forked from badges/shields
-
Notifications
You must be signed in to change notification settings - Fork 1
/
mozilla-observatory.service.js
128 lines (117 loc) · 3.25 KB
/
mozilla-observatory.service.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
'use strict'
const Joi = require('@hapi/joi')
const { BaseJsonService } = require('..')
const schema = Joi.object({
state: Joi.string()
.valid('ABORTED', 'FAILED', 'FINISHED', 'PENDING', 'STARTING', 'RUNNING')
.required(),
grade: Joi.alternatives()
.when('state', {
is: 'FINISHED',
then: Joi.string().regex(/^[ABCDEF][+-]?$/),
otherwise: Joi.only(null),
})
.required(),
score: Joi.alternatives()
.when('state', {
is: 'FINISHED',
then: Joi.number()
.integer()
.min(0)
.max(200),
otherwise: Joi.only(null),
})
.required(),
}).required()
const queryParamSchema = Joi.object({
publish: Joi.equal(''),
}).required()
const documentation = `
<p>
The <a href="https://observatory.mozilla.org">Mozilla HTTP Observatory</a>
is a set of tools to analyze your website
and inform you if you are utilizing the many available methods to secure it.
</p>
</p>
By default the scan result is hidden from the public result list.
You can activate the publication of the scan result
by setting the <code>publish</code> parameter.
<p>
<p>
The badge returns a cached site result if the site has been scanned anytime in the previous 24 hours.
If you need to force invalidating the cache,
you can to do it manually through the <a href="https://observatory.mozilla.org">Mozilla Observatory Website</a>
</p>
`
module.exports = class MozillaObservatory extends BaseJsonService {
static get category() {
// TODO: Once created, change to a more appropriate category,
// see https://github.com/badges/shields/pull/2926#issuecomment-460777017
return 'monitoring'
}
static get route() {
return {
base: 'mozilla-observatory',
pattern: ':format(grade|grade-score)/:host',
queryParamSchema,
}
}
static get examples() {
return [
{
title: 'Mozilla HTTP Observatory Grade',
namedParams: { format: 'grade', host: 'github.com' },
staticPreview: this.render({
format: 'grade',
state: 'FINISHED',
grade: 'A+',
score: 115,
}),
queryParams: { publish: null },
keywords: ['scanner', 'security'],
documentation,
},
]
}
static get defaultBadgeData() {
return {
label: 'observatory',
}
}
static render({ format, state, grade, score }) {
if (state !== 'FINISHED') {
return {
message: state.toLowerCase(),
color: 'lightgrey',
}
}
const letter = grade[0].toLowerCase()
const colorMap = {
a: 'brightgreen',
b: 'green',
c: 'yellow',
d: 'orange',
e: 'orange', // Handles legacy grade
f: 'red',
}
return {
message: format === 'grade' ? grade : `${grade} (${score}/100)`,
color: colorMap[letter],
}
}
async fetch({ host, publish }) {
return this._requestJson({
schema,
url: `https://http-observatory.security.mozilla.org/api/v1/analyze`,
options: {
method: 'POST',
qs: { host },
form: { hidden: !publish },
},
})
}
async handle({ format, host }, { publish }) {
const { state, grade, score } = await this.fetch({ host, publish })
return this.constructor.render({ format, state, grade, score })
}
}