mirror of
https://github.com/alanorth/hugo-theme-bootstrap4-blog.git
synced 2024-12-19 00:52:19 +01:00
Alan Orth
683755f95d
Subresource integrity allows user agents to verify that a fetched resource has been delivered without unexpected manipulation[0]. I put theme assets in a json configuration file and save the hashes to a TOML file that Hugo loads via its theme data mechanism[1]. [0] https://www.w3.org/TR/SRI/ [1] https://gohugo.io/extras/datafiles/
24 lines
584 B
JavaScript
24 lines
584 B
JavaScript
// Adapted from: https://gist.github.com/jmervine/ae1bace0fe37dce75b90ec3e9592771c
|
|
|
|
var crypto = require('crypto');
|
|
var fs = require('fs');
|
|
var assets = require('./assets.json');
|
|
|
|
var generate384 = function (file) {
|
|
var enc = 'utf8';
|
|
var body = fs.readFileSync(file, { encoding: enc });
|
|
var hash = crypto.createHash('sha384').update(body, enc);
|
|
var sha = hash.digest('base64');
|
|
|
|
return 'sha384-' + sha;
|
|
}
|
|
|
|
for (var asset in assets) {
|
|
var path = assets[asset];
|
|
var hash = generate384(path);
|
|
|
|
console.log(asset + ' = "' + hash + '"');
|
|
}
|
|
|
|
// vim: set ts=2 sw=2 et:
|