From 7d0751d13c291c241f048dcdf56470d874dfea41 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Mon, 19 Aug 2024 15:21:01 +0200
Subject: [PATCH] Add csp in a better way

Signed-off-by: Micke Nordin <kano@sunet.se>
---
 Makefile                                      |  4 +-
 integration_jupyterhub/appinfo/info.xml       |  2 +-
 .../lib/AppInfo/Application.php               | 24 +++++++---
 .../lib/Controller/PageController.php         | 11 -----
 .../lib/Listener/CSPListener.php              | 45 +++++++++++++++++++
 integration_jupyterhub/package.json           |  2 +-
 6 files changed, 68 insertions(+), 20 deletions(-)
 create mode 100644 integration_jupyterhub/lib/Listener/CSPListener.php

diff --git a/Makefile b/Makefile
index 273e96f..9615d14 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ project_dir=$(CURDIR)/$(app_name)
 build_dir=$(CURDIR)/build/artifacts
 sign_dir=$(build_dir)/sign
 package_name=$(app_name)
-version+=0.1.1
+version+=0.1.2
 
 all: appstore
 release: appstore
@@ -31,7 +31,7 @@ sign: package
 	docker cp nextcloud:/var/www/html/custom_apps/$(app_name)-$(version).tar.gz $(build_dir)/$(app_name)-$(version).tar.gz
 	sleep 3
 	docker kill nextcloud
-	openssl dgst -sha512 -sign $(cert_dir)/$(app_name).key $(build_dir)/$(app_name)-0.1.1.tar.gz | openssl base64
+	openssl dgst -sha512 -sign $(cert_dir)/$(app_name).key $(build_dir)/$(app_name)-$(version).tar.gz | openssl base64
 
 appstore: sign
 
diff --git a/integration_jupyterhub/appinfo/info.xml b/integration_jupyterhub/appinfo/info.xml
index c1d3f4d..3aa11a1 100644
--- a/integration_jupyterhub/appinfo/info.xml
+++ b/integration_jupyterhub/appinfo/info.xml
@@ -11,7 +11,7 @@
   <description>
     <![CDATA[Integrate Jupyther Hub into Nextcloud]]>
   </description>
-  <version>0.1.1</version>
+  <version>0.1.2</version>
   <licence>agpl</licence>
   <author mail="kano@sunet.se" homepage="https://github.com/SUNET/nextcloud-jupyter">Mikael Nordin</author>
   <namespace>Jupyter</namespace>
diff --git a/integration_jupyterhub/lib/AppInfo/Application.php b/integration_jupyterhub/lib/AppInfo/Application.php
index 090e3aa..00de2ed 100644
--- a/integration_jupyterhub/lib/AppInfo/Application.php
+++ b/integration_jupyterhub/lib/AppInfo/Application.php
@@ -1,16 +1,30 @@
 <?php
+
 declare(strict_types=1);
 // SPDX-FileCopyrightText: Mikael Nordin <kano@sunet.se>
 // SPDX-License-Identifier: AGPL-3.0-or-later
 
 namespace OCA\Jupyter\AppInfo;
 
+use OCA\Jupyter\Listener\CSPListener;
+
 use OCP\AppFramework\App;
+use OCP\AppFramework\Bootstrap\IBootContext;
+use OCP\AppFramework\Bootstrap\IBootstrap;
+use OCP\AppFramework\Bootstrap\IRegistrationContext;
+use OCP\Security\CSP\AddContentSecurityPolicyEvent;
 
-class Application extends App {
-	public const APP_ID = 'integration_jupyterhub';
+class Application extends App  implements IBootstrap
+{
+  public const APP_ID = 'integration_jupyterhub';
 
-	public function __construct() {
-		parent::__construct(self::APP_ID);
-	}
+  public function __construct()
+  {
+    parent::__construct(self::APP_ID);
+  }
+  public function register(IRegistrationContext $context): void
+  {
+    $context->registerEventListener(AddContentSecurityPolicyEvent::class, CSPListener::class);
+  }
+  public function boot(IBootContext $context): void {}
 }
diff --git a/integration_jupyterhub/lib/Controller/PageController.php b/integration_jupyterhub/lib/Controller/PageController.php
index 444b220..0cb3234 100644
--- a/integration_jupyterhub/lib/Controller/PageController.php
+++ b/integration_jupyterhub/lib/Controller/PageController.php
@@ -42,17 +42,6 @@ public function __construct(
    */
   public function index(): TemplateResponse
   {
-    //Util::addScript(Application::APP_ID, 'jupyter-main');
-    $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy();
-
-    $parsed_url = parse_url($this->jupyter_url);
-
-    $http = $parsed_url["scheme"] . "://" . $parsed_url["host"];
-    $policy->addAllowedConnectDomain($http);
-    $policy->addAllowedScriptDomain($http);
-    $policy->addAllowedFrameDomain($http);
-    \OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy);
-
 
     $params = [
       'user_id' => $this->userId,
diff --git a/integration_jupyterhub/lib/Listener/CSPListener.php b/integration_jupyterhub/lib/Listener/CSPListener.php
new file mode 100644
index 0000000..b05d375
--- /dev/null
+++ b/integration_jupyterhub/lib/Listener/CSPListener.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Jupyter\Listener;
+
+use OCP\AppFramework\Http\ContentSecurityPolicy;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Security\CSP\AddContentSecurityPolicyEvent;
+use Psr\Log\LoggerInterface;
+use OCP\IConfig;
+
+class CSPListener implements IEventListener
+{
+  protected string $appName;
+  private string $jupyter_url;
+  public function __construct(
+    private IConfig $config,
+    private LoggerInterface $logger
+  ) {
+    $this->jupyter_url = $config->getAppValue($this->appName, 'jupyter_url') . '/hub/home';
+    $this->appName = "integration_jupyterhub";
+  }
+
+  public function handle(Event $event): void
+  {
+    $this->logger->debug('Adding CSP for Jupyter', ['app' => 'integration_jupyterhub']);
+    if (!($event instanceof AddContentSecurityPolicyEvent)) {
+      return;
+    }
+    $csp = new ContentSecurityPolicy();
+    $url = parse_url($this->jupyter_url);
+    $http = $url["scheme"] . "://" . $url["host"];
+    $csp->addAllowedConnectDomain($http);
+    $csp->addAllowedScriptDomain($http);
+    $csp->addAllowedFrameDomain($http);
+
+    $event->addPolicy($csp);
+  }
+}
diff --git a/integration_jupyterhub/package.json b/integration_jupyterhub/package.json
index 305b648..9ea7f38 100644
--- a/integration_jupyterhub/package.json
+++ b/integration_jupyterhub/package.json
@@ -1,7 +1,7 @@
 {
   "name": "integration_jupyterhub",
   "description": "Integrate Jupyther Hub into Nextcloud",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "author": "Micke Nordin <kano@sunet.se>",
   "contributors": [],
   "bugs": {