Initial commit -- manageed txt files can be served based on URL

- Reducing cost by deploying on multi-routes (pending wrangler support)
- Explicit pathing required
- TODO: implement kbpgp support for signing / managing pgp

.gitignore

@@ -0,0 +1,4 @@
+wrangler.toml
+dist
+node_modules
+worker

.prettierrc

@@ -0,0 +1,7 @@
+{
+  "singleQuote": true,
+  "semi": false,
+  "trailingComma": "all",
+  "tabWidth": 2,
+  "printWidth": 80
+}

LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2020, Cloudflare, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

Makefile

@@ -0,0 +1,5 @@
+build:
+	wrangler build
+
+deploy:
+	wrangler publish

README.md

@@ -0,0 +1,18 @@
+# security.txt as a service -- Built on Cloudflare workers
+
+- In order to save cost, we will deploying this one worker on two routes.
+
+```
+/.well-known/security.txt
+/gpg/my-public-key.txt
+```
+
+Flow:
+
+- Get a security.txt
+- Get a PGP keypair
+  - Generate one?
+- Put the pubkey in a place
+  - Tell us where that place is
+- Sign the security.txt
+- Deploy

package.json

@@ -0,0 +1,22 @@
+{
+  "name": "securitytxt-worker",
+  "version": "1.0.0",
+  "description": "A worker to deploy security.txt onto your Cloudflare zone!",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/cloudflare/securitytxt-worker.git"
+  },
+  "author": "dhaynes@cloudflare.com",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/cloudflare/securitytxt-worker/issues"
+  },
+  "homepage": "https://github.com/cloudflare/securitytxt-worker#readme",
+  "dependencies": {
+    "raw-loader": "^4.0.0"
+  }
+}

src/index.js

@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) 2020, Cloudflare, Inc. All rights reserved.
+ * author: David Haynes <dhaynes@cloudflare.com>
+ */
+import pubKey from './txt/security-cloudflare-public-06A67236.txt'
+import securityTxt from './txt/security.txt'
+
+/**
+ * Ensure the correct txt file is returned.
+ * @param {string} url The url from the incoming request
+ */
+const handleRequest = async request => {
+  const { url } = request
+  if (url.includes('/.well-known/security.txt')) {
+    return new Response(securityTxt, {
+      headers: { 'content-type': 'text/plain' }, // security.txt
+    })
+  } else if (url.includes('/gpg/security-cloudflare-public-06A67236.txt')) {
+    return new Response(pubKey, {
+      headers: { 'content-type': 'text/plain' }, // GPG Public key
+    })
+  } else {
+    return fetch(request) // Pass to origin
+  }
+}
+
+// main()
+addEventListener('fetch', event => {
+  event.respondWith(handleRequest(event.request))
+})

