4 files changed, 152 insertions, 33 deletions

diff --git a/common/indexeddb.js b/common/indexeddb.js
index 096391a..e54d1ca 100644
--- a/common/indexeddb.js
+++ b/common/indexeddb.js
@@ -62,7 +62,8 @@ const stores = 	[
     ["files",     {keyPath: "hash_key"}],
     ["file_uses", {keyPath: "hash_key"}],
     ["resources", {keyPath: "identifier"}],
-    ["mappings",  {keyPath: "identifier"}]
+    ["mappings",  {keyPath: "identifier"}],
+    ["settings",  {keyPath: "name"}]
 ];
 
 let db = null;
@@ -207,7 +208,7 @@ async function incr_file_uses(context, file_ref, by=1)
 
 const decr_file_uses = (ctx, file_ref) => incr_file_uses(ctx, file_ref, -1);
 
-async function finalize_items_transaction(context)
+async function finalize_transaction(context)
 {
     for (const uses of Object.values(context.file_uses)) {
 	if (uses.uses < 0)
@@ -248,7 +249,7 @@ async function finalize_items_transaction(context)
 
     return context.result;
 }
-#EXPORT finalize_items_transaction
+#EXPORT finalize_transaction
 
 /*
  * How a sample data argument to the function below might look like:
@@ -304,7 +305,7 @@ async function _save_items(resources, mappings, context)
     for (const item of resources.concat(mappings))
 	await save_item(item, context);
 
-    await finalize_items_transaction(context);
+    await finalize_transaction(context);
 }
 
 /*
@@ -314,9 +315,9 @@ async function _save_items(resources, mappings, context)
  * object with keys being of the form `sha256-<file's-sha256-sum>`.
  *
  * context should be one returned from start_items_transaction() and should be
- * later passed to finalize_items_transaction() so that files depended on are
- * added to IndexedDB and files that are no longer depended on after this
- * operation are removed from IndexedDB.
+ * later passed to finalize_transaction() so that files depended on are added to
+ * IndexedDB and files that are no longer depended on after this operation are
+ * removed from IndexedDB.
  */
 async function save_item(item, context)
 {
@@ -346,9 +347,9 @@ async function _remove_item(store_name, identifier, context)
  * Remove definition of a resource/mapping from IndexedDB.
  *
  * context should be one returned from start_items_transaction() and should be
- * later passed to finalize_items_transaction() so that files depended on are
- * added to IndexedDB and files that are no longer depended on after this
- * operation are removed from IndexedDB.
+ * later passed to finalize_transaction() so that files depended on are added to
+ * IndexedDB and files that are no longer depended on after this operation are
+ * removed from IndexedDB.
  */
 async function remove_item(store_name, identifier, context)
 {
@@ -363,26 +364,49 @@ const remove_resource = (id, ctx) => remove_item("resources", id, ctx);
 const remove_mapping = (id, ctx) => remove_item("mappings",  id, ctx);
 #EXPORT remove_mapping
 
+/* A simplified kind of transaction for modifying just the "settings" store. */
+async function start_settings_transaction()
+{
+    const db = await get_db();
+    return make_context(db.transaction("settings", "readwrite"), {});
+}
+
+async function set_setting(name, value)
+{
+    const context = await start_settings_transaction();
+    broadcast.prepare(context.sender, `idb_changes_settings`, name);
+    await idb_put(context.transaction, "settings", {name, value});
+    return finalize_transaction(context);
+}
+#EXPORT set_setting
+
+async function get_setting(name)
+{
+    const transaction = (await get_db()).transaction("settings");
+    return ((await idb_get(transaction, "settings", name)) || {}).value;
+}
+#EXPORT get_setting
+
 /* Callback used when listening to broadcasts while tracking db changes. */
-async function track_change(tracking, identifier)
+async function track_change(tracking, key)
 {
     const transaction = (await get_db()).transaction([tracking.store_name]);
-    const new_val = await idb_get(transaction, tracking.store_name, identifier);
+    const new_val = await idb_get(transaction, tracking.store_name, key);
 
-    tracking.onchange({identifier, new_val});
+    tracking.onchange({key, new_val});
 }
 
 /*
  * Monitor changes to `store_name` IndexedDB object store.
  *
- * `store_name` should be either "resources" or "mappings".
+ * `store_name` should be either "resources", "mappings" or "settings".
  *
  * `onchange` should be a callback that will be called when an item is added,
  * modified or removed from the store. The callback will be passed an object
  * representing the change as its first argument. This object will have the
  * form:
  * {
- *     identifier: "the identifier of modified resource/mapping",
+ *     key: "the identifier of modified resource/mapping or settings key",
  *     new_val: undefined // `undefined` if item removed, item object otherwise
  * }
  *
@@ -395,7 +419,7 @@ async function track_change(tracking, identifier)
  * actually modified or that it only gets called once after multiple quick
  * changes to an item.
  */
-async function track(store_name, onchange)
+async function start_tracking(store_name, onchange)
 {
     const tracking = {store_name, onchange};
     tracking.listener =
@@ -408,12 +432,10 @@ async function track(store_name, onchange)
     return [tracking, (await wait_request(all_req)).target.result];
 }
 
