From 04f25bbf7808b1fc8999ee548b564a5f67024666 Mon Sep 17 00:00:00 2001 From: Christoph Kappestein Date: Sun, 17 Dec 2017 10:48:01 +0100 Subject: [PATCH] use dotenv config to load sensitive values from environment variables --- .env | 21 +++++++ CHANGELOG.md | 7 ++- composer.json | 3 +- composer.lock | 109 +++++++++++++++++++++++++-------- configuration.php | 36 +++++++---- doc/installation.rst | 6 +- resources/config.yaml | 8 +-- resources/connections.yaml | 120 ++++++++++++++++++++++++++++++++++++- 8 files changed, 264 insertions(+), 46 deletions(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 00000000..1fbf035d --- /dev/null +++ b/.env @@ -0,0 +1,21 @@ +# Fusio +FUSIO_PROJECT_KEY="42eec18ffdbffc9fda6110dcc705d6ce" +FUSIO_URL="http://127.0.0.1/projects/fusio/public" +FUSIO_ENV="dev" # dev or prod +FUSIO_DB_NAME="fusio" +FUSIO_DB_USER="root" +FUSIO_DB_PW="" +FUSIO_DB_HOST="localhost" + +# Config (resources/config.yaml) +# Login provider +PROVIDER_FACEBOOK_SECRET="" +PROVIDER_GOOGLE_SECRET="" +PROVIDER_GITHUB_SECRET="" + +# Register captcha +RECAPTCHA_SECRET="" + +# Connections (resources/connections.yaml) +# Default-Connection +SQLITE_1_DB="todo-app.db" diff --git a/CHANGELOG.md b/CHANGELOG.md index 691ecc18..12830092 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ -### 1.0.0-RC6 +### 1.0.0-RC7 + +* Use dotenv config to load sensitive values from environment variables +* Add missing help files + +### 1.0.0-RC6 (2017-12-14) * Update developer app * Summarize deploy status and improve deploy output #108 diff --git a/composer.json b/composer.json index 885c00c2..c576450c 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,8 @@ ], "require": { "php": ">=7.0", - "fusio/impl": "^1.0" + "fusio/impl": "^1.0", + "symfony/dotenv": "^3.4" }, "require-dev": { "phpunit/phpunit": "^5.6", diff --git a/composer.lock b/composer.lock index 22d2fd20..c77b3f16 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "0e604288874764d4730fb547edf58b71", + "content-hash": "f0f598fdffae89f921b48fa994ed87c1", "packages": [ { "name": "doctrine/annotations", @@ -2472,16 +2472,16 @@ }, { "name": "symfony/console", - "version": "v3.4.1", + "version": "v3.4.2", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "2cdef78de8f54f68ff16a857e710e7302b47d4c7" + "reference": "9f21adfb92a9315b73ae2ed43138988ee4913d4e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/2cdef78de8f54f68ff16a857e710e7302b47d4c7", - "reference": "2cdef78de8f54f68ff16a857e710e7302b47d4c7", + "url": "https://api.github.com/repos/symfony/console/zipball/9f21adfb92a9315b73ae2ed43138988ee4913d4e", + "reference": "9f21adfb92a9315b73ae2ed43138988ee4913d4e", "shasum": "" }, "require": { @@ -2537,20 +2537,20 @@ ], "description": "Symfony Console Component", "homepage": "https://symfony.com", - "time": "2017-12-02T18:20:11+00:00" + "time": "2017-12-14T19:40:10+00:00" }, { "name": "symfony/debug", - "version": "v3.4.1", + "version": "v3.4.2", "source": { "type": "git", "url": "https://github.com/symfony/debug.git", - "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd" + "reference": "543deab3ffff94402440b326fc94153bae2dfa7a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/debug/zipball/fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", - "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", + "url": "https://api.github.com/repos/symfony/debug/zipball/543deab3ffff94402440b326fc94153bae2dfa7a", + "reference": "543deab3ffff94402440b326fc94153bae2dfa7a", "shasum": "" }, "require": { @@ -2593,20 +2593,77 @@ ], "description": "Symfony Debug Component", "homepage": "https://symfony.com", - "time": "2017-11-21T09:01:46+00:00" + "time": "2017-12-12T08:27:14+00:00" + }, + { + "name": "symfony/dotenv", + "version": "v3.4.2", + "source": { + "type": "git", + "url": "https://github.com/symfony/dotenv.git", + "reference": "21a36fcaf0396c2a2c08ed791d676ce89b592187" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/dotenv/zipball/21a36fcaf0396c2a2c08ed791d676ce89b592187", + "reference": "21a36fcaf0396c2a2c08ed791d676ce89b592187", + "shasum": "" + }, + "require": { + "php": "^5.5.9|>=7.0.8" + }, + "require-dev": { + "symfony/process": "~3.2|~4.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.4-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Component\\Dotenv\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Registers environment variables from a .env file", + "homepage": "https://symfony.com", + "keywords": [ + "dotenv", + "env", + "environment" + ], + "time": "2017-12-08T15:24:53+00:00" }, { "name": "symfony/event-dispatcher", - "version": "v3.4.1", + "version": "v3.4.2", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "ca20b8f9ef149f40ff656d52965f240d85f7a8e4" + "reference": "b869cbf8a15ca6261689de2c28a7d7f2d0706835" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/ca20b8f9ef149f40ff656d52965f240d85f7a8e4", - "reference": "ca20b8f9ef149f40ff656d52965f240d85f7a8e4", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/b869cbf8a15ca6261689de2c28a7d7f2d0706835", + "reference": "b869cbf8a15ca6261689de2c28a7d7f2d0706835", "shasum": "" }, "require": { @@ -2656,7 +2713,7 @@ ], "description": "Symfony EventDispatcher Component", "homepage": "https://symfony.com", - "time": "2017-11-09T14:14:31+00:00" + "time": "2017-12-14T19:40:10+00:00" }, { "name": "symfony/polyfill-mbstring", @@ -2719,16 +2776,16 @@ }, { "name": "symfony/yaml", - "version": "v3.4.1", + "version": "v3.4.2", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "f6a99b95b338799645fe9f7880d7d4ca1bf79cc1" + "reference": "afe0cd38486505c9703707707d91450cfc1bd536" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/f6a99b95b338799645fe9f7880d7d4ca1bf79cc1", - "reference": "f6a99b95b338799645fe9f7880d7d4ca1bf79cc1", + "url": "https://api.github.com/repos/symfony/yaml/zipball/afe0cd38486505c9703707707d91450cfc1bd536", + "reference": "afe0cd38486505c9703707707d91450cfc1bd536", "shasum": "" }, "require": { @@ -2773,7 +2830,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2017-12-04T18:15:22+00:00" + "time": "2017-12-11T20:38:23+00:00" }, { "name": "twig/twig", @@ -3515,16 +3572,16 @@ }, { "name": "phpunit/phpunit", - "version": "5.7.25", + "version": "5.7.26", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "4b1c822a68ae6577df38a59eb49b046712ec0f6a" + "reference": "7fbc25c13309de0c4c9bb48b7361f1eca34c7fbd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/4b1c822a68ae6577df38a59eb49b046712ec0f6a", - "reference": "4b1c822a68ae6577df38a59eb49b046712ec0f6a", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/7fbc25c13309de0c4c9bb48b7361f1eca34c7fbd", + "reference": "7fbc25c13309de0c4c9bb48b7361f1eca34c7fbd", "shasum": "" }, "require": { @@ -3593,7 +3650,7 @@ "testing", "xunit" ], - "time": "2017-11-14T14:50:51+00:00" + "time": "2017-12-17T06:14:38+00:00" }, { "name": "phpunit/phpunit-mock-objects", diff --git a/configuration.php b/configuration.php