From 1a2fec6a593b12bc8ba20935438a84bd9642bba3 Mon Sep 17 00:00:00 2001
From: Martin Berg Alstad <git@martials.no>
Date: Sat, 12 Oct 2024 17:12:12 +0200
Subject: [PATCH] security.txt

Signed-off-by: Martin Berg Alstad <git@martials.no>
---
 .env                                  |  5 +++--
 public/.well-known/security.txt       |  4 ++++
 src/env.d.ts                          |  1 +
 src/pages/.well-known/security.txt.ts | 15 +++++++++++++++
 4 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 public/.well-known/security.txt
 create mode 100644 src/pages/.well-known/security.txt.ts

diff --git a/.env b/.env
index b7c762a..a0cdbd6 100644
--- a/.env
+++ b/.env
@@ -1,2 +1,3 @@
-GIT_URL="https://git.martials.no"
-STATUS_URL="https://status.martials.no/status/home"
\ No newline at end of file
+DOMAIN="martials.no"
+GIT_URL=https://git.$DOMAIN
+STATUS_URL="https://status.$DOMAIN/status/home"
\ No newline at end of file
diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt
new file mode 100644
index 0000000..8a60abf
--- /dev/null
+++ b/public/.well-known/security.txt
@@ -0,0 +1,4 @@
+Contact: mailto:security@martials.no
+Expires: 2029-12-31T23:00:00.000Z
+Preferred-Languages: no,en
+Canonical: https://martials.no/.well-known/security.txt
diff --git a/src/env.d.ts b/src/env.d.ts
index b487e7c..c31173f 100644
--- a/src/env.d.ts
+++ b/src/env.d.ts
@@ -2,6 +2,7 @@
 /// <reference types="astro/client" />
 
 interface ImportMetaEnv {
+  readonly DOMAIN: string
   readonly URL: string
   readonly GIT_URL: string
   readonly STATUS_URL: string
diff --git a/src/pages/.well-known/security.txt.ts b/src/pages/.well-known/security.txt.ts
new file mode 100644
index 0000000..95a402b
--- /dev/null
+++ b/src/pages/.well-known/security.txt.ts
@@ -0,0 +1,15 @@
+import type { APIRoute } from "astro"
+
+function getSecurityTxt(site?: URL) {
+  const canonical = new URL("/.well-known/security.txt", site)
+  return `
+Contact: mailto:security@martials.no
+Expires: 2029-12-31T23:00:00.000Z
+Preferred-Languages: no,en
+Canonical: ${canonical.href}
+`
+}
+
+export const GET: APIRoute = ({ site }) => {
+  return new Response(getSecurityTxt(site))
+}