twb
/
tts_project
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs

Browse Source
main
Robert 3 years ago
parent 40440fd817
commit a80c3d1e3d
8 changed files with 113 additions and 82 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      composer.json
  2. 7
      public/main.page
  3. 42
      src/documentation/IMPORTANT.txt
  4. 3
      src/documentation/SecurityURLs.txt
  5. 26
      src/documentation/chgrp_on_folders.txt
  6. 6
      src/documentation/mysql8.txt
  7. 68
      src/documentation/nginx-default-conf.txt
  8. 7
      src/documentation/old_debuging.txt

14
composer.json
Unescape View File

@ -1,4 +1,18 @@
{ {
"name": "tryingtoscale/tts_project",
"type": "project",
"description": "A modern PHP Framework, sample Project.",
"keywords": ["PHP TTS Framework", "TTS Project"],
"homepage": "https://git.mysnippetsofcode.com/tts/tts_project",
"license": "MIT",
"authors": [
{
"name": "Robert Strutts",
"email": "Robert@TryingToScale.com",
"homepage": "https://TryingToScale.com",
"role": "Developer"
}
],
"require-dev": { "require-dev": {
"phpunit/phpunit": "^9.5" "phpunit/phpunit": "^9.5"
} }

7
public/main.page
Unescape View File

@ -2,6 +2,13 @@
declare(strict_types=1); declare(strict_types=1);
$show_all_startup_errors = false;
if ($show_all_startup_errors) {
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
}
require '../src/before_main.php'; require '../src/before_main.php';
\bs_tts\site_helper::set_all_projects(['mockup','ex','live']); \bs_tts\site_helper::set_all_projects(['mockup','ex','live']);
\bs_tts\site_helper::set_default_project("mockup"); \bs_tts\site_helper::set_default_project("mockup");

42
src/documentation/IMPORTANT.txt
Unescape View File

@ -0,0 +1,42 @@
Please note that main.inc.php, which should be called by index.php or main.page, does
the following:
unset($_REQUEST);
unset($_GET);
unset($_POST);
So, you must use a Sanitizer to get those input vars!!!
...in your input file:
use \bs_tts\use_io as IO;
...
$required_post_string_field = new IO();
$required_post_string_field->input_type = INPUTS::post;
$required_post_string_field->field_filter = FIELD_FILTER::raw_string;
$required_post_string_field->escape_html = HTML_FLAG::escape;
$required_post_string_field->validation_rule = 'required';
$required_post_string_field->use_db_filter = DB_FILTER::OFF;
$required_post_string_field->skip_the_db = false;
return [
'name' => $required_post_string_field,
'address' => $required_post_string_field,
];
...After that, in your output file, you will pass in the input data of type IO:
use \bs_tts\safer_io as SafeIO;
...
$safer_html = [];
$errors = [];
foreach(SafeIO::html_escape_and_sanitize($input) as $html) {
$key = $html['name'] ?? "";
$safer_html[$key] = $html['html'];
if (\bs_tts\common::get_count($html['errors'])) {
$errors[$key] = $html['errors'][$key];
}
}
...
Alternatively; use the built in PHP filter_input function.
Likewise, if not using sanitize... then for all HTML output use
\bs_tts\safer_io::h(...) to escape it.

3
src/documentation/SecurityURLs.txt
Unescape View File

@ -3,6 +3,3 @@ https://docs.php.earth/security/intro/
https://github.com/paragonie/awesome-appsec https://github.com/paragonie/awesome-appsec
https://github.com/FallibleInc/security-guide-for-developers/blob/master/security-checklist.md https://github.com/FallibleInc/security-guide-for-developers/blob/master/security-checklist.md
https://www.php.net/manual/en/security.php https://www.php.net/manual/en/security.php
use GO myVault
Make a new GIT user&PUBKEY w/ only PULL access