index 8a272af0..31f40325 100644 --- a/configuration.php +++ b/configuration.php @@ -1,6 +1,11 @@ load(__DIR__ . '/.env'); +} + +return [ // Whether the implicit flow is allowed. This is mostly needed for // javascript apps @@ -21,7 +26,7 @@ // the database. NOTE IF YOU CHANGE THE KEY FUSIO CAN NO LONGER READ ANY // DATA WHICH WAS ENCRYPTED BEFORE. BECAUSE OF THAT IT IS RECOMMENDED TO // CHANGE THE KEY ONLY BEFORE THE INSTALLATION - 'fusio_project_key' => '42eec18ffdbffc9fda6110dcc705d6ce', + 'fusio_project_key' => getenv('FUSIO_PROJECT_KEY'), // Settings of the internal mailer. By default we use the internal PHP mail // function @@ -52,22 +57,22 @@ // The url to the psx public folder (i.e. http://127.0.0.1/psx/public or // http://localhost.com) - 'psx_url' => 'http://127.0.0.1/projects/fusio/public', + 'psx_url' => getenv('FUSIO_URL'), // The default timezone 'psx_timezone' => 'UTC', // Whether PSX runs in debug mode or not. If not error reporting is set to 0 // Also several caches are used if the debug mode is false - 'psx_debug' => true, + 'psx_debug' => getenv('FUSIO_ENV') != 'prod', // Database parameters which are used for the doctrine DBAL connection // http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html 'psx_connection' => [ - 'dbname' => 'fusio', - 'user' => 'root', - 'password' => '', - 'host' => 'localhost', + 'dbname' => getenv('FUSIO_DB_NAME'), + 'user' => getenv('FUSIO_DB_USER'), + 'password' => getenv('FUSIO_DB_PW'), + 'host' => getenv('FUSIO_DB_HOST'), 'driver' => 'pdo_mysql', ], @@ -89,7 +94,18 @@ // A closure which returns a doctrine cache implementation. If null the // filesystem cache is used - //'psx_cache_factory' => null, + /* + 'psx_cache_factory' => function($config, $namespace){ + $memcached = new \Memcached(); + $memcached->addServer(getenv('FUSIO_MEMCACHE_HOST'), getenv('FUSIO_MEMCACHE_PORT')); + + $memcache = new \Doctrine\Common\Cache\MemcachedCache(); + $memcache->setMemcached($memcached); + $memcache->setNamespace($namespace); + + return $memcache; + }, + */ // A closure which returns a monolog handler implementation. If null the // system handler is used @@ -102,4 +118,4 @@ // specify a custom template //'psx_error_template' => null, -); +]; diff --git a/doc/installation.rst b/doc/installation.rst index 8f44cb93..18b886a8 100644 --- a/doc/installation.rst +++ b/doc/installation.rst @@ -20,9 +20,9 @@ Configuration * **Adjust the configuration file** - Open the file ``configuration.php`` in the Fusio directory and change the key - ``psx_url`` to the domain pointing to the public folder. Also insert the - database credentials to the ``psx_connection`` keys. + Open the file ``.env`` in the Fusio directory and change the key ``FUSIO_URL`` + to the domain pointing to the public folder. Also insert the database + credentials to the ``FUSIO_DB_*`` keys. * **Execute the installation command** The installation script inserts the Fusio database schema into the provided diff --git a/resources/config.yaml b/resources/config.yaml index efb7788e..fe3fa4b6 100644 --- a/resources/config.yaml +++ b/resources/config.yaml @@ -17,13 +17,13 @@ mail_register_body: > # Email address which is used in the "From" header mail_sender: "" # Facebook app secret -provider_facebook_secret: "" +provider_facebook_secret: "${env.PROVIDER_FACEBOOK_SECRET}" # Google app secret -provider_google_secret: "" +provider_google_secret: "${env.PROVIDER_GOOGLE_SECRET}" # GitHub app secret -provider_github_secret: "" +provider_github_secret: "${env.PROVIDER_GITHUB_SECRET}" # ReCaptcha secret -recaptcha_secret: "" +recaptcha_secret: "${env.RECAPTCHA_SECRET}" # If set each API response contains a Access-Control-Allow-Origin header with # the provided value cors_allow_origin: "*" diff --git a/resources/connections.yaml b/resources/connections.yaml index c4e74254..9937f01a 100644 --- a/resources/connections.yaml +++ b/resources/connections.yaml @@ -1,4 +1,122 @@ Default-Connection: class: Fusio\Adapter\Sql\Connection\SqlAdvanced config: - url: "sqlite:///${dir.cache}/todo-app.db" + url: "sqlite:///${dir.cache}/${env.SQLITE_1_DB}" + +# SQL +# Connects to a SQL database using the doctrine DBAL library. +# +#Mysql-1: +# class: Fusio\Adapter\Sql\Connection\Sql +# config: +# type: "pdo_mysql" +# host: "" +# username: "" +# password: "" +# database: "" + +# HTTP +# Uses the Guzzle library to send HTTP requests. +# +#Http-1: +# class: Fusio\Adapter\Http\Connection\Http +# config: +# url: "" + +# MongoDB +# Connects to a MongoDB using the official MongoDB library. Note this requires +# the PHP mongodb extension. +# +# > composer require fusio/adapter-mongodb +# > php bin/fusio system:register "Fusio\Adapter\Mongodb\Adapter" +# +#Mongo-1: +# class: Fusio\Adapter\Mongodb\Connection\MongoDB +# config: +# url: "" +# database: "" + +# AMQP +# Provides a client to send messages to a RabbitMQ. +# +# > composer require fusio/adapter-amqp +# > php bin/fusio system:register "Fusio\Adapter\Amqp\Adapter" +# +#Amqp-1: +# class: Fusio\Adapter\Amqp\Connection\Amqp +# config: +# host: "" +# port: "" +# user: "" +# password: "" +# vhost: "" + +# Beanstalk +# Provides a client to send messages to a Beanstalkd. +# +# > composer require fusio/adapter-beanstalk +# > php bin/fusio system:register "Fusio\Adapter\Beanstalk\Adapter" +# +#Beanstalk-1: +# class: Fusio\Adapter\Beanstalk\Connection\Beanstalk +# config: +# host: "" +# port: "" + +# Cassandra +# Connects to a Cassandra database using the official PHP library. Requires the +# cassandra PHP extension. +# +# > composer require fusio/adapter-cassandra +# > php bin/fusio system:register "Fusio\Adapter\Cassandra\Adapter" +# +#Cassandra-1: +# class: Fusio\Adapter\Cassandra\Connection\Cassandra +# config: +# host: "" +# port: "" +# keyspace: "" + +# ElasticSearch +# Connects to a Elasticsearch database using the official PHP library. +# +# > composer require fusio/adapter-elasticsearch +# > php bin/fusio system:register "Fusio\Adapter\Elasticsearch\Adapter" +# +#Elasticsearch-1: +# class: Fusio\Adapter\Elasticsearch\Connection\Elasticsearch +# config: +# host: "" + +# Memcache +# Uses the native PHP memcached extension to connect to a memcache server. +# +# > composer require fusio/adapter-memcache +# > php bin/fusio system:register "Fusio\Adapter\Memcache\Adapter" +# +#Memcache-1: +# class: Fusio\Adapter\Memcache\Connection\Memcache +# config: +# host: "" + +# Neo4j +# Connects to a Neo7j graph database using the official PHP library. +# +# > composer require fusio/adapter-neo4j +# > php bin/fusio system:register "Fusio\Adapter\Neo4j\Adapter" +# +#Neo4j-1: +# class: Fusio\Adapter\Neo4j\Connection\Neo4j +# config: +# uri: "" + +# SOAP +# Provides a client to send SOAP requests. +# +# > composer require fusio/adapter-soap +# > php bin/fusio system:register "Fusio\Adapter\Soap\Adapter" +# +#Soap-1: +# class: Fusio\Adapter\Soap\Connection\Soap +# config: +# wsdl: ""