Merge pull request #247 from Shikkanime/dev

Dev
Shikkanime · Mar 5, 2024 · 2cd66c5 · 2cd66c5
2 parents 5298154 + 620f466
commit 2cd66c5
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 6 deletions.
diff --git a/.github/workflows/global_workflow.yml b/.github/workflows/global_workflow.yml
@@ -30,14 +30,14 @@ jobs:
 
       - name: Analyse pull request
         # If pull request, we analyze the code, and if the target branch is not master
-        if: github.event_name == 'pull_request' && github.event.pull_request.base.ref != 'master'
+        if: github.event_name == 'pull_request' && github.event.pull_request.base.ref != 'master' && github.actor != 'dependabot[bot]'
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
         run: ./gradlew sonar --info -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} -Dsonar.qualitygate.wait=true
 
       - name: Test
-        if: github.event_name == 'pull_request' && github.event.pull_request.base.ref == 'master'
+        if: github.event_name == 'pull_request' && (github.event.pull_request.base.ref == 'master' || github.actor == 'dependabot[bot]')
         run: ./gradlew clean test --info
 
       - name: Cache gradle dependencies

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,6 +1,6 @@
 import java.net.URI
 
-val ktorVersion = "2.3.8"
+val ktorVersion = "2.3.9"
 val kotlinVersion = "1.9.22"
 val ktorSwaggerUiVersion = "2.7.4"
 val hibernateCoreVersion = "6.4.4.Final"
@@ -30,7 +30,7 @@ val h2Version = "2.2.224"
 
 plugins {
     kotlin("jvm") version "1.9.22"
-    id("io.ktor.plugin") version "2.3.8"
+    id("io.ktor.plugin") version "2.3.9"
     jacoco
     id("org.sonarqube") version "4.4.1.3373"
 }

diff --git a/src/main/kotlin/fr/shikkanime/controllers/api/AttachmentController.kt b/src/main/kotlin/fr/shikkanime/controllers/api/AttachmentController.kt
@@ -2,6 +2,7 @@ package fr.shikkanime.controllers.api
 
 import fr.shikkanime.dtos.MessageDto
 import fr.shikkanime.services.ImageService
+import fr.shikkanime.utils.Constant
 import fr.shikkanime.utils.routes.Cached
 import fr.shikkanime.utils.routes.Controller
 import fr.shikkanime.utils.routes.Path
@@ -17,7 +18,7 @@ import java.util.*
 class AttachmentController {
     @Path
     @Get
-    @Cached(maxAgeSeconds = 31536000)
+    @Cached(maxAgeSeconds = Constant.DEFAULT_CACHE_DURATION)
     @OpenAPI(
         "Get attachment",
         [

diff --git a/src/main/kotlin/fr/shikkanime/modules/Routing.kt b/src/main/kotlin/fr/shikkanime/modules/Routing.kt
@@ -51,6 +51,24 @@ private val callStartTime = AttributeKey<ZonedDateTime>("CallStartTime")
 fun Application.configureRouting() {
     environment.monitor.subscribe(Routing.RoutingCallStarted) { call ->
         call.attributes.put(callStartTime, ZonedDateTime.now())
+
+        // Security headers
+        call.response.pipeline.intercept(ApplicationSendPipeline.Transform) {
+            context.response.header(HttpHeaders.StrictTransportSecurity, "max-age=${Constant.DEFAULT_CACHE_DURATION}; includeSubDomains; preload")
+
+            context.response.header(
+                "Content-Security-Policy", "default-src 'self'; " +
+                        "img-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://api.shikkanime.fr https://www.shikkanime.fr; " +
+                        "style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; " +
+                        "font-src 'self' https://cdn.jsdelivr.net; " +
+                        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net"
+            )
+
+            context.response.header("X-Frame-Options", "DENY")
+            context.response.header("X-Content-Type-Options", "nosniff")
+            context.response.header("Referrer-Policy", "no-referrer")
+            context.response.header("Permissions-Policy", "geolocation=(), microphone=()")
+        }
     }
 
     environment.monitor.subscribe(Routing.RoutingCallFinished) { call ->
@@ -69,7 +87,7 @@ fun Application.configureRouting() {
             preCompressed(CompressedFileType.BROTLI, CompressedFileType.GZIP)
 
             cacheControl {
-                listOf(CacheControl.MaxAge(maxAgeSeconds = 31536000))
+                listOf(CacheControl.MaxAge(maxAgeSeconds = Constant.DEFAULT_CACHE_DURATION))
             }
         }
 

diff --git a/src/main/kotlin/fr/shikkanime/utils/Constant.kt b/src/main/kotlin/fr/shikkanime/utils/Constant.kt
@@ -39,6 +39,7 @@ object Constant {
 
     const val BASE_URL = "https://www.shikkanime.fr"
     const val DEFAULT_IMAGE_PREVIEW = "$BASE_URL/assets/img/episode_no_image_preview.jpg"
+    const val DEFAULT_CACHE_DURATION = 31536000 // 1 year
 
     init {
         abstractPlatforms.forEach {