Initial release

Author: sebdesign

.gitignore

@@ -0,0 +1,3 @@
+composer.lock
+tests/temp
+vendor

.styleci.yml

@@ -0,0 +1,6 @@
+preset: laravel
+
+linting: true
+
+disabled:
+  - single_class_element_per_statement

.travis.yml

@@ -0,0 +1,19 @@
+language: php
+
+php:
+  - 5.5.9
+  - 5.6
+  - 7.0
+  - 7.1
+
+env:
+  matrix:
+    - COMPOSER_FLAGS="--prefer-lowest"
+    - COMPOSER_FLAGS=""
+
+before_script:
+  - travis_retry composer self-update
+  - travis_retry composer update ${COMPOSER_FLAGS} --no-interaction --prefer-source
+
+script:
+  - phpunit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [2016] [Sébastien Nikolaou]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,67 @@
+# Laravel SRI
+
+Subresource Integrity (SRI) package for Laravel
+
+[![Latest Version on Packagist](https://img.shields.io/packagist/v/sebdesign/laravel-sri.svg)](https://packagist.org/packages/sebdesign/laravel-sri)
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](LICENSE.md)
+[![Build Status](https://img.shields.io/travis/sebdesign/laravel-sri/master.svg)](https://travis-ci.org/sebdesign/laravel-sri)
+
+Reference and generate [Subresource Integrity (SRI)](https://www.w3.org/TR/SRI/) hashes from your Laravel Elixir asset pipeline.
+
+## Installation
+
+You can install the package via composer:
+
+```bash
+$ composer require sebdesign/laravel-sri
+```
+
+Next, you must install the service provider:
+
+```php
+// config/app.php
+'providers' => [
+    ...
+    Sebdesign\SRI\SubresourceIntegrityServiceProvider::class,
+];
+```
+
+## Usage
+
+This package is aimed to reference SRI hashes for `css` and `js` files from a `sri.json` file in your `/public` folder. In order to generate this file, see the [laravel-elixir-sri]('https://github.com/sebdesign/laravel-elixir-sri') repository.
+
+To reference the generated hashes from the `sri.json` in your views, you may use the `integrity` helper function with the name of the file you are using in your `elixir` or `asset` function.
+
+As a fallback, if the given file is not found in the `sri.json`, **it will generate the appropriate hashes on the fly** for your convenience.
+
+```php
+{{-- Use with elixir() function --}}
+<link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css') }}" crossorigin="anonymous">
+
+{{-- Use with asset() function --}}
+<script src="{{ asset('js/app.js') }}" integrity="{{ integrity('js/app.js') }}" crossorigin="anonymous"></script>
+```
+
+If you have set the output folder for the `sri.json` in a different location in your Gulpfile, you can specify its `path` on the `config/sri.php`.
+
+```php
+// config/sri.php
+'path' => '/public/assets',
+```
+
+You can also override the config options by passing an array as a second argument on the `integrity` helper function:
+
+```php
+{{-- Use different hash algorithm --}}
+<link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css', ['algorithms' => ['sha384']]) }}" crossorigin="anonymous">
+```
+
+## Testing
+
+``` bash
+$ composer test
+```
+
+## License
+
+The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

composer.json

@@ -0,0 +1,42 @@
+{
+    "name": "sebdesign/laravel-sri",
+    "description": "Subresource Integrity (SRI) package for Laravel",
+    "keywords": [
+        "laravel",
+        "sri"
+    ],
+    "homepage": "https://github.com/sebdesign/laravel-sri",
+    "type": "library",
+    "require": {
+        "laravel/framework": "~5.1.16|~5.2.0|~5.3.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "~4.0",
+        "mockery/mockery": "^0.9.5",
+        "orchestra/testbench": "^3.3"
+    },
+    "autoload": {
+        "files": [
+            "src/helpers.php"
+        ],
+        "psr-4": {
+            "Sebdesign\\SRI\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Sebdesign\\SRI\\Test\\": "tests"
+        }
+    },
+    "scripts": {
+        "test": "vendor/bin/phpunit"
+    },
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Sébastien Nikolaou",
+            "email": "info@sebdesign.eu",
+            "homepage": "http://sebdesign.eu"
+        }
+    ]
+}

config/sri.php

@@ -0,0 +1,28 @@
+<?php
+
+return [
+
+    /**
+     * List of hashing algorithms to be used.
+     */
+    'algorithms' => [
+        'sha256',
+        // 'sha384',
+        // 'sha512',
+    ],
+
+    /**
+     * Integrity attribute delimiter.
+     */
+    'delimiter' => ' ',
+
+    /**
+     * Output filename.
+     */
+    'filename' => 'sri.json',
+
+    /**
+     * Output path.
+     */
+    'path' => '/public',
+];

