Class: Vizcore::PluginAssetPolicy

Inherits:
Object
  • Object
show all
Defined in:
lib/vizcore/plugin_asset_policy.rb

Overview

Validates browser-side plugin assets before they are served by the runtime.

Constant Summary collapse

ALLOWED_EXTENSIONS = 
%w[.js .mjs].freeze
ALLOWED_MIME_TYPES = 
%w[text/javascript application/javascript].freeze

Class Method Summary collapse

Class Method Details

.validate!(path, root: nil) ⇒ Pathname

Parameters:

  • path (String, Pathname)
  • root (String, Pathname, nil) (defaults to: nil)

    optional sandbox root

Returns:

  • (Pathname) 


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/vizcore/plugin_asset_policy.rb', line 15

def self.validate!(path, root: nil)
  asset_path = Pathname.new(path).expand_path
  root_path = root ? Pathname.new(root).expand_path : nil

  if root_path && !inside_root?(asset_path, root_path)
    raise ArgumentError, "Plugin asset must stay inside #{root_path}: #{asset_path}"
  end

  unless ALLOWED_EXTENSIONS.include?(asset_path.extname.downcase)
    raise ArgumentError, "Unsupported plugin asset extension: #{asset_path.extname}. Use one of: #{ALLOWED_EXTENSIONS.join(', ')}"
  end

  extname = asset_path.extname.downcase
  mime_type = Rack::Mime.mime_type(extname, "application/octet-stream")
  mime_type = case extname
  when ".mjs"
    mime_type == "application/octet-stream" ? "application/javascript" : mime_type
  when ".js"
    mime_type == "application/octet-stream" ? "text/javascript" : mime_type
  else
    mime_type
  end
  unless ALLOWED_MIME_TYPES.include?(mime_type)
    raise ArgumentError, "Unsupported plugin asset MIME type: #{mime_type}. Use one of: #{ALLOWED_MIME_TYPES.join(", ")}"
  end

  asset_path
end