Attach Security Headers to Laravel Application

monish-khatri · Dec 29, 2022 · 58152e6 · 58152e6
1 parent 73f9700
commit 58152e6
Show file tree

Hide file tree

Showing 70 changed files with 1,746 additions and 5,379 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+vendor/
diff --git a/INSTALLATION.md b/INSTALLATION.md
@@ -1,25 +1,23 @@
-## [Blog Application Installation Guide](https://packagist.org/packages/monish-khatri/blog-application)
+## [Laravel Security Headers Installation Guide](https://packagist.org/packages/monish-khatri/security-headers)
 <p>
-    <a href="https://packagist.org/packages/lmonish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/dt/monish-khatri/blog-application" alt="Total Downloads">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/dt/monish-khatri/security-headers" alt="Total Downloads">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/v/monish-khatri/blog-application" alt="Latest Stable Version">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/v/monish-khatri/security-headers" alt="Latest Stable Version">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/l/monish-khatri/blog-application" alt="License">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/l/monish-khatri/security-headers" alt="License">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/stars/monish-khatri/blog-application" alt="License">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/stars/monish-khatri/security-headers" alt="License">
     </a>
 </p>
 
-### Follow the below steps to install blog application
+### Follow the below steps to install security header package
 - Install the package using
-  - `composer require monish-khatri/blog-application`
+  - `composer require monish-khatri/security-headers`
 - Run below command to publish package classes
-  - `php artisan blog:install`
-- Finally, Run the migrations to create package tables
-  - `php artisan migrate`
+  - `php artisan security-headers:install`
 - You can publish the package config file & change site logo and favicon with email preference
-  - `php artisan vendor:publish --provider="MonishKhatri\Blog\BlogServiceProvider" --tag="config"`
+  - `php artisan vendor:publish --provider="MonishKhatri\SecurityHeaders\SecurityHeadersServiceProvider" --tag="config"`
diff --git a/README.md b/README.md
@@ -1,23 +1,24 @@
 <p align="center"><img alt="Laravel 9" border="0" data-original-height="420" data-original-width="1000" height="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiKIANl_S4hKyyLC6IH5Y6979pHHGpeqZxv-2aEb-XvKzBXfB6PeljGbf1W8PAEWBguIVxy6VsBs0pwuw-9b3emV_hI3QzNbcm2J9HNnye7eHoDaCQxMzY0moh0yaHqu3kpDHxjL_aKrB-oN7bTyBYmoLZgdkmibuxNLDuK_YDDG7_qnE0Og4Xp_Viwg/w643-h269/l9.png" width="643"></p>
 
 <p align="center">
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/dt/monish-khatri/blog-application" alt="Total Downloads">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/dt/monish-khatri/security-headers" alt="Total Downloads">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/v/monish-khatri/blog-application" alt="Latest Stable Version">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/v/monish-khatri/security-headers" alt="Latest Stable Version">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/l/monish-khatri/blog-application" alt="License">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/l/monish-khatri/security-headers" alt="License">
     </a>
-    <a href="https://packagist.org/packages/monish-khatri/blog-application">
-        <img src="https://img.shields.io/packagist/stars/monish-khatri/blog-application" alt="License">
+    <a href="https://packagist.org/packages/monish-khatri/security-headers">
+        <img src="https://img.shields.io/packagist/stars/monish-khatri/security-headers" alt="License">
     </a>
 </p>
 
 ## Introduction
 
-Blog Application provides a minimal and simple starting point for building a Laravel application . Styled with Tailwind, Blog Application publishes Blog,Comment,Tag controllers,views,requests & many more things to your application that can be easily customized based on your own application's needs.
+Package provides a minimal and simple integration to attach security headers for building a secure Laravel application.
+This package publishes config file to your application that can be easily customized based on your own application's needs.
 
 ## Code of Conduct
 
@@ -26,12 +27,12 @@ In order to ensure that the Laravel community is welcoming to all, please review
 
 ## Installation guide
 
-You can setup the Blog Application by following given steps in [Installation guide](INSTALLATION.md).
+You can setup the Security Headers by following given steps in [Installation guide](INSTALLATION.md).
 
 ## Contributing
 Pull requests and feedback are very welcome :)
-on GitHub at https://github.com/monish-khatri/laravel-blog-application
+on GitHub at https://github.com/monish-khatri/security-headers
 
 ## License
 
-Laravel Blog Application is open-sourced software licensed under the [MIT license](LICENSE.md).
+Laravel Security Headers is open-sourced software licensed under the [MIT license](LICENSE.md).
diff --git a/composer.json b/composer.json
@@ -1,11 +1,23 @@
 {
-    "name": "monish-khatri/blog-application",
-    "description": "Blog Application using Laravel 9",
+    "name": "monish-khatri/security-headers",
+    "description": "Attach OWASP security related headers to HTTP response.",
     "type": "library",
     "license": "MIT",
+    "keywords": [
+        "laravel",
+        "header",
+        "https",
+        "hsts",
+        "csp",
+        "except-ct",
+        "feature-policy",
+        "clear-site-data",
+        "referrer-policy",
+        "content-security-policy"
+    ],
     "autoload": {
         "psr-4": {
-            "MonishKhatri\\Blog\\": "src/"
+            "MonishKhatri\\SecurityHeaders\\": "src/"
         }
     },
     "authors": [
@@ -16,19 +28,13 @@
     ],
     "minimum-stability": "dev",
     "require": {
-        "php": "^8.0.2",
-        "kyslik/column-sortable": "^6.4",
-        "laravel/breeze": "^1.13",
-        "laravel/ui": "^4.1"
+        "php": "^8.0.2"
     },
     "extra": {
         "laravel": {
             "providers": [
-                "MonishKhatri\\Blog\\BlogServiceProvider"
-            ],
-            "aliases": {
-                "Blog": "App\\Models\\Blog"
-            }
+                "MonishKhatri\\SecurityHeaders\\SecurityHeadersServiceProvider"
+            ]
         }
     }
 }
diff --git a/composer.lock b/composer.lock
diff --git a/src/BlogServiceProvider.php b/src/BlogServiceProvider.php
diff --git a/src/Builders/Builder.php b/src/Builders/Builder.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace MonishKhatri\SecurityHeaders\Builders;
+
+abstract class Builder
+{
+    /**
+     * Builder config.
+     *
+     * @var array<mixed>
+     */
+    protected $config = [];
+
+    /**
+     * Builder constructor.
+     *
+     * @param  array<mixed>  $config
+     */
+    public function __construct(array $config = [])
+    {
+        $this->config = $config;
+    }
+
+    /**
+     * Get result.
+     *
+     * @return string
+     */
+    abstract public function get(): string;
+}
diff --git a/src/Builders/ClearSiteDataBuilder.php b/src/Builders/ClearSiteDataBuilder.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace MonishKhatri\SecurityHeaders\Builders;
+
+final class ClearSiteDataBuilder extends Builder
+{
+    /**
+     * Clear Site Data whitelist directives.
+     *
+     * @var array<string, bool>
+     */
+    protected $whitelist = [
+        'cache' => true,
+        'cookies' => true,
+        'storage' => true,
+        'executionContexts' => true,
+    ];
+
+    /**
+     * {@inheritDoc}
+     */
+    public function get(): string
+    {
+        if ($this->config['all'] ?? false) {
+            return '"*"';
+        }
+
+        $targets = array_intersect_key($this->config, $this->whitelist);
+
+        $needs = array_filter($targets);
+
+        $directives = array_map(function (string $directive) {
+            return sprintf('"%s"', $directive);
+        }, array_keys($needs));
+
+        return implode(', ', $directives);
+    }
+}