26
src/documentation/chgrp_on_folders.txt
Unescape View File

@ -1,27 +1,13 @@
These are my suggestions to lock things down, make a group called let's say coders. These are my suggestions to lock things down, make a group called let's say coders.
The group coders is all the web developers on your team.
# So let's make the group for coders: sudo find /var/www/tts_project/ -type f -exec chmod 664 {} \;
$sudo groupadd -g 10000 coders sudo find /var/www/tts_project/ -type d -exec chmod 775 {} \;
# Let's add out first web developer to the new group called coders:
$sudo usermod -a -G yourUSERNAME coders
# If you made the coders group, let's assign it to the project:
sudo chgrp -R coders /var/www/new_dev/
# Let's make that group Sticky, so new files/folder will belong to it:
sudo find /var/www/new_dev/ -type d -exec chmod g+s {} \;
# Let's allow coders to read/write to the project, but everyone else like
# ... the web server have just Read access.
sudo find /var/www/new_dev/ -type f -exec chmod 664 {} \;
# Assign Read/Write/eXecute to all coders and
# ... execute bit only for others like web-server, etc...to the view files/folders.
sudo find /var/www/new_dev/ -type d -exec chmod 775 {} \;
# Assuming your web server belongs to the group called www-data, let's allow the # Assuming your web server belongs to the group called www-data, let's allow the
# ... server to modify these important folders only: # ... server to modify these important folders only:
sudo chgrp -R www-data /var/www/new_dev/logs sudo chgrp -R www-data /var/www/tts_project/logs
sudo chgrp -R www-data /var/www/new_dev/configs sudo chgrp -R www-data /var/www/tts_project/configs
sudo chgrp -R www-data /var/www/new_dev/services sudo chgrp -R www-data /var/www/tts_project/services
# So, you probably want to allow cron-jobs to run code. Let's make it executable: # So, you probably want to allow cron-jobs to run code. Let's make it executable:
sudo chown +x /var/www/new_dev/cli_cron sudo chown +x /var/www/tts_project/cli_cron

6
src/documentation/mysql8.txt
Unescape View File

@ -1,9 +1,3 @@
cd /tmp/ && wget https://dev.mysql.com/get/mysql-apt-config_0.8.10-1_all.deb
dpkg -i mysql-apt-config_0.8.10-1_all.deb
apt update
apt install mysql-server mysql-client
mysql_upgrade -uroot -p
[[[[ mysql_native_password ]]]] NOt new one!!!! [[[[ mysql_native_password ]]]] NOt new one!!!!
nano /etc/mysql/mysql.conf.d/mysqld.cnf nano /etc/mysql/mysql.conf.d/mysqld.cnf

68
src/documentation/nginx-default-conf.txt
Unescape View File

@ -1,45 +1,43 @@
location ^~ /frames/tts_framework/src/ { # Become Root:
deny all; $sudo -i
return 403;
}
location ^~ /frames/tts_framework/vendor/ { $ cd /etc/nginx/sites-enabled
deny all; $ cp default tts_project
return 403; $ nano tts_project
} Some where in side of your SERVER BLOCK, add the following:
location ^~ /tts_project/vendor/ {
deny all;
return 403;
}
location ^~ /tts_project/src/ { root /var/www/tts_project/public;
deny all;
return 403;
}
location /tts_project/ { index main.page;
# ONLY allow these DOMAINS:
if ( $http_host !~* ^(127.0.0.1|localhost|mysite.com)$ ) { error_log /var/log/nginx/tts.log;
return 444;
server_name YOUR-WEB-SITE_DOMAIN_GOES_HERE!!;
location / {
gzip_static on;
try_files $uri /main.page$is_args$args;
} }
rewrite ^/tts_project/([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$ /tts_project/index.php?project=$1&route=/$2/$3&m=$4 last; location = /main.page {
try_files $uri $uri/ =404; gzip on;
} # Replace php-fpm with unix:/var/run/php/php8.2-fpm.sock
# Your Version of PHP goes there... 8.2 or later...
fastcgi_pass php-fpm;
location ~ /\.ht { fastcgi_split_path_info ^(.+?\.page)(/.*)$;
deny all; try_files $fastcgi_script_name =404;
} set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index main.page;
include fastcgi.conf;
location ~ /\.git { fastcgi_param SCRIPT_FILENAME $request_filename;
deny all; fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~ composer.* {
deny all;
}
location ~ README { # fastcgi_intercept_errors on;
deny all; # mirror @logging;
} # mirror_request_body off;
}

7
src/documentation/old_debuging.txt
Unescape View File

@ -1,7 +0,0 @@
$prj = $_GET['project'] ?? false;
if ($prj === 'mockup') {
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
}
Write Preview
Loading…
Cancel
Save