From 6138d54fcd0e74b6186320371c34f12e1479ddda Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 02:46:15 +0530 Subject: [PATCH 01/22] feat: Add next-middleware library and related files --- apps/autonolas-registry/middleware.ts | 152 +----------------- libs/next-middleware/.eslintrc.json | 18 +++ libs/next-middleware/README.md | 7 + libs/next-middleware/project.json | 13 ++ libs/next-middleware/src/index.ts | 3 + libs/next-middleware/src/lib/cspHeader.ts | 102 ++++++++++++ .../src/lib/next-middleware.tsx | 38 +++++ .../src/lib/prohibitedCountries.ts | 16 ++ libs/next-middleware/src/server.ts | 38 +++++ libs/next-middleware/tsconfig.json | 17 ++ libs/next-middleware/tsconfig.lib.json | 25 +++ libs/util-prohibited-data/src/index.ts | 3 + tsconfig.base.json | 2 + 13 files changed, 285 insertions(+), 149 deletions(-) create mode 100644 libs/next-middleware/.eslintrc.json create mode 100644 libs/next-middleware/README.md create mode 100644 libs/next-middleware/project.json create mode 100644 libs/next-middleware/src/index.ts create mode 100644 libs/next-middleware/src/lib/cspHeader.ts create mode 100644 libs/next-middleware/src/lib/next-middleware.tsx create mode 100644 libs/next-middleware/src/lib/prohibitedCountries.ts create mode 100644 libs/next-middleware/src/server.ts create mode 100644 libs/next-middleware/tsconfig.json create mode 100644 libs/next-middleware/tsconfig.lib.json diff --git a/apps/autonolas-registry/middleware.ts b/apps/autonolas-registry/middleware.ts index d76d6935..3847b993 100644 --- a/apps/autonolas-registry/middleware.ts +++ b/apps/autonolas-registry/middleware.ts @@ -1,150 +1,4 @@ -import nextSafe from 'next-safe'; -import { NextRequest, NextResponse, userAgent } from 'next/server'; +import { config, middleware } from 'libs/next-middleware/src/server'; -import prohibitedCountries from 'libs/util-prohibited-data/src/lib/prohibited-countries.json'; - -const prohibitedCountriesCode = Object.values(prohibitedCountries); - -const isDev = process.env.NODE_ENV !== 'production'; - -const getCspHeader = (browserName?: string) => { - if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; - - const walletconnectSrc = ['https://verify.walletconnect.org', 'https://verify.walletconnect.com']; - - const connectSrc: CSPDirective = [ - "'self'", - ...walletconnectSrc, - 'https://*.olas.network/', - 'https://*.autonolas.tech/', - 'https://rpc.walletconnect.com/', - 'wss://relay.walletconnect.org/', - 'wss://relay.walletconnect.com/', - 'https://explorer-api.walletconnect.com/', - 'https://eth-mainnet.g.alchemy.com/v2/', - 'https://eth-goerli.g.alchemy.com/v2/', - 'https://gno.getblock.io/', - 'https://polygon-mainnet.g.alchemy.com/v2/', - 'https://polygon-mumbai-bor.publicnode.com/', - 'https://rpc.chiado.gnosis.gateway.fm/', - 'https://safe-transaction-mainnet.safe.global/api/v1/', - 'https://safe-transaction-goerli.safe.global/api/', - 'https://safe-transaction-gnosis-chain.safe.global/api/', - 'https://safe-transaction-polygon.safe.global/api/', - 'https://vercel.live/', - 'https://api.devnet.solana.com/', - 'wss://api.devnet.solana.com/', - 'https://api.mainnet-beta.solana.com/', - 'wss://api.mainnet-beta.solana.com/', - 'https://holy-convincing-bird.solana-mainnet.quiknode.pro/', - 'wss://holy-convincing-bird.solana-mainnet.quiknode.pro/', - 'https://arb1.arbitrum.io/rpc/', - 'https://sepolia-rollup.arbitrum.io/rpc', - 'https://rpc.gnosischain.com/', - 'https://mainnet.base.org/', - 'https://sepolia.base.org/', - 'https://mainnet.optimism.io', - 'https://sepolia.optimism.io/', - 'https://forno.celo.org', - 'https://alfajores-forno.celo-testnet.org', - 'https://api.web3modal.com/', - 'wss://www.walletlink.org/rpc', - 'wss://*.pusher.com/', - process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL, - ]; - - if (isDev) { - connectSrc.push('http://localhost'); - connectSrc.push('ws://localhost'); - } - - const scriptSrc = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; - - // Firefox blocks inline scripts by default and it's an issue with Metamask - // reference: https://github.com/MetaMask/metamask-extension/issues/3133 - if (browserName === 'Firefox') { - scriptSrc.push("'unsafe-inline'"); - } - - const nextSafeHeaders = - typeof nextSafe === 'function' - ? // TODO - // @ts-expect-error: For some reason, TypeScript is not recognizing the function - nextSafe({ - isDev, - /** - * Content Security Policy - * @see https://content-security-policy.com/ - */ - contentSecurityPolicy: { - 'default-src': "'none'", - 'script-src': scriptSrc, - 'connect-src': connectSrc, - 'img-src': [ - "'self'", - 'blob:', - 'data:', - 'https://*.autonolas.tech/', - 'https://explorer-api.walletconnect.com/w3m/', - ...walletconnectSrc, - ], - 'style-src': ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com/'], - 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], - }, - permissionsPolicyDirectiveSupport: ['standard'], - }) - : []; - - const headers = [ - ...nextSafeHeaders, - { - key: 'Strict-Transport-Security', - value: 'max-age=31536000; includeSubDomains', - }, - ]; - - return headers; -}; - -const getRedirectUrl = (pathName: string, countryName?: string) => { - const isProhibited = countryName ? prohibitedCountriesCode.includes(countryName) : false; - - if (pathName === '/not-legal') { - return isProhibited ? null : '/'; - } - return isProhibited ? '/not-legal' : null; -}; - -export default async function middleware(request: NextRequest) { - const country = request.geo?.country; - const redirectUrl = getRedirectUrl(request.nextUrl.pathname, country); - - const response = redirectUrl - ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) - : NextResponse.next(); - - const browserName = userAgent(request)?.browser.name; - const cspHeaders = getCspHeader(browserName); - - // apply CSP headers - // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers - cspHeaders.forEach((header) => { - const { key, value } = header; - response.headers.set(key, value); - }); - - return response; -} - -export const config = { - matcher: [ - /* - * Match all request paths except for the ones starting with: - * - api (API routes) - * - _next/static (static files) - * - _next/image (image optimization files) - * - favicon.ico (favicon file) - */ - '/((?!api|_next/static|_next/image|favicon.ico).*)', - ], -}; +export default middleware; +export { config }; diff --git a/libs/next-middleware/.eslintrc.json b/libs/next-middleware/.eslintrc.json new file mode 100644 index 00000000..a39ac5d0 --- /dev/null +++ b/libs/next-middleware/.eslintrc.json @@ -0,0 +1,18 @@ +{ + "extends": ["plugin:@nx/react", "../../.eslintrc.json"], + "ignorePatterns": ["!**/*"], + "overrides": [ + { + "files": ["*.ts", "*.tsx", "*.js", "*.jsx"], + "rules": {} + }, + { + "files": ["*.ts", "*.tsx"], + "rules": {} + }, + { + "files": ["*.js", "*.jsx"], + "rules": {} + } + ] +} diff --git a/libs/next-middleware/README.md b/libs/next-middleware/README.md new file mode 100644 index 00000000..47e2baa5 --- /dev/null +++ b/libs/next-middleware/README.md @@ -0,0 +1,7 @@ +# next-middleware + +This library was generated with [Nx](https://nx.dev). + +## Running unit tests + +Run `nx test next-middleware` to execute the unit tests via [Jest](https://jestjs.io). diff --git a/libs/next-middleware/project.json b/libs/next-middleware/project.json new file mode 100644 index 00000000..8aedd1e8 --- /dev/null +++ b/libs/next-middleware/project.json @@ -0,0 +1,13 @@ +{ + "name": "next-middleware", + "$schema": "../../node_modules/nx/schemas/project-schema.json", + "sourceRoot": "libs/next-middleware/src", + "projectType": "library", + "tags": [], + "targets": { + "lint": { + "executor": "@nx/eslint:lint", + "outputs": ["{options.outputFile}"] + } + } +} diff --git a/libs/next-middleware/src/index.ts b/libs/next-middleware/src/index.ts new file mode 100644 index 00000000..8abf6520 --- /dev/null +++ b/libs/next-middleware/src/index.ts @@ -0,0 +1,3 @@ +// Use this file to export React client components (e.g. those with 'use client' directive) or other non-server utilities + +export * from './lib/next-middleware'; diff --git a/libs/next-middleware/src/lib/cspHeader.ts b/libs/next-middleware/src/lib/cspHeader.ts new file mode 100644 index 00000000..02ca0d9d --- /dev/null +++ b/libs/next-middleware/src/lib/cspHeader.ts @@ -0,0 +1,102 @@ +import nextSafe from 'next-safe'; + +const isDev = process.env.NODE_ENV !