blurts-server/routes/email-l10n.js

'use strict'
const express = require('express')
const helmet = require('helmet')
const { getEmailMockup, sendTestEmail, notFound } = require('../controllers/email-l10n')
const { requireAdminUser } = require('../middleware')
const csrf = require('csurf')

const csrfProtection = csrf()
const router = express.Router()
const cspUnsafeInline = {
  directives: {
    defaultSrc: ["'self'"],
    scriptSrc: ["'self'"],
    styleSrc: ["'self'", "'unsafe-inline'"],
    imgSrc: ["'self'", 'https://monitor.cdn.mozilla.net/'],
    objectSrc: ["'none'"],
    formAction: ["'self'"]
  }
}

// Route needs unsafe-inline because inline styles are required as best-practice for HTML email styling.
// Route requires admin user and is not enabled for production.
router.get('/', requireAdminUser, csrfProtection, helmet.contentSecurityPolicy(cspUnsafeInline), getEmailMockup)
router.post('/send-test-email', express.urlencoded({ extended: false }), csrfProtection, requireAdminUser, sendTestEmail)
router.use(notFound)

module.exports = router
Set up route/templates for testing l10n in email templates 2018-11-02 19:15:27 +03:00			`'use strict'`
			`const express = require('express')`
add 2022 email view and preview/send functionality 2022-08-19 06:15:54 +03:00			`const helmet = require('helmet')`
refactor email-l10n preview 2022-09-15 09:19:08 +03:00			`const { getEmailMockup, sendTestEmail, notFound } = require('../controllers/email-l10n')`
add 2022 email view and preview/send functionality 2022-08-19 06:15:54 +03:00			`const { requireAdminUser } = require('../middleware')`
			`const csrf = require('csurf')`

			`const csrfProtection = csrf()`
Set up route/templates for testing l10n in email templates 2018-11-02 19:15:27 +03:00			`const router = express.Router()`
add 2022 email view and preview/send functionality 2022-08-19 06:15:54 +03:00			`const cspUnsafeInline = {`
			`directives: {`
refactor email-l10n preview 2022-09-15 09:19:08 +03:00			`defaultSrc: ["'self'"],`
			`scriptSrc: ["'self'"],`
			`styleSrc: ["'self'", "'unsafe-inline'"],`
			`imgSrc: ["'self'", 'https://monitor.cdn.mozilla.net/'],`
add CSP object directive for email-l10n route 2022-10-04 06:56:12 +03:00			`objectSrc: ["'none'"],`
refactor email-l10n preview 2022-09-15 09:19:08 +03:00			`formAction: ["'self'"]`
add 2022 email view and preview/send functionality 2022-08-19 06:15:54 +03:00			`}`
			`}`
Set up route/templates for testing l10n in email templates 2018-11-02 19:15:27 +03:00
refactor email-l10n preview 2022-09-15 09:19:08 +03:00			`// Route needs unsafe-inline because inline styles are required as best-practice for HTML email styling.`
			`// Route requires admin user and is not enabled for production.`
			`router.get('/', requireAdminUser, csrfProtection, helmet.contentSecurityPolicy(cspUnsafeInline), getEmailMockup)`
			`router.post('/send-test-email', express.urlencoded({ extended: false }), csrfProtection, requireAdminUser, sendTestEmail)`
Review Updates 2018-11-03 00:21:08 +03:00			`router.use(notFound)`
Set up route/templates for testing l10n in email templates 2018-11-02 19:15:27 +03:00
			`module.exports = router`