Merge pull request #286 from Dino-Kupinic/develop

v0.17.0

README.md

@@ -85,25 +85,35 @@ cd ../backend
 Create a `.env` file and checkout the `.env.example`. Copy the content into your `.env` and replace
 the following fields with your own. You may edit some existing fields aswell.
 
-| Field                     | Description                                                                                |
-|---------------------------|--------------------------------------------------------------------------------------------|
-| `APP_SECRET`              | A secret key that's used to secure your application's services.                            |
-| `SECRET_PASSWORD`         | Database password                                                                          |
-| `USERNAME`                | Database user                                                                              |
-| `BIND_PORT`               | Database port                                                                              |
-| `DATABASE_URL`            | The URL String to your database. It will use the env variables above.                      |
-| `LDAP_PORT`               | The port of your LDAP server.                                                              |
-| `LDAP_URL`                | The URL of your LDAP server.                                                               |
-| `LDAP_BASE`               | The base of your LDAP server. (`dc=schulbuchaktion,dc=env`)                                |
-| `ROLES`                   | String of all roles seperated with commas (default `'SBA_ADMIN,SBA_LEHRER,SBA_FV,SBA_AV'`) |
-| `SBA_ADMIN`               | Group number of the admin group. (default `500`)                                           |
-| `SBA_LEHRER`              | Group number of the teacher group. (default `501`)                                         |
-| `SBA_FV`                  | Group number of the subject responsible group. (default `502`)                             |
-| `SBA_AV`                  | Group number of the head of department group. (default `503`)                              |
-| `TOKEN_TIMEOUT`           | How long a token is valid. (default `1800`)                                                |
-| `HOURS_AHEAD`             | Timezone (default `2`)                                                                     |
-| `JWT_SECRET_ABSOLUT_PATH` | The absolute path to the private key for the JWT.                                          |
-| `CORS_ALLOW_ORIGIN`       | The origin that is allowed to access the API. (default `localhost`)                        |
+| Field                      | Description                                                                                                                         |
+|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
+| `APP_SECRET`               | A secret key that's used to secure your application's services.                                                                     |
+| `SECRET_PASSWORD`          | Database password                                                                                                                   |
+| `USERNAME`                 | Database user                                                                                                                       |
+| `BIND_PORT`                | Database port                                                                                                                       |
+| `DATABASE_URL`             | The URL String to your database. It will use the env variables above.                                                               |
+| `LDAP_PORT`                | The port of your LDAP server.                                                                                                       |
+| `LDAP_URL`                 | The URL of your LDAP server.                                                                                                        |
+| `LDAP_BASE`                | The base of your LDAP server. (`dc=schulbuchaktion,dc=env`)                                                                         |
+| `ROLES`                    | String of all roles seperated with commas (default `'SBA_ADMIN,SBA_LEHRER,SBA_FV,SBA_AV'`)                                          |
+| `SBA_ADMIN`                | Group number of the admin group. (default `500`)                                                                                    |
+| `SBA_LEHRER`               | Group number of the teacher group. (default `501`)                                                                                  |
+| `SBA_FV`                   | Group number of the subject responsible group. (default `502`)                                                                      |
+| `SBA_AV`                   | Group number of the head of department group. (default `503`)                                                                       |
+| `TOKEN_TIMEOUT`            | How long a token is valid. (default `1800`)                                                                                         |
+| `HOURS_AHEAD`              | Timezone (default `2`)                                                                                                              |
+| `JWT_SECRET_ABSOLUT_PATH`  | The absolute path to the private key for the JWT.                                                                                   |
+| `CORS_ALLOW_ORIGIN`        | The origin that is allowed to access the API. (default `localhost`)                                                                 |
+| `TOKEN_NAME`               | Name of Cookie which contains bearer token (default `BearerToken`)                                                                  |
+| `CADDY_MERCURE_JWT_SECRET` | Used to securely sign JWTs for client authentication and authorization in a Caddy server setup with Mercure.                        |
+| `TRUSTED_PROXIES`          | Specifies the IP addresses or ranges of proxies that are trusted to correctly set client-related headers in a server configuration. |
+| `TRUSTED_HOSTS`            | Specifies a list of hostnames or patterns that are considered trusted and allowed to make requests.                                 |
+| `CADDY_MERCURE_URL`        | Specifies the URL of the Mercure hub used by the Caddy server.                                                                      |
+| `CADDY_MERCURE_PUBLIC_URL` | Specifies the publicly accessible URL of the Mercure hub.                                                                           |
+| `HTTP_PORT`                | Port which will be open for http connections. (default `80`)                                                                        |
+| `HTTPS_PORT`               | Port which will be open for https connections. (default `443`)                                                                      |
+| `SHELL_VERBOSITY`          | Verbosity level of server and symfony. (default `0`)                                                                                |
+
 