src/txt/security-cloudflare-public-06A67236.txt

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFs5oLsBEADs+Ca9HjH6slhlBlFuvmBRxKJmsrJ95f50ZkgdBrO3YP2GiKn0
+X+ZkERZ8OXbEIQl1P+dPbm2jKYguF17Oz4pel4lFfTatiD6ZYAKjYGMr8gjdmWx+
+LZrME8U1OucJvypsqdlFapEAeGNq8rlZU9pvFahvKJhDAq/n1GrpCWBMBoKwFIdT
+Gy5f2rc4KfRiR2+/m4Rd4gNGRDyO6BOXU+iy3NysVyR1PCu23vyowfk7xuOii5uR
+EFvMt1Z6ioSCLzBPV7ub2eQaOT4NzeQ6OD9guoP08n9pdzC3ppqs4fsYy0GTAORL
+vPsZw6Fo4UAqSo7a5/Cp+ZrOncIrlNcR7vY3hCMePAEsSQAkWaJNfS/hUnloXCnz
+H/k4SxTaVOeAnt4wUtEwD6fW6zm0QAlh6+/LqIy81K0+yCwY7mh7mNjR/l1swi+o
+sWigWuIOiq6JVmQ5XoI04ytnOFaM13dgI7VbMZF/2XTVkH72oYUc+xlsuQEvUhJR
+r7MM4mlMx+c9Gult+waH0hKFIAH3V2WJ+8QQy+ZYyx0LoUdfMnxT74A9A5qJCRRM
+9/DoyXc3Ce+WXJK3P0cxCh/nQbN22dPEEtWEP0+9WHmXxNz/0XgP4YH+gy7qJ/dw
+AbrexMkScTa6yy1i4z7yi2/SYD/424XWGZksND26OIKqa3Y7aU3FdsPSrQARAQAB
+tDJDbG91ZGZsYXJlIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGNsb3VkZmxhcmUu
+Y29tPokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQQOe+8S
+5ZqrJUFq9KMiL96CBqZyNgUCXj22wwUJBO+BKAAKCRAiL96CBqZyNvbzD/45Knjb
+qhkyVgI0KQO9575PbO/pGJGWGX3TK43B9lsflCBz8W+KTkfTu/MU4UFvDBTlsKjF
+nEco/5CguoXJWFu4NrtaCG63l/OUGTBvRLl427OlrZmS0VLGK+oIJS2GY2METfOd
+tJYsG+niQ/PjoHbtFnGd5mH8jNNtwD9Gy1LwG520f6HKFqkb4Tz/nt4GyA9dbdBo
+z3AWsD2gbzKFRJS1twuCG65qvulAQt2KFq2qLOQKVYfmzlGHtQknIRAmS9RUa78u
+DY+v3qorDuz00RumB6sNcO7q60jJCqXA3jLa2uNys/EuT7zlmL4HFCiAAyNG7/Tt
+wG4p8cE7esflwVcwi8prLyXQSoGrdWQQyoyXOVIHJdsjB8Kg4mJpkKLKHgBmQYgh
+lSjesuqr4+phtzVDMtBMQLz5yh4gBXPK9tBs9CFklHAU/PZLApPNJ/Ed+qj4vQ/8
+Ty2/594kkw+en7uZKSTioIHtHP6GOTXyUHf97axC/YuBwGWSSpAV02HbiKoKivqJ
+5826/H9EhiNJfH2ASRL3Uup421sj60sqrHwW4hHr03pETfH2QY+SBTru2PTu78n7
+LF5okpC5UWBtzWiwEINKM+ppK13RFFHTwj0VptFEo3sEU4zpC73TD8UI9rWxgfuQ
+EmOxjrTYWOIypq/FKfxG/fKdcxTHSkAnvMIBjLkCDQRbOaC7ARAA2EBGm5WVbNZn
+c8W63aA4f+0kaLBdgiwBiHmGgqJXjlKKp0cieCKFjaMU3J7/E0ZvCTxe6eWjNVzB
+2ZGxRUoMgg7KLGqJqn3ZkOpR7YpPVM866WLFDoC2D0BfdBwyBzhll+9bAJB70oHA
+dvfW2KV4zv/66wB+8j6gn8130ap9FHaOEwj8ZrsdUKMTnTWB45T4aL2LODAdTmY/
+r3cdOl1qL1s0nl6+iHkrL/6bX80mkWASlY2iXIUOCRa4mn4vyzQTSo0A+REELam4
+vBMzW11CYCuLySakklN0nHfskr7TupGJvuekfG+ATUsU6iAc5cSawaJ8np/drPbi
+6uq5Xw4JDWUODDFlUKrXflwxs3y5GzUIx63TjONkRCh0BaCPIfNuvvWwiy7eTjkN
+NKdbuZ1n6G7XPyaG0LyFFw+4XGu2HbA7Mqf2SF9ZXQJX30YabwP1KINed6vpXUvB
+Dgz0vPX/lTRPVmjXCALXaHr1cMNLEGO5pYJJVML2agb4/ftyGvdbbpgv2BcqAK8H
+eVeeYnS72ugquvBz/ZLT18uEkvbcKuHFtwqOjsoJseshgwnQVldJiYyM1lyWG08D
+iVouS9uQw43gfNpoFsnes5YSHyzg/nAfweibza0KAJhXbg5o5jvF4e3e0MF2MG7O
+k9QKydo4WvabaeE6k392R0fnt4rxXE0AEQEAAYkCJQQYAQIADwUCWzmguwIbDAUJ
+AeEzgAAKCRAiL96CBqZyNiPyD/99aO97SEvlQhwr9qChyOJWh0B7NyhwqIGL+Mja
+jtTAZT85GQdEsj8kOli1A6uGhblKq2LUxrs7p6mHaHUo+vzeFXAZHujc7XanEpMt
+WBJLOwoGqflHNfNkpC4CTLNkkyT0nqHqgm5ScyeojeDW7YHXtCHK8joyhsqUKEub
+e/3agmIR3D/LqPD8YgzIxcihqs14yzJB6GQhGBX1hsQqNtfBN9+EBZpeH8/U7tIF
+Ds1gnqXy9WB6HjCQt1mEy22UDPUxDuM67007DWURNpN0Ers+GpRNzzNL7RBkBPZt
+6jHmTAQYXroAtWAqTNqt8Ro0i5ig6yGF79jNCokgj+NdNmvvLucebBybgj4LEfcW
+gnhmyUjN5Wy4xiQ7yPvwppdZVKkIrKAYG6C5euT7cAwCt8w1q3Kylh4mqiYZg61Q
+ddjQvi1uyMZ/XJHKIF5KUCBUXNKSPqJi847zTIdejqfvkrh4n1F8Vo1krmdwW17a
+RF4BqIRlQIBmK5Jqx9FBFLvx8Ju/Dkdk0/SrzbU2598rQjv31RxOl8CIlbeWocfX
+uAi8sUWyQtwN8tVxNPHdZkKZllXPtPbxYxk9KFcBQgkVT4qY5uPM9EUUGDa4YvIy
+VwcWegJ7L8dYqi/Zoge9mkQ53UTvbsnTL3IW0luA244t/m1cnwLPKB/4d/aCZkkc
+4EHv1w==
+=T5tL
+-----END PGP PUBLIC KEY BLOCK-----

src/txt/security.txt

@@ -0,0 +1,11 @@
+Contact: https://hackerone.com/cloudflare
+# If you'd like to encrypt, please do so within the the body of the message.
+Contact: mailto:security@cloudflare.com
+Contact: https://www.cloudflare.com/abuse/
+Preferred-Languages: en
+
+Encryption: https://www.cloudflare.com/pgp/security-at-cloudflare-pubkey-06A67236.txt
+Canonical: https://www.cloudflare.com/.well-known/security.txt
+
+Policy: https://www.cloudflare.com/disclosure
+Hiring: https://www.cloudflare.com/careers/departments/security

webpack.config.js

@@ -0,0 +1,23 @@
+const { EnvironmentPlugin } = require('webpack')
+const path = require('path')
+
+module.exports = {
+  entry: './src/index.js',
+  output: {
+    path: path.resolve(__dirname, 'dist'),
+    filename: 'index.js',
+  },
+  module: {
+    rules: [
+      {
+        test: /\.txt$/i,
+        use: 'raw-loader',
+      },
+    ],
+  },
+  plugins: [
+    new EnvironmentPlugin({
+      KEY: 'VALUE',
+    }),
+  ],
+}

wrangler.toml.template

@@ -0,0 +1,6 @@
+name = "securitytxt-worker"
+type = "webpack"
+account_id = ""
+zone_id = ""
+workers_dev = false
+route = "https://example.com/*"