Merge pull request #35 from shaunwarman/fix-csp

fix: csp config and minor refactor

Author: shaunwarman

.babelrc

@@ -1,11 +1,13 @@
 {
+  "compact": false,
   "presets": [
     [
       "@babel/env", {
         "debug": true,
-        "useBuiltIns": "usage",
+        "forceAllTransforms": true,
+        "modules": false,
         "targets": {
-          "browsers": "extends @ladjs/browserslist-config"
+          "browsers": [ "extends @ladjs/browserslist-config" ]
         }
       }
     ]

.gitattributes

@@ -1 +1,196 @@
+# https://gist.github.com/niftylettuce/c56e1786b32c42cb697b7fa2a6b5c847
 * text=auto
+
+###### Git
+.gitattributes text
+.gitignore text
+.gitconfig text
+.gitmodules text
+
+##### Windows
+*.bat text eol=crlf
+*.exe binary
+*.dll binary
+
+##### Linux
+*.sh text eol=lf
+*.so binary
+
+##### Global
+# Documents
+*.sql text
+*.md text
+*.adoc text
+*.textile text
+*.mustache text
+*.csv text
+*.tab text
+*.tsv text
+*.coffee text
+*.css text
+*.htm text
+*.html text
+*.xhtml text
+*.inc text
+*.js text
+*.jsx text
+*.less text
+*.od text
+*.onlydata text
+*.sass text
+*.scm text
+*.log text
+*.properties text
+*.scss text
+*.styl text
+*.tag text
+*.ts text
+*.tsx text
+*.dockerignore text
+Dockerfile text
+*.markdown text
+*.mdwn text
+*.mdown text
+*.mkd text
+*.mkdn text
+*.mdtxt text
+*.mdtext text
+*.txt text
+AUTHORS text
+CHANGELOG text
+CHANGES text
+CONTRIBUTING text
+COPYING text
+copyright text
+*COPYRIGHT* text
+INSTALL text
+license text
+LICENSE text
+NEWS text
+readme text
+*README* text
+TODO text
+# Configuration
+*.cnf text
+*.cfg text
+*.conf text
+*.config text
+*.ini text
+*.json text
+*.xml text
+*.bowerrc text
+.browserslistrc text
+.editorconfig text
+*.npmignore text
+*.yaml text
+*.yml text
+browserslist text
+Makefile text
+makefile text
+Procfile text
+.slugignore text
+# Linters
+.csslintrc text
+.eslintrc text
+.htmlhintrc text
+.jscsrc text
+.jshintrc text
+.jshintignore text
+.stylelintrc text
+# Video
+*.3gpp binary
+*.3gp binary
+*.as binary
+*.asf binary
+*.asx binary
+*.fla binary
+*.flv binary
+*.m4v binary
+*.mng binary
+*.mov binary
+*.mp4 binary
+*.mpeg binary
+*.mpg binary
+*.ogv binary
+*.swc binary
+*.swf binary
+*.webm binary
+# Audio
+*.kar binary
+*.m4a binary
+*.mid binary
+*.midi binary
+*.mp3 binary
+*.ogg binary
+*.ra binary
+# Graphics
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.tif binary
+*.tiff binary
+*.ico binary
+*.eps binary
+*.ai binary
+*.bmp binary
+*.jng binary
+*.jp2 binary
+*.jpx binary
+*.jxr binary
+*.pdf binary
+*.psb binary
+*.psd binary
+*.svg text
+*.svgz binary
+*.wbmp binary
+*.webp binary
+# Archives
+*.7z binary
+*.gz binary
+*.jar binary
+*.rar binary
+*.tar binary
+*.zip binary
+# Fonts
+*.ttf binary
+*.eot binary
+*.otf binary
+*.woff binary
+*.woff2 binary
+# Executables
+*.pyc binary
+# Objects
+*.o binary
+
+##### IDE/Editor
+# Visual Studio
+*.sln text eol=crlf
+*.csproj text eol=crlf
+*.vbproj text eol=crlf
+*.vcxproj text eol=crlf
+*.vcproj text eol=crlf
+*.dbproj text eol=crlf
+*.fsproj text eol=crlf
+*.lsproj text eol=crlf
+*.wixproj text eol=crlf
+*.modelproj text eol=crlf
+*.sqlproj text eol=crlf
+*.wmaproj text eol=crlf
+*.xproj text eol=crlf
+*.props text eol=crlf
+*.filters text eol=crlf
+*.vcxitems text eol=crlf
+# Eclipse
+*.project text
+*.classpath text
+*.prefs
+
+##### Language
+# Java
+*.java text
+*.jsp text
+*.jspf text
+*.jspx text
+*.class binary
+*.war binary