== 'production'; + +export const cspHeader = (browserName?: string) => { + if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; + + const walletconnectSrc = ['https://verify.walletconnect.org', 'https://verify.walletconnect.com']; + + const connectSrc: CSPDirective = [ + "'self'", + ...walletconnectSrc, + 'https://*.olas.network/', + 'https://*.autonolas.tech/', + 'https://rpc.walletconnect.com/', + 'wss://relay.walletconnect.org/', + 'wss://relay.walletconnect.com/', + 'https://explorer-api.walletconnect.com/', + 'https://eth-mainnet.g.alchemy.com/v2/', + 'https://eth-goerli.g.alchemy.com/v2/', + 'https://gno.getblock.io/', + 'https://polygon-mainnet.g.alchemy.com/v2/', + 'https://polygon-mumbai-bor.publicnode.com/', + 'https://rpc.chiado.gnosis.gateway.fm/', + 'https://safe-transaction-mainnet.safe.global/api/v1/', + 'https://safe-transaction-goerli.safe.global/api/', + 'https://safe-transaction-gnosis-chain.safe.global/api/', + 'https://safe-transaction-polygon.safe.global/api/', + 'https://vercel.live/', + 'https://api.devnet.solana.com/', + 'wss://api.devnet.solana.com/', + 'https://api.mainnet-beta.solana.com/', + 'wss://api.mainnet-beta.solana.com/', + 'https://holy-convincing-bird.solana-mainnet.quiknode.pro/', + 'wss://holy-convincing-bird.solana-mainnet.quiknode.pro/', + 'https://arb1.arbitrum.io/rpc/', + 'https://sepolia-rollup.arbitrum.io/rpc', + 'https://rpc.gnosischain.com/', + 'https://mainnet.base.org/', + 'https://sepolia.base.org/', + 'https://mainnet.optimism.io', + 'https://sepolia.optimism.io/', + 'https://forno.celo.org', + 'https://alfajores-forno.celo-testnet.org', + 'https://api.web3modal.com/', + 'wss://www.walletlink.org/rpc', + 'wss://*.pusher.com/', + process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL, + ]; + + if (isDev) { + connectSrc.push('http://localhost'); + connectSrc.push('ws://localhost'); + } + + const scriptSrc = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; + + // Firefox blocks inline scripts by default and it's an issue with Metamask + // reference: https://github.com/MetaMask/metamask-extension/issues/3133 + if (browserName === 'Firefox') { + scriptSrc.push("'unsafe-inline'"); + } + + const nextSafeHeaders = + typeof nextSafe === 'function' + ? // TODO + // @ts-expect-error: For some reason, TypeScript is not recognizing the function + nextSafe({ + isDev, + /** + * Content Security Policy + * @see https://content-security-policy.com/ + */ + contentSecurityPolicy: { + 'default-src': "'none'", + 'script-src': scriptSrc, + 'connect-src': connectSrc, + 'img-src': [ + "'self'", + 'blob:', + 'data:', + 'https://*.autonolas.tech/', + 'https://explorer-api.walletconnect.com/w3m/', + ...walletconnectSrc, + ], + 'style-src': ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com/'], + 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], + }, + permissionsPolicyDirectiveSupport: ['standard'], + }) + : []; + + const headers = [ + ...nextSafeHeaders, + { + key: 'Strict-Transport-Security', + value: 'max-age=31536000; includeSubDomains', + }, + ]; + + return headers; +}; diff --git a/libs/next-middleware/src/lib/next-middleware.tsx b/libs/next-middleware/src/lib/next-middleware.tsx new file mode 100644 index 00000000..fe184fd0 --- /dev/null +++ b/libs/next-middleware/src/lib/next-middleware.tsx @@ -0,0 +1,38 @@ +import { NextRequest, NextResponse, userAgent } from 'next/server'; + +import { cspHeader } from './cspHeader'; +import { getRedirectUrl } from './prohibitedCountries'; + +export const middleware = async (request: NextRequest) => { + const country = request.geo?.country; + const redirectUrl = await getRedirectUrl(request.nextUrl.pathname, country); + + const response = redirectUrl + ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) + : NextResponse.next(); + + const browserName = userAgent(request)?.browser.name; + const cspHeaders = cspHeader(browserName); + + // apply CSP headers + // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers + cspHeaders.forEach((header) => { + const { key, value } = header; + response.headers.set(key, value); + }); + + return response; +}; + +export const config = { + matcher: [ + /* + * Match all request paths except for the ones starting with: + * - api (API routes) + * - _next/static (static files) + * - _next/image (image optimization files) + * - favicon.ico (favicon file) + */ + '/((?!api|_next/static|_next/image|favicon.ico).*)', + ], +}; diff --git a/libs/next-middleware/src/lib/prohibitedCountries.ts b/libs/next-middleware/src/lib/prohibitedCountries.ts new file mode 100644 index 00000000..dd10a52e --- /dev/null +++ b/libs/next-middleware/src/lib/prohibitedCountries.ts @@ -0,0 +1,16 @@ +/* eslint-disable @nx/enforce-module-boundaries */ +// import prohibitedAddresses from './prohibited-addresses.json'; +// import prohibitedAddresses from '../../../util-prohibited-data/src/lib/prohibited-addresses.json'; +// import { prohibitedAddresses } from '@autonolas-frontend-mono/util-prohibited-data'; +import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; + +export const getRedirectUrl = async (pathName: string, countryName?: string) => { + const prohibitedCountriesCode = Object.values(prohibitedAddresses) as unknown as string[]; + + const isProhibited = countryName ? prohibitedCountriesCode.includes(countryName) : false; + + if (pathName === '/not-legal') { + return isProhibited ? null : '/'; + } + return isProhibited ? '/not-legal' : null; +}; diff --git a/libs/next-middleware/src/server.ts b/libs/next-middleware/src/server.ts new file mode 100644 index 00000000..09ee7961 --- /dev/null +++ b/libs/next-middleware/src/server.ts @@ -0,0 +1,38 @@ +import { NextRequest, NextResponse, userAgent } from 'next/server'; + +import { cspHeader } from './lib/cspHeader'; +import { getRedirectUrl } from './lib/prohibitedCountries'; + +export const middleware = async (request: NextRequest) => { + const country = request.geo?.country; + const redirectUrl = await getRedirectUrl(request.nextUrl.pathname, country); + + const response = redirectUrl + ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) + : NextResponse.next(); + + const browserName = userAgent(request)?.browser.name; + const cspHeaders = cspHeader(browserName); + + // apply CSP headers + // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers + cspHeaders.forEach((header) => { + const { key, value } = header; + response.headers.set(key, value); + }); + + return response; +}; + +export const config = { + matcher: [ + /* + * Match all request paths except for the ones starting with: + * - api (API routes) + * - _next/static (static files) + * - _next/image (image optimization files) + * - favicon.ico (favicon file) + */ + '/((?!api|_next/static|_next/image|favicon.ico).*)', + ], +}; diff --git a/libs/next-middleware/tsconfig.json b/libs/next-middleware/tsconfig.json new file mode 100644 index 00000000..95cfeb24 --- /dev/null +++ b/libs/next-middleware/tsconfig.json @@ -0,0 +1,17 @@ +{ + "compilerOptions": { + "jsx": "react-jsx", + "allowJs": false, + "esModuleInterop": false, + "allowSyntheticDefaultImports": true, + "strict": true + }, + "files": [], + "include": [], + "references": [ + { + "path": "./tsconfig.lib.json" + } + ], + "extends": "../../tsconfig.base.json" +} diff --git a/libs/next-middleware/tsconfig.lib.json b/libs/next-middleware/tsconfig.lib.json new file mode 100644 index 00000000..08e579bc --- /dev/null +++ b/libs/next-middleware/tsconfig.lib.json @@ -0,0 +1,25 @@ +{ + "extends": "./tsconfig.json", + "compilerOptions": { + "outDir": "../../dist/out-tsc", + "types": [ + "node", + "@nx/react/typings/cssmodule.d.ts", + "@nx/react/typings/image.d.ts", + "next", + "@nx/next/typings/image.d.ts" + ] + }, + "exclude": [ + "jest.config.ts", + "src/**/*.spec.ts", + "src/**/*.test.ts", + "src/**/*.spec.tsx", + "src/**/*.test.tsx", + "src/**/*.spec.js", + "src/**/*.test.js", + "src/**/*.spec.jsx", + "src/**/*.test.jsx" + ], + "include": ["src/**/*.js", "src/**/*.jsx", "src/**/*.ts", "src/**/*.tsx"] +} diff --git a/libs/util-prohibited-data/src/index.ts b/libs/util-prohibited-data/src/index.ts index fe50d205..5c7f8481 100644 --- a/libs/util-prohibited-data/src/index.ts +++ b/libs/util-prohibited-data/src/index.ts @@ -2,8 +2,11 @@ import { toLower } from 'lodash'; import { Address } from 'viem'; import prohibitedAddresses from './lib/prohibited-addresses.json'; +import prohibitedCountries from './lib/prohibited-countries.json'; export const isAddressProhibited = (address: Address | undefined) => { const addresses = prohibitedAddresses.map((e) => toLower(e)); return addresses.includes(toLower(address)); }; + +export { prohibitedCountries, prohibitedAddresses }; diff --git a/tsconfig.base.json b/tsconfig.base.json index b33be9b6..bfbeeb90 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -33,6 +33,8 @@ "@autonolas-frontend-mono/feature-service-status-info": [ "libs/feature-service-status-info/src/index.ts" ], + "@autonolas-frontend-mono/next-middleware": ["libs/next-middleware/src/index.ts"], + "@autonolas-frontend-mono/next-middleware/server": ["libs/next-middleware/src/server.ts"], "@autonolas-frontend-mono/service-status-info": ["libs/service-status-info/src/index.ts"], "@autonolas-frontend-mono/ui-theme": ["libs/ui-theme/src/index.ts"], "@autonolas-frontend-mono/util-contracts": ["libs/util-contracts/src/index.ts"], From fffbd6c1484e5667cb34d09548b2c9d4377c838a Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 02:57:46 +0530 Subject: [PATCH 02/22] feat: renames files for middleware --- apps/autonolas-registry/middleware.ts | 2 +- .../.eslintrc.json | 0 libs/common-middleware/README.md | 5 +++ .../project.json | 4 +- libs/common-middleware/src/index.ts | 1 + .../src/lib/cspHeader.ts | 0 .../src/lib/prohibitedCountries.ts | 3 -- .../src/middleware.ts} | 0 .../tsconfig.json | 0 .../tsconfig.lib.json | 0 libs/next-middleware/README.md | 7 ---- libs/next-middleware/src/index.ts | 3 -- .../src/lib/next-middleware.tsx | 38 ------------------- tsconfig.base.json | 4 +- 14 files changed, 11 insertions(+), 56 deletions(-) rename libs/{next-middleware => common-middleware}/.eslintrc.json (100%) create mode 100644 libs/common-middleware/README.md rename libs/{next-middleware => common-middleware}/project.json (74%) create mode 100644 libs/common-middleware/src/index.ts rename libs/{next-middleware => common-middleware}/src/lib/cspHeader.ts (100%) rename libs/{next-middleware => common-middleware}/src/lib/prohibitedCountries.ts (67%) rename libs/{next-middleware/src/server.ts => common-middleware/src/middleware.ts} (100%) rename libs/{next-middleware => common-middleware}/tsconfig.json (100%) rename libs/{next-middleware => common-middleware}/tsconfig.lib.json (100%) delete mode 100644 libs/next-middleware/README.md delete mode 100644 libs/next-middleware/src/index.ts delete mode 100644 libs/next-middleware/src/lib/next-middleware.tsx diff --git a/apps/autonolas-registry/middleware.ts b/apps/autonolas-registry/middleware.ts index 3847b993..88188c61 100644 --- a/apps/autonolas-registry/middleware.ts +++ b/apps/autonolas-registry/middleware.ts @@ -1,4 +1,4 @@ -import { config, middleware } from 'libs/next-middleware/src/server'; +import { config, middleware } from 'libs/common-middleware/src'; export default middleware; export { config }; diff --git a/libs/next-middleware/.eslintrc.json b/libs/common-middleware/.eslintrc.json similarity index 100% rename from libs/next-middleware/.eslintrc.json rename to libs/common-middleware/.eslintrc.json diff --git a/libs/common-middleware/README.md b/libs/common-middleware/README.md new file mode 100644 index 00000000..69743456 --- /dev/null +++ b/libs/common-middleware/README.md @@ -0,0 +1,5 @@ +# common-middleware + +Common middleware for apps, including: +- Prohibition of specific countries and addresses +- Implementation of security headers diff --git a/libs/next-middleware/project.json b/libs/common-middleware/project.json similarity index 74% rename from libs/next-middleware/project.json rename to libs/common-middleware/project.json index 8aedd1e8..d81cb0af 100644 --- a/libs/next-middleware/project.json +++ b/libs/common-middleware/project.json @@ -1,7 +1,7 @@ { - "name": "next-middleware", + "name": "common-middleware", "$schema": "../../node_modules/nx/schemas/project-schema.json", - "sourceRoot": "libs/next-middleware/src", + "sourceRoot": "libs/common-middleware/src", "projectType": "library", "tags": [], "targets": { diff --git a/libs/common-middleware/src/index.ts b/libs/common-middleware/src/index.ts new file mode 100644 index 00000000..965a85bc --- /dev/null +++ b/libs/common-middleware/src/index.ts @@ -0,0 +1 @@ +export { config, middleware } from './middleware'; diff --git a/libs/next-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts similarity index 100% rename from libs/next-middleware/src/lib/cspHeader.ts rename to libs/common-middleware/src/lib/cspHeader.ts diff --git a/libs/next-middleware/src/lib/prohibitedCountries.ts b/libs/common-middleware/src/lib/prohibitedCountries.ts similarity index 67% rename from libs/next-middleware/src/lib/prohibitedCountries.ts rename to libs/common-middleware/src/lib/prohibitedCountries.ts index dd10a52e..b992b378 100644 --- a/libs/next-middleware/src/lib/prohibitedCountries.ts +++ b/libs/common-middleware/src/lib/prohibitedCountries.ts @@ -1,7 +1,4 @@ /* eslint-disable @nx/enforce-module-boundaries */ -// import prohibitedAddresses from './prohibited-addresses.json'; -// import prohibitedAddresses from '../../../util-prohibited-data/src/lib/prohibited-addresses.json'; -// import { prohibitedAddresses } from '@autonolas-frontend-mono/util-prohibited-data'; import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; export const getRedirectUrl = async (pathName: string, countryName?: string) => { diff --git a/libs/next-middleware/src/server.ts b/libs/common-middleware/src/middleware.ts similarity index 100% rename from libs/next-middleware/src/server.ts rename to libs/common-middleware/src/middleware.ts diff --git a/libs/next-middleware/tsconfig.json b/libs/common-middleware/tsconfig.json similarity index 100% rename from libs/next-middleware/tsconfig.json rename to libs/common-middleware/tsconfig.json diff --git a/libs/next-middleware/tsconfig.lib.json b/libs/common-middleware/tsconfig.lib.json similarity index 100% rename from libs/next-middleware/tsconfig.lib.json rename to libs/common-middleware/tsconfig.lib.json diff --git a/libs/next-middleware/README.md b/libs/next-middleware/README.md deleted file mode 100644 index 47e2baa5..00000000 --- a/libs/next-middleware/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# next-middleware - -This library was generated with [Nx](https://nx.dev). - -## Running unit tests - -Run `nx test next-middleware` to execute the unit tests via [Jest](https://jestjs.io). diff --git a/libs/next-middleware/src/index.ts b/libs/next-middleware/src/index.ts deleted file mode 100644 index 8abf6520..00000000 --- a/libs/next-middleware/src/index.ts +++ /dev/null @@ -1,3 +0,0 @@ -// Use this file to export React client components (e.g. those with 'use client' directive) or other non-server utilities - -export * from './lib/next-middleware'; diff --git a/libs/next-middleware/src/lib/next-middleware.tsx b/libs/next-middleware/src/lib/next-middleware.tsx deleted file mode 100644 index fe184fd0..00000000 --- a/libs/next-middleware/src/lib/next-middleware.tsx +++ /dev/null @@ -1,38 +0,0 @@ -import { NextRequest, NextResponse, userAgent } from 'next/server'; - -import { cspHeader } from './cspHeader'; -import { getRedirectUrl } from './prohibitedCountries'; - -export const middleware = async (request: NextRequest) => { - const country = request.geo?.country; - const redirectUrl = await getRedirectUrl(request.nextUrl.pathname, country); - - const response = redirectUrl - ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) - : NextResponse.next(); - - const browserName = userAgent(request)?.browser.name; - const cspHeaders = cspHeader(browserName); - - // apply CSP headers - // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers - cspHeaders.forEach((header) => { - const { key, value } = header; - response.headers.set(key, value); - }); - - return response; -}; - -export const config = { - matcher: [ - /* - * Match all request paths except for the ones starting with: - * - api (API routes) - * - _next/static (static files) - * - _next/image (image optimization files) - * - favicon.ico (favicon file) - */ - '/((?!api|_next/static|_next/image|favicon.ico).