Add our ClassName feature from go-chart#103, re-enable safe CSS in CSP

parent 0d1a2f90
......@@ -8,7 +8,8 @@ pipeline:
image: codycraven/sassc
pull: true
commands:
- sassc -t compressed sass/main.scss sass/main.css
- sassc -p 0 -t compressed sass/main.scss sass/main.css
- sassc -p 0 -t compressed sass/chart.scss sass/chart.css
build:
image: golang
......
......@@ -8,3 +8,4 @@ custom:
- "./static"
- "./templates"
- "./sass/main.css"
- "./sass/chart.css"
......@@ -28,7 +28,7 @@ require (
github.com/ugorji/go/codec v0.0.0-20180831062425-e253f1f20942 // indirect
github.com/unrolled/secure v0.0.0-20180914162101-439d7b25425f
github.com/urfave/cli v1.20.0
github.com/wcharczuk/go-chart v2.0.2-0.20180910201446-872b97b99f76+incompatible
github.com/wcharczuk/go-chart v2.0.2-0.20181012164330-3cb33d48d32d+incompatible
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81 // indirect
golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f // indirect
......
......@@ -55,8 +55,8 @@ github.com/unrolled/secure v0.0.0-20180914162101-439d7b25425f h1:GPk4xSnRmy5EK4c
github.com/unrolled/secure v0.0.0-20180914162101-439d7b25425f/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/wcharczuk/go-chart v2.0.2-0.20180910201446-872b97b99f76+incompatible h1:iChVDB/sQFJ8th/nkQtooMDMCNStmUL8UlNhNDbMkok=
github.com/wcharczuk/go-chart v2.0.2-0.20180910201446-872b97b99f76+incompatible/go.mod h1:PF5tmL4EIx/7Wf+hEkpCqYi5He4u90sw+0+6FhrryuE=
github.com/wcharczuk/go-chart v2.0.2-0.20181012164330-3cb33d48d32d+incompatible h1:TuaQbjv4P1sV7CC2mmJq1zeFChwqju61+mHxVDLngz8=
github.com/wcharczuk/go-chart v2.0.2-0.20181012164330-3cb33d48d32d+incompatible/go.mod h1:PF5tmL4EIx/7Wf+hEkpCqYi5He4u90sw+0+6FhrryuE=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81 h1:00VmoueYNlNz/aHIilyyQz/MHSqGoWJzpFv/HW8xpzI=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0=
......
//go:generate sassc -p 0 -t compressed sass/main.scss sass/main.css
//go:generate sassc -p 0 -t compressed sass/chart.scss sass/chart.css
//go:generate fileb0x b0x.yaml
package main
......
......@@ -6,6 +6,9 @@ $bg-color2: #272727;
$bg-color3: #222;
$shadow-color: rgba(#000, .26);
$chart-stroke: rgba(255,0,0,1.0);
$chart-fill: rgba(255,0,0,0.3);
$small-screen-max-width: 720px;
$header-height: 64px;
......
@import 'configuration';
svg {
font-family: sans-serif;
}
.background,
.canvas {
fill: $bg-color-darker;
stroke: $fg-color-normal;
stroke-width: 0;
}
path.xaxis,
path.yaxis {
fill: none;
stroke: $bg-color-lighter;
stroke-width: 1;
}
text.xaxis,
text.yaxis {
fill: $fg-color-normal;
font-size: 12.8px;
stroke: none;
stroke-width: 0;
}
.series {
fill: none;
stroke: $chart-stroke;
stroke-width: 1;
}
path:nth-last-of-type(4).series {
fill: $chart-fill;
stroke: none;
stroke-width: 0;
}
text.legend {
fill: $fg-color-normal;
font-size: 10.2px;
stroke: none;
stroke-width: 0;
}
path.legend {
stroke-width: 1;
}
path:nth-last-of-type(1).legend {
fill: none;
stroke: $chart-stroke;
}
path:nth-last-of-type(2).legend {
fill: $bg-color-darker;
stroke: $bg-color-lighter;
}
\ No newline at end of file
......@@ -73,9 +73,9 @@ func (s *Server) handlerStatusSVG(width, height int) func(*gin.Context) {
timeSeries := chart.TimeSeries{
Name: "BPM",
Style: chart.Style{
Show: true,
StrokeColor: drawing.ColorRed,
FillColor: drawing.ColorRed.WithAlpha(64),
ClassName: "series",
Show: true,
