From 7e8c32d77723cf29d69e3d67250fa51048a0540a Mon Sep 17 00:00:00 2001 From: Thomas Burkhalter Date: Fri, 24 Feb 2023 11:44:43 +0100 Subject: [PATCH] Add /.well-known/security.txt handling --- Gemfile.lock | 2 +- app/controllers/wellknown_controller.rb | 36 ++++++++++++++++++++++ config/routes.rb | 2 ++ lib/tenant_files/dialogluzern/security.txt | 8 +++++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 app/controllers/wellknown_controller.rb create mode 100644 lib/tenant_files/dialogluzern/security.txt diff --git a/Gemfile.lock b/Gemfile.lock index 418d787..5c8d419 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -935,4 +935,4 @@ RUBY VERSION ruby 2.7.2p137 BUNDLED WITH - 2.3.22 + 2.3.23 diff --git a/app/controllers/wellknown_controller.rb b/app/controllers/wellknown_controller.rb new file mode 100644 index 0000000..72d8f9a --- /dev/null +++ b/app/controllers/wellknown_controller.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +# Copyright (c) 2006-2023, Puzzle ITC GmbH. This file is part of +# PuzzleTime and licensed under the Affero General Public License version 3 +# or later. See the COPYING file at the top-level directory or at +# https://github.com/puzzle/puzzletime. + +# Handles actions on the /.well-known path +class WellknownController < ApplicationController + def security + file = file_for(tenant) || not_found + render plain: file.read + end + + private + + def organization + Decidim::Organization.find_by(host: request.domain) + end + + def tenant + tenant = organization.tenant_type || 'other' + tenant.to_sym + end + + def file_for(tenant) + path = Rails.root.join("lib/tenant_files/#{tenant}/security.txt") + return unless path.exist? + + path + end + + def not_found + raise ActionController::RoutingError, 'Not Found' + end +end diff --git a/config/routes.rb b/config/routes.rb index b82991b..8846a52 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,6 +6,8 @@ mount Decidim::Core::Engine => '/' # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html + get '.well-known/security.txt', to: 'wellknown#security' + get 'status/health', to: 'status#health' get 'status/readiness', to: 'status#readiness' end diff --git a/lib/tenant_files/dialogluzern/security.txt b/lib/tenant_files/dialogluzern/security.txt new file mode 100644 index 0000000..58e54fd --- /dev/null +++ b/lib/tenant_files/dialogluzern/security.txt @@ -0,0 +1,8 @@ +# In the event that you have discovered a technical vulnerability in an IT system of the city of Lucerne (Stadt Luzern), +# we encourage you to report it to the Competence Center for Digital Security and Privacy using the Coordinated Vulnerability Disclosure program. + +Contact: https://www.stadtluzern.ch/politikverwaltung/stadtverwaltung/dienstabteilungenbereiche/33551 +Contact: mailto:security@stadtluzern.ch +Expires: 2023-12-31T23:59:59.000Z +Preferred-Languages: en, de +Canonical: https://www.stadtluzern.ch/.well-known/security.txt \ No newline at end of file