feat: init
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 55s

This commit is contained in:
NHCarrigan
2026-06-24 18:56:00 -07:00
committed by Naomi Carrigan
commit 223e8eaaf7
24 changed files with 6041 additions and 0 deletions
+8
View File
@@ -0,0 +1,8 @@
# Auto detect text files and perform LF normalization
* text eol=LF
*.ts text
*.spec.ts text
# Ignore binary files >:(
*.png binary
*.jpg binary
+69
View File
@@ -0,0 +1,69 @@
name: 🐛 Bug Report
description: Something isn't working as expected? Let us know!
title: '[BUG] - '
labels:
- "status/awaiting triage"
body:
- type: checkboxes
id: attestations
attributes:
label: Attestations
description: "By checking the boxes below, I certify that:"
options:
- label: "I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)"
validations:
required: true
- label: I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
validations:
required: true
- label: I have confirmed that the issue I am opening is unique, and has not already been reported (whether closed or not).
validations:
required: true
- label: I have reviewed the [Security Policy](https://docs.nhcarrigan.com/legal/security/) and have determined that this is not a security vulnerability.
validations:
required: true
- type: textarea
id: description
attributes:
label: "Describe your Issue:"
description: A clear and concise description of what the bug is.
validations:
required: true
- type: dropdown
id: reproduce
attributes:
label: Can you reproduce this issue?
options:
- Yes
- No
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: "Steps to Reproduce:"
description: Steps to reproduce the behavior.
- type: input
id: os
attributes:
label: "Operating System:"
description: The operating system you are using, including the version/build number.
validations:
required: true
# Remove this section for non-web apps.
- type: input
id: browser
attributes:
label: "Browser:"
description: The browser you are using, including the version number.
validations:
required: true
- type: dropdown
attributes:
label: Are you willing and able to contribute a fix?
options:
- Yes
- No
validations:
required: true
+5
View File
@@ -0,0 +1,5 @@
blank_issues_enabled: false
contact_links:
- name: "Discord"
url: "https://chat.nhcarrigan.com"
about: "Chat with us directly."
@@ -0,0 +1,46 @@
name: 💭 Feature Proposal
description: Have an idea for how we can improve? Share it here!
title: '[FEAT] - '
labels:
- "status/awaiting triage"
body:
- type: checkboxes
id: attestations
attributes:
label: Attestations
description: "By checking the boxes below, I certify that:"
options:
- label: "I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)"
validations:
required: true
- label: I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
validations:
required: true
- label: I have confirmed that the issue I am opening is unique, and has not already been reported (whether closed or not).
validations:
required: true
- label: I have reviewed the [Security Policy](https://docs.nhcarrigan.com/legal/security/) and have determined that this is not a security vulnerability.
validations:
required: true
- type: textarea
id: description
attributes:
label: "Describe your Idea:"
description: A clear and concise description of the feature you would like added.
validations:
required: true
- type: textarea
id: solution
attributes:
label: "What problem does this feature solve?"
description: Why are you requesting this feature? How would it improve your experience with the product?
validations:
required: true
- type: dropdown
attributes:
label: Are you willing and able to contribute this feature?
options:
- Yes
- No
validations:
required: true
+34
View File
@@ -0,0 +1,34 @@
name: ❓ Other Issue
description: I have something that is neither a bug nor a feature request.
title: '[OTHER] - '
labels:
- "status/awaiting triage"
body:
- type: checkboxes
id: attestations
attributes:
label: Attestations
description: "By checking the boxes below, I certify that:"
options:
- label: "I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)"
validations:
required: true
- label: I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
validations:
required: true
- label: I have confirmed that the issue I am opening is unique, and has not already been reported (whether closed or not).
validations:
required: true
- label: I have reviewed the [Security Policy](https://docs.nhcarrigan.com/legal/security/) and have determined that this is not a security vulnerability.
validations:
required: true
- label: This is not a feature request or bug report that I am mis-filing to avoid the issue template.
validations:
required: true
- type: textarea
id: description
attributes:
label: "Share your thoughts:"
description: Why are you opening this issue?