*)', - ], -}; diff --git a/tsconfig.base.json b/tsconfig.base.json index bfbeeb90..1cad8f3d 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -33,8 +33,8 @@ "@autonolas-frontend-mono/feature-service-status-info": [ "libs/feature-service-status-info/src/index.ts" ], - "@autonolas-frontend-mono/next-middleware": ["libs/next-middleware/src/index.ts"], - "@autonolas-frontend-mono/next-middleware/server": ["libs/next-middleware/src/server.ts"], + "@autonolas-frontend-mono/common-middleware": ["libs/common-middleware/src/index.ts"], + "@autonolas-frontend-mono/common-middleware/server": ["libs/common-middleware/src/server.ts"], "@autonolas-frontend-mono/service-status-info": ["libs/service-status-info/src/index.ts"], "@autonolas-frontend-mono/ui-theme": ["libs/ui-theme/src/index.ts"], "@autonolas-frontend-mono/util-contracts": ["libs/util-contracts/src/index.ts"], From 9c2cc7d5075970a7745031152524ce1890ed67e6 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 03:20:10 +0530 Subject: [PATCH 03/22] feat: remove unsafe-inline for style-src --- apps/govern/middleware.ts | 4 ++ libs/common-middleware/src/lib/cspHeader.ts | 62 +++++++++++---------- 2 files changed, 37 insertions(+), 29 deletions(-) create mode 100644 apps/govern/middleware.ts diff --git a/apps/govern/middleware.ts b/apps/govern/middleware.ts new file mode 100644 index 00000000..88188c61 --- /dev/null +++ b/apps/govern/middleware.ts @@ -0,0 +1,4 @@ +import { config, middleware } from 'libs/common-middleware/src'; + +export default middleware; +export { config }; diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 02ca0d9d..bd5b5c45 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -61,37 +61,41 @@ export const cspHeader = (browserName?: string) => { scriptSrc.push("'unsafe-inline'"); } - const nextSafeHeaders = - typeof nextSafe === 'function' - ? // TODO - // @ts-expect-error: For some reason, TypeScript is not recognizing the function - nextSafe({ - isDev, - /** - * Content Security Policy - * @see https://content-security-policy.com/ - */ - contentSecurityPolicy: { - 'default-src': "'none'", - 'script-src': scriptSrc, - 'connect-src': connectSrc, - 'img-src': [ - "'self'", - 'blob:', - 'data:', - 'https://*.autonolas.tech/', - 'https://explorer-api.walletconnect.com/w3m/', - ...walletconnectSrc, - ], - 'style-src': ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com/'], - 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], - }, - permissionsPolicyDirectiveSupport: ['standard'], - }) - : []; + const getNextSafeHeaders = () => { + if (typeof nextSafe !== 'function') return []; + // @ts-expect-error: For some reason, TypeScript is not recognizing the function + return nextSafe({ + isDev, + /** + * Content Security Policy + * @see https://content-security-policy.com/ + */ + contentSecurityPolicy: { + 'default-src': "'none'", + 'script-src': scriptSrc, + 'connect-src': connectSrc, + 'img-src': [ + "'self'", + 'blob:', + 'data:', + 'https://*.autonolas.tech/', + 'https://explorer-api.walletconnect.com/w3m/', + ...walletconnectSrc, + ], + 'style-src': ["'self'", 'https://fonts.googleapis.com/'], + 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], + }, + permissionsPolicyDirectiveSupport: ['standard'], + }); + }; + + /** + * Some headers might throw warnings in the console - they are safe to ignore. + * https://trezy.gitbook.io/next-safe/usage/troubleshooting#why-do-i-see-so-many-unrecognized-feature-warnings + */ const headers = [ - ...nextSafeHeaders, + ...getNextSafeHeaders(), { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains', From 110a1fcf8c2314160adec009eb25953fb10ed9d6 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 18:35:32 +0530 Subject: [PATCH 04/22] chore: include object-src --- libs/common-middleware/src/lib/cspHeader.ts | 28 +++++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index bd5b5c45..4a4e1337 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -8,25 +8,36 @@ export const cspHeader = (browserName?: string) => { const walletconnectSrc = ['https://verify.walletconnect.org', 'https://verify.walletconnect.com']; const connectSrc: CSPDirective = [ + // internal "'self'", - ...walletconnectSrc, 'https://*.olas.network/', 'https://*.autonolas.tech/', + + // web3modal and wallet connect + ...walletconnectSrc, 'https://rpc.walletconnect.com/', 'wss://relay.walletconnect.org/', 'wss://relay.walletconnect.com/', 'https://explorer-api.walletconnect.com/', + 'wss://*.pusher.com/', + 'wss://www.walletlink.org/rpc', + + // gnosis safe + 'https://safe-transaction-mainnet.safe.global/api/v1/', + 'https://safe-transaction-goerli.safe.global/api/', + 'https://safe-transaction-gnosis-chain.safe.global/api/', + 'https://safe-transaction-polygon.safe.global/api/', + + // vercel + 'https://vercel.live/', + + // chains 'https://eth-mainnet.g.alchemy.com/v2/', 'https://eth-goerli.g.alchemy.com/v2/', 'https://gno.getblock.io/', 'https://polygon-mainnet.g.alchemy.com/v2/', 'https://polygon-mumbai-bor.publicnode.com/', 'https://rpc.chiado.gnosis.gateway.fm/', - 'https://safe-transaction-mainnet.safe.global/api/v1/', - 'https://safe-transaction-goerli.safe.global/api/', - 'https://safe-transaction-gnosis-chain.safe.global/api/', - 'https://safe-transaction-polygon.safe.global/api/', - 'https://vercel.live/', 'https://api.devnet.solana.com/', 'wss://api.devnet.solana.com/', 'https://api.mainnet-beta.solana.com/', @@ -43,8 +54,8 @@ export const cspHeader = (browserName?: string) => { 'https://forno.celo.org', 'https://alfajores-forno.celo-testnet.org', 'https://api.web3modal.com/', - 'wss://www.walletlink.org/rpc', - 'wss://*.pusher.com/', + + // others process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL, ]; @@ -85,6 +96,7 @@ export const cspHeader = (browserName?: string) => { ], 'style-src': ["'self'", 'https://fonts.googleapis.com/'], 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], + 'object-src': "'none'", }, permissionsPolicyDirectiveSupport: ['standard'], }); From 4e9e5f0f04fa2fb2c1101d1c74e5f72f937b9ba4 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 18:43:57 +0530 Subject: [PATCH 05/22] chore: remove unsafe inline for firefox --- libs/common-middleware/src/lib/cspHeader.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 4a4e1337..863aed67 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -68,9 +68,9 @@ export const cspHeader = (browserName?: string) => { // Firefox blocks inline scripts by default and it's an issue with Metamask // reference: https://github.com/MetaMask/metamask-extension/issues/3133 - if (browserName === 'Firefox') { - scriptSrc.push("'unsafe-inline'"); - } + // if (browserName === 'Firefox') { + // scriptSrc.push("'unsafe-inline'"); + // } const getNextSafeHeaders = () => { if (typeof nextSafe !== 'function') return []; From 1f3b301c2fb0793a7687392bc9cd68e68f10aa3a Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 19:30:52 +0530 Subject: [PATCH 06/22] chore: IMPORTANT - got A+ but changing the policy to make it work as it is broken now --- libs/common-middleware/src/lib/cspHeader.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 863aed67..843000a0 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -95,6 +95,7 @@ export const cspHeader = (browserName?: string) => { ...walletconnectSrc, ], 'style-src': ["'self'", 'https://fonts.googleapis.com/'], + 'font-src': ["'self'", 'https://fonts.gstatic.com/'], 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], 'object-src': "'none'", }, From 833af209abb3b009d3521640bcd11c1d7c3365f7 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 19:57:15 +0530 Subject: [PATCH 07/22] chore: adding unsafe-inline for style-src --- libs/common-middleware/src/lib/cspHeader.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 843000a0..c17cd3d3 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -94,7 +94,7 @@ export const cspHeader = (browserName?: string) => { 'https://explorer-api.walletconnect.com/w3m/', ...walletconnectSrc, ], - 'style-src': ["'self'", 'https://fonts.googleapis.com/'], + 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], 'font-src': ["'self'", 'https://fonts.gstatic.com/'], 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], 'object-src': "'none'", From 7c2e7335b26ad75fdc718fdb16dde81e8ac8b50c Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 20:07:52 +0530 Subject: [PATCH 08/22] chore: remove font-src, object-src and scriptSrc to have unsafe-inline (for firefox) --- libs/common-middleware/src/lib/cspHeader.ts | 8 -------- 1 file changed, 8 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index c17cd3d3..4c7699f1 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -66,12 +66,6 @@ export const cspHeader = (browserName?: string) => { const scriptSrc = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; - // Firefox blocks inline scripts by default and it's an issue with Metamask - // reference: https://github.com/MetaMask/metamask-extension/issues/3133 - // if (browserName === 'Firefox') { - // scriptSrc.push("'unsafe-inline'"); - // } - const getNextSafeHeaders = () => { if (typeof nextSafe !