composer update symfony/* to ^5.4. Updating index.php to 5.4, adding security deprecations (#26), some small refactoring.

.env

@@ -5,8 +5,6 @@
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=xxx
-#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
-#TRUSTED_HOSTS=localhost,example.com
 ###< symfony/framework-bundle ###
 
 ###> doctrine/doctrine-bundle ###

.gitignore

@@ -4,6 +4,7 @@
 /.env.local
 /.env.local.php
 /.env.*.local
+/config/secrets/prod/prod.decrypt.private.php
 /public/bundles/
 /var/
 /vendor/

composer.json

@@ -31,27 +31,28 @@
         "sensio/framework-extra-bundle": "^6.0",
         "sentry/sentry-symfony": "^4",
         "suin/php-rss-writer": "^1.6",
-        "symfony/asset": "5.0.*",
-        "symfony/console": "5.0.*",
-        "symfony/dotenv": "^5.0",
-        "symfony/expression-language": "5.0.*",
+        "symfony/asset": "^5.4",
+        "symfony/console": "^5.4",
+        "symfony/dotenv": "^5.4",
+        "symfony/expression-language": "^5.4",
         "symfony/flex": "^1.0",
-        "symfony/form": "5.0.*",
-        "symfony/framework-bundle": "5.0.*",
-        "symfony/http-client": "5.0.*",
-        "symfony/mailer": "5.0.*",
+        "symfony/form": "^5.4",
+        "symfony/framework-bundle": "^5.4",
+        "symfony/http-client": "^5.4",
+        "symfony/mailer": "^5.4",
         "symfony/monolog-bundle": "^3.3",
-        "symfony/property-access": "^5.0",
-        "symfony/property-info": "^5.0",
-        "symfony/security-bundle": "5.0.*",
-        "symfony/serializer": "5.0.*",
-        "symfony/translation": "5.0.*",
-        "symfony/twig-bundle": "5.0.*",
-        "symfony/validator": "5.0.*",
-        "symfony/yaml": "5.0.*"
+        "symfony/property-access": "^5.4",
+        "symfony/property-info": "^5.4",
+        "symfony/runtime": "^5.4",
+        "symfony/security-bundle": "^5.4",
+        "symfony/serializer": "^5.4",
+        "symfony/translation": "^5.4",
+        "symfony/twig-bundle": "^5.4",
+        "symfony/validator": "^5.4",
+        "symfony/yaml": "^5.4"
     },
     "require-dev": {
-        "symfony/web-profiler-bundle": "^5.0",
+        "symfony/web-profiler-bundle": "^5.4",
         "symfony/web-server-bundle": "^4.1"
     },
     "config": {
@@ -60,7 +61,8 @@
         },
         "sort-packages": true,
         "allow-plugins": {
-            "symfony/flex": true
+            "symfony/flex": true,
+            "symfony/runtime": true
         }
     },
     "autoload": {

config/packages/cache.yaml

@@ -0,0 +1,25 @@
+framework:
+    cache:
+        # Unique name of your app: used to compute stable namespaces for cache keys.
+        #prefix_seed: your_vendor_name/app_name
+
+        # The "app" cache stores to the filesystem by default.
+        # The data in this cache should persist between deploys.
+        # Other options include:
+
+        # Redis
+        #app: cache.adapter.redis
+        #default_redis_provider: redis://localhost
+
+        # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
+        #app: cache.adapter.apcu
+
+        # Namespaced pools use the above "app" backend by default
+        #pools:
+            #my.dedicated.cache: null
+        prefix_seed: magnetico-web
+        pools:
+            magneticod.cache:
+                adapter: cache.adapter.redis
+                provider: '%env(REDIS_DSN)%'
+                default_lifetime: 600

config/packages/framework.yaml

@@ -1,36 +1,24 @@
+# see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
-    #default_locale: en
     #csrf_protection: true
-    #http_method_override: true
+    http_method_override: false
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
-        handler_id: ~
+        handler_id: null
+        cookie_secure: auto
+        cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     #esi: true
     #fragments: true
     php_errors:
         log: true
 
