From 683755f95d0aacf926779a67a1c16e8ff6d10290 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Wed, 11 Jan 2017 10:32:43 +0200 Subject: [PATCH] Add tooling to generate SRI hashes for assets Subresource integrity allows user agents to verify that a fetched resource has been delivered without unexpected manipulation[0]. I put theme assets in a json configuration file and save the hashes to a TOML file that Hugo loads via its theme data mechanism[1]. [0] https://www.w3.org/TR/SRI/ [1] https://gohugo.io/extras/datafiles/ --- build/assets.json | 5 +++++ build/sri.js | 23 +++++++++++++++++++++++ package.json | 3 ++- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 build/assets.json create mode 100644 build/sri.js diff --git a/build/assets.json b/build/assets.json new file mode 100644 index 0000000..c8771bd --- /dev/null +++ b/build/assets.json @@ -0,0 +1,5 @@ +{ + "style": "static/css/style.css", + "cookieconsentcss": "static/css/cookieconsent.min.css", + "cookieconsentjs": "static/js/cookieconsent.min.js" +} diff --git a/build/sri.js b/build/sri.js new file mode 100644 index 0000000..dcc54e0 --- /dev/null +++ b/build/sri.js @@ -0,0 +1,23 @@ +// Adapted from: https://gist.github.com/jmervine/ae1bace0fe37dce75b90ec3e9592771c + +var crypto = require('crypto'); +var fs = require('fs'); +var assets = require('./assets.json'); + +var generate384 = function (file) { + var enc = 'utf8'; + var body = fs.readFileSync(file, { encoding: enc }); + var hash = crypto.createHash('sha384').update(body, enc); + var sha = hash.digest('base64'); + + return 'sha384-' + sha; +} + +for (var asset in assets) { + var path = assets[asset]; + var hash = generate384(path); + + console.log(asset + ' = "' + hash + '"'); +} + +// vim: set ts=2 sw=2 et: diff --git a/package.json b/package.json index ec173b7..a437f08 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,8 @@ "build:css": "node-sass --output-style expanded --precision 6 source/scss/style.scss static/css/style.css.tmp && cleancss --skip-advanced static/css/style.css.tmp -o static/css/style.css", "build:fonts": "cp node_modules/font-awesome/fonts/* static/fonts", "build:cookieconsent": "cp node_modules/cookieconsent/build/cookieconsent.min.css static/css && cp node_modules/cookieconsent/build/cookieconsent.min.js static/js", - "build": "npm run build:css && npm run build:fonts && npm run build:cookieconsent && npm run clean", + "build:generatesri": "node build/sri.js > data/sri.toml", + "build": "npm run build:css && npm run build:fonts && npm run build:cookieconsent && npm run build:generatesri && npm run clean", "clean": "rm static/css/style.css.tmp" }, "keywords": "hugo",