== 'function') return []; // @ts-expect-error: For some reason, TypeScript is not recognizing the function @@ -95,9 +89,7 @@ export const cspHeader = (browserName?: string) => { ...walletconnectSrc, ], 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], - 'font-src': ["'self'", 'https://fonts.gstatic.com/'], 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], - 'object-src': "'none'", }, permissionsPolicyDirectiveSupport: ['standard'], }); From 21c667902afa8f81e29c433b5bd79ff836606d45 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 22:48:27 +0530 Subject: [PATCH 09/22] refractor: move constants above the function in cspHeader, remove browerName usage as it works on firefox --- libs/common-middleware/src/lib/cspHeader.ts | 115 +++++++++++--------- libs/common-middleware/src/middleware.ts | 5 +- 2 files changed, 63 insertions(+), 57 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 4c7699f1..8d60d48c 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -2,60 +2,67 @@ import nextSafe from 'next-safe'; const isDev = process.env.NODE_ENV !== 'production'; -export const cspHeader = (browserName?: string) => { - if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; +const WALLET_CONNECT_LINKS = [ + 'https://verify.walletconnect.org', + 'https://verify.walletconnect.com', +]; + +const ALLOWED_ORIGINS = [ + // internal + "'self'", + 'https://*.olas.network/', + 'https://*.autonolas.tech/', + + // web3modal and wallet connect + ...WALLET_CONNECT_LINKS, + 'https://rpc.walletconnect.com/', + 'wss://relay.walletconnect.org/', + 'wss://relay.walletconnect.com/', + 'https://explorer-api.walletconnect.com/', + 'wss://*.pusher.com/', + 'wss://www.walletlink.org/rpc', + + // gnosis safe + 'https://safe-transaction-mainnet.safe.global/api/v1/', + 'https://safe-transaction-goerli.safe.global/api/', + 'https://safe-transaction-gnosis-chain.safe.global/api/', + 'https://safe-transaction-polygon.safe.global/api/', + + // vercel + 'https://vercel.live/', - const walletconnectSrc = ['https://verify.walletconnect.org', 'https://verify.walletconnect.com']; + // chains + 'https://eth-mainnet.g.alchemy.com/v2/', + 'https://eth-goerli.g.alchemy.com/v2/', + 'https://gno.getblock.io/', + 'https://polygon-mainnet.g.alchemy.com/v2/', + 'https://polygon-mumbai-bor.publicnode.com/', + 'https://rpc.chiado.gnosis.gateway.fm/', + 'https://api.devnet.solana.com/', + 'wss://api.devnet.solana.com/', + 'https://api.mainnet-beta.solana.com/', + 'wss://api.mainnet-beta.solana.com/', + 'https://holy-convincing-bird.solana-mainnet.quiknode.pro/', + 'wss://holy-convincing-bird.solana-mainnet.quiknode.pro/', + 'https://arb1.arbitrum.io/rpc/', + 'https://sepolia-rollup.arbitrum.io/rpc', + 'https://rpc.gnosischain.com/', + 'https://mainnet.base.org/', + 'https://sepolia.base.org/', + 'https://mainnet.optimism.io', + 'https://sepolia.optimism.io/', + 'https://forno.celo.org', + 'https://alfajores-forno.celo-testnet.org', + 'https://api.web3modal.com/', +]; + +export const cspHeader = () => { + if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; const connectSrc: CSPDirective = [ - // internal - "'self'", - 'https://*.olas.network/', - 'https://*.autonolas.tech/', - - // web3modal and wallet connect - ...walletconnectSrc, - 'https://rpc.walletconnect.com/', - 'wss://relay.walletconnect.org/', - 'wss://relay.walletconnect.com/', - 'https://explorer-api.walletconnect.com/', - 'wss://*.pusher.com/', - 'wss://www.walletlink.org/rpc', - - // gnosis safe - 'https://safe-transaction-mainnet.safe.global/api/v1/', - 'https://safe-transaction-goerli.safe.global/api/', - 'https://safe-transaction-gnosis-chain.safe.global/api/', - 'https://safe-transaction-polygon.safe.global/api/', - - // vercel - 'https://vercel.live/', - - // chains - 'https://eth-mainnet.g.alchemy.com/v2/', - 'https://eth-goerli.g.alchemy.com/v2/', - 'https://gno.getblock.io/', - 'https://polygon-mainnet.g.alchemy.com/v2/', - 'https://polygon-mumbai-bor.publicnode.com/', - 'https://rpc.chiado.gnosis.gateway.fm/', - 'https://api.devnet.solana.com/', - 'wss://api.devnet.solana.com/', - 'https://api.mainnet-beta.solana.com/', - 'wss://api.mainnet-beta.solana.com/', - 'https://holy-convincing-bird.solana-mainnet.quiknode.pro/', - 'wss://holy-convincing-bird.solana-mainnet.quiknode.pro/', - 'https://arb1.arbitrum.io/rpc/', - 'https://sepolia-rollup.arbitrum.io/rpc', - 'https://rpc.gnosischain.com/', - 'https://mainnet.base.org/', - 'https://sepolia.base.org/', - 'https://mainnet.optimism.io', - 'https://sepolia.optimism.io/', - 'https://forno.celo.org', - 'https://alfajores-forno.celo-testnet.org', - 'https://api.web3modal.com/', - - // others + ...ALLOWED_ORIGINS, + + // env variables process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL, ]; @@ -68,8 +75,8 @@ export const cspHeader = (browserName?: string) => { const getNextSafeHeaders = () => { if (typeof nextSafe !== 'function') return []; - // @ts-expect-error: For some reason, TypeScript is not recognizing the function + // @ts-expect-error: For some reason, TypeScript is not recognizing the function return nextSafe({ isDev, /** @@ -86,10 +93,10 @@ export const cspHeader = (browserName?: string) => { 'data:', 'https://*.autonolas.tech/', 'https://explorer-api.walletconnect.com/w3m/', - ...walletconnectSrc, + ...WALLET_CONNECT_LINKS, ], 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], - 'frame-src': ["'self'", 'https://vercel.live/', ...walletconnectSrc], + 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, permissionsPolicyDirectiveSupport: ['standard'], }); diff --git a/libs/common-middleware/src/middleware.ts b/libs/common-middleware/src/middleware.ts index 09ee7961..beeb07fb 100644 --- a/libs/common-middleware/src/middleware.ts +++ b/libs/common-middleware/src/middleware.ts @@ -1,4 +1,4 @@ -import { NextRequest, NextResponse, userAgent } from 'next/server'; +import { NextRequest, NextResponse } from 'next/server'; import { cspHeader } from './lib/cspHeader'; import { getRedirectUrl } from './lib/prohibitedCountries'; @@ -11,8 +11,7 @@ export const middleware = async (request: NextRequest) => { ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) : NextResponse.next(); - const browserName = userAgent(request)?.browser.name; - const cspHeaders = cspHeader(browserName); + const cspHeaders = cspHeader(); // apply CSP headers // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers From 3141d5bdbfe93544ee5c15c6dbe2e0a1a786e13f Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 23:26:06 +0530 Subject: [PATCH 10/22] chore: add 'nonce' support for style-src and commented unsafe-inline --- libs/common-middleware/src/lib/cspHeader.ts | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 8d60d48c..7aa73864 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -56,9 +56,13 @@ const ALLOWED_ORIGINS = [ 'https://api.web3modal.com/', ]; +const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; + export const cspHeader = () => { if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; + // const nonce = Buffer.from(crypto.randomUUID()).toString('base64'); + const connectSrc: CSPDirective = [ ...ALLOWED_ORIGINS, @@ -71,8 +75,6 @@ export const cspHeader = () => { connectSrc.push('ws://localhost'); } - const scriptSrc = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; - const getNextSafeHeaders = () => { if (typeof nextSafe !== 'function') return []; @@ -85,7 +87,7 @@ export const cspHeader = () => { */ contentSecurityPolicy: { 'default-src': "'none'", - 'script-src': scriptSrc, + 'script-src': SCRIPT_SRC, 'connect-src': connectSrc, 'img-src': [ "'self'", @@ -95,7 +97,12 @@ export const cspHeader = () => { 'https://explorer-api.walletconnect.com/w3m/', ...WALLET_CONNECT_LINKS, ], - 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], + 'style-src': [ + "'self'", + 'https://fonts.googleapis.com/', + // `nonce-${nonce}`, + // "'unsafe-inline'" + ], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, permissionsPolicyDirectiveSupport: ['standard'], @@ -108,10 +115,8 @@ export const cspHeader = () => { */ const headers = [ ...getNextSafeHeaders(), - { - key: 'Strict-Transport-Security', - value: 'max-age=31536000; includeSubDomains', - }, + { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' }, + // { key: 'x-nonce', value: nonce }, ]; return headers; From 19c416986b7f1f2db38c109de9a8c094e5e39774 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 18 Jul 2024 23:47:56 +0530 Subject: [PATCH 11/22] chore: add nonce --- libs/common-middleware/src/lib/cspHeader.ts | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 7aa73864..7761353e 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -61,8 +61,7 @@ const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis. export const cspHeader = () => { if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; - // const nonce = Buffer.from(crypto.randomUUID()).toString('base64'); - + const nonce = Buffer.from(crypto.randomUUID()).toString('base64'); const connectSrc: CSPDirective = [ ...ALLOWED_ORIGINS, @@ -95,14 +94,16 @@ export const cspHeader = () => { 'data:', 