From 0f057ffa84f2f627690d99326b6c824fda03c11d Mon Sep 17 00:00:00 2001
From: Peter Pfeufer <info@ppfeufer.de>
Date: Thu, 2 Jan 2025 16:54:37 +0100
Subject: [PATCH] [ADD] `django-sri` to provide integrity hashes for local
 static files

---
 .../project_template/project_name/settings/base.py         | 2 ++
 allianceauth/templates/bundles/auth-base-css.html          | 4 ++--
 allianceauth/templates/bundles/auth-framework-css.html     | 4 ++--
 allianceauth/templates/bundles/bootstrap-css.html          | 6 ++++--
 allianceauth/templates/bundles/checkbox-css.html           | 4 ++--
 allianceauth/templates/bundles/evetime-js.html             | 4 ++--
 allianceauth/templates/bundles/filterdropdown-js.html      | 4 ++--
 allianceauth/templates/bundles/jquery-ui-css.html          | 7 ++++---
 .../templates/bundles/refresh-notification-icon-js.html    | 4 ++--
 .../templates/bundles/refresh-notifications-js.html        | 4 ++--
 allianceauth/templates/bundles/timerboard-js.html          | 4 ++--
 allianceauth/templates/bundles/timers-js.html              | 4 ++--
 pyproject.toml                                             | 1 +
 13 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/allianceauth/project_template/project_name/settings/base.py b/allianceauth/project_template/project_name/settings/base.py
index fb18e4de..9e8d6957 100644
--- a/allianceauth/project_template/project_name/settings/base.py
+++ b/allianceauth/project_template/project_name/settings/base.py
@@ -43,8 +43,10 @@ INSTALLED_APPS = [
     'allianceauth.theme.flatly',
     'allianceauth.theme.materia',
     "allianceauth.custom_css",
+    'sri',
 ]
 
+SRI_ALGORITHM = "sha512"
 SECRET_KEY = "wow I'm a really bad default secret key"
 
