more memory efficient CSP templates

lovasoa · lovasoa · commit 94a56bf5b950 · 2025-05-06T22:47:00.000+02:00
diff --git a/src/webserver/content_security_policy.rs b/src/webserver/content_security_policy.rs
@@ -1,19 +1,14 @@
-use actix_web::http::header::{
-    HeaderName, HeaderValue, TryIntoHeaderPair, CONTENT_SECURITY_POLICY,
-};
+use actix_web::http::header::CONTENT_SECURITY_POLICY;
 use actix_web::HttpResponseBuilder;
-use awc::http::header::InvalidHeaderValue;
 use rand::random;
 use serde::Deserialize;
-use std::fmt::{Display, Formatter};
-use std::sync::Arc;
 
 pub const DEFAULT_CONTENT_SECURITY_POLICY: &str = "script-src 'self' 'nonce-{NONCE}'";
+pub const NONCE_PLACEHOLDER: &str = "{NONCE}";
 
 #[derive(Debug, Clone)]
 pub struct ContentSecurityPolicy {
     pub nonce: u64,
-    template: ContentSecurityPolicyTemplate,
 }
 
 /// A template for the Content Security Policy header.
@@ -22,8 +17,28 @@ pub struct ContentSecurityPolicy {
 /// This struct is cheap to clone.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ContentSecurityPolicyTemplate {
-    pub before_nonce: Arc<str>,
-    pub after_nonce: Option<Arc<str>>,
+    pub template: String,
+    pub nonce_position: Option<usize>,
+}
+
+impl ContentSecurityPolicyTemplate {
+    #[must_use]
+    pub fn is_enabled(&self) -> bool {
+        self.nonce_position.is_some()
+    }
+
+    fn format_nonce(&self, nonce: u64) -> String {
+        if let Some(pos) = self.nonce_position {
+            format!(
+                "{}{}{}",
+                &self.template[..pos],
+                nonce,
+                &self.template[pos + NONCE_PLACEHOLDER.len()..]
+            )
+        } else {
+            self.template.clone()
+        }
+    }
 }
 
 impl Default for ContentSecurityPolicyTemplate {
@@ -34,16 +49,10 @@ impl Default for ContentSecurityPolicyTemplate {
 
 impl From<&str> for ContentSecurityPolicyTemplate {
     fn from(s: &str) -> Self {
-        if let Some((before, after)) = s.split_once("{NONCE}") {
-            Self {
-                before_nonce: Arc::from(before),
-                after_nonce: Some(Arc::from(after)),
-            }
-        } else {
-            Self {
-                before_nonce: Arc::from(s),
-                after_nonce: None,
-            }
+        let nonce_position = s.find(NONCE_PLACEHOLDER);
+        Self {
+            template: s.to_owned(),
+            nonce_position,
         }
     }
 }
@@ -60,44 +69,19 @@ impl<'de> Deserialize<'de> for ContentSecurityPolicyTemplate {
 
 impl ContentSecurityPolicy {
     #[must_use]
-    pub fn new(template: ContentSecurityPolicyTemplate) -> Self {
-        Self {
-            nonce: random(),
-            template,
-        }
+    pub fn with_random_nonce() -> Self {
+        Self { nonce: random() }
     }
 
-    pub fn apply_to_response(&self, response: &mut HttpResponseBuilder) {
-        if self.is_enabled() {
-            response.insert_header(self);
+    pub fn apply_to_response(
+        &self,
+        template: &ContentSecurityPolicyTemplate,
+        response: &mut HttpResponseBuilder,
+    ) {
+        if template.is_enabled() {
+            response.insert_header((CONTENT_SECURITY_POLICY, template.format_nonce(self.nonce)));
         }
     }
-
-    fn is_enabled(&self) -> bool {
-        !self.template.before_nonce.is_empty() || self.template.after_nonce.is_some()
-    }
-}
-
-impl Display for ContentSecurityPolicy {
-    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
-        let before = self.template.before_nonce.as_ref();
-        if let Some(after) = &self.template.after_nonce {
-            let nonce = self.nonce;
-            write!(f, "{before}{nonce}{after}")
-        } else {
-            write!(f, "{before}")
-        }
-    }
-}
-impl TryIntoHeaderPair for &ContentSecurityPolicy {
-    type Error = InvalidHeaderValue;
-
-    fn try_into_pair(self) -> Result<(HeaderName, HeaderValue), Self::Error> {
-        Ok((
-            CONTENT_SECURITY_POLICY,
-            HeaderValue::from_maybe_shared(self.to_string())?,
-        ))
-    }
 }
 
 #[cfg(test)]
@@ -109,12 +93,12 @@ mod tests {
         let template = ContentSecurityPolicyTemplate::from(
             "script-src 'self' 'nonce-{NONCE}' 'unsafe-inline'",
         );
-        let csp = ContentSecurityPolicy::new(template.clone());
-        let csp_str = csp.to_string();
+        let csp = ContentSecurityPolicy::with_random_nonce();
+        let csp_str = template.format_nonce(csp.nonce);
         assert!(csp_str.starts_with("script-src 'self' 'nonce-"));
         assert!(csp_str.ends_with("' 'unsafe-inline'"));
-        let second_csp = ContentSecurityPolicy::new(template);
-        let second_csp_str = second_csp.to_string();
+        let second_csp = ContentSecurityPolicy::with_random_nonce();
+        let second_csp_str = template.format_nonce(second_csp.nonce);
         assert_ne!(
             csp_str, second_csp_str,
             "We should not generate the same nonce twice"