'https://*.autonolas.tech/', 'https://explorer-api.walletconnect.com/w3m/', + 'https://vercel.com/', ...WALLET_CONNECT_LINKS, ], 'style-src': [ "'self'", 'https://fonts.googleapis.com/', - // `nonce-${nonce}`, + `nonce-${nonce}`, // "'unsafe-inline'" ], + 'font-src': ['self', 'https://fonts.gstatic.com'], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, permissionsPolicyDirectiveSupport: ['standard'], @@ -116,7 +117,7 @@ export const cspHeader = () => { const headers = [ ...getNextSafeHeaders(), { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' }, - // { key: 'x-nonce', value: nonce }, + { key: 'x-nonce', value: nonce }, ]; return headers; From 8255b0efd188b8012b267abb6f0f3439decedb0f Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 00:29:04 +0530 Subject: [PATCH 12/22] chore: remove nonce and add unsafe-inline for style --- libs/common-middleware/src/lib/cspHeader.ts | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 7761353e..0540330d 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -61,7 +61,6 @@ const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis. export const cspHeader = () => { if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; - const nonce = Buffer.from(crypto.randomUUID()).toString('base64'); const connectSrc: CSPDirective = [ ...ALLOWED_ORIGINS, @@ -97,12 +96,11 @@ export const cspHeader = () => { 'https://vercel.com/', ...WALLET_CONNECT_LINKS, ], - 'style-src': [ - "'self'", - 'https://fonts.googleapis.com/', - `nonce-${nonce}`, - // "'unsafe-inline'" - ], + /** + * It is less harmful to allow 'unsafe-inline' in style-src, please read the article below + * @see https://scotthelme.co.uk/can-you-get-pwned-with-css/ + */ + 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], 'font-src': ['self', 'https://fonts.gstatic.com'], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, @@ -112,12 +110,11 @@ export const cspHeader = () => { /** * Some headers might throw warnings in the console - they are safe to ignore. - * https://trezy.gitbook.io/next-safe/usage/troubleshooting#why-do-i-see-so-many-unrecognized-feature-warnings + * @see https://trezy.gitbook.io/next-safe/usage/troubleshooting#why-do-i-see-so-many-unrecognized-feature-warnings */ const headers = [ ...getNextSafeHeaders(), { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' }, - { key: 'x-nonce', value: nonce }, ]; return headers; From 239bd74061f19c9c6af8ca76942e0fbfa25963a7 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 00:39:12 +0530 Subject: [PATCH 13/22] chore: add api.thegraph.com origin --- libs/common-middleware/src/lib/cspHeader.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 0540330d..5e4d419e 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -54,6 +54,9 @@ const ALLOWED_ORIGINS = [ 'https://forno.celo.org', 'https://alfajores-forno.celo-testnet.org', 'https://api.web3modal.com/', + + // others + 'https://api.thegraph.com/', ]; const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; From 9fe74ed5a6a59d9f2d98a206853ea89eed5d24ae Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 00:40:04 +0530 Subject: [PATCH 14/22] feat: add middleware to other apps --- apps/bond/middleware.ts | 4 ++++ apps/launch/middleware.ts | 4 ++++ apps/tokenomics/middleware.ts | 4 ++++ 3 files changed, 12 insertions(+) create mode 100644 apps/bond/middleware.ts create mode 100644 apps/launch/middleware.ts create mode 100644 apps/tokenomics/middleware.ts diff --git a/apps/bond/middleware.ts b/apps/bond/middleware.ts new file mode 100644 index 00000000..88188c61 --- /dev/null +++ b/apps/bond/middleware.ts @@ -0,0 +1,4 @@ +import { config, middleware } from 'libs/common-middleware/src'; + +export default middleware; +export { config }; diff --git a/apps/launch/middleware.ts b/apps/launch/middleware.ts new file mode 100644 index 00000000..88188c61 --- /dev/null +++ b/apps/launch/middleware.ts @@ -0,0 +1,4 @@ +import { config, middleware } from 'libs/common-middleware/src'; + +export default middleware; +export { config }; diff --git a/apps/tokenomics/middleware.ts b/apps/tokenomics/middleware.ts new file mode 100644 index 00000000..88188c61 --- /dev/null +++ b/apps/tokenomics/middleware.ts @@ -0,0 +1,4 @@ +import { config, middleware } from 'libs/common-middleware/src'; + +export default middleware; +export { config }; From 5eefbe531432fba549852e17f755af7d2071f655 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 00:51:10 +0530 Subject: [PATCH 15/22] feat: remove headers from next.config.js for bond & tokenomics app --- apps/bond/next.config.js | 35 --------------------- apps/tokenomics/next.config.js | 25 --------------- libs/common-middleware/src/lib/cspHeader.ts | 3 ++ 3 files changed, 3 insertions(+), 60 deletions(-) diff --git a/apps/bond/next.config.js b/apps/bond/next.config.js index 21180c94..36638391 100644 --- a/apps/bond/next.config.js +++ b/apps/bond/next.config.js @@ -24,41 +24,6 @@ const nextConfig = { }; return config; }, - async headers() { - return [ - { - source: '/:path*', - headers: [ - { - key: 'Content-Security-Policy', - value: "frame-ancestors 'none';", - }, - { - key: 'X-Content-Type-Options', - value: 'nosniff', - }, - { - key: 'Referrer-Policy', - value: 'strict-origin-when-cross-origin', - }, - { - key: 'Strict-Transport-Security', - value: 'max-age=31536000; includeSubDomains', - }, - ], - }, - { - source: '/:all*(svg|jpg|jpeg|png|gif|ico|css|js|mov|mp4)', - headers: [ - { - key: 'Cache-Control', - value: 'public, max-age=31536000, must-revalidate', - }, - ], - }, - ]; - }, - }; const plugins = [ diff --git a/apps/tokenomics/next.config.js b/apps/tokenomics/next.config.js index 1ab955c0..f1829759 100644 --- a/apps/tokenomics/next.config.js +++ b/apps/tokenomics/next.config.js @@ -40,31 +40,6 @@ const nextConfig = { }, ]; }, - async headers() { - return [ - { - source: '/:path*', - headers: [ - { - key: 'Content-Security-Policy', - value: "frame-ancestors 'none';", - }, - { - key: 'X-Content-Type-Options', - value: 'nosniff', - }, - { - key: 'Referrer-Policy', - value: 'strict-origin-when-cross-origin', - }, - { - key: 'Strict-Transport-Security', - value: 'max-age=31536000; includeSubDomains', - }, - ], - }, - ]; - }, }; const plugins = [ // Add more Next.js plugins to this list if needed. diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 5e4d419e..0e3db928 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -55,6 +55,9 @@ const ALLOWED_ORIGINS = [ 'https://alfajores-forno.celo-testnet.org', 'https://api.web3modal.com/', + // tenderly + 'https://virtual.mainnet.rpc.tenderly.co/', + // others 'https://api.thegraph.com/', ]; From 765c6065cca000414b7c5dbc79bab8d7131ae5d4 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 01:05:41 +0530 Subject: [PATCH 16/22] chore: rename getCspHeader function name --- libs/common-middleware/src/lib/cspHeader.ts | 4 ++-- libs/common-middleware/src/middleware.ts | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 0e3db928..c1e8935d 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -64,7 +64,7 @@ const ALLOWED_ORIGINS = [ const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; -export const cspHeader = () => { +export const getCspHeaders = () => { if (!process.env.NEXT_PUBLIC_AUTONOLAS_SUB_GRAPH_URL) return []; const connectSrc: CSPDirective = [ @@ -107,7 +107,7 @@ export const cspHeader = () => { * @see https://scotthelme.co.uk/can-you-get-pwned-with-css/ */ 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], - 'font-src': ['self', 'https://fonts.gstatic.com'], + 'font-src': ["'self", 'https://fonts.gstatic.com'], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, permissionsPolicyDirectiveSupport: ['standard'], diff --git a/libs/common-middleware/src/middleware.ts b/libs/common-middleware/src/middleware.ts index beeb07fb..2e7d94b0 100644 --- a/libs/common-middleware/src/middleware.ts +++ b/libs/common-middleware/src/middleware.ts @@ -1,6 +1,6 @@ import { NextRequest, NextResponse } from 'next/server'; -import { cspHeader } from './lib/cspHeader'; +import { getCspHeaders } from './lib/cspHeader'; import { getRedirectUrl } from './lib/prohibitedCountries'; export const middleware = async (request: NextRequest) => { @@ -11,10 +11,12 @@ export const middleware = async (request: NextRequest) => { ? NextResponse.redirect(new URL(redirectUrl, request.nextUrl)) : NextResponse.next(); - const cspHeaders = cspHeader(); + const cspHeaders = getCspHeaders(); - // apply CSP headers - // https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers + /** + * apply CSP headers + * @see https://nextjs.org/docs/app/building-your-application/routing/middleware#setting-headers + */ cspHeaders.forEach((header) => { const { key, value } = header; response.headers.set(key, value); From 3f79d9a4e2745cbf51db796dd633dc54e112e4fd Mon Sep 17 00:00:00 2001 From: Mohan Date: Fri, 19 Jul 2024 13:19:43 +0530 Subject: [PATCH 17/22] Update libs/common-middleware/src/lib/cspHeader.ts Co-authored-by: Josh Miller <31908788+truemiller@users.noreply.github.com> --- libs/common-middleware/src/lib/cspHeader.