From a64026dfae34087344accd12489e4f47280d1478 Mon Sep 17 00:00:00 2001 From: Rodrigo Passos Date: Thu, 2 Jan 2025 13:56:07 -0500 Subject: [PATCH 1/3] Refactor IgnitionRenderer to improve code formatting and remove unused middleware --- src/services/IgnitionRenderer.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/services/IgnitionRenderer.php b/src/services/IgnitionRenderer.php index 919adca..dc4ef7f 100644 --- a/src/services/IgnitionRenderer.php +++ b/src/services/IgnitionRenderer.php @@ -91,7 +91,7 @@ private function initIgnition(): SpatieIgnition ->applicationPath($this->applicationPath) ->shouldDisplayException(App::devMode()) ->runningInProductionEnvironment(false) - ->configureFlare(function(Flare $flare) use ($middlewares) { + ->configureFlare(function (Flare $flare) use ($middlewares) { $flare->registerMiddleware($middlewares); }); } @@ -100,7 +100,6 @@ private static function getFlareMiddlewares(): array { return [ new AddCraftInfo(), - new CensorRequestBodyFields(['password', 'password_confirmation']), new CensorRequestHeaders([ 'API-KEY', 'Authorization', From 0ab96f41013373033282980c993a91bdd516bc9c Mon Sep 17 00:00:00 2001 From: Rodrigo Passos Date: Thu, 2 Jan 2025 13:56:11 -0500 Subject: [PATCH 2/3] Update README.md to enhance documentation on IgnitionErrorHandler and middleware functionality --- README.md | 67 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 2fefea0..f889f47 100644 --- a/README.md +++ b/README.md @@ -37,35 +37,60 @@ CRAFT_IGNITION_ENABLE_RUNNABLE_SOLUTIONS=true CRAFT_IGNITION_HIDE_SOLUTIONS=false ``` -Or directly to the component, in your `config/app.php` file: +## How It Works + +This package introduces the `IgnitionErrorHandler` class, which extends Craft's default `ErrorHandler` class. It overrides the `$exceptionView` property to use this package's custom exception view file, which renders Ignition's error page. + +## Flare Middleware + +This package also includes a few middleware classes that add Craft specific data to the Ignition error report and prevent Ignition from sharing sensitive information with Flare: + +### AddCraftInfo middleware + +This middleware Application Info, Plugins, and Modules information present in Craft's System Report to the Ignition's and Flare's error report. + +### CraftSensitiveKeywords middleware + +This middleware prevents Ignition from sharing sensitive information with Flare. It removes sensitive information from the error report before sharing it with Flare by testing each body parameter against Craft Security's [isSensitive](https://github.com/craftcms/cms/blob/2b2de25bfac0e359bcae62e0e6995bfdb4229eaa/src/services/Security.php#L176-L178) method. + +You can customize the sensitive keywords by overriding the `sensitiveKeywords` in the Security component of the Craft app config: ```php return [ - // ... 'components' => [ - 'errorHandler' => [ - 'class' => \webrgp\ignition\IgnitionErrorHandler::class, - 'editor' => 'vscode', - 'theme' => 'light', - 'remote_sites_path' => '\your\remote\sites\path', - 'local_sites_path' => '\your\local\sites\path', - 'shareEndpoint' => 'https://flareapp.io/api/public-reports', - 'enableShareButton' => false, - 'enableRunnableSolutions' => false, - 'hideSolutions' => true, - 'editorOptions' => [], + 'security' => [ + 'class' => \craft\services\Security::class, + 'sensitiveKeywords' => [ + 'lorem', + ], ], - ], + ] ]; ``` -**Note:** The settings in the `config/app.php` file will override the ones in the `.env` file. - -## How It Works - -This package introduces the `IgnitionErrorHandler` class, which extends Craft's default `ErrorHandler` class. It overrides the `renderException` method to use Ignition's `renderException` method instead. - -This way, you can enjoy Ignition's beautiful error pages while keeping the rest of Craft's error handling functionality in place. +[These are the default sensitive keywords](https://github.com/craftcms/cms/blob/2b2de25bfac0e359bcae62e0e6995bfdb4229eaa/src/config/app.php#L112-L121) in Craft CMS. + +### Censored Headers middleware + +Besides the sensitive keywords, this module also censors the following headers from the error report: + +- `API-KEY` +- `Authorization` +- `Cookie` +- `Set-Cookie` +- `X-CSRF-TOKEN` +- `X-XSRF-TOKEN` +- `ip` +- `x-forwarded-for` +- `x-real-ip` +- `x-request-ip` +- `x-client-ip` +- `cf-connecting-ip` +- `fastly-client-ip` +- `true-client-ip` +- `forwarded` +- `proxy-client-ip` +- `wl-proxy-client-ip` ## License From a4b552760994e2a39057d4d968d23434c40ea608 Mon Sep 17 00:00:00 2001 From: Rodrigo Passos Date: Thu, 2 Jan 2025 13:57:41 -0500 Subject: [PATCH 3/3] Update CHANGELOG.md for version 1.0.1 with documentation improvements and code refactoring details --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19c68e7..ddf7912 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to this project will be documented in this file. +## 1.0.1 - 2025-01-02 + +- Refactor the `IgnitionRenderer` for improved code clarity and remove unused middleware. +- Update the `README.md` to provide better documentation on the IgnitionErrorHandler and middleware functionality. + ## 1.0.0 - 2025-01-02 - Initial stable release