validations:
required: true
+91
View File
@@ -0,0 +1,91 @@
name: "Pull Request Template"
about: "Template for pulls"
body:
- type: textarea
id: explain
attributes:
label: "Explanation"
description: "Briefly explain WHY this pull request is necessary. Do not explain what it does, as that's evidenced in the changes."
validations:
required: true
- type: input
id: issue
attributes:
label: "Issue"
description: "My pull request relates to or resolves the following issue number:"
validations:
required: true
is_number: true
- type: checkboxes
id: attestations
attributes:
label: Attestations
description: "By checking the boxes below, I certify that:"
options:
- label: "I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)"
validations:
required: true
- label: I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
validations:
required: true
- label: My contribution complies with the [Contributor Covenant](https://docs.nhcarrigan.com/dev/covenant/).
validations:
required: true
- type: checkboxes
id: dependencies
attributes:
label: Dependencies
description: "My pull request adds or updates dependencies, so:"
options:
- label: I have pinned the dependencies to a specific patch version.
validations:
required: false
- type: checkboxes
id: style
attributes:
label: Style
description: "My contribution adheres to the following style guidelines:"
options:
- label: I have run the linter and resolved any errors.
validations:
required: true
- label: My pull request uses an appropriate title, matching the conventional commit standards.
validations:
required: true
- label: My scope of feat/fix/chore/etc. correctly matches the nature of changes in my pull request.
validations:
required: true
- type: checkboxes
id: tests
attributes:
label: Tests
description: "My contribution includes the following tests:"
options:
- label: My contribution adds new code, and I have added tests to cover it.
validations:
required: false
- label: My contribution modifies existing code, and I have updated the tests to reflect these changes.
validations:
required: false
- label: All new and existing tests pass locally with my changes.
validations:
required: true
- label: Code coverage remains at or above the configured threshold.
validations:
required: true
- type: input
id: docs
attributes:
label: Documentation
description: "I have made the following PR to update the documentation site with my changes:"
validations:
required: true
- type: dropdown
id: version
attributes:
label: Versioning
description: "I believe my changes should be included in the following release:"
options:
- "Major - My pull request introduces a breaking change."
- "Minor - My pull request introduces a new non-breaking feature."
- "Patch - My pull request introduces bug fixes ONLY."
+177
View File
@@ -0,0 +1,177 @@
name: Security Scan and Upload
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 1'
workflow_dispatch:
jobs:
security-audit:
name: Security & DefectDojo Upload
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout code
uses: actions/checkout@v4
# --- AUTO-SETUP PROJECT ---
- name: Ensure DefectDojo Product Exists
env:
DD_URL: ${{ secrets.DD_URL }}
DD_TOKEN: ${{ secrets.DD_TOKEN }}
PRODUCT_NAME: ${{ github.repository }}
PRODUCT_TYPE_ID: 1
run: |
sudo apt-get install jq -y > /dev/null
echo "Checking connection to $DD_URL..."
# Check if product exists - capture HTTP code to debug connection issues
RESPONSE=$(curl --write-out "%{http_code}" --silent --output /tmp/response.json \
-H "Authorization: Token $DD_TOKEN" \
"$DD_URL/api/v2/products/?name=$PRODUCT_NAME")
# If response is not 200, print error
if [ "$RESPONSE" != "200" ]; then
echo "::error::Failed to query DefectDojo. HTTP Code: $RESPONSE"
cat /tmp/response.json
exit 1
fi
COUNT=$(cat /tmp/response.json | jq -r '.count')
if [ "$COUNT" = "0" ]; then
echo "Creating product '$PRODUCT_NAME'..."
curl -s -X POST "$DD_URL/api/v2/products/" \
-H "Authorization: Token $DD_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "name": "'"$PRODUCT_NAME"'", "description": "Auto-created by Gitea Actions", "prod_type": '$PRODUCT_TYPE_ID' }'
else
echo "Product '$PRODUCT_NAME' already exists."
fi
# --- 1. TRIVY (Dependencies & Misconfig) ---
- name: Install Trivy
run: |
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update && sudo apt-get install trivy -y
- name: Run Trivy (FS Scan)
run: |
trivy fs . --scanners vuln,misconfig --format json --output trivy-results.json --exit-code 0
- name: Upload Trivy to DefectDojo
env:
DD_URL: ${{ secrets.DD_URL }}
DD_TOKEN: ${{ secrets.DD_TOKEN }}
run: |
echo "Uploading Trivy results..."
