diff --git a/lib/server/constants.ts b/lib/server/constants.ts new file mode 100644 index 0000000..f5a22e1 --- /dev/null +++ b/lib/server/constants.ts @@ -0,0 +1,126 @@ +import turndown from "turndown"; +export const ContentFilenameRegex = /\.(doc|docx|md|markdown)$/i; + +export const emailRegex: RegExp = + /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/; +export const usernameRegex: (uname: string) => RegExp = (uname: string) => + new RegExp("^" + uname.trim().replace(/\*/g, "\\*") + "$", "i"); +export const mammothTemplate = (doc, defaults, content) => { + return content.replace(/\n|\r\n|\r/gm, ""); +}; +export const sanitizeConf = { + allowedTags: [ + "address", + "article", + "aside", + "footer", + "header", + "h1", + "h2", + "h3", + "h4", + "h5", + "h6", + "hgroup", + "main", + "nav", + "section", + "blockquote", + "dd", + "div", + "dl", + "dt", + "figcaption", + "figure", + "hr", + "li", + "main", + "ol", + "p", + "pre", + "ul", + "a", + "abbr", + "b", + "bdi", + "bdo", + "br", + "cite", + "code", + "data", + "dfn", + "em", + "i", + "kbd", + "mark", + "q", + "rb", + "rp", + "rt", + "rtc", + "ruby", + "s", + "samp", + "small", + "span", + "strong", + "sub", + "sup", + "time", + "u", + "var", + "wbr", + "caption", + "col", + "colgroup", + "table", + "tbody", + "td", + "tfoot", + "th", + "thead", + "tr", + ], + disallowedTagsMode: "discard", + allowedAttributes: { + a: ["href", "name", "target"], + // We don't currently allow img itself by default, but this + // would make sense if we did. You could add srcset here, + // and if you do the URL is checked for safety + img: ["src"], + }, + // Lots of these won't come up by default because we don't allow them + selfClosing: [ + "img", + "br", + "hr", + "area", + "base", + "basefont", + "input", + "link", + "meta", + ], + // URL schemes we permit + allowedSchemes: ["http", "https", "ftp", "mailto", "tel"], + allowedSchemesAppliedToAttributes: ["href", "src", "cite"], + allowProtocolRelative: true, + enforceHtmlBoundary: false, + allowedSchemesByTag: { + img: ["data"], + }, +}; + +export const messages = { + [403]: "Forbidden", + [401]: "Authorization required", + [404]: "Not found", +}; + +export const apiRoot = "http://127.0.0.1:4567/api"; +export const h2m = new turndown({ + hr: "---", + codeBlockStyle: "fenced", + emDelimiter: "*", + bulletListMarker: "+", +});