trunk 0.21.14

Build, bundle & ship your Rust WASM application to the web.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

//! Integrity processing

use crate::{
    config::rt::RtcBuild,
    pipelines::{Attr, Attrs},
};
use base64::{display::Base64Display, engine::general_purpose::STANDARD, Engine};
use sha2::{Digest, Sha256, Sha384, Sha512};
use std::{
    convert::Infallible,
    fmt::{Debug, Display, Formatter},
    future::Future,
    str::FromStr,
};

const ATTR_INTEGRITY: &str = "data-integrity";

/// Integrity type for subresource protection
#[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
pub enum IntegrityType {
    None,
    Sha256,
    Sha384,
    Sha512,
}

impl IntegrityType {
    /// Get the default, unless it's disabled
    pub fn default_unless(disabled: bool) -> IntegrityType {
        if disabled {
            Self::None
        } else {
            Self::Sha384
        }
    }

    /// Get the integrity setting from the attributes
    pub fn from_attrs(attrs: &Attrs, cfg: &RtcBuild) -> anyhow::Result<IntegrityType> {
        Ok(attrs
            .get(ATTR_INTEGRITY)
            .map(|attr| IntegrityType::from_str(attr))
            .transpose()?
            .unwrap_or_else(|| IntegrityType::default_unless(cfg.no_sri)))
    }
}

impl FromStr for IntegrityType {
    type Err = IntegrityTypeParseError;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        Ok(match s {
            "none" => Self::None,
            "sha256" => Self::Sha256,
            "sha384" | "" => Self::Sha384,
            "sha512" => Self::Sha512,
            _ => return Err(IntegrityTypeParseError::InvalidValue),
        })
    }
}

impl Display for IntegrityType {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::None => write!(f, "none"),
            Self::Sha256 => write!(f, "sha256"),
            Self::Sha384 => write!(f, "sha384"),
            Self::Sha512 => write!(f, "sha512"),
        }
    }
}

#[derive(Debug, thiserror::Error)]
pub enum IntegrityTypeParseError {
    #[error("invalid value")]
    InvalidValue,
}

/// The digest of the output
#[derive(Clone)]
pub struct OutputDigest {
    /// The digest algorithm
    pub integrity: IntegrityType,
    /// The raw hash/digest value
    pub hash: Vec<u8>,
}

impl Debug for OutputDigest {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("OutputDigest")
            .field("integrity", &self.integrity)
            .field("hash", &STANDARD.encode(&self.hash))
            .finish()
    }
}

impl Default for OutputDigest {
    fn default() -> Self {
        Self {
            integrity: IntegrityType::None,
            hash: vec![],
        }
    }
}

impl OutputDigest {
    /// Turn into the value for an SRI attribute
    pub fn to_integrity_value(&self) -> Option<impl Display + '_> {
        match self.integrity {
            IntegrityType::None => None,
            integrity => Some(format!(
                "{integrity}-{hash}",
                hash = Base64Display::new(&self.hash, &STANDARD)
            )),
        }
    }

    /// Insert as an SRI attribute into a an [`Attrs`] instance.
    pub fn insert_into(&self, attrs: &mut Attrs) {
        if let Some(value) = self.to_integrity_value() {
            attrs.insert(
                "integrity".to_string(),
                Attr {
                    value: value.to_string(),
                    need_escape: false,
                },
            );
        }
    }

    /// Generate from input data
    pub fn generate<F, T, E>(integrity: IntegrityType, f: F) -> Result<Self, E>
    where
        F: FnOnce() -> Result<T, E>,
        T: AsRef<[u8]>,
    {
        let hash = match integrity {
            IntegrityType::None => vec![],
            IntegrityType::Sha256 => Vec::from_iter(Sha256::digest(f()?)),
            IntegrityType::Sha384 => Vec::from_iter(Sha384::digest(f()?)),
            IntegrityType::Sha512 => Vec::from_iter(Sha512::digest(f()?)),
        };

        Ok(Self { integrity, hash })
    }

    /// Generate from input data
    pub async fn generate_async<F, T, E, Fut>(integrity: IntegrityType, f: F) -> Result<Self, E>
    where
        F: FnOnce() -> Fut,
        T: AsRef<[u8]>,
        Fut: Future<Output = Result<T, E>>,
    {
        let hash = match integrity {
            IntegrityType::None => vec![],
            IntegrityType::Sha256 => Vec::from_iter(Sha256::digest(f().await?)),
            IntegrityType::Sha384 => Vec::from_iter(Sha384::digest(f().await?)),
            IntegrityType::Sha512 => Vec::from_iter(Sha512::digest(f().await?)),
        };

        Ok(Self { integrity, hash })
    }

    /// Generate from existing input data
    pub fn generate_from(integrity: IntegrityType, data: impl AsRef<[u8]>) -> Self {
        Self::generate::<_, _, Infallible>(integrity, || Ok(data))
            // we can safely unwrap, as we know it's infallible
            .unwrap()
    }
}