# Generate today's date in YYYY-MM-DD format
TODAY=$(date +%Y-%m-%d)
HTTP_CODE=$(curl --write-out "%{http_code}" --output response.txt --silent -X POST "$DD_URL/api/v2/import-scan/" \
-H "Authorization: Token $DD_TOKEN" \
-F "active=true" \
-F "verified=true" \
-F "scan_type=Trivy Scan" \
-F "engagement_name=CI/CD Pipeline" \
-F "product_name=${{ github.repository }}" \
-F "scan_date=$TODAY" \
-F "auto_create_context=true" \
-F "file=@trivy-results.json")
if [[ "$HTTP_CODE" != "200" && "$HTTP_CODE" != "201" ]]; then
echo "::error::Upload Failed with HTTP $HTTP_CODE"
echo "--- SERVER RESPONSE ---"
cat response.txt
echo "-----------------------"
exit 1
else
echo "Upload Success!"
fi
# --- 2. GITLEAKS (Secrets) ---
- name: Install Gitleaks
run: |
wget -qO gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz
tar -xzf gitleaks.tar.gz
sudo mv gitleaks /usr/local/bin/ && chmod +x /usr/local/bin/gitleaks
- name: Run Gitleaks
run: gitleaks detect --source . -v --report-path gitleaks-results.json --report-format json --no-git || true
- name: Upload Gitleaks to DefectDojo
env:
DD_URL: ${{ secrets.DD_URL }}
DD_TOKEN: ${{ secrets.DD_TOKEN }}
run: |
echo "Uploading Gitleaks results..."
TODAY=$(date +%Y-%m-%d)
HTTP_CODE=$(curl --write-out "%{http_code}" --output response.txt --silent -X POST "$DD_URL/api/v2/import-scan/" \
-H "Authorization: Token $DD_TOKEN" \
-F "active=true" \
-F "verified=true" \
-F "scan_type=Gitleaks Scan" \
-F "engagement_name=CI/CD Pipeline" \
-F "product_name=${{ github.repository }}" \
-F "scan_date=$TODAY" \
-F "auto_create_context=true" \
-F "file=@gitleaks-results.json")
if [[ "$HTTP_CODE" != "200" && "$HTTP_CODE" != "201" ]]; then
echo "::error::Upload Failed with HTTP $HTTP_CODE"
echo "--- SERVER RESPONSE ---"
cat response.txt
echo "-----------------------"
exit 1
else
echo "Upload Success!"
fi
# --- 3. SEMGREP (SAST) ---
- name: Install Semgrep (via pipx)
run: |
sudo apt-get install pipx -y
pipx install semgrep
# Add pipx binary path to GITHUB_PATH so next steps can see 'semgrep'
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Run Semgrep
run: semgrep scan --config=p/security-audit --config=p/owasp-top-ten --json --output semgrep-results.json . || true
- name: Upload Semgrep to DefectDojo
env:
DD_URL: ${{ secrets.DD_URL }}
DD_TOKEN: ${{ secrets.DD_TOKEN }}
run: |
echo "Uploading Semgrep results..."
TODAY=$(date +%Y-%m-%d)
HTTP_CODE=$(curl --write-out "%{http_code}" --output response.txt --silent -X POST "$DD_URL/api/v2/import-scan/" \
-H "Authorization: Token $DD_TOKEN" \
-F "active=true" \
-F "verified=true" \
-F "scan_type=Semgrep JSON Report" \
-F "engagement_name=CI/CD Pipeline" \
-F "product_name=${{ github.repository }}" \
-F "scan_date=$TODAY" \
-F "auto_create_context=true" \
-F "file=@semgrep-results.json")
if [[ "$HTTP_CODE" != "200" && "$HTTP_CODE" != "201" ]]; then
echo "::error::Upload Failed with HTTP $HTTP_CODE"
echo "--- SERVER RESPONSE ---"
cat response.txt
echo "-----------------------"
exit 1
else
echo "Upload Success!"
