification script and checksum build to also include everything, now. Still requires changes in the way to verify a published web app, where I'll have to write a script to parse through the whole CSP now. * Add TypeScript (Deno) script to parse through CSP and download matched files. Also update docs. * Tweak web checksum examples. * Remove content hashes from font files. * Try sorting files before adding to CSP, to enforce consistency.
2022-06-20 06:34:45 +00:00
"Manually" generate favicon instead of using webpack plugin
2021-12-05 08:26:15 +00:00
return true;
});
},
},
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
],
devServer: {
historyApiFallback: true,
host: "0.0.0.0",
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
port: process.env.PL_PWA_PORT || 8080,
Add better implementation for "ad hoc" default authenticators; allow client to specify which authentication types it supports
2021-09-28 13:41:22 +00:00
// hot: false,
// liveReload: false,
First pass at implementing open id authenticator
2021-09-20 13:57:05 +00:00
client: { overlay: false },
Add support for TOTP as MFA method
2021-08-22 07:48:01 +00:00
},
Switch to webpack for bundling
2019-07-13 19:29:32 +00:00
};