From 8bd18342149d028100139bcbbe53882c70243a17 Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Tue, 17 Jan 2023 19:09:02 -0800
Subject: [PATCH] refactor: page controller csp together

---
 lib/Controller/PageController.php        | 30 ++++++++++++++++++------
 lib/Controller/PublicAlbumController.php | 23 ++----------------
 lib/Controller/PublicController.php      | 26 ++------------------
 3 files changed, 27 insertions(+), 52 deletions(-)

diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index aaebe09f..df9e17d6 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -90,12 +90,18 @@ class PageController extends Controller
         $this->initialState->provideInitialState('facerecognitionEnabled', \OCA\Memories\Util::facerecognitionIsEnabled($this->config, $uid));
         $this->initialState->provideInitialState('albums', \OCA\Memories\Util::albumsIsEnabled($this->appManager));
 
-        // App version
-        $this->initialState->provideInitialState('version', $this->appManager->getAppInfo('memories')['version']);
+        // Common state
+        self::provideCommonInitialState($this->initialState);
 
-        // Video configuration
-        $this->initialState->provideInitialState('notranscode', $this->config->getSystemValue('memories.no_transcode', 'UNSET'));
+        $response = new TemplateResponse($this->appName, 'main');
+        $response->setContentSecurityPolicy(self::getCSP());
 
+        return $response;
+    }
+
+    /** Get the common content security policy */
+    public static function getCSP()
+    {
         $policy = new ContentSecurityPolicy();
         $policy->addAllowedWorkerSrcDomain("'self'");
         $policy->addAllowedScriptDomain("'self'");
@@ -112,10 +118,20 @@ class PageController extends Controller
         $policy->addAllowedConnectDomain('nominatim.openstreetmap.org');
         $policy->addAllowedFrameDomain('www.openstreetmap.org');
 
-        $response = new TemplateResponse($this->appName, 'main');
-        $response->setContentSecurityPolicy($policy);
+        return $policy;
+    }
 
-        return $response;
+    /** Provide initial state for all pages */
+    public static function provideCommonInitialState(IInitialState &$initialState)
+    {
+        $appManager = \OC::$server->get(\OCP\App\IAppManager::class);
+        $config = \OC::$server->get(\OCP\IConfig::class);
+
+        // App version
+        $initialState->provideInitialState('version', $appManager->getAppInfo('memories')['version']);
+
+        // Video configuration
+        $initialState->provideInitialState('notranscode', $config->getSystemValue('memories.no_transcode', 'UNSET'));
     }
 
     /**
diff --git a/lib/Controller/PublicAlbumController.php b/lib/Controller/PublicAlbumController.php
index 470959ae..3d815f4d 100644
--- a/lib/Controller/PublicAlbumController.php
+++ b/lib/Controller/PublicAlbumController.php
@@ -6,7 +6,6 @@ use OCA\Files\Event\LoadSidebar;
 use OCA\Memories\Db\TimelineQuery;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
-use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\Template\PublicTemplateResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
@@ -59,30 +58,12 @@ class PublicAlbumController extends Controller
         // Scripts
         Util::addScript($this->appName, 'memories-main');
         $this->eventDispatcher->dispatchTyped(new LoadSidebar());
-
-        $this->initialState->provideInitialState('version', $this->appManager->getAppInfo('memories')['version']);
-        $this->initialState->provideInitialState('notranscode', $this->config->getSystemValue('memories.no_transcode', 'UNSET'));
-
-        $policy = new ContentSecurityPolicy();
-        $policy->addAllowedWorkerSrcDomain("'self'");
-        $policy->addAllowedScriptDomain("'self'");
-
-        // Video player
-        $policy->addAllowedWorkerSrcDomain('blob:');
-        $policy->addAllowedScriptDomain('blob:');
-        $policy->addAllowedMediaDomain('blob:');
-
-        // Image editor
-        $policy->addAllowedConnectDomain('data:');
-
-        // Allow nominatim for metadata
-        $policy->addAllowedConnectDomain('nominatim.openstreetmap.org');
-        $policy->addAllowedFrameDomain('www.openstreetmap.org');
+        PageController::provideCommonInitialState($this->initialState);
 
         $response = new PublicTemplateResponse($this->appName, 'main');
         $response->setHeaderTitle($album['name']);
         $response->setFooterVisible(false); // wth is that anyway?
-        $response->setContentSecurityPolicy($policy);
+        $response->setContentSecurityPolicy(PageController::getCSP());
 
         return $response;
     }
diff --git a/lib/Controller/PublicController.php b/lib/Controller/PublicController.php
index 764a028c..d39382f1 100644
--- a/lib/Controller/PublicController.php
+++ b/lib/Controller/PublicController.php
@@ -5,7 +5,6 @@ namespace OCA\Memories\Controller;
 use OCA\Files\Event\LoadSidebar;
 use OCP\App\IAppManager;
 use OCP\AppFramework\AuthPublicShareController;
-use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\Template\PublicTemplateResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
@@ -102,36 +101,15 @@ class PublicController extends AuthPublicShareController
         // Scripts
         Util::addScript($this->appName, 'memories-main');
         $this->eventDispatcher->dispatchTyped(new LoadSidebar());
-
-        // App version
-        $this->initialState->provideInitialState('version', $this->appManager->getAppInfo('memories')['version']);
-
-        // Video configuration
-        $this->initialState->provideInitialState('notranscode', $this->config->getSystemValue('memories.no_transcode', 'UNSET'));
+        PageController::provideCommonInitialState($this->initialState);
 
         // Share info
         $this->initialState->provideInitialState('no_download', $share->getHideDownload());
 
-        $policy = new ContentSecurityPolicy();
-        $policy->addAllowedWorkerSrcDomain("'self'");
-        $policy->addAllowedScriptDomain("'self'");
-
-        // Video player
-        $policy->addAllowedWorkerSrcDomain('blob:');
-        $policy->addAllowedScriptDomain('blob:');
-        $policy->addAllowedMediaDomain('blob:');
-
-        // Image editor
-        $policy->addAllowedConnectDomain('data:');
-
-        // Allow nominatim for metadata
-        $policy->addAllowedConnectDomain('nominatim.openstreetmap.org');
-        $policy->addAllowedFrameDomain('www.openstreetmap.org');
-
         $response = new PublicTemplateResponse($this->appName, 'main');
         $response->setHeaderTitle($share->getNode()->getName());
         $response->setFooterVisible(false); // wth is that anyway?
-        $response->setContentSecurityPolicy($policy);
+        $response->setContentSecurityPolicy(PageController::getCSP());
 
         return $response;
     }