fi
+4
View File
@@ -0,0 +1,4 @@
node_modules/
prod/
output/
.DS_Store
+2
View File
@@ -0,0 +1,2 @@
allowBuilds[]=canvas
allowBuilds[]=esbuild
+3
View File
@@ -0,0 +1,3 @@
# Code of Conduct
Our Code of Conduct can be found here: https://docs.nhcarrigan.com/#/coc
+3
View File
@@ -0,0 +1,3 @@
# Contributing
Our contributing guidelines can be found here: https://docs.nhcarrigan.com/#/contributing
+5
View File
@@ -0,0 +1,5 @@
# License
This software is licensed under our [global software license](https://docs.nhcarrigan.com/#/license).
Copyright held by Naomi Carrigan.
+3
View File
@@ -0,0 +1,3 @@
# Privacy Policy
Our privacy policy can be found here: https://docs.nhcarrigan.com/#/privacy
+35
View File
@@ -0,0 +1,35 @@
# Naomi's QR Code Generator
Web tool for generating Naomi-branded QR codes.
Each generated QR code includes:
- Large circular dots (the `qr-code-styling` "dots" style)
- Extra-rounded corner squares
- Naomi's avatar centred in the QR matrix
- "chat.naomi.lgbt" branding strip at the bottom
## Live Version
This page is currently deployed. [View the live website.](https://qr.nhcarrigan.com)
## Feedback and Bugs
If you have feedback or a bug report, please [log a ticket on our forum](https://support.nhcarrigan.com).
## Contributing
If you would like to contribute to the project, you may create a Pull Request containing your proposed changes and we will review it as soon as we are able! Please review our [contributing guidelines](CONTRIBUTING.md) first.
## Code of Conduct
Before interacting with our community, please read our [Code of Conduct](CODE_OF_CONDUCT.md).
## License
This software is licensed under our [global software license](https://docs.nhcarrigan.com/#/license).
Copyright held by Naomi Carrigan.
## Contact
We may be contacted through our [Chat Server](http://chat.nhcarrigan.com) or via email at `contact@nhcarrigan.com`
+3
View File
@@ -0,0 +1,3 @@
# Security Policy
Our security policy can be found here: https://docs.nhcarrigan.com/#/security
+3
View File
@@ -0,0 +1,3 @@
# Terms of Service
Our Terms of Service can be found here: https://docs.nhcarrigan.com/#/terms
+3
View File
@@ -0,0 +1,3 @@
import nhcarrigan from "@nhcarrigan/eslint-config";
export default [...nhcarrigan];
+26
View File
@@ -0,0 +1,26 @@
{
"name": "naomi-qr-generator",
"version": "1.0.0",
"type": "module",
"description": "QR code generator with Naomi branding",
"scripts": {
"generate": "tsx src/generate.ts",
"start": "tsx src/server.ts",
"build": "tsc",
"lint": "eslint src --max-warnings 0"
},
"dependencies": {
"@xmldom/xmldom": "0.9.10",
"canvas": "3.2.3",
"fastify": "^5.8.5",
"qr-code-styling": "1.6.0"
},
"devDependencies": {
"@nhcarrigan/eslint-config": "5.2.0",
"@nhcarrigan/typescript-config": "4.0.0",
"@types/node": "22.15.21",
"eslint": "9.28.0",
"tsx": "4.22.4",
"typescript": "6.0.3"
}
}
+4936
View File
File diff suppressed because it is too large Load Diff
+3
View File
@@ -0,0 +1,3 @@
allowBuilds:
canvas: true
esbuild: true
+56
View File
@@ -0,0 +1,56 @@
/**
* @file CLI for generating branded Naomi QR codes.
* @copyright 2026 NHCarrigan
* @license Naomi's Public License
* @author Hikari <hikari@nhcarrigan.com>
*/
/* eslint-disable no-console -- CLI tool requires console output */
import { mkdirSync, writeFileSync } from "node:fs";
import { join } from "node:path";
import { generateQrCode, urlToFilename } from "./qr.js";
const outputDirectory = new URL("../output", import.meta.url).pathname;
async function generate(rawUrl: string): Promise<void> {
mkdirSync(outputDirectory, { recursive: true });
const url = rawUrl.startsWith("http")
? rawUrl
: `https://${rawUrl}`;
console.log(`Generating QR code for: ${url}`);
const finalBuffer = await generateQrCode(rawUrl);
const filename = `${urlToFilename(url)}.png`;
const outputPath = join(outputDirectory, filename);
writeFileSync(outputPath, finalBuffer);
console.log(` → Saved: ${outputPath}`);
}
async function main(): Promise<void> {
const urls = process.argv.slice(2).filter((argument) => {
return argument !== "--";
});
if (urls.length === 0) {
console.log(
"Usage: pnpm generate -- <url> [<url> ...]\n"
+ "Example: pnpm generate -- chat.naomi.lgbt",
);
process.exit(1);
}
for (const url of urls) {
// eslint-disable-next-line no-await-in-loop -- sequential output is intentional
await generate(url);
}
}
try {
await main();
} catch (error: unknown) {
console.error(error);
process.exit(1);
}
+222
View File
@@ -0,0 +1,222 @@
/**
* @file Core QR code generation pipeline.
* @copyright 2026 NHCarrigan
* @license Naomi's Public License
* @author Hikari <hikari@nhcarrigan.com>
*/
/* eslint-disable import/no-commonjs -- qr-code-styling and @xmldom/xmldom ship CJS-only */
/* eslint-disable @typescript-eslint/consistent-type-assertions -- CJS interop requires casts */
/* eslint-disable @typescript-eslint/naming-convention -- module-level constants use UPPER_SNAKE_CASE */
import { createRequire } from "node:module";
import { createCanvas, loadImage } from "canvas";
const require = createRequire(import.meta.url);
const g = globalThis as Record<string, unknown>;
g.self = globalThis;
interface DomImplementationFactory {
createDocument: (ns: string, name: string, doctype: null)=> XMLDocument;
}
interface XmlDomModule {
DOMImplementation: new ()=> DomImplementationFactory;
XMLSerializer: unknown;
}
interface QrCodeInstance {
getRawData: (type: string)=> Promise<Buffer>;
}
interface NodeCanvasModule {
createCanvas: typeof createCanvas;
}
const xmldomModule = require("@xmldom/xmldom") as XmlDomModule;
const nodeCanvas = require("canvas") as NodeCanvasModule;
type QrCodeStyler = new (options: unknown)=> QrCodeInstance;
const QRCodeStyling = require("qr-code-styling") as QrCodeStyler;
const domImpl = new xmldomModule.DOMImplementation();
const svgDocument = domImpl.createDocument(
"http://www.w3.org/2000/svg",
"svg",
null,
);
g.window = {
XMLSerializer: xmldomModule.XMLSerializer,
document: {
// eslint-disable-next-line @typescript-eslint/promise-function-async -- sync factory, not async
createElement: (tag: string): unknown => {
return tag === "canvas"
? nodeCanvas.createCanvas(512, 512)
: (svgDocument as unknown as {
createElement: (tag: string)=> unknown;
}).createElement(tag);
},
// eslint-disable-next-line @typescript-eslint/promise-function-async -- sync factory, not async
createElementNS: (ns: string, tag: string): unknown => {
return (svgDocument as unknown as {
createElementNS: (ns: string, tag: string)=> unknown;
}).createElementNS(ns, tag);
},
},
};
g.document = (g.window as { document: unknown }).document;
// --- Config ---
const QR_SIZE = 1028;
const PAD_SIDES = 56;
const PAD_TOP = 56;
const BRANDING_GAP = 28;
const BRANDING_HEIGHT = 56;
const PAD_BOTTOM = 40;
const LOGO_FRACTION = 0.22;
const LOGO_CIRCLE_FRACTION = 0.5;
const NAOMI_PURPLE = "#44275A";
const NAOMI_LAVENDER = "#E8D5E8";
const BRANDING_TEXT_COLOUR = "#A8577E";
const AVATAR_URL = "https://cdn.nhcarrigan.com/profile.png";
type CanvasContext = ReturnType<ReturnType<typeof createCanvas>["getContext"]>;
async function generateQrBase(url: string): Promise<Buffer> {
const qrCode = new QRCodeStyling({
backgroundOptions: { color: NAOMI_LAVENDER },
cornersDotOptions: { color: NAOMI_PURPLE, type: "dot" },
cornersSquareOptions: { color: NAOMI_PURPLE, type: "extra-rounded" },
data: url,
dotsOptions: { color: NAOMI_PURPLE, type: "dots" },
height: QR_SIZE,
nodeCanvas: nodeCanvas,
type: "canvas",
width: QR_SIZE,
});
return await qrCode.getRawData("png");
}
async function overlayLogo(qrBuffer: Buffer): Promise<Buffer> {
const canvas = createCanvas(QR_SIZE, QR_SIZE);
const context = canvas.getContext("2d");
const qrImage = await loadImage(qrBuffer);
context.drawImage(qrImage, 0, 0, QR_SIZE, QR_SIZE);
const logoSize = Math.round(QR_SIZE * LOGO_FRACTION);
const logoX = (QR_SIZE - logoSize) / 2;
const logoY = (QR_SIZE - logoSize) / 2;
const circleRadius = logoSize * LOGO_CIRCLE_FRACTION;
context.fillStyle = NAOMI_LAVENDER;
context.beginPath();
context.arc(QR_SIZE / 2, QR_SIZE / 2, circleRadius, 0, Math.PI * 2);
context.fill();
const avatarImage = await loadImage(AVATAR_URL);
context.save();
context.beginPath();
context.arc(QR_SIZE / 2, QR_SIZE / 2, circleRadius, 0, Math.PI * 2);
context.clip();
context.drawImage(avatarImage, logoX, logoY, logoSize, logoSize);
context.restore();
return canvas.toBuffer("image/png");
}
function drawBrandingStrip(
context: CanvasContext,
totalWidth: number,
brandingMidY: number,
): void {
const fontSize = Math.max(14, Math.round(QR_SIZE * 0.044));
const label = "chat.naomi.lgbt";
context.font = `600 ${String(fontSize)}px "DejaVu Sans", Inter, sans-serif`;
context.textAlign = "center";
context.textBaseline = "middle";
const textWidth = context.measureText(label).width;
const dotRadius = Math.max(4, Math.round(fontSize * 0.38));
const halfTextWidth = textWidth / 2;
const dotPad = dotRadius * 3;
const dotOffset = halfTextWidth + dotPad;
const centerX = totalWidth / 2;
context.fillStyle = NAOMI_PURPLE;
for (const xOffset of [ -dotOffset, dotOffset ]) {
context.beginPath();
context.arc(centerX + xOffset, brandingMidY, dotRadius, 0, Math.PI * 2);
context.fill();
}
context.fillStyle = BRANDING_TEXT_COLOUR;
context.fillText(label, centerX, brandingMidY);
}
async function compositeWithBranding(buffer: Buffer): Promise<Buffer> {
const sidePadding = PAD_SIDES * 2;
const totalWidth = QR_SIZE + sidePadding;
const totalHeight
= PAD_TOP + QR_SIZE + BRANDING_GAP + BRANDING_HEIGHT + PAD_BOTTOM;
const canvas = createCanvas(totalWidth, totalHeight);
const context = canvas.getContext("2d");
context.fillStyle = NAOMI_LAVENDER;
context.fillRect(0, 0, totalWidth, totalHeight);
const qrImage = await loadImage(buffer);
context.drawImage(qrImage, PAD_SIDES, PAD_TOP, QR_SIZE, QR_SIZE);
const halfBrandingHeight = BRANDING_HEIGHT / 2;
const brandingMidY = PAD_TOP + QR_SIZE + BRANDING_GAP + halfBrandingHeight;
drawBrandingStrip(context, totalWidth, brandingMidY);
return canvas.toBuffer("image/png");
}
/**
* Generates a complete branded QR code PNG for the given URL.
* @param rawUrl - The URL to encode (scheme optional).
* @returns A PNG buffer of the finished QR image.
*/
/**
* Generates a complete branded QR code PNG for the given URL.
* @param rawUrl - The URL to encode (scheme optional).
* @returns A PNG buffer of the finished QR image.
*/
async function generateQrCode(rawUrl: string): Promise<Buffer> {
const url = rawUrl.startsWith("http")
? rawUrl
: `https://${rawUrl}`;
const qrBase = await generateQrBase(url);
const qrWithLogo = await overlayLogo(qrBase);
return await compositeWithBranding(qrWithLogo);
}
/**
* Derives a safe filesystem/download filename from a URL.
* @param url - The URL to convert.
* @returns A lowercase, hyphenated slug of at most 60 characters.
*/
function urlToFilename(url: string): string {
const trimmed = url.
replace(/https?:\/\//u, "").
replaceAll(/[^a-z0-9]/giu, "-").
replaceAll(/-+/gu, "-").
replaceAll(/^-|-$/gu, "").
slice(0, 60);
return trimmed.length > 0
? trimmed
: "naomi-qr";
}
export { generateQrCode, urlToFilename };
+297
View File
@@ -0,0 +1,297 @@
/**
* @file HTTP server for generating branded Naomi QR codes on demand.
* @copyright 2026 NHCarrigan
* @license Naomi's Public License
* @author Hikari <hikari@nhcarrigan.com>
*/
/* eslint-disable no-console -- server lifecycle logging */
/* eslint-disable @typescript-eslint/naming-convention -- Fastify generic uses Querystring by convention */
import fastify from "fastify";
import { generateQrCode, urlToFilename } from "./qr.js";
const port = 15555;
const host = "0.0.0.0";
const pageHtml = `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Naomi QR Generator</title>
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
body {
min-height: 100vh;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
background: #E8D5E8;
font-family: system-ui, sans-serif;
padding: 2rem;
gap: 2rem;
}
header {
display: flex;
flex-direction: column;
align-items: center;
gap: 0.75rem;
}
header img {
width: 80px;
height: 80px;
border-radius: 50%;
border: 3px solid #44275A;
}
h1 {
font-size: 1.75rem;
color: #44275A;
font-weight: 700;
letter-spacing: -0.02em;
}
p.subtitle {
color: #6b4d7a;
font-size: 0.95rem;
}
form {
display: flex;
flex-direction: column;
gap: 0.75rem;
width: 100%;
max-width: 480px;
}
label {
font-size: 0.875rem;
font-weight: 600;
color: #44275A;
}
input[type="text"] {
width: 100%;
padding: 0.625rem 0.875rem;
border: 2px solid #44275A;
border-radius: 8px;
font-size: 1rem;
background: #f9f0f9;
color: #1a0022;
outline: none;
transition: border-color 0.15s;
}
input[type="text"]:focus {
border-color: #6b3d8a;
}
button[type="submit"] {
padding: 0.625rem 1.25rem;
background: #44275A;
color: #E8D5E8;
border: none;
border-radius: 8px;
font-size: 1rem;
font-weight: 600;
cursor: pointer;
transition: background 0.15s;
}
button[type="submit"]:hover {
background: #5c3a7a;
}
button[type="submit"]:disabled {
opacity: 0.6;
cursor: not-allowed;
}
#result {
display: none;
flex-direction: column;
align-items: center;
gap: 1rem;
}
#result img {
border-radius: 12px;
box-shadow: 0 4px 24px rgba(68, 39, 90, 0.18);
max-width: 320px;
width: 100%;
}
#download-btn {
padding: 0.5rem 1.25rem;
background: transparent;
color: #44275A;
border: 2px solid #44275A;
border-radius: 8px;
font-size: 0.9rem;
font-weight: 600;
cursor: pointer;
text-decoration: none;
transition: background 0.15s, color 0.15s;
}
#download-btn:hover {
background: #44275A;
color: #E8D5E8;
}
#error-msg {
display: none;
color: #8b0000;
font-size: 0.9rem;
background: #fde8e8;
border: 1px solid #f5a5a5;
border-radius: 8px;
padding: 0.5rem 1rem;
max-width: 480px;
width: 100%;
text-align: center;
}
#spinner {
display: none;
width: 32px;
height: 32px;
border: 3px solid #c8a8d8;
border-top-color: #44275A;
border-radius: 50%;
animation: spin 0.7s linear infinite;
}
@keyframes spin { to { transform: rotate(360deg); } }
</style>
</head>
<body>
<header>
<img src="https://cdn.nhcarrigan.com/profile.png" alt="Naomi's avatar" />
<h1>Naomi QR Generator</h1>
<p class="subtitle">Enter a URL to generate a branded QR code.</p>
</header>
<form id="qr-form">
<label for="url-input">URL</label>
<input
id="url-input"
type="text"
name="url"
placeholder="e.g. chat.naomi.lgbt"
required
autocomplete="off"
spellcheck="false"
/>
<button type="submit" id="submit-btn">Generate</button>
</form>
<div id="spinner"></div>
<p id="error-msg"></p>
<div id="result">
<img id="qr-img" src="" alt="Generated QR code" />
<a id="download-btn" download="naomi-qr.png">Download PNG</a>
</div>
<script>
const form = document.getElementById('qr-form');
const input = document.getElementById('url-input');
const submitBtn = document.getElementById('submit-btn');
const spinner = document.getElementById('spinner');
const result = document.getElementById('result');
const qrImg = document.getElementById('qr-img');
const downloadBtn = document.getElementById('download-btn');
const errorMsg = document.getElementById('error-msg');
form.addEventListener('submit', async (event) => {
event.preventDefault();
const url = input.value.trim();
if (!url) return;
submitBtn.disabled = true;
spinner.style.display = 'block';
result.style.display = 'none';
errorMsg.style.display = 'none';
try {
const response = await fetch('/generate?url=' + encodeURIComponent(url));
if (!response.ok) {
const text = await response.text();
throw new Error(text || response.statusText);
}
const blob = await response.blob();
const objectUrl = URL.createObjectURL(blob);
qrImg.src = objectUrl;
const slug = url.
replace(/https?:\\/\\//, '').
replace(/[^a-z0-9]/gi, '-').
replace(/-+/g, '-').
replace(/^-|-$/g, '').
slice(0, 60) || 'naomi-qr';
downloadBtn.href = objectUrl;
downloadBtn.download = slug + '.png';
result.style.display = 'flex';
} catch (err) {
errorMsg.textContent = err instanceof Error ? err.message : 'Something went wrong.';
errorMsg.style.display = 'block';
} finally {
submitBtn.disabled = false;
spinner.style.display = 'none';
}
});
</script>
</body>
</html>`;
const server = fastify();
server.get("/", async(_request, reply) => {
await reply.type("text/html").send(pageHtml);
});
server.get<{ Querystring: { url?: string } }>(
"/generate",
async(request, reply) => {
const rawUrl = request.query.url;
if (rawUrl === undefined || rawUrl.trim() === "") {
await reply.status(400).send("Missing required query parameter: url");
return;
}
try {
const pngBuffer = await generateQrCode(rawUrl.trim());
const filename = `${urlToFilename(rawUrl.trim())}.png`;
await reply.
type("image/png").
header("Content-Disposition", `attachment; filename="${filename}"`).
send(pngBuffer);
} catch (error: unknown) {
const message = error instanceof Error
? error.message
: "Unknown error";
console.error(`QR generation failed for "${rawUrl}": ${message}`);
await reply.status(500).send("Failed to generate QR code.");
}
},
);
try {
await server.listen({ host, port });
console.log(`Server listening on http://${host}:${String(port)}`);
} catch (error: unknown) {
console.error(error);
process.exit(1);
}
+7
View File
@@ -0,0 +1,7 @@
{
"extends": "@nhcarrigan/typescript-config",
"compilerOptions": {
"outDir": "./prod",
"rootDir": "./src",
}
}