arthur/artdanj-api
1
0
Fork 0
mirror of https://github.com/ArthurDanjou/artdanj-api.git synced 2026-01-14 12:14:33 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Working

Browse Source 
Signed-off-by: Arthur DANJOU <arthurdanjou@outlook.fr>
This commit is contained in:
Arthur Danjou
2021-07-02 17:49:06 +02:00
parent b1423cb0c5
commit 8e4bfa178c
5 changed files with 15 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/Controllers/Http/LocationsController.ts
View File

@@ -1,16 +1,24 @@
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import {HttpContextContract} from '@ioc:Adonis/Core/HttpContext'
import Location from "App/Models/Location";
import LocationValidator from "App/Validators/location/LocationValidator";
export default class LocationsController {
public async get ({ response }: HttpContextContract) {
const location = await Location.query().orderBy('since', 'desc').firstOrFail()
return response.status(200).send({
place: location.place,
left: location.left,
since: location.since
})
const location = await Location.query().orderBy('since', 'desc').first()
if (location) {
return response.status(200).send({
location: {
place: location.place,
left: location.left,
since: location.since
}
})
} else {
return response.status(200).send({
location: 'Location is unknown...'
})
}
}
public async store ({ request, response }: HttpContextContract) {

237
config/shield.ts
View File

@@ -1,237 +0,0 @@
/**
* Config source: https://git.io/Jvwvt
*
* Feel free to let us know via PR, if you find something broken in this config
* file.
*/
import Env from '@ioc:Adonis/Core/Env'
import {ShieldConfig} from '@ioc:Adonis/Addons/Shield'
/*
|--------------------------------------------------------------------------
| Content Security Policy
|--------------------------------------------------------------------------
|
| Content security policy filters out the origins not allowed to execute
| and load resources like scripts, styles and fonts. There are wide
| variety of options to choose from.
*/
export const csp: ShieldConfig['csp'] = {
/*
|--------------------------------------------------------------------------
| Enable/disable CSP
|--------------------------------------------------------------------------
|
| The CSP rules are disabled by default for seamless onboarding.
|
*/
enabled: false,
/*
|--------------------------------------------------------------------------
| Directives
|--------------------------------------------------------------------------
|
| All directives are defined in camelCase and here is the list of
| available directives and their possible values.
|
| https://content-security-policy.com
|
| @example
| directives: {
| defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
| }
|
*/
directives: {},
/*
|--------------------------------------------------------------------------
| Report only
|--------------------------------------------------------------------------
|
| Setting `reportOnly=true` will not block the scripts from running and
| instead report them to a URL.
|
*/
reportOnly: false,
}
/*
|--------------------------------------------------------------------------
| CSRF Protection
|--------------------------------------------------------------------------
|
| CSRF Protection adds another layer of security by making sure, actionable
| routes does have a valid token to execute an action.
|
*/
export const csrf: ShieldConfig['csrf'] = {
/*
|--------------------------------------------------------------------------
| Enable/Disable CSRF
|--------------------------------------------------------------------------
*/
enabled: Env.get('NODE_ENV') !== 'testing',
/*
|--------------------------------------------------------------------------
| Routes to Ignore
|--------------------------------------------------------------------------
|
| Define an array of route patterns that you want to ignore from CSRF
| validation. Make sure the route patterns are started with a leading
| slash. Example:
|
| `/foo/bar`
|
| Also you can define a function that is evaluated on every HTTP Request.
| ```
| exceptRoutes: ({ request }) => request.url.includes('/api')
| ```
|
*/
exceptRoutes: [],
/*
|--------------------------------------------------------------------------
| Enable Sharing Token Via Cookie
|--------------------------------------------------------------------------
|
| When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
| cookie that frontend frameworks can read and return back as a
| `X-XSRF-TOKEN` header.
|
| The cookie has `httpOnly` flag set to false, so it is little insecure and
| can be turned off when you are not using a frontend framework making
| AJAX requests.
|
*/
enableXsrfCookie: true,
/*
|--------------------------------------------------------------------------
| Methods to Validate
|--------------------------------------------------------------------------
|
| Define an array of HTTP methods to be validated for a valid CSRF token.
|
*/
methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
}
/*
|--------------------------------------------------------------------------
| DNS Prefetching
|--------------------------------------------------------------------------
|
| DNS prefetching allows browsers to proactively perform domain name
| resolution in background.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
|
*/
export const dnsPrefetch: ShieldConfig['dnsPrefetch'] = {
/*
|--------------------------------------------------------------------------
| Enable/disable this feature
|--------------------------------------------------------------------------
*/
enabled: true,
/*
|--------------------------------------------------------------------------
| Allow or Dis-Allow Explicitly
|--------------------------------------------------------------------------
|
| The `enabled` boolean does not set `X-DNS-Prefetch-Control` header. However
| the `allow` boolean controls the value of `X-DNS-Prefetch-Control` header.
|
| - When `allow = true`, then `X-DNS-Prefetch-Control = 'on'`
| - When `allow = false`, then `X-DNS-Prefetch-Control = 'off'`
|
*/
allow: true,
}
/*
|--------------------------------------------------------------------------
| Iframe Options
|--------------------------------------------------------------------------
|
| xFrame defines whether or not your website can be embedded inside an
| iframe. Choose from one of the following options.
|
| - DENY
| - SAMEORIGIN
| - ALLOW-FROM http://example.com
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
*/
export const xFrame: ShieldConfig['xFrame'] = {
enabled: true,
action: 'DENY',
}
/*
|--------------------------------------------------------------------------
| Http Strict Transport Security
|--------------------------------------------------------------------------
|
| A security to ensure that a browser always makes a connection over
| HTTPS.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
*/
export const hsts: ShieldConfig['hsts'] = {
enabled: true,
/*
|--------------------------------------------------------------------------
| Max Age
|--------------------------------------------------------------------------
|
| Control, how long the browser should remember that a site is only to be
| accessed using HTTPS.
|
*/
maxAge: '180 days',
/*
|--------------------------------------------------------------------------
| Include Subdomains
|--------------------------------------------------------------------------
|
| Apply rules on the subdomains as well.
|
*/
includeSubDomains: true,
/*
|--------------------------------------------------------------------------
| Preloading
|--------------------------------------------------------------------------
|
| Google maintains a service to register your domain and it will preload
| the HSTS policy. Learn more https://hstspreload.org/
|
*/
preload: false,
}
/*
|--------------------------------------------------------------------------
| No Sniff
|--------------------------------------------------------------------------
|
| Browsers have a habit of sniffing content-type of a response. Which means
| files with .txt extension containing Javascript code will be executed as
| Javascript. You can disable this behavior by setting nosniff to false.
|
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
*/
export const contentTypeSniffing: ShieldConfig['contentTypeSniffing'] = {
enabled: true,
}

