-
Notifications
You must be signed in to change notification settings - Fork 3
/
index.js
64 lines (56 loc) · 1.6 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
module.exports = function hpkp(passedOptions) {
const options = parseOptions(passedOptions);
const headerName = getHeaderName(options);
const headerValue = getHeaderValue(options);
return function hpkp(req, res, next) {
if (options.setIf(req, res)) {
res.setHeader(headerName, headerValue);
}
next();
};
};
function parseOptions(options) {
const badArgumentsError = new Error(
"hpkp must be called with a maxAge and at least two SHA-256s (one actually used and another kept as a backup).",
);
if (
!options ||
(options.maxage && options.maxAge) ||
(options.reportOnly && !options.reportUri)
) {
throw badArgumentsError;
}
const {
maxAge,
sha256s,
setIf = () => true,
reportUri,
reportOnly,
} = options;
if (!maxAge || maxAge <= 0 || !sha256s || sha256s.length < 2) {
throw badArgumentsError;
}
if (typeof setIf !== "function") {
throw new TypeError("setIf must be a function.");
}
return {
maxAge,
sha256s,
includeSubDomains: options.includeSubDomains || options.includeSubdomains,
reportUri,
reportOnly,
setIf,
};
}
function getHeaderName({ reportOnly }) {
const result = "Public-Key-Pins";
if (reportOnly) return result + "-Report-Only";
return result;
}
function getHeaderValue({ sha256s, maxAge, includeSubDomains, reportUri }) {
const result = sha256s.map((sha) => 'pin-sha256="' + sha + '"');
result.push("max-age=" + Math.round(maxAge));
if (includeSubDomains) result.push("includeSubDomains");
if (reportUri) result.push('report-uri="' + reportUri + '"');
return result.join("; ");
}