midgard/MapComplete
1
0
Fork 0
forked from MapComplete/MapComplete
Code Pull requests Activity

Security: add nominatim endpoint to config and csp

Browse source
This commit is contained in:
Pieter Vander Vennet 2023-09-29 11:13:30 +02:00
parent 477ef56e00
commit 451aa3bcd4
4 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
package.json
View file

@ -32,7 +32,8 @@
"https://overpass.kumi.systems/api/interpreter", "https://overpass.kumi.systems/api/interpreter",
"https://overpass.openstreetmap.ru/cgi/interpreter" "https://overpass.openstreetmap.ru/cgi/interpreter"
], ],
"country_coder_host": "https://raw.githubusercontent.com/pietervdvn/MapComplete-data/main/latlon2country" "country_coder_host": "https://raw.githubusercontent.com/pietervdvn/MapComplete-data/main/latlon2country",
"nominatimEndpoint": "https://nominatim.openstreetmap.org/search?"
}, },
"scripts": { "scripts": {
"start": "npm run generate:layeroverview && npm run strt", "start": "npm run generate:layeroverview && npm run strt",

3
scripts/generateLayouts.ts
View file

@ -206,6 +206,7 @@ function asLangSpan(t: Translation, tag = "span"): string {
} }
let previousSrc: Set<string> = new Set<string>() let previousSrc: Set<string> = new Set<string>()
function generateCsp( function generateCsp(
layout: LayoutConfig, layout: LayoutConfig,
options: { options: {
@ -216,6 +217,7 @@ function generateCsp(
"'self'", "'self'",
...Constants.defaultOverpassUrls, ...Constants.defaultOverpassUrls,
Constants.countryCoderEndpoint, Constants.countryCoderEndpoint,
Constants.nominatimEndpoint,
"https://api.openstreetmap.org", "https://api.openstreetmap.org",
"https://pietervdvn.goatcounter.com", "https://pietervdvn.goatcounter.com",
].concat(...SpecialVisualizations.specialVisualizations.map((sv) => sv.needsUrls)) ].concat(...SpecialVisualizations.specialVisualizations.map((sv) => sv.needsUrls))
@ -283,6 +285,7 @@ const removeOtherLanguagesHash = crypto
.createHash("sha256") .createHash("sha256")
.update(removeOtherLanguages) .update(removeOtherLanguages)
.digest("base64") .digest("base64")
async function createLandingPage(layout: LayoutConfig, manifest, whiteIcons, alreadyWritten) { async function createLandingPage(layout: LayoutConfig, manifest, whiteIcons, alreadyWritten) {
Locale.language.setData(layout.language[0]) Locale.language.setData(layout.language[0])
const targetLanguage = layout.language[0] const targetLanguage = layout.language[0]

3
src/Logic/Osm/Geocoding.ts
View file

@ -1,5 +1,6 @@
import { Utils } from "../../Utils" import { Utils } from "../../Utils"
import { BBox } from "../BBox" import { BBox } from "../BBox"
import Constants from "../../Models/Constants"
export interface GeoCodeResult { export interface GeoCodeResult {
display_name: string display_name: string
@ -15,7 +16,7 @@ export interface GeoCodeResult {
} }
export class Geocoding { export class Geocoding {
private static readonly host = "https://nominatim.openstreetmap.org/search?" public static readonly host = Constants.nominatimEndpoint
static async Search(query: string, bbox: BBox): Promise<GeoCodeResult[]> { static async Search(query: string, bbox: BBox): Promise<GeoCodeResult[]> {
const b = bbox ?? BBox.global const b = bbox ?? BBox.global

2
src/Models/Constants.ts
View file

@ -107,7 +107,7 @@ export default class Constants {
public static defaultOverpassUrls = Constants.config.default_overpass_urls public static defaultOverpassUrls = Constants.config.default_overpass_urls
public static countryCoderEndpoint: string = Constants.config.country_coder_host public static countryCoderEndpoint: string = Constants.config.country_coder_host
public static osmAuthConfig: AuthConfig = Constants.config.oauth_credentials public static osmAuthConfig: AuthConfig = Constants.config.oauth_credentials
public static nominatimEndpoint: string = Constants.config.nominatimEndpoint
/** /**
* These are the values that are allowed to use as 'backdrop' icon for a map pin * These are the values that are allowed to use as 'backdrop' icon for a map pin
*/ */