-    cache:
-        # Put the unique name of your app here: the prefix seed
-        # is used to compute stable namespaces for cache keys.
-        #prefix_seed: your_vendor_name/app_name
-
-        # The app cache caches to the filesystem by default.
-        # Other options include:
-
-        # Redis
-        #app: cache.adapter.redis
-        #default_redis_provider: redis://localhost
-
-        # APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
-        #app: cache.adapter.apcu
-        prefix_seed: magnetico-web
-        pools:
-            magneticod.cache:
-                adapter: cache.adapter.redis
-                provider: '%env(REDIS_DSN)%'
-                default_lifetime: 600
+when@test:
+    framework:
+        test: true
+        session:
+            storage_factory_id: session.storage.factory.mock_file

config/preload.php

@@ -0,0 +1,5 @@
+<?php
+
+if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
+    require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
+}

config/routes/dev/twig.yaml

@@ -1,3 +0,0 @@
-_errors:
-    resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
-    prefix: /_error

config/routes/framework.yaml

@@ -0,0 +1,4 @@
+when@dev:
+    _errors:
+        resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
+        prefix: /_error

config/services.yaml

@@ -1,3 +1,6 @@
+# This file is the entry point to configure your own services.
+# Files in the packages/ subdirectory configure your dependencies.
+
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
 parameters:
@@ -18,8 +21,10 @@ services:
             $newUserInvites: '%env(NEW_USER_INVITES)%'
             $fromAddress: '%env(MAILER_FROM)%'
 
+    # makes classes in src/ available to be used as services
+    # this creates a service per class whose id is the fully-qualified class name
     App\:
-        resource: '../src/*'
+        resource: '../src/'
         exclude: '../src/{Api/V1/{DTO},Magnetico/{Entity,Migrations},Entity,FormRequest,Migrations,Tests,View,Kernel.php}'
             # Use array in exclude config from Symfony 4.2
             #- '../src/Api/V1/{DTO}'

public/index.php

@@ -2,30 +2,9 @@
 declare(strict_types=1);
 
 use App\Kernel;
-use Symfony\Component\Dotenv\Dotenv;
-use Symfony\Component\ErrorHandler\Debug;
-use Symfony\Component\HttpFoundation\Request;
 
-require dirname(__DIR__).'/vendor/autoload.php';
+require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
 
-(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
-
-if ($_SERVER['APP_DEBUG']) {
-    umask(0000);
-
-    Debug::enable();
-}
-
-if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
-    Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
-}
-
-if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
-    Request::setTrustedHosts([$trustedHosts]);
-}
-
-$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
-$request = Request::createFromGlobals();
-$response = $kernel->handle($request);
-$response->send();
-$kernel->terminate($request, $response);
+return function (array $context) {
+    return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
+};

src/Feed/RssGenerator.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 
 namespace App\Feed;
@@ -132,4 +133,4 @@ class RssGenerator
     {
         return $this->router->generate($route, $parameters, UrlGeneratorInterface::ABSOLUTE_URL);
     }
-}
+}

src/Helper/FileSizeHumanizer.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace App\Helper;
 

src/Kernel.php

@@ -3,59 +3,9 @@
 namespace App;
 
 use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
-use Symfony\Component\Config\Loader\LoaderInterface;
-use Symfony\Component\Config\Resource\FileResource;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\HttpKernel\Kernel as BaseKernel;
-use Symfony\Component\Routing\RouteCollectionBuilder;
 
 class Kernel extends BaseKernel
 {
     use MicroKernelTrait;
-
-    const CONFIG_EXTS = '.{php,xml,yaml,yml}';
-
-    public function getCacheDir()
-    {
-        return $this->getProjectDir().'/var/cache/'.$this->environment;
-    }
-
-    public function getLogDir()
-    {
-        return $this->getProjectDir().'/var/log';
-    }
-
-    public function registerBundles()
-    {
-        $contents = require $this->getProjectDir().'/config/bundles.php';
-        foreach ($contents as $class => $envs) {
-            if (isset($envs['all']) || isset($envs[$this->environment])) {
-                yield new $class();
-            }
-        }
-    }
-
-    protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
-    {
-        $container->addResource(new FileResource($this->getProjectDir().'/config/bundles.php'));
-        // Feel free to remove the "container.autowiring.strict_mode" parameter
-        // if you are using symfony/dependency-injection 4.0+ as it's the default behavior
-        $container->setParameter('container.autowiring.strict_mode', true);
-        $container->setParameter('container.dumper.inline_class_loader', true);
-        $confDir = $this->getProjectDir().'/config';
-
-        $loader->load($confDir.'/{packages}/*'.self::CONFIG_EXTS, 'glob');
-        $loader->load($confDir.'/{packages}/'.$this->environment.'/**/*'.self::CONFIG_EXTS, 'glob');
-        $loader->load($confDir.'/{services}'.self::CONFIG_EXTS, 'glob');
-        $loader->load($confDir.'/{services}_'.$this->environment.self::CONFIG_EXTS, 'glob');
-    }
-
-    protected function configureRoutes(RouteCollectionBuilder $routes)
-    {
-        $confDir = $this->getProjectDir().'/config';
-
-        $routes->import($confDir.'/{routes}/*'.self::CONFIG_EXTS, '/', 'glob');
-        $routes->import($confDir.'/{routes}/'.$this->environment.'/**/*'.self::CONFIG_EXTS, '/', 'glob');
-        $routes->import($confDir.'/{routes}'.self::CONFIG_EXTS, '/', 'glob');
-    }
 }