1
package.json
View File

@@ -27,7 +27,6 @@
"@adonisjs/redis": "^7.0.6",
"@adonisjs/repl": "^3.1.4",
"@adonisjs/session": "^6.0.6",
"@adonisjs/shield": "^7.0.4",
"@adonisjs/view": "^6.0.3",
"axios": "^0.21.1",
"luxon": "^1.27.0",

1
start/kernel.ts
View File

@@ -22,7 +22,6 @@ import Server from "@ioc:Adonis/Core/Server";
Server.middleware.register([
() => import('@ioc:Adonis/Core/BodyParser'),
() => import('@ioc:Adonis/Addons/Shield'),
() => import('App/Middleware/SilentAuth'),
])

33
yarn.lock
View File

@@ -273,15 +273,6 @@
"@poppinss/utils" "^3.1.3"
fs-extra "^10.0.0"
"@adonisjs/shield@^7.0.4":
version "7.0.4"
resolved "https://registry.yarnpkg.com/@adonisjs/shield/-/shield-7.0.4.tgz#9ce7d068c407e1c0f09dea1d742b856c15cde3ad"
integrity sha512-j2FpehuA3kpWI6+kj7sYCo8YrwM2Fy8ov8C8iGiQVWEDjsCIISOH+GNUnUwtLfJvGTrLFlzZcvB62wIxw8Ep/Q==
dependencies:
"@poppinss/utils" "^3.1.3"
csrf "^3.1.0"
helmet-csp "^3.4.0"
"@adonisjs/sink@^5.1.5":
version "5.1.5"
resolved "https://registry.yarnpkg.com/@adonisjs/sink/-/sink-5.1.5.tgz#8a238052d66f06dd9894516eb7270797c6489b2b"
@@ -1418,15 +1409,6 @@ cross-spawn@^7.0.3:
shebang-command "^2.0.0"
which "^2.0.1"
csrf@^3.1.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/csrf/-/csrf-3.1.0.tgz#ec75e9656d004d674b8ef5ba47b41fbfd6cb9c30"
integrity sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==
dependencies:
rndm "1.2.0"
tsscmp "1.0.6"
uid-safe "2.1.5"
css-select@^4.1.3:
version "4.1.3"
resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.1.3.tgz#a70440f70317f2669118ad74ff105e65849c7067"
@@ -2213,11 +2195,6 @@ header-case@^2.0.4:
capital-case "^1.0.4"
tslib "^2.0.3"
helmet-csp@^3.4.0:
version "3.4.0"
resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-3.4.0.tgz#7fdd0b0274cd90a64664e2ed8e48f9a430037233"
integrity sha512-a+YgzWw6dajqhQfb6ktxil0FsQuWTKzrLSUfy55dxS8fuvl1jidTIMPZ2udN15mjjcpBPgTHNHGF5tyWKYyR8w==
html-minifier@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/html-minifier/-/html-minifier-4.0.0.tgz#cca9aad8bce1175e02e17a8c33e46d8988889f56"
@@ -4121,11 +4098,6 @@ rimraf@^3.0.2:
dependencies:
glob "^7.1.3"
rndm@1.2.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
integrity sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=
safe-buffer@*, safe-buffer@5.2.1, safe-buffer@^5.1.1, safe-buffer@~5.2.0:
version "5.2.1"
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
@@ -4645,11 +4617,6 @@ tslib@^2.0.3, tslib@^2.2.0, tslib@^2.3.0:
resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.0.tgz#803b8cdab3e12ba581a4ca41c8839bbb0dacb09e"
integrity sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==
tsscmp@1.0.6:
version "1.0.6"
resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==
tsse@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/tsse/-/tsse-2.0.0.tgz#757a1357473fecaffb5c70024acd179514779f64"