Blame view
node_modules/hpkp/index.js
1.81 KB
f7563de62
first commit
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
var badArgumentsError = new Error('hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup).')
module.exports = function hpkp (passedOptions) {
var options = parseOptions(passedOptions)
var headerKey = getHeaderKey(options)
var headerValue = getHeaderValue(options)
return function hpkp (req, res, next) {
var setHeader = true
var setIf = options.setIf
if (setIf) {
setHeader = setIf(req, res)
}
if (setHeader) {
res.setHeader(headerKey, headerValue)
}
next()
}
}
function parseOptions (options) {
if (!options) { throw badArgumentsError }
if (options.maxage && options.maxAge) { throw badArgumentsError }
var maxAge = options.maxAge
var sha256s = options.sha256s
var setIf = options.setIf
if (!maxAge || maxAge <= 0) { throw badArgumentsError }
if (!sha256s || sha256s.length < 2) { throw badArgumentsError }
if (setIf && (typeof setIf !== 'function')) {
throw new TypeError('setIf must be a function.')
}
if (options.reportOnly && !options.reportUri) { throw badArgumentsError }
return {
maxAge: maxAge,
sha256s: sha256s,
includeSubdomains: options.includeSubdomains,
reportUri: options.reportUri,
reportOnly: options.reportOnly,
setIf: setIf
}
}
function getHeaderKey (options) {
var header = 'Public-Key-Pins'
if (options.reportOnly) {
header += '-Report-Only'
}
return header
}
function getHeaderValue (options) {
var result = options.sha256s.map(function (sha) {
return 'pin-sha256="' + sha + '"'
})
result.push('max-age=' + Math.round(options.maxAge / 1000))
if (options.includeSubdomains) {
result.push('includeSubdomains')
}
if (options.reportUri) {
result.push('report-uri="' + options.reportUri + '"')
}
return result.join('; ')
}
|