aligned_layer/explorer/lib/explorer_web/router.ex at a2b31f72746cd14abde29bc280d4c2a8e16e859f · yetanotherco/aligned_layer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
defmodule ExplorerWeb.Router do
  use ExplorerWeb, :router
  import ExplorerWeb.Plugs

  # https://furlough.merecomplexities.com/elixir/phoenix/security/2021/02/26/content-security-policy-configuration-in-phoenix.html

  @host Application.compile_env(:explorer, [ExplorerWeb.Endpoint, :url, :host], "localhost")

  @content_security_policy (case Mix.env() do
                              :prod ->
                                "default-src 'self' 'unsafe-inline';" <>
                                "connect-src wss://#{@host};" <>
                                "img-src 'self' https://w3.org http://raw.githubusercontent.com https://cdn.prod.website-files.com blob: data:;"
                              _ ->
                                "default-src 'self' 'unsafe-eval' 'unsafe-inline';" <>
                                  "connect-src ws://#{@host}:*;" <>
                                  "img-src * blob: data:;" <>
                                  "font-src data:;"
                            end)

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_live_flash
    plug :load_theme_cookie_in_session
    plug :put_root_layout, html: {ExplorerWeb.Layouts, :root}
    plug :protect_from_forgery
    plug :put_secure_browser_headers, %{"content-security-policy" => @content_security_policy}
  end

  pipeline :api do
    plug CORSPlug, origin: "*"
    plug :accepts, ["json"]
  end

  scope "/api", ExplorerWeb do
    pipe_through :api
    get "/verified_batches_summary", DataController, :verified_batches_summary
  end

  scope "/", ExplorerWeb do
    pipe_through :browser

    # https://fly.io/phoenix-files/live-session/
    live_session :default,
      on_mount: [{ExplorerWeb.Hooks, :add_host}, {ExplorerWeb.Hooks, :add_theme}] do
      live "/", Home.Index
      live "/batches/:merkle_root", Batch.Index
      live "/batches", Batches.Index
      live "/restaked", Restakes.Index
      live "/restaked/:address", Restake.Index
      live "/operators", Operators.Index
      live "/operators/:address", Operator.Index
      live "/search", Search.Index
    end
  end

  # To Enable LiveDashboard: (only enable behind auth)
  # if Application.compile_env(:explorer, :dev_routes) do
  #   # If you want to use the LiveDashboard in production, you should put
  #   # it behind authentication and allow only admins to access it.
  #   # If your application does not have an admins-only section yet,
  #   # you can use Plug.BasicAuth to set up some basic authentication
  #   # as long as you are also using SSL (which you should anyway).
  #   import Phoenix.LiveDashboard.Router

  #   scope "/dev" do
  #     pipe_through :browser

  #     live_dashboard "/dashboard", metrics: ExplorerWeb.Telemetry
  #   end
  # end
end