feat: minify and transpile the JS code #31

csrfguard-test/csrfguard-test-jsp/pom.xml

@@ -50,7 +50,7 @@
 
  <profiles>
  <profile>
- <id>deploy-jsp-webapp</id>
+ <id>run-jsp-webapp</id>
  <properties>
  <skip.run.webapp>false</skip.run.webapp>
  </properties>

csrfguard-test/csrfguard-test-jsp/src/main/webapp/WEB-INF/classes/Owasp.CsrfGuard.properties

@@ -332,7 +332,7 @@ org.owasp.csrfguard.Config.Print = true
 
 # This property denotes the location of the JavaScript template file that should be consumed and dynamically
 # augmented by the JavaScriptServlet class.
-# If it's left blank, and it's not configured in the web.xml either, it defaults to META-INF/csrfguard.js.
+# If it's left blank, and it's not configured in the web.xml either, it defaults to META-INF/csrfguard.min.js.
 # Use of this property and the existence of the specified template file is required.
 org.owasp.csrfguard.JavascriptServlet.sourceFile =
 

csrfguard/pom.xml

@@ -41,6 +41,59 @@
  <name>OWASP CSRFGuard</name>
  <description>OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.</description>
 
+ <profiles>
+ <profile>
+ <id>minify-js</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <skip.minify-js>false</skip.minify-js>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <configuration>
+ <workingDirectory>${project.basedir}/src/main/resources</workingDirectory>
+ </configuration>
+ <executions>
+ <execution>
+ <id>npm-install</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <executable>npm</executable>
+ <arguments>
+ <argument>install</argument>
+ </arguments>
+ <skip>${skip.minify-js}</skip>
+ </configuration>
+ </execution>
+ <execution>
+ <id>run-webpack</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
+ <configuration>
+ <executable>npx</executable>
+ <arguments>
+ <argument>webpack</argument>
+ </arguments>
+ <skip>${skip.minify-js}</skip>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
  <dependencies>
  <dependency>
  <groupId>javax.servlet</groupId>
@@ -96,13 +149,28 @@
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-surefire-plugin</artifactId>
  </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-clean-plugin</artifactId>
+ <configuration>
+ <filesets>
+ <fileset>
+ <directory>src/main/resources</directory>
+ <includes>
+ <include>node_modules/**</include>
+ </includes>
+ </fileset>
+ </filesets>
+ </configuration>
+ </plugin>
  </plugins>
  <resources>
  <resource>
  <directory>src/main/resources</directory>
  <filtering>true</filtering>
  <includes>
  <include>csrfguard.js</include>
+ <include>csrfguard.min.js</include>
  <include>csrfguard.tld</include>
  <include>license.txt</include>
  <include>csrfguard.properties</include>

csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java

@@ -573,7 +573,7 @@ private static String retrieveJavaScriptTemplateCode(ServletConfig servletConfig
  String result = null;
 
  if (StringUtils.isBlank(jsSourceFileLocation)) {
- result = CsrfGuardUtils.readResourceFileContent("META-INF/csrfguard.js");
+ result = CsrfGuardUtils.readResourceFileContent("META-INF/csrfguard.min.js");
  } else if (jsSourceFileLocation.startsWith("META-INF/")) {
  result = CsrfGuardUtils.readResourceFileContent(jsSourceFileLocation);
  } else if (jsSourceFileLocation.startsWith("classpath:")) {

csrfguard/src/main/resources/.babelrc

@@ -0,0 +1,14 @@
+{
+ "presets": [
+ [
+ "@babel/preset-env",
+ {
+ "targets": {
+ "esmodules": false,
+ "browsers": ["> 0.25%", "not dead"]
+ }
+ }
+ ]
+ ],
+ "plugins": ["transform-remove-console"]
+}

csrfguard/src/main/resources/.gitignore

@@ -0,0 +1 @@
+node_modules/**

csrfguard/src/main/resources/csrfguard.js

@@ -379,12 +379,12 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
  hidden.setAttribute('value', value);
 
  form.appendChild(hidden);
- //console.debug('Hidden input element [', hidden, '] was added to the form: ', form);
+ console.debug('Hidden input element [', hidden, '] was added to the form: ', form);
  } else {
  hiddenTokenFields.forEach(function (i) {
  return form.elements[i].value = value;
  });
- //console.debug('Hidden token fields [', hiddenTokenFields, '] of form [', form, '] were updated with new token value: ', value);
+ console.debug('Hidden token fields [', hiddenTokenFields, '] of form [', form, '] were updated with new token value: ', value);
  }
  }
  }
@@ -429,7 +429,7 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
 
  try {
  element.setAttribute(attr, newLocation);
- //console.debug('Attribute [', attr, '] with value [', newLocation, '] set for element: ', element);
+ console.debug('Attribute [', attr, '] with value [', newLocation, '] set for element: ', element);
  } catch (e) {
  // attempted to set/update unsupported attribute
  }
@@ -440,7 +440,7 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
  });
 
  element.setAttribute(attr, newLocation);
- //console.debug('Attribute [', attr, '] with value [', newLocation, '] set for element: ', element);
+ console.debug('Attribute [', attr, '] with value [', newLocation, '] set for element: ', element);
  }
  }
  }
@@ -550,7 +550,7 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
  if (xhr.readyState === 4) {
  if (xhr.status === 200) {
  let pageTokens = JSON.parse(xhr.responseText)['pageTokens'];
- //console.debug('Received page tokens: ', pageTokens);
+ console.debug('Received page tokens: ', pageTokens);
  callback.call(this, pageTokens);
  } else {
  alert(xhr.status + ': CSRF check failed');
@@ -604,7 +604,7 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
  if (isValidDomain(document.domain, target)) {
  var tokenName = '%TOKEN_NAME%';
  var masterTokenValue = '%TOKEN_VALUE%';
- //console.debug('Master token [' + tokenName + ']: ', masterTokenValue);
+ console.debug('Master token [' + tokenName + ']: ', masterTokenValue);
 
  var isLoadedWrapper = {isDomContentLoaded: false};
 
@@ -643,15 +643,15 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
  let newMasterToken = tokenTO['masterToken'];
  if (newMasterToken !== undefined) {
  masterTokenValue = newMasterToken;
- //console.debug('New master token value received: ', masterTokenValue);
+ console.debug('New master token value received: ', masterTokenValue);
  }
 
  let newPageTokens = tokenTO['pageTokens'];
  if (newPageTokens !== undefined) {
  Object.keys(newPageTokens).forEach(function (key) {
  return pageTokenWrapper.pageTokens[key] = newPageTokens[key];
  });
- //console.debug('New page token value(s) received: ', newPageTokens);
+ console.debug('New page token value(s) received: ', newPageTokens);
  }
 
  injectTokens(tokenName, masterTokenValue, pageTokenWrapper.pageTokens);

csrfguard/src/main/resources/csrfguard.properties

@@ -332,7 +332,7 @@ org.owasp.csrfguard.Config.Print = true
 
 # This property denotes the location of the JavaScript template file that should be consumed and dynamically
 # augmented by the JavaScriptServlet class.
-# If it's left blank, and it's not configured in the web.xml either, it defaults to META-INF/csrfguard.js.
+# If it's left blank, and it's not configured in the web.xml either, it defaults to META-INF/csrfguard.min.js.
 # Use of this property and the existence of the specified template file is required.
 org.owasp.csrfguard.JavascriptServlet.sourceFile =