chore: release 1.0.0 #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ache folder with placeholder App/Cache/ will ignore .cache files only
…uration - Configuration: - Replaced hyphens for underscores on Cryptography environment key - The FileManager settings are now taken from this class - The Database connection settings are now found in this class. Additionally, the user and password credentials are obtained from environment variables, whose keys are configured here. - FileManager: - BREAKING: checkDiskSpace() and checkAppDiskUsage() methods replaced with isMinimumDiskSpaceAvailable() and isStorageUsageWithinLimits() respectively - BREAKING: isMinimumDiskSpaceAvailable() and isStorageUsageWithinLimits() no longer throw Exceptions; they now return a boolean value based on their check - BREAKING: File operations such as create, copy, append, etc., with the option to ignore the storage usage limitation, no longer throw Exceptions if the option is not ignored but there isn't enough storage for the application due to modifying the check behavior as it is described in the previous point. Additionally, the operations will still throw exceptions on their own if the disk does not have the minimum available storage. - New methods added: hasAvailableDiskSpace, hasAvailableDiskSpace, clearFolder, createFile - Database: - The database connection settings are now established in the Configuration class. The user and password credentials are no longer written in the code, now are obtained from environment variables. The keys of the variables are customizable as well. - A port for the connection can now be specified. - Cryptography: - BREAKING: The use of a self-generated backup encryption key has been removed if the encryption key as an environment variable was not configured or was inaccessible. Now, it is necessary to use the encryption key as an environment variable; if it is not configured or is inaccessible, a SecurityException will be thrown. - The default name of the encryption key changed, replacing hyphens with underscores.
- Stores serialized data with the format [data] (which contains the data) and [expires] where the expiration time in seconds is stored using the function time() + the cache duration seconds. - To get or write the cache, a key is specified whose value is converted to MD5, forming the cache file name. - Cached data is not stored if the FileManager condition isStorageUsageWithinLimits is not met. - The maximum cache size (per file) can be set in the Configuration class. The cache folder location can also be configured; by default, it is located in App/Cache. The cache extension can also be configured; by default, it is .cache. - Functions to clear all cache and expired cache, with potential to use them in routines or scheduled tasks.
…refactorizations, fixes, documentation)) - BREAKING: The function `getFileType` was renamed to `getFileMimeType`. Additionally, it now throws an exception if the file is not found. - BREAKING: The `deleteFile` function now throws an exception if the file to be deleted is not found. - Error codes have been added that will be returned in the thrown exceptions. The numerical codes may be subject to changes, therefore, it is advisable to prioritize the use of the constant name and avoid using the direct value. - Now, the return value is directly specified in the methods in order to ensure consistency with the method documentation and that any modification continues to return the expected type of value to avoid subsequent breaking changes. - Corrections to errors in the documentation of several methods and additional complementary documentation added. - Corrections, improvements, and more controls for the `uploadFile` function, error codes added, and now the function returns true if the file upload is successful.
…um file upload Reminder that this configuration does not override the PHP settings for `upload_max_filesize` and `post_max_size`; those settings should have a higher value than this configuration to avoid issues.
- The behavior for processing requests was modified. Previously, it was possible to directly access files in the root directory, such as .gitignore or .gitattributes, which is potentially dangerous. Now, all requests, regardless of whether they are files, are directed to index.php. Although this measure might be somewhat counterproductive for files that need to be accessed from the root, such as a manifest, favicon, or robots.txt, it is preferable to process these requests through the framework to avoid potential future vulnerabilities. - The X-Frame-Options header was added with the default value of DENY, restricting the embedding of the page anywhere. This will be adjusted according to the page needs, but in the meantime, it will remain restricted by default. - The X-Content-Type-Options header was added as a security measure for end users to mitigate MIME type sniffing. - An .htaccess file was added in the Resources/ directory to prevent the execution of scripts or executables. This folder does not expect any content to be executed, so this is an additional preventive security measure. Additionally, 403 or 404 errors in Resources/ are just short text, reducing a bit the amount of information sent in each request. - An IfModule directive for the mod_security module was added, including the OWASP Core Rule Set. The configuration limits the maximum file upload size to 100 MB, in accordance with the default setting in Configuration.php. - Files with the .jar extension have been added to the list of prohibited executables.
It should be specified directly that a boolean is expected, not true directly.
- Replace some empty logs for .placeholder files - Added .placeholder for Models folder
Postpone the X-Content-Type-Options header until implementing a resource manager that serves the content and the correct MIME type of the resource.
Also update Actions to use that configuration.
Now, modules are automatically loaded from their folder (App/Modules) to register routes in the web application instead of importing and calling the method directly in the class. This ensures that the App is independent and does not require intervention for route registration.
You ever wonder why we’re here?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v1.0.0 files