api.js

@@ -5,17 +5,10 @@ const _ = require('lodash');
 const ip = require('ip');
 
 const config = require('./config');
-const routes = require('./routes');
-const i18n = require('./helpers/i18n');
 const logger = require('./helpers/logger');
-const passport = require('./helpers/passport');
 
-const api = new API({
-  routes: routes.api,
-  logger,
-  i18n,
-  passport
-});
+const apiConfig = require('./config/api');
+const api = new API(apiConfig);
 
 if (!module.parent) {
   const mongoose = new Mongoose(

app/views/layout.pug

@@ -16,18 +16,15 @@ html(lang=locale).h-100
         link(rel="alternate", href=`${config.urls.web}/${language.locale}${ctx.pathWithoutLocale}`, hreflang=language.locale)
 
       //- generated with https://realfavicongenerator.net
-      link(rel="apple-touch-icon", sizes="152x152", href=manifest('img/apple-touch-icon.png'))
-      link(rel="icon", type="image/png", href=manifest('img/favicon-32x32.png'), sizes="32x32")
-      link(rel="icon", type="image/png", href=manifest('img/favicon-16x16.png'), sizes="16x16")
-      link(rel="manifest", href="/manifest.json")
-
-      //- add mask-icon
-      //- <https://goo.gl/PMBfKu>
-      //- link(rel="mask-icon", href=manifest('img/safari-pinned-tab.svg'), color=config.appColor)
+      link(rel="apple-touch-icon", sizes="152x152", href=manifest('img/apple-touch-icon.png'), integrity=manifest('img/apple-touch-icon.png', 'integrity'), crossorigin='anonymous')
+      link(rel="icon", type="image/png", href=manifest('img/favicon-32x32.png'), sizes="32x32", integrity=manifest('img/favicon-32x32.png', 'integrity'), crossorigin='anonymous')
+      link(rel="icon", type="image/png", href=manifest('img/favicon-16x16.png'), sizes="16x16", integrity=manifest('img/favicon-16x16.png', 'integrity'), crossorigin='anonymous')
+      link(rel="manifest", href=manifest('site.webmanifest'), integrity=manifest('site.webmanifest', 'integrity'), crossorigin='anonymous')
+      link(rel="mask-icon", href=manifest('img/safari-pinned-tab.svg'), integrity=manifest('img/safari-pinned-tab.svg', 'integrity'), color=config.appColor, crossorigin='anonymous')
       meta(name="apple-mobile-web-app-title", content=config.appName)
       meta(name="application-name", content=config.appName)
       meta(name="msapplication-TileColor", content=config.appColor)
-      meta(name="theme-color", content=config.appColor)
+      meta(name="theme-color", content="#ffffff")
 
       //- csrf token
       meta(name="csrf-token", content=ctx.csrf)
@@ -36,7 +33,7 @@ html(lang=locale).h-100
 
     //- add opengraph tags to your structured data pages
     block opengraph
-      link(rel='image_src', type='image/png', href=manifest('img/social.png'))
+      link(rel='image_src', type='image/png', href=manifest('img/social.png'), integrity=manifest('img/social.png', 'integrity'), crossorigin='anonymous')
       meta(property='og:title', content=meta.title)
       meta(property='og:url', content=`${config.urls.web}${ctx.pathWithoutLocale}`)
       meta(property='og:description', content=meta.description)
@@ -49,12 +46,26 @@ html(lang=locale).h-100
 