 # Celery configuration
diff --git a/allianceauth/templates/bundles/auth-base-css.html b/allianceauth/templates/bundles/auth-base-css.html
index 0ee2e7ce..ce7b4373 100644
--- a/allianceauth/templates/bundles/auth-base-css.html
+++ b/allianceauth/templates/bundles/auth-base-css.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<link href="{% static 'allianceauth/css/auth-base.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/css/auth-base.css' %}
diff --git a/allianceauth/templates/bundles/auth-framework-css.html b/allianceauth/templates/bundles/auth-framework-css.html
index 9f1c038a..1722377a 100644
--- a/allianceauth/templates/bundles/auth-framework-css.html
+++ b/allianceauth/templates/bundles/auth-framework-css.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<link href="{% static 'allianceauth/framework/css/auth-framework.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/framework/css/auth-framework.css' %}
diff --git a/allianceauth/templates/bundles/bootstrap-css.html b/allianceauth/templates/bundles/bootstrap-css.html
index bed760ba..88147119 100644
--- a/allianceauth/templates/bundles/bootstrap-css.html
+++ b/allianceauth/templates/bundles/bootstrap-css.html
@@ -1,4 +1,6 @@
 {% load static %}
+{% load sri %}
+
 <!-- Bootstrap CSS -->
 {% if NIGHT_MODE %}
     {% if debug %}
@@ -6,7 +8,7 @@
         <link rel="stylesheet/less" href="{% static 'allianceauth/css/themes/darkly/darkly.less' %}">
         <script src='https://cdnjs.cloudflare.com/ajax/libs/less.js/4.1.3/less.min.js' integrity='sha512-6gUGqd/zBCrEKbJqPI7iINc61jlOfH5A+SluY15IkNO1o4qP1DEYjQBewTB4l0U4ihXZdupg8Mb77VxqE+37dg==' crossorigin='anonymous' referrerpolicy="no-referrer"></script>
     {% else %}
-        <link rel="stylesheet" href="{% static 'allianceauth/css/themes/darkly/darkly.min.css' %}">
+        {% sri_static 'allianceauth/css/themes/darkly/darkly.min.css' %}
     {% endif %}
 {% else %}
     {% if debug %}
@@ -14,7 +16,7 @@
         <link rel="stylesheet/less" href="{% static 'allianceauth/css/themes/flatly/flatly.less' %}">
         <script src='https://cdnjs.cloudflare.com/ajax/libs/less.js/4.1.3/less.min.js' integrity='sha512-6gUGqd/zBCrEKbJqPI7iINc61jlOfH5A+SluY15IkNO1o4qP1DEYjQBewTB4l0U4ihXZdupg8Mb77VxqE+37dg==' crossorigin='anonymous' referrerpolicy="no-referrer"></script>
     {% else %}
-        <link rel="stylesheet" href="{% static 'allianceauth/css/themes/flatly/flatly.min.css' %}">
+        {% sri_static 'allianceauth/css/themes/flatly/flatly.min.css' %}
     {% endif %}
 {% endif %}
 <!-- End Bootstrap CSS -->
diff --git a/allianceauth/templates/bundles/checkbox-css.html b/allianceauth/templates/bundles/checkbox-css.html
index f400d36c..1f2cc08e 100644
--- a/allianceauth/templates/bundles/checkbox-css.html
+++ b/allianceauth/templates/bundles/checkbox-css.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<link href="{% static 'allianceauth/css/checkbox.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/css/checkbox.css' %}
diff --git a/allianceauth/templates/bundles/evetime-js.html b/allianceauth/templates/bundles/evetime-js.html
index 63b712c3..6611516e 100644
--- a/allianceauth/templates/bundles/evetime-js.html
+++ b/allianceauth/templates/bundles/evetime-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/eve-time.js' %}"></script>
+{% sri_static 'allianceauth/js/eve-time.js' %}
diff --git a/allianceauth/templates/bundles/filterdropdown-js.html b/allianceauth/templates/bundles/filterdropdown-js.html
index 677fa536..41a0e3bd 100644
--- a/allianceauth/templates/bundles/filterdropdown-js.html
+++ b/allianceauth/templates/bundles/filterdropdown-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/filterDropDown/filterDropDown.min.js' %}"></script>
+{% sri_static 'allianceauth/js/filterDropDown/filterDropDown.min.js' %}
diff --git a/allianceauth/templates/bundles/jquery-ui-css.html b/allianceauth/templates/bundles/jquery-ui-css.html
index 3bf4d1a3..9177c19e 100644
--- a/allianceauth/templates/bundles/jquery-ui-css.html
+++ b/allianceauth/templates/bundles/jquery-ui-css.html
@@ -1,5 +1,6 @@
-{% load static %}
 <!-- Start jQuery UI CSS from Alliance Auth -->
-<!-- CDNs all contain theme.css, which is not supposed to be in the base CSS, Which is why this is uniquely bundled in not using a CDN -->
-<link rel="stylesheet" href="{% static 'allianceauth/js/jquery-ui/1.13.2/css/jquery-ui.min.css' %}" integrity="VEqAhOZvZrx/WaxlpMoLvZDSLeLNYhkL5LU2R4/ihPJb/+qkGoMrA15SqEGtI+PCLgKwCDiby7tgdvdiAZkJGg==" crossorigin="anonymous" referrerpolicy="no-referrer">
+<!-- CDNs all contain theme.css, which is not supposed to be in the base CSS, which is why this is uniquely bundled in not using a CDN -->
+{% load sri %}
+
+{% sri_static 'allianceauth/js/jquery-ui/1.13.2/css/jquery-ui.min.css' %}
 <!-- End jQuery UI CSS from aa-gdpr -->
diff --git a/allianceauth/templates/bundles/refresh-notification-icon-js.html b/allianceauth/templates/bundles/refresh-notification-icon-js.html
index 88f3d16f..69cc53b8 100644
--- a/allianceauth/templates/bundles/refresh-notification-icon-js.html
+++ b/allianceauth/templates/bundles/refresh-notification-icon-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/refresh-notification-icon.js' %}"></script>
+{% sri_static 'allianceauth/js/refresh-notification-icon.js' %}
diff --git a/allianceauth/templates/bundles/refresh-notifications-js.html b/allianceauth/templates/bundles/refresh-notifications-js.html
index 27622b3e..50b5e8f4 100644
--- a/allianceauth/templates/bundles/refresh-notifications-js.html
+++ b/allianceauth/templates/bundles/refresh-notifications-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/refresh_notifications.js' %}"></script>
+{% sri_static 'allianceauth/js/refresh_notifications.js' %}
diff --git a/allianceauth/templates/bundles/timerboard-js.html b/allianceauth/templates/bundles/timerboard-js.html
index 8cf6f353..8bad97d9 100644
--- a/allianceauth/templates/bundles/timerboard-js.html
+++ b/allianceauth/templates/bundles/timerboard-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/timerboard.js' %}"></script>
+{% sri_static 'allianceauth/js/timerboard.js' %}
diff --git a/allianceauth/templates/bundles/timers-js.html b/allianceauth/templates/bundles/timers-js.html
index b9690202..a570a10d 100644
--- a/allianceauth/templates/bundles/timers-js.html
+++ b/allianceauth/templates/bundles/timers-js.html
@@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}
 
-<script src="{% static 'allianceauth/js/timers.js' %}"></script>
+{% sri_static 'allianceauth/js/timers.js' %}
diff --git a/pyproject.toml b/pyproject.toml
index 35edbe64..3ed04b9c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -52,6 +52,7 @@ dependencies = [
     "django-registration<3.4,>=3.3",
     "django-solo",
     "django-sortedm2m",
+    "django-sri",
     "dnspython",
     "mysqlclient>=2.1",
     "openfire-restapi",