FillColor: drawing.ColorBlack, // Dummy-Fill so go-chart produces the fill-paths
},
XValues: []time.Time{},
YValues: []float64{},
......@@ -101,28 +101,25 @@ func (s *Server) handlerStatusSVG(width, height int) func(*gin.Context) {
timeSeries.YValues = append(timeSeries.YValues, bpm)
}
backgroundColor := drawing.ColorFromHex("272727")
foregroundColor := drawing.ColorWhite
graph := chart.Chart{
Height: int(height),
Width: int(width),
Background: chart.Style{
FillColor: backgroundColor,
ClassName: "background",
},
Canvas: chart.Style{
FillColor: backgroundColor,
ClassName: "canvas",
},
XAxis: chart.XAxis{
Style: chart.Style{
FontColor: foregroundColor,
ClassName: "xaxis",
Show: true,
},
ValueFormatter: chart.TimeValueFormatterWithFormat("15:04"),
},
YAxis: chart.YAxis{
Style: chart.Style{
FontColor: foregroundColor,
ClassName: "yaxis",
Show: true,
},
ValueFormatter: chart.IntValueFormatter,
......@@ -132,16 +129,15 @@ func (s *Server) handlerStatusSVG(width, height int) func(*gin.Context) {
graph.Elements = []chart.Renderable{
chart.Legend(&graph, chart.Style{
FillColor: backgroundColor,
FontColor: foregroundColor,
ClassName: "legend",
}),
}
c.Header("Content-Type", "image/svg+xml")
c.Header("Content-Type", chart.ContentTypeSVG)
c.Header("Cache-Control", "max-age=600")
c.Header("Content-Security-Policy", s.getCSP(false)) // Our SVGs require inline CSS
if err := graph.Render(chart.SVG, c.Writer); err != nil {
if err := graph.Render(chart.SVGWithCSS(s.chartCSS, ""), c.Writer); err != nil {
log.Printf("%s - Error: %s", time.Now().Format(time.RFC3339), err.Error())
c.AbortWithStatus(500)
return
}
......
......@@ -5,6 +5,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/unrolled/secure"
"net/http"
"strings"
)
func (s Server) getSecureMiddleware() *secure.Secure {
......@@ -61,11 +62,13 @@ func (s Server) getSecureOptions() secure.Options {
}
func (s Server) getCSP(safeCSS bool) string {
styleSrc := "'unsafe-inline'"
// Until https://github.com/wcharczuk/go-chart/pull/103 is merged
//if safeCSS {
// styleSrc = fmt.Sprintf("'sha256-%s'", s.cssSha256)
//}
var styleSrc string
if safeCSS {
styleSrc = "'sha256-" + strings.Join(s.cssSha256, "' 'sha256-") + "'"
fmt.Println(styleSrc)
} else {
styleSrc = "'unsafe-inline'"
}
upgradeInSecureRequests := ""
if s.config.TLSProxy {
upgradeInSecureRequests = "upgrade-insecure-requests; "
......
......@@ -22,7 +22,8 @@ type Server struct {
Router *gin.Engine
store *persistence.InMemoryStore
css template.CSS
cssSha256 string
chartCSS string
cssSha256 []string
config Config
}
......@@ -50,12 +51,20 @@ func NewServer(config Config) (Server, error) {
cssBytes := bindata.FileSassMainCSS
cssSha256 := sha256.Sum256(cssBytes)
chartCSSBytes := bindata.FileSassChartCSS
chartCSSSha256 := sha256.Sum256(chartCSSBytes)
s := Server{
Router: gin.Default(),
store: persistence.NewInMemoryStore(time.Minute),
css: template.CSS(cssBytes),
cssSha256: base64.StdEncoding.EncodeToString(cssSha256[:]),
config: config,
Router: gin.Default(),
store: persistence.NewInMemoryStore(time.Minute),
css: template.CSS(cssBytes),
chartCSS: string(chartCSSBytes),
config: config,
}
s.cssSha256 = []string{
base64.StdEncoding.EncodeToString(cssSha256[:]),
base64.StdEncoding.EncodeToString(chartCSSSha256[:]),
}
s.Router.Use(nice.Recovery(s.recoveryHandler))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment