composer update symfony/* to ^5.4. Updating index.php to 5.4, adding security deprecations (#26), some small refactoring.

This commit is contained in:
Alexey Skobkin 2022-07-05 00:56:05 +03:00
parent f4769ed931
commit 3b7b07fd0d
No known key found for this signature in database
GPG key ID: 5D5CEF6F221278E7
18 changed files with 1106 additions and 978 deletions

2
.env
View file

@ -5,8 +5,6 @@
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=xxx
#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
#TRUSTED_HOSTS=localhost,example.com
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###

1
.gitignore vendored
View file

@ -4,6 +4,7 @@
/.env.local
/.env.local.php
/.env.*.local
/config/secrets/prod/prod.decrypt.private.php
/public/bundles/
/var/
/vendor/

View file

@ -31,27 +31,28 @@
"sensio/framework-extra-bundle": "^6.0",
"sentry/sentry-symfony": "^4",
"suin/php-rss-writer": "^1.6",
"symfony/asset": "5.0.*",
"symfony/console": "5.0.*",
"symfony/dotenv": "^5.0",
"symfony/expression-language": "5.0.*",
"symfony/asset": "^5.4",
"symfony/console": "^5.4",
"symfony/dotenv": "^5.4",
"symfony/expression-language": "^5.4",
"symfony/flex": "^1.0",
"symfony/form": "5.0.*",
"symfony/framework-bundle": "5.0.*",
"symfony/http-client": "5.0.*",
"symfony/mailer": "5.0.*",
"symfony/form": "^5.4",
"symfony/framework-bundle": "^5.4",
"symfony/http-client": "^5.4",
"symfony/mailer": "^5.4",
"symfony/monolog-bundle": "^3.3",
"symfony/property-access": "^5.0",
"symfony/property-info": "^5.0",
"symfony/security-bundle": "5.0.*",
"symfony/serializer": "5.0.*",
"symfony/translation": "5.0.*",
"symfony/twig-bundle": "5.0.*",
"symfony/validator": "5.0.*",
"symfony/yaml": "5.0.*"
"symfony/property-access": "^5.4",
"symfony/property-info": "^5.4",
"symfony/runtime": "^5.4",
"symfony/security-bundle": "^5.4",
"symfony/serializer": "^5.4",
"symfony/translation": "^5.4",
"symfony/twig-bundle": "^5.4",
"symfony/validator": "^5.4",
"symfony/yaml": "^5.4"
},
"require-dev": {
"symfony/web-profiler-bundle": "^5.0",
"symfony/web-profiler-bundle": "^5.4",
"symfony/web-server-bundle": "^4.1"
},
"config": {
@ -60,7 +61,8 @@
},
"sort-packages": true,
"allow-plugins": {
"symfony/flex": true
"symfony/flex": true,
"symfony/runtime": true
}
},
"autoload": {

1839
composer.lock generated

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,25 @@
framework:
cache:
# Unique name of your app: used to compute stable namespaces for cache keys.
#prefix_seed: your_vendor_name/app_name
# The "app" cache stores to the filesystem by default.
# The data in this cache should persist between deploys.
# Other options include:
# Redis
#app: cache.adapter.redis
#default_redis_provider: redis://localhost
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu
# Namespaced pools use the above "app" backend by default
#pools:
#my.dedicated.cache: null
prefix_seed: magnetico-web
pools:
magneticod.cache:
adapter: cache.adapter.redis
provider: '%env(REDIS_DSN)%'
default_lifetime: 600

View file

@ -1,36 +1,24 @@
# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
secret: '%env(APP_SECRET)%'
#default_locale: en
#csrf_protection: true
#http_method_override: true
http_method_override: false
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
handler_id: ~
handler_id: null
cookie_secure: auto
cookie_samesite: lax
storage_factory_id: session.storage.factory.native
#esi: true
#fragments: true
php_errors:
log: true
cache:
# Put the unique name of your app here: the prefix seed
# is used to compute stable namespaces for cache keys.
#prefix_seed: your_vendor_name/app_name
# The app cache caches to the filesystem by default.
# Other options include:
# Redis
#app: cache.adapter.redis
#default_redis_provider: redis://localhost
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu
prefix_seed: magnetico-web
pools:
magneticod.cache:
adapter: cache.adapter.redis
provider: '%env(REDIS_DSN)%'
default_lifetime: 600
when@test:
framework:
test: true
session:
storage_factory_id: session.storage.factory.mock_file

5
config/preload.php Normal file
View file

@ -0,0 +1,5 @@
<?php
if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
}

View file

@ -1,3 +0,0 @@
_errors:
resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
prefix: /_error

View file

@ -0,0 +1,4 @@
when@dev:
_errors:
resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
prefix: /_error

View file

@ -1,3 +1,6 @@
# This file is the entry point to configure your own services.
# Files in the packages/ subdirectory configure your dependencies.
# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
@ -18,8 +21,10 @@ services:
$newUserInvites: '%env(NEW_USER_INVITES)%'
$fromAddress: '%env(MAILER_FROM)%'
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/*'
resource: '../src/'
exclude: '../src/{Api/V1/{DTO},Magnetico/{Entity,Migrations},Entity,FormRequest,Migrations,Tests,View,Kernel.php}'
# Use array in exclude config from Symfony 4.2
#- '../src/Api/V1/{DTO}'

View file

@ -2,30 +2,9 @@
declare(strict_types=1);
use App\Kernel;
use Symfony\Component\Dotenv\Dotenv;
use Symfony\Component\ErrorHandler\Debug;
use Symfony\Component\HttpFoundation\Request;
require dirname(__DIR__).'/vendor/autoload.php';
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
if ($_SERVER['APP_DEBUG']) {
umask(0000);
Debug::enable();
}
if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
}
if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
Request::setTrustedHosts([$trustedHosts]);
}
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
return function (array $context) {
return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
};

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Feed;
@ -132,4 +133,4 @@ class RssGenerator
{
return $this->router->generate($route, $parameters, UrlGeneratorInterface::ABSOLUTE_URL);
}
}
}

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Helper;

View file

@ -3,59 +3,9 @@
namespace App;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
use Symfony\Component\Config\Loader\LoaderInterface;
use Symfony\Component\Config\Resource\FileResource;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\HttpKernel\Kernel as BaseKernel;
use Symfony\Component\Routing\RouteCollectionBuilder;
class Kernel extends BaseKernel
{
use MicroKernelTrait;
const CONFIG_EXTS = '.{php,xml,yaml,yml}';
public function getCacheDir()
{
return $this->getProjectDir().'/var/cache/'.$this->environment;
}
public function getLogDir()
{
return $this->getProjectDir().'/var/log';
}
public function registerBundles()
{
$contents = require $this->getProjectDir().'/config/bundles.php';
foreach ($contents as $class => $envs) {
if (isset($envs['all']) || isset($envs[$this->environment])) {
yield new $class();
}
}
}
protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
{
$container->addResource(new FileResource($this->getProjectDir().'/config/bundles.php'));
// Feel free to remove the "container.autowiring.strict_mode" parameter
// if you are using symfony/dependency-injection 4.0+ as it's the default behavior
$container->setParameter('container.autowiring.strict_mode', true);
$container->setParameter('container.dumper.inline_class_loader', true);
$confDir = $this->getProjectDir().'/config';
$loader->load($confDir.'/{packages}/*'.self::CONFIG_EXTS, 'glob');
$loader->load($confDir.'/{packages}/'.$this->environment.'/**/*'.self::CONFIG_EXTS, 'glob');
$loader->load($confDir.'/{services}'.self::CONFIG_EXTS, 'glob');
$loader->load($confDir.'/{services}_'.$this->environment.self::CONFIG_EXTS, 'glob');
}
protected function configureRoutes(RouteCollectionBuilder $routes)
{
$confDir = $this->getProjectDir().'/config';
$routes->import($confDir.'/{routes}/*'.self::CONFIG_EXTS, '/', 'glob');
$routes->import($confDir.'/{routes}/'.$this->environment.'/**/*'.self::CONFIG_EXTS, '/', 'glob');
$routes->import($confDir.'/{routes}'.self::CONFIG_EXTS, '/', 'glob');
}
}

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Search;

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Security;
@ -13,6 +14,9 @@ use Symfony\Component\Security\Core\User\{UserInterface, UserProviderInterface};
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Symfony\Component\Serializer\SerializerInterface;
/**
* @deprecated Refactor to new Authenticators system @see https://gitlab.com/skobkin/magnetico-web/-/issues/26
*/
class ApiTokenAuthenticator extends AbstractGuardAuthenticator
{
public const TOKEN_HEADER = 'api-token';
@ -108,9 +112,9 @@ class ApiTokenAuthenticator extends AbstractGuardAuthenticator
{
$request = $this->requestStack->getCurrentRequest();
$tokenKey = $request->headers->get(self::TOKEN_HEADER) ?:
$request->cookies->get(self::TOKEN_HEADER) ?:
$request->query->get(self::TOKEN_HEADER)
$tokenKey = $request?->headers?->get(self::TOKEN_HEADER) ?:
$request?->cookies?->get(self::TOKEN_HEADER) ?:
$request?->query?->get(self::TOKEN_HEADER)
;
return new AuthenticatedApiToken(

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Security\Token;
@ -6,7 +7,11 @@ use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
/** This token stores ApiToken key even after eraseCredentials() called */
/**
* This token stores ApiToken key even after eraseCredentials() called
*
* @deprecated Refactor to new Authenticators system @see https://gitlab.com/skobkin/magnetico-web/-/issues/26
*/
class AuthenticatedApiToken extends PreAuthenticatedToken implements GuardTokenInterface
{
/** @var string|null This token is stored only for this request and will not be erased by eraseCredentials() or serialized */
@ -23,4 +28,4 @@ class AuthenticatedApiToken extends PreAuthenticatedToken implements GuardTokenI
{
return $this->tokenKey;
}
}
}

View file

@ -271,13 +271,23 @@
"version": "v4.1.0"
},
"symfony/framework-bundle": {
"version": "3.3",
"version": "5.4",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "master",
"version": "3.3",
"ref": "1279df12895f20d8076324036431833181eb6645"
}
"branch": "main",
"version": "5.4",
"ref": "3cd216a4d007b78d8554d44a5b1c0a446dab24fb"
},
"files": [
"config/packages/cache.yaml",
"config/packages/framework.yaml",
"config/preload.php",
"config/routes/framework.yaml",
"config/services.yaml",
"public/index.php",
"src/Controller/.gitignore",
"src/Kernel.php"
]
},
"symfony/http-client": {
"version": "v4.4.2"
@ -291,9 +301,6 @@
"symfony/http-kernel": {
"version": "v4.1.0"
},
"symfony/intl": {
"version": "v4.1.0"
},
"symfony/mailer": {
"version": "4.3",
"recipe": {