src/Search/TorrentSearcher.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace App\Search;
 

src/Security/ApiTokenAuthenticator.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace App\Security;
 
@@ -13,6 +14,9 @@ use Symfony\Component\Security\Core\User\{UserInterface, UserProviderInterface};
 use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 use Symfony\Component\Serializer\SerializerInterface;
 
+/**
+ * @deprecated Refactor to new Authenticators system @see https://gitlab.com/skobkin/magnetico-web/-/issues/26
+ */
 class ApiTokenAuthenticator extends AbstractGuardAuthenticator
 {
     public const TOKEN_HEADER = 'api-token';
@@ -108,9 +112,9 @@ class ApiTokenAuthenticator extends AbstractGuardAuthenticator
     {
         $request = $this->requestStack->getCurrentRequest();
 
-        $tokenKey = $request->headers->get(self::TOKEN_HEADER) ?:
-            $request->cookies->get(self::TOKEN_HEADER) ?:
-            $request->query->get(self::TOKEN_HEADER)
+        $tokenKey = $request?->headers?->get(self::TOKEN_HEADER) ?:
+            $request?->cookies?->get(self::TOKEN_HEADER) ?:
+            $request?->query?->get(self::TOKEN_HEADER)
         ;
 
         return new AuthenticatedApiToken(

src/Security/Token/AuthenticatedApiToken.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace App\Security\Token;
 
@@ -6,7 +7,11 @@ use App\Entity\User;
 use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
 use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
 
-/** This token stores ApiToken key even after eraseCredentials() called */
+/**
+ * This token stores ApiToken key even after eraseCredentials() called
+ *
+ * @deprecated Refactor to new Authenticators system @see https://gitlab.com/skobkin/magnetico-web/-/issues/26
+ */
 class AuthenticatedApiToken extends PreAuthenticatedToken implements GuardTokenInterface
 {
     /** @var string|null This token is stored only for this request and will not be erased by eraseCredentials() or serialized */
@@ -23,4 +28,4 @@ class AuthenticatedApiToken extends PreAuthenticatedToken implements GuardTokenI
     {
         return $this->tokenKey;
     }
-}
+}

symfony.lock

@@ -271,13 +271,23 @@
         "version": "v4.1.0"
     },
     "symfony/framework-bundle": {
-        "version": "3.3",
+        "version": "5.4",
         "recipe": {
             "repo": "github.com/symfony/recipes",
-            "branch": "master",
-            "version": "3.3",
-            "ref": "1279df12895f20d8076324036431833181eb6645"
-        }
+            "branch": "main",
+            "version": "5.4",
+            "ref": "3cd216a4d007b78d8554d44a5b1c0a446dab24fb"
+        },
+        "files": [
+            "config/packages/cache.yaml",
+            "config/packages/framework.yaml",
+            "config/preload.php",
+            "config/routes/framework.yaml",
+            "config/services.yaml",
+            "public/index.php",
+            "src/Controller/.gitignore",
+            "src/Kernel.php"
+        ]
     },
     "symfony/http-client": {
         "version": "v4.4.2"
@@ -291,9 +301,6 @@
     "symfony/http-kernel": {
         "version": "v4.1.0"
     },
-    "symfony/intl": {
-        "version": "v4.1.0"
-    },
     "symfony/mailer": {
         "version": "4.3",
         "recipe": {