 > [!IMPORTANT]
 > For the `APP_SECRET` checkout https://symfony.com/doc/current/reference/configuration/framework.html#secret to see the

backend/.env.example

@@ -62,10 +62,19 @@ JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
 JWT_PASSPHRASE=841be9d41e8702c0447e23f599d10d6a6b9516bc04240029ed4445731054b02c
 TOKEN_TIMEOUT=1800
-TOKEN_NAME=bearer
-#Timezone
+TOKEN_NAME=BearerToken
+# PHP
+CADDY_MERCURE_JWT_SECRET=YOUR_SECRET
+TRUSTED_PROXIES=YOUR_PROXY
+TRUSTED_HOSTS=YOUR_HOST
+CADDY_MERCURE_URL=YOUR_URL
+CADDY_MERCURE_PUBLIC_URL=YOUR_PUBLIC_URL
+HTTP_PORT=80
+HTTPS_PORT=443
+SHELL_VERBOSITY=0
+# Timezone
 HOURS_AHEAD=2
-#Define absolut path of private key
+# Define absolut path of private key
 JWT_SECRET_ABSOLUT_PATH=ABSOLUT_PATH_TO_SECRET_KEY
 ###< lexik/jwt-authentication-bundle ###
 

backend/.gitignore

@@ -27,4 +27,4 @@
 ###> lexik/jwt-authentication-bundle ###
 /config/jwt/*.pem
 ###< lexik/jwt-authentication-bundle ###
-/data/
+/docker

backend/Dockerfile

@@ -0,0 +1,90 @@
+#syntax=docker/dockerfile:1.4
+
+# Versions
+FROM dunglas/frankenphp:1-php8.3 AS frankenphp_upstream
+
+# The different stages of this Dockerfile are meant to be built into separate images
+# https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
+# https://docs.docker.com/compose/compose-file/#target
+
+
+# Base FrankenPHP image
+FROM frankenphp_upstream AS frankenphp_base
+
+WORKDIR /app
+
+# persistent / runtime deps
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	file \
+	gettext \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+RUN set -eux; \
+	install-php-extensions \
+		@composer \
+		apcu \
+		intl \
+		opcache \
+		zip \
+    gd \
+    ldap \
+    pdo_mysql \
+	;
+
+# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
+ENV COMPOSER_ALLOW_SUPERUSER=1
+
+###> recipes ###
+###< recipes ###
+
+COPY --link docker/frankenphp/conf.d/app.ini $PHP_INI_DIR/conf.d/
+COPY --link --chmod=755 docker/frankenphp/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+COPY --link docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
+
+ENTRYPOINT ["docker-entrypoint"]
+
+HEALTHCHECK --start-period=60s CMD curl -f http://localhost:2019/metrics || exit 1
+CMD [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile" ]
+
+# Dev FrankenPHP image
+FROM frankenphp_base AS frankenphp_dev
+
+#ENV APP_ENV=dev XDEBUG_MODE=off
+
+RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
+
+RUN set -eux; \
+	install-php-extensions \
+		xdebug \
+	;
+
+COPY --link docker/frankenphp/conf.d/app.dev.ini $PHP_INI_DIR/conf.d/
+
+CMD [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile", "--watch" ]
+
+# Prod FrankenPHP image
+FROM frankenphp_base AS frankenphp_prod
+
+ENV APP_ENV=prod
+#ENV FRANKENPHP_CONFIG="import worker.Caddyfile"
+
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
+COPY --link docker/frankenphp/conf.d/app.prod.ini $PHP_INI_DIR/conf.d/
+#COPY --link frankenphp/worker.Caddyfile /etc/caddy/worker.Caddyfile
+
+# prevent the reinstallation of vendors at every changes in the source code
+COPY --link composer.* symfony.* ./
+RUN set -eux; \
+	composer update --no-cache --prefer-dist --no-autoloader --no-scripts --no-progress
+
+# copy sources
+COPY --link . ./
+RUN rm -Rf frankenphp/
+
+RUN set -eux; \
+	composer dump-autoload --classmap-authoritative; \
+	composer dump-env prod; \
+	chmod +x bin/console; sync;

