Made infrastructure to ensure private data is not leaked to client

2023-08-11 13:52:10 +02:00
parent 8660345bf6
commit 22545e46bb
7 changed files with 232 additions and 29 deletions
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -0,0 +1,24 @@
+import { dev } from "$app/environment";
+import { clientConfig, stripPrivateFields, type Config } from "$lib/config";
+import type { Handle } from "@sveltejs/kit";
+import { readFile } from 'fs';
+import * as yml from 'js-yaml';
+
+async function reloadConfig(): Promise<Config> {
+	try {
+		const dynamic = yml.load(await readFile('/dynamic/config.yml', 'utf8'));
+		return stripPrivateFields({ ...clientConfig, ...dynamic });
+	} catch (err) {
+		return clientConfig;
+	}
+
+}
+
+export const handle: Handle = async ({ event, resolve }) => {
+	if ( dev == false ) {
+		Object.assign(event.locals,{config: await reloadConfig()});
+	}
+
+	const response = await resolve(event);
+	return response;
+}