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index c1e8935d..9b4e1324 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -107,7 +107,7 @@ export const getCspHeaders = () => { * @see https://scotthelme.co.uk/can-you-get-pwned-with-css/ */ 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], - 'font-src': ["'self", 'https://fonts.gstatic.com'], + 'font-src': ["'self'", 'https://fonts.gstatic.com'], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, permissionsPolicyDirectiveSupport: ['standard'], From 5978445c7195c704875a2d2da0585aa0e38dec1a Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 20:40:37 +0530 Subject: [PATCH 18/22] refactor: Remove duplicate code for address prohibition check --- .../common-util/Login/LoginV2.jsx | 6 ++-- .../common-util/functions/index.jsx | 9 +----- apps/bond/common-util/Login/LoginV2.jsx | 31 +++++++------------ apps/bond/common-util/functions/addresses.js | 7 ----- .../govern/common-util/functions/addresses.ts | 8 ----- apps/govern/components/Login/LoginV2.tsx | 3 +- apps/tokenomics/common-util/Login/LoginV2.jsx | 31 +++++++------------ .../common-util/functions/addresses.js | 7 ----- 8 files changed, 29 insertions(+), 73 deletions(-) delete mode 100644 apps/bond/common-util/functions/addresses.js delete mode 100644 apps/tokenomics/common-util/functions/addresses.js diff --git a/apps/autonolas-registry/common-util/Login/LoginV2.jsx b/apps/autonolas-registry/common-util/Login/LoginV2.jsx index 27d46c81..fb1ddbd2 100644 --- a/apps/autonolas-registry/common-util/Login/LoginV2.jsx +++ b/apps/autonolas-registry/common-util/Login/LoginV2.jsx @@ -9,10 +9,11 @@ import { useAccount, useBalance, useDisconnect, useSwitchChain } from 'wagmi'; import { CannotConnectAddressOfacError, notifyError, useScreen } from '@autonolas/frontend-library'; +import { isAddressProhibited } from 'libs/util-prohibited-data/src/index'; + import { setUserBalance } from 'store/setup'; import { YellowButton } from '../YellowButton'; -import { isAddressProhibited } from '../functions'; import { useHelpers } from '../hooks'; import { SolanaWallet } from './SolanaWallet'; @@ -145,7 +146,8 @@ export const LoginV2 = ({ loading={isPending} type="default" onClick={onSwitchNetwork} - icon={}> + icon={} + > {!isMobile && 'Switch network'} )} diff --git a/apps/autonolas-registry/common-util/functions/index.jsx b/apps/autonolas-registry/common-util/functions/index.jsx index 079cfcc3..dd28e049 100644 --- a/apps/autonolas-registry/common-util/functions/index.jsx +++ b/apps/autonolas-registry/common-util/functions/index.jsx @@ -1,5 +1,6 @@ import { PublicKey } from '@solana/web3.js'; import { ethers } from 'ethers'; +import { isString } from 'lodash'; import { getChainIdOrDefaultToMainnet as getChainIdOrDefaultToMainnetFn, @@ -10,9 +11,6 @@ import { sendTransaction as sendTransactionFn, } from '@autonolas/frontend-library'; -import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; -import { isString, toLower } from 'lodash'; - import { VM_TYPE } from '../../util/constants'; import { RPC_URLS } from '../Contracts'; import { SUPPORTED_CHAINS } from '../Login'; @@ -178,11 +176,6 @@ export const checkIfGnosisSafe = async (account, provider) => { */ export const doesNetworkHaveValidServiceManagerTokenFn = (chainId) => !!chainId; -export const isAddressProhibited = (address) => { - const addresses = prohibitedAddresses.map((e) => toLower(e)); - return addresses.includes(toLower(address)); -}; - const doesPathIncludesComponents = (path) => !!path?.includes('components'); const doesPathIncludesAgents = (path) => !!path?.includes('agents'); export const doesPathIncludesServices = (path) => !!path?.includes('services'); diff --git a/apps/bond/common-util/Login/LoginV2.jsx b/apps/bond/common-util/Login/LoginV2.jsx index 24cd60d6..e80ce48c 100644 --- a/apps/bond/common-util/Login/LoginV2.jsx +++ b/apps/bond/common-util/Login/LoginV2.jsx @@ -1,23 +1,21 @@ +import { Grid } from 'antd'; +import PropTypes from 'prop-types'; import { useEffect } from 'react'; import { useDispatch } from 'react-redux'; -import Web3 from 'web3'; -import PropTypes from 'prop-types'; -import { Grid } from 'antd'; -import { useAccount, useBalance, useDisconnect } from 'wagmi'; import styled from 'styled-components'; +import { useAccount, useBalance, useDisconnect } from 'wagmi'; +import Web3 from 'web3'; + import { CannotConnectAddressOfacError, MEDIA_QUERY, notifyError, } from '@autonolas/frontend-library'; -import { setChainId, setUserBalance } from 'store/setup'; -import { - getChainId, - getChainIdOrDefaultToMainnet, -} from 'common-util/functions/frontend-library'; +import { isAddressProhibited } from 'libs/util-prohibited-data/src/index'; -import { isAddressProhibited } from 'common-util/functions/addresses'; +import { getChainId, getChainIdOrDefaultToMainnet } from 'common-util/functions/frontend-library'; +import { setChainId, setUserBalance } from 'store/setup'; const LoginContainer = styled.div` display: flex; @@ -31,10 +29,7 @@ const LoginContainer = styled.div` const { useBreakpoint } = Grid; -export const LoginV2 = ({ - onConnect: onConnectCb, - onDisconnect: onDisconnectCb, -}) => { +export const LoginV2 = ({ onConnect: onConnectCb, onDisconnect: onDisconnectCb }) => { const dispatch = useDispatch(); const { disconnect } = useDisconnect(); const { chainId } = useAccount(); @@ -87,8 +82,7 @@ export const LoginV2 = ({ // This is the initial `provider` that is returned when // using web3Modal to connect. Can be MetaMask or WalletConnect. const modalProvider = - connector?.options?.getProvider?.() || - (await connector?.getProvider?.()); + connector?.options?.getProvider?.() || (await connector?.getProvider?.()); if (modalProvider) { // We plug the initial `provider` and get back @@ -113,10 +107,7 @@ export const LoginV2 = ({ // cleanup return () => { if (modalProvider.removeListener) { - modalProvider.removeListener( - 'chainChanged', - handleChainChanged, - ); + modalProvider.removeListener('chainChanged', handleChainChanged); } }; } diff --git a/apps/bond/common-util/functions/addresses.js b/apps/bond/common-util/functions/addresses.js deleted file mode 100644 index 795639ec..00000000 --- a/apps/bond/common-util/functions/addresses.js +++ /dev/null @@ -1,7 +0,0 @@ -import toLower from 'lodash/toLower'; -import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; - -export const isAddressProhibited = (address) => { - const addresses = prohibitedAddresses.map((e) => toLower(e)); - return addresses.includes(toLower(address)); -}; diff --git a/apps/govern/common-util/functions/addresses.ts b/apps/govern/common-util/functions/addresses.ts index 0e423c83..11057631 100644 --- a/apps/govern/common-util/functions/addresses.ts +++ b/apps/govern/common-util/functions/addresses.ts @@ -1,14 +1,6 @@ import { ethers } from 'ethers'; -import { toLower } from 'lodash'; import { Address } from 'viem'; -import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; - -export const isAddressProhibited = (address: Address | undefined) => { - const addresses = prohibitedAddresses.map((e) => toLower(e)); - return addresses.includes(toLower(address)); -}; - export const getAddressFromBytes32 = (address: Address | string) => { return ('0x' + address.slice(-40)) as Address; }; diff --git a/apps/govern/components/Login/LoginV2.tsx b/apps/govern/components/Login/LoginV2.tsx index 9200809c..354252bc 100644 --- a/apps/govern/components/Login/LoginV2.tsx +++ b/apps/govern/components/Login/LoginV2.tsx @@ -3,8 +3,9 @@ import { useCallback, useEffect } from 'react'; import styled from 'styled-components'; import { useAccountEffect, useConfig, useDisconnect } from 'wagmi'; +import { isAddressProhibited } from 'libs/util-prohibited-data/src/index'; + import { INVALIDATE_AFTER_ACCOUNT_CHANGE } from 'common-util/constants/scopeKeys'; -import { isAddressProhibited } from 'common-util/functions'; import { queryClient } from 'context/Web3ModalProvider'; import { clearUserState } from 'store/govern'; import { useAppDispatch } from 'store/index'; diff --git a/apps/tokenomics/common-util/Login/LoginV2.jsx b/apps/tokenomics/common-util/Login/LoginV2.jsx index 24cd60d6..e80ce48c 100644 --- a/apps/tokenomics/common-util/Login/LoginV2.jsx +++ b/apps/tokenomics/common-util/Login/LoginV2.jsx @@ -1,23 +1,21 @@ +import { Grid } from 'antd'; +import PropTypes from 'prop-types'; import { useEffect } from 'react'; import { useDispatch } from 'react-redux'; -import Web3 from 'web3'; -import PropTypes from 'prop-types'; -import { Grid } from 'antd'; -import { useAccount, useBalance, useDisconnect } from 'wagmi'; import styled from 'styled-components'; +import { useAccount, useBalance, useDisconnect } from 'wagmi'; +import Web3 from 'web3'; + import { CannotConnectAddressOfacError, MEDIA_QUERY, notifyError, } from '@autonolas/frontend-library'; -import { setChainId, setUserBalance } from 'store/setup'; -import { - getChainId, - getChainIdOrDefaultToMainnet, -} from 'common-util/functions/frontend-library'; +import { isAddressProhibited } from 'libs/util-prohibited-data/src/index'; -import { isAddressProhibited } from 'common-util/functions/addresses'; +import { getChainId, getChainIdOrDefaultToMainnet } from 'common-util/functions/frontend-library'; +import { setChainId, setUserBalance } from 'store/setup'; const LoginContainer = styled.div` display: flex; @@ -31,10 +29,7 @@ const LoginContainer = styled.div` const { useBreakpoint } = Grid; -export const LoginV2 = ({ - onConnect: onConnectCb, - onDisconnect: onDisconnectCb, -}) => { +export const LoginV2 = ({ onConnect: onConnectCb, onDisconnect: onDisconnectCb }) => { const dispatch = useDispatch(); const { disconnect } = useDisconnect(); const { chainId } = useAccount(); @@ -87,8 +82,7 @@ export const LoginV2 = ({ // This is the initial `provider` that is returned when // using web3Modal to connect. Can be MetaMask or WalletConnect. const modalProvider = - connector?.options?.getProvider?.() || - (await connector?.getProvider?.()); + connector?.options?.getProvider?.() || (await connector?.getProvider?.()); if (modalProvider) { // We plug the initial `provider` and get back @@ -113,10 +107,7 @@ export const LoginV2 = ({ // cleanup return () => { if (modalProvider.removeListener) { - modalProvider.removeListener( - 'chainChanged', - handleChainChanged, - ); + modalProvider.removeListener('chainChanged', handleChainChanged); } }; } diff --git a/apps/tokenomics/common-util/functions/addresses.js b/apps/tokenomics/common-util/functions/addresses.js deleted file mode 100644 index 396a40fa..00000000 --- a/apps/tokenomics/common-util/functions/addresses.js +++ /dev/null @@ -1,7 +0,0 @@ -import prohibitedAddresses from 'libs/util-prohibited-data/src/lib/prohibited-addresses.json'; -import toLower from 'lodash/toLower'; - -export const isAddressProhibited = (address) => { - const addresses = prohibitedAddresses.map((e) => toLower(e)); - return addresses.includes(toLower(address)); -}; From 44f7b3cc0f35d63072e15a36502977b43272bf62 Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Fri, 19 Jul 2024 20:49:54 +0530 Subject: [PATCH 19/22] refactor: Remove duplicate code for address prohibition check --- apps/bond/common-util/functions/index.js | 1 - apps/tokenomics/common-util/functions/index.js | 1 - 2 files changed, 2 deletions(-) diff --git a/apps/bond/common-util/functions/index.js b/apps/bond/common-util/functions/index.js index e3520124..19554e5e 100644 --- a/apps/bond/common-util/functions/index.js +++ b/apps/bond/common-util/functions/index.js @@ -1,4 +1,3 @@ -export * from './addresses'; export * from './chains'; export * from './errors'; export * from './ethers'; diff --git a/apps/tokenomics/common-util/functions/index.js b/apps/tokenomics/common-util/functions/index.js index 4ae847cb..964ec0ad 100644 --- a/apps/tokenomics/common-util/functions/index.js +++ b/apps/tokenomics/common-util/functions/index.js @@ -1,4 +1,3 @@ -export * from './addresses'; export * from './errors'; export * from './ethers'; export * from './time'; From 9f4d6b72375202acc490d89d956f66f3eb296d7d Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Wed, 24 Jul 2024 14:33:30 +0530 Subject: [PATCH 20/22] feat: Add Vercel links to CSP allowed origins --- libs/common-middleware/src/lib/cspHeader.ts | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 9b4e1324..32a9b1dc 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -7,6 +7,8 @@ const WALLET_CONNECT_LINKS = [ 'https://verify.walletconnect.com', ]; +const VERCEL_LINKS = ['https://vercel.com', 'https://vercel.live/']; + const ALLOWED_ORIGINS = [ // internal "'self'", @@ -28,9 +30,6 @@ const ALLOWED_ORIGINS = [ 'https://safe-transaction-gnosis-chain.safe.global/api/', 'https://safe-transaction-polygon.safe.global/api/', - // vercel - 'https://vercel.live/', - // chains 'https://eth-mainnet.g.alchemy.com/v2/', 'https://eth-goerli.g.alchemy.com/v2/', @@ -60,6 +59,8 @@ const ALLOWED_ORIGINS = [ // others 'https://api.thegraph.com/', + + ...VERCEL_LINKS, ]; const SCRIPT_SRC = ["'self'", 'https://vercel.live/', 'https://fonts.googleapis.com/']; @@ -99,7 +100,7 @@ export const getCspHeaders = () => { 'data:', 'https://*.autonolas.tech/', 'https://explorer-api.walletconnect.com/w3m/', - 'https://vercel.com/', + ...VERCEL_LINKS, ...WALLET_CONNECT_LINKS, ], /** From 2aa4f896329d699c3c1ec01ffa499a973f60b1ff Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Wed, 24 Jul 2024 16:12:28 +0530 Subject: [PATCH 21/22] feat: Add gateway links to CSP allowed origins --- libs/common-middleware/src/lib/cspHeader.ts | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index 32a9b1dc..b5e97075 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -9,6 +9,13 @@ const WALLET_CONNECT_LINKS = [ const VERCEL_LINKS = ['https://vercel.com', 'https://vercel.live/']; +const GATEWAY_LINKS = [ + 'https://gateway.pinata.cloud/ipfs/', + 'https://i.seadn.io/s/raw/files/', + 'https://www.askjimmy.xyz/images/', + 'https://*.arweave.net/', +]; + const ALLOWED_ORIGINS = [ // internal "'self'", @@ -59,6 +66,7 @@ const ALLOWED_ORIGINS = [ // others 'https://api.thegraph.com/', + 'https://sockjs-us3.pusher.com/', ...VERCEL_LINKS, ]; @@ -100,14 +108,20 @@ export const getCspHeaders = () => { 'data:', 'https://*.autonolas.tech/', 'https://explorer-api.walletconnect.com/w3m/', - ...VERCEL_LINKS, ...WALLET_CONNECT_LINKS, + ...GATEWAY_LINKS, + ...VERCEL_LINKS, ], /** * It is less harmful to allow 'unsafe-inline' in style-src, please read the article below * @see https://scotthelme.co.uk/can-you-get-pwned-with-css/ */ - 'style-src': ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"], + 'style-src': [ + "'self'", + 'https://fonts.googleapis.com/', + "'unsafe-inline'", + 'https://vercel.live/fonts', + ], 'font-src': ["'self'", 'https://fonts.gstatic.com'], 'frame-src': ["'self'", 'https://vercel.live/', ...WALLET_CONNECT_LINKS], }, From 174e78afbdd514e320118d4abe06f21d6e973c4d Mon Sep 17 00:00:00 2001 From: mohandast52 Date: Thu, 25 Jul 2024 00:17:32 +0530 Subject: [PATCH 22/22] feat: Update IPFS gateway links in CSP allowed origins --- .../List/IpfsHashGenerationModal/index.jsx | 18 ++++++++++++++++-- libs/common-middleware/src/lib/cspHeader.ts | 5 +++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/apps/autonolas-registry/common-util/List/IpfsHashGenerationModal/index.jsx b/apps/autonolas-registry/common-util/List/IpfsHashGenerationModal/index.jsx index 92824662..d1881bcb 100644 --- a/apps/autonolas-registry/common-util/List/IpfsHashGenerationModal/index.jsx +++ b/apps/autonolas-registry/common-util/List/IpfsHashGenerationModal/index.jsx @@ -1,4 +1,4 @@ -import { Button, Form, Input, Select } from 'antd'; +import { Button, Flex, Form, Input, Select } from 'antd'; import isNil from 'lodash/isNil'; import PropTypes from 'prop-types'; import React, { Fragment, useState } from 'react'; @@ -220,7 +220,21 @@ export const IpfsHashGenerationModal = ({ + + Represents your NFT on marketplaces such as OpenSea. Current supported domains are: + + + {/* TODO: fetch from middleware constant */} +
    +
  • https://gateway.autonolas.tech/ipfs/*
    • +
  • https://gateway.pinata.cloud/ipfs/*
    • +
  • https://*.arweave.net/
    • +
+ + + } > diff --git a/libs/common-middleware/src/lib/cspHeader.ts b/libs/common-middleware/src/lib/cspHeader.ts index b5e97075..44b2a302 100644 --- a/libs/common-middleware/src/lib/cspHeader.ts +++ b/libs/common-middleware/src/lib/cspHeader.ts @@ -10,10 +10,11 @@ const WALLET_CONNECT_LINKS = [ const VERCEL_LINKS = ['https://vercel.com', 'https://vercel.live/']; const GATEWAY_LINKS = [ - 'https://gateway.pinata.cloud/ipfs/', + 'https://gateway.autonolas.tech/ipfs/*', + 'https://gateway.pinata.cloud/ipfs/*', + 'https://*.arweave.net/', 'https://i.seadn.io/s/raw/files/', 'https://www.askjimmy.xyz/images/', - 'https://*.arweave.net/', ]; const ALLOWED_ORIGINS = [