backend/compose.yaml

@@ -1,27 +1,59 @@
-version: '3'
-
 services:
   db:
     image: mysql:latest
+    container_name: 'mysql_db'
     ports:
       - "${BIND_PORT}:3306"
     volumes:
       - mysql_data:/var/lib/mysql
+      - ./docker/db/data:/var/lib/mysql:rw
     environment:
       MYSQL_ROOT_PASSWORD: ${SECRET_PASSWORD}
       MYSQL_DATABASE: schulbuchaktion
       MYSQL_USER: ${USERNAME}
       MYSQL_PASSWORD: ${SECRET_PASSWORD}
+    networks:
+      - container_network
 
-  nuxt-nginx:
+  php:
     build:
-      context: ../frontend
+      context: .
       dockerfile: Dockerfile
-    container_name: nuxt-nginx
-    ports:
-      - "3001:3001"
+    container_name: backend_php
+    restart: unless-stopped
     environment:
-      - BACKEND_API=http://localhost:8000/api/v1
+      APP_ENV: ${APP_ENV}
+      SHELL_VERBOSITY: ${SHELL_VERBOSITY}
+      SERVER_NAME: ${SERVER_NAME}, php:80
+      MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
+      MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
+      TRUSTED_PROXIES: ${TRUSTED_PROXIES}
+      TRUSTED_HOSTS: ${TRUSTED_HOSTS}
+      # Run "composer require symfony/orm-pack" to install and configure Doctrine ORM
+      DATABASE_URL: ${DATABASE_URL}
+      # Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration
+      MERCURE_URL: ${CADDY_MERCURE_URL}
+      MERCURE_PUBLIC_URL: ${CADDY_MERCURE_PUBLIC_URL}
+      MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET}
+      # The two next lines can be removed after initial installation
+      SYMFONY_VERSION: ${SYMFONY_VERSION:-}
+      STABILITY: ${STABILITY:-stable}
+    volumes:
+      - caddy_data:/data
+      - caddy_config:/config
+      - ./:/app:rw
+
+    ports:
+      # HTTP
+      - target: 80
+        published: ${HTTP_PORT}
+        protocol: tcp
+      # HTTPS
+      - target: 443
+        published: ${HTTPS_PORT}
+        protocol: tcp
+    networks:
+      - container_network
 
   openldap:
     image: osixia/openldap:latest
@@ -31,9 +63,9 @@ services:
       - "389:389"
       - "636:636"
     volumes:
-      - ./data/certificates:/container/service/slapd/assets/certs
-      - ./data/slapd/database:/var/lib/ldap
-      - ./data/slapd/config:/etc/ldap/slapd.d
+      - ./docker/data/certificates:/container/service/slapd/assets/certs
+      - ./docker/data/slapd/database:/var/lib/ldap
+      - ./docker/data/slapd/config:/etc/ldap/slapd.d
     environment:
       - LDAP_ORGANISATION=schulbuchaktion
       - LDAP_DOMAIN=schulbuchaktion.env
@@ -48,25 +80,27 @@ services:
       - LDAP_READONLY_USER_USERNAME=testuser
       - LDAP_READONLY_USER_PASSWORD=aaaAAA123
     networks:
-      - openldap
+      - container_network
 
   phpldapadmin:
     image: osixia/phpldapadmin:latest
     container_name: phpldapadmin
     hostname: phpldapadmin
     ports:
-      - "