-const track_resources = onchange => track("resources", onchange);
-#EXPORT track_resources
-
-const track_mappings = onchange => track("mappings",  onchange);
-#EXPORT track_mappings
+const track = {};
+for (const store_name of ["resources", "mappings", "settings"])
+    track[store_name] = onchange => start_tracking(store_name, onchange);
+#EXPORT track
 
 const untrack = tracking => broadcast.close(tracking.listener);
 #EXPORT untrack
-
diff --git a/common/misc.js b/common/misc.js
index dc4a598..82f6cbf 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -67,17 +67,6 @@ function gen_nonce(length=16)
 }
 #EXPORT gen_nonce
 
-/* CSP rule that blocks scripts according to policy's needs. */
-function make_csp_rule(policy)
-{
-    let rule = "prefetch-src 'none'; script-src-attr 'none';";
-    const script_src = policy.nonce !== undefined ?
-	  `'nonce-${policy.nonce}'` : "'none'";
-    rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
-    return rule;
-}
-#EXPORT make_csp_rule
-
 /* Check if some HTTP header might define CSP rules. */
 const csp_header_regex =
       /^\s*(content-security-policy|x-webkit-csp|x-content-security-policy)/i;
diff --git a/common/patterns_query_tree.js b/common/patterns_query_tree.js
index 1bbdb39..f8ec405 100644
--- a/common/patterns_query_tree.js
+++ b/common/patterns_query_tree.js
@@ -41,6 +41,8 @@
  * proprietary program, I am not going to enforce this in court.
  */
 
+// TODO! Modify the code to use `Object.create(null)` instead of `{}`.
+
 #FROM common/patterns.js IMPORT deconstruct_url
 
 /* "Pattern Tree" is how we refer to the data structure used for querying
diff --git a/common/policy.js b/common/policy.js
new file mode 100644
index 0000000..ebd663f
--- /dev/null
+++ b/common/policy.js
@@ -0,0 +1,106 @@
+/**
+ * This file is part of Haketilo.
+ *
+ * Function: Determining what to do on a given web page.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * As additional permission under GNU GPL version 3 section 7, you
+ * may distribute forms of that code without the copy of the GNU
+ * GPL normally required by section 4, provided you include this
+ * license notice and, in case of non-source distribution, a URL
+ * through which recipients can access the Corresponding Source.
+ * If you modify file(s) with this exception, you may extend this
+ * exception to your version of the file(s), but you are not
+ * obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ *
+ * As a special exception to the GPL, any HTML file which merely
+ * makes function calls to this code, and for that purpose
+ * includes it by reference shall be deemed a separate work for
+ * copyright law purposes. If you modify this code, you may extend
+ * this exception to your version of the code, but you are not
+ * obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * I, Wojtek Kosior, thereby promise not to sue for violation of this file's
+ * license. Although I request that you do not make use this code in a
+ * proprietary program, I am not going to enforce this in court.
+ */
+
+#IMPORT common/patterns_query_tree.js AS pqt
+
+#FROM common/sha256.js IMPORT sha256
+
+/*
+ * CSP rule that either blocks all scripts or only allows scripts with specified
+ * nonce attached.
+ */
+function make_csp(nonce)
+{
+    const rule = nonce ? `nonce-${nonce}` : "none";
+    const csp_dict = {"prefetch-src": "none", "script-src-attr": "none"};
+    Object.assign(csp_dict, {"script-src": rule, "script-src-elem": rule});
+    return Object.entries(csp_dict).map(([a, b]) => `${a} '${b}';`).join(" ");
+}
+
+function decide_policy(patterns_tree, url, default_allow, secret)
+{
+    const policy = {allow: default_allow};
+
+    try {
+	var payloads = pqt.search(patterns_tree, url).next().value;
+    } catch (e) {
+	console.error(e);
+	policy.allow = false;
+	policy.error = true;
+    }
+
+    if (payloads !== undefined) {
+	policy.mapping = Object.keys(payloads).sort()[0];
+	const payload = payloads[policy.mapping];
+	if (payload.allow !== undefined) {
+	    policy.allow = payload.allow;
+	} else /* if (payload.identifier) */ {
+	    policy.allow = false;
+	    policy.payload = payload;
+	    /*
+	     * Hash a secret and other values into a string that's unpredictable
+	     * to someone who does not know these values. What we produce here
+	     * is not a true "nonce" because it might get produced multiple
+	     * times given the same url and mapping choice. Nevertheless, this
+	     * is reasonably good given the limitations WebExtension APIs and
+	     * environments give us. If we were using a true nonce, we'd have no
+	     * reliable way of passing it to our content scripts.
+	     */
+	    const nonce_source = [
+		policy.mapping,
+		policy.payload.identifier,
+		url,
+		secret
+	    ];
+	    policy.nonce = sha256(nonce_source.join(":"));
+	}
+    }
+
+    if (!policy.allow)
+	policy.csp = make_csp(policy.nonce);
+
+    return policy;
+}
+#EXPORT decide_policy
+
+#EXPORT  () => ({allow: false, csp: make_csp()})  AS fallback_policy