phpunit.xml.dist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit bootstrap="vendor/autoload.php"
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         colors="true"
+         verbose="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false">
+    <testsuites>
+        <testsuite name="Test Suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist>
+            <directory suffix=".php">src/</directory>
+        </whitelist>
+    </filter>
+</phpunit>

src/Hasher.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace Sebdesign\SRI;
+
+use Illuminate\Contracts\Hashing\Hasher as HasherContract;
+
+class Hasher implements HasherContract
+{
+
+    /**
+     * @var array
+     */
+    protected $options = [];
+
+    /**
+     * @var array
+     */
+    protected $supportedAlgorithms = [];
+
+    /**
+     * Constructor.
+     *
+     * @param array $supportedAlgorithms
+     * @param array $options
+     */
+    public function __construct(array $supportedAlgorithms, array $options)
+    {
+        $this->supportedAlgorithms = $supportedAlgorithms;
+        $this->options = $options;
+    }
+
+    /**
+     * Hash the given file.
+     *
+     * @param  string  $file
+     * @param  array   $options
+     * @return string
+     */
+    public function make($file, array $options = [])
+    {
+        $options = $this->getOptions($options);
+
+        return collect($this->getAlgorithms($options))
+            ->map(function ($algorithm) use ($file) {
+                $digest = base64_encode(hash_file($algorithm, $file, true));
+
+                return $algorithm.'-'.$digest;
+            })
+            ->implode($options['delimiter']);
+    }
+
+    /**
+     * Check the given file against a hash.
+     *
+     * @param  string  $file
+     * @param  string  $integrity
+     * @param  array   $options
+     * @return bool
+     */
+    public function check($file, $integrity, array $options = [])
+    {
+        return $this->make($file, $options) === $integrity;
+    }
+
+    /**
+     * Check if the given hash has been hashed using the given options.
+     *
+     * @param  string  $integrity
+     * @param  array   $options
+     * @return bool
+     */
+    public function needsRehash($integrity, array $options = [])
+    {
+        $options = $this->getOptions($options);
+
+        $algorithms = collect(explode($options['delimiter'], $integrity))
+            ->map(function ($hash) {
+                return head(explode('-', $hash));
+            });
+
+        return $this->getAlgorithms($options) != $algorithms->all();
+    }
+
+    /**
+     * Replace the given options with the defaults.
+     *
+     * @param  array  $options
+     * @return array
+     */
+    protected function getOptions(array $options)
+    {
+        return array_replace_recursive($this->options, $options);
+    }
+
+    /**
+     * Get the hashing algorithms from the options.
+     *
+     * @param  array  $options
+     * @return array
+     * @throws \InvalidArgumentException
+     */
+    protected function getAlgorithms(array $options)
+    {
+        if (!isset($options['algorithms'])
+        || !is_array($options['algorithms'])
+        || empty($options['algorithms'])) {
+            throw new \InvalidArgumentException('No hashing algorithms are set.');
+        }
+
+        if ($notSupported = array_diff($options['algorithms'], $this->supportedAlgorithms)) {
+            throw new \InvalidArgumentException(sprintf(
+                "The hashing algorithms [%s] are not supported.",
+                implode(', ', $notSupported)
+            ));
+        }
+
+        return $options['algorithms'];
+    }
+}

src/SubresourceIntegrityServiceProvider.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Sebdesign\SRI;
+
+use Illuminate\Support\ServiceProvider;
+
+class SubresourceIntegrityServiceProvider extends ServiceProvider
+{
+
+    /**
+     * Indicates if loading of the provider is deferred.
+     *
+     * @var bool
+     */
+    protected $defer = false;
+
+    /**
+     * Bootstrap the application services.
+     */
+    public function boot()
+    {
+        if ($this->app->runningInConsole()) {
+           $this->publishes([
+               __DIR__.'/../config/sri.php' => config_path('sri.php'),
+           ], 'config');
+        }
+    }
+
+    /**
+     * Register the application services.
+     */
+    public function register()
+    {
+        $this->mergeConfigFrom(__DIR__.'/../config/sri.php', 'sri');
+
+        $this->app->singleton(Hasher::class, function ($app) {
+            return new Hasher(hash_algos(), $app['config']->get('sri'));
+        });
+    }
+
+    /**
+     * Get the services provided by the provider.
+     *
+     * @return array
+     */
+    public function provides()
+    {
+        return [Hasher::class];
+    }
+}