     //- css file
     block stylesheets
-      if config.env === 'production'
-        link(rel="stylesheet", href=manifest('css/app.css') integrity=manifest('css/app.css', 'integrity'), crossorigin="anonymous")
-      else
-        link(rel="stylesheet", href=manifest('css/app.css'))
-
-  body(role='document', class=['/register', '/login', config.verifyRoute].includes(ctx.pathWithoutLocale) ? 'pt-0' : '').d-flex.flex-column.h-100
+      link(rel="stylesheet", href=manifest('css/app.css'), integrity=manifest('css/app.css', 'integrity'), crossorigin='anonymous')
+
+    //- preload and prefetch content
+    //- <https://developer.mozilla.org/en-US/docs/Web/HTML/Preloading_content>
+    //- <https://developers.google.com/speed/pagespeed/insights/>
+    block preload
+      each asset in [ 'fonts/fa-brands-400.woff', 'fonts/fa-solid-900.woff' ]
+        //- integrity attribute not currently supported
+        //- <https://crbug.com/981419>
+        link(rel='preload', href=manifest(asset), as='font', crossorigin='anonymous')
+
+    block prefetch
+      each asset in ['img/github-logo.svg', 'img/google-logo.svg']
+        link(rel='prefetch', href=manifest(asset), as='image', crossorigin='anonymous')
+      each asset in [ 'fonts/fa-brands-400.ttf', 'fonts/fa-solid-900.ttf' ]
+        //- integrity attribute not currently supported
+        //- <https://crbug.com/981419>
+        link(rel='prefetch', href=manifest(asset), as='font', crossorigin='anonymous')
+
+  body(role='document').d-flex.flex-column.min-h-100
 
     //- spinner
     block spinner
@@ -65,13 +76,14 @@ html(lang=locale).h-100
       include _nav
 
     //- body
-    main(role='main').flex-shrink-0
-    block body
+    main(role='main').flex-grow-1.d-flex.flex-column.flex-grow-1
+      block body
 
     //- footer
     block footer
       include _footer
 
+    //- scripts
     block scripts
       //- flash messaging (with koa-better-flash and sweetalert2)
       script.
@@ -122,11 +134,6 @@ html(lang=locale).h-100
             id: "#{ctx.sessionId}"
           };
 
-      //- factor bundle (common shared assets across all files)
-      script(src=manifest('js/factor-bundle.js') integrity=manifest('js/factor-bundle.js', 'integrity') crossorigin="anonymous")
-
-      //- uncaught (handles errors, similar to TraceKit but with CabinJS + StackTrace.JS)
-      script(src=manifest('js/uncaught.js') integrity=manifest('js/uncaught.js', 'integrity') crossorigin="anonymous")
-
-      //- scripts
-      script(src=manifest('js/core.js') integrity=manifest('js/core.js', 'integrity') crossorigin="anonymous")
+      //- build
+      if !isBot(ctx.get('User-Agent'))
+        script(async, src=manifest('js/build.js'), integrity=manifest('js/build.js', 'integrity'), crossorigin='anonymous')

assets/css/_custom.scss

@@ -1,3 +1,17 @@
+// https://github.com/twbs/bootstrap/issues/24374
+.min-vh-80 {
+  min-height: 80vh !important;
+}
+.min-h-100 {
+  min-height: 100%;
+}
+
+body {
+  padding-top: 77px;
+  text-rendering: optimizeLegibility;
+  font-smoothing: antialiased;
+}
+
 .text-decoration-underline {
   text-decoration: underline !important;
 }

assets/css/_variables.scss

@@ -1,14 +1,17 @@
-// TODO: eventually host ourselves
-$fa-font-path: "//cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/webfonts" !default;
+$fa-font-path: "../fonts" !default;
+$fa-font-display: "swap" !default;
 
-// custom fonts using google webfont loader
-// with fonts defined in `assets/js/core.js`
-$font-family-sans-serif: 'Source Sans Pro', '-apple-system', BlinkMacSystemFont,
-  'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif !default;
+$font-family-sans-serif: '-apple-system', BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif !default;
 
-$font-family-serif: Georgia, 'Times New Roman', Times, serif !default;
-$font-family-monospace: 'Source Code Pro', Menlo, Monaco, Consolas,
-  'Liberation Mono', 'Courier New', monospace !default;
+$font-family-monospace: 'Inconsolata', Menlo, Monaco, Consolas, 'Liberation Mono', 'Courier New', monospace !default;
 
 $font-family-base: $font-family-sans-serif !default;
-$headings-font-family: 'Bitter', $font-family-sans-serif;
+
+$headings-font-family: 'Poppins', $font-family-sans-serif;
+
+$blue: #20C1ED !default;
+$cyan: #9DE5F9 !default;
+$green: #8CC63F !default;
+$yiq-contrasted-threshold:  200 !default;
+
+$enable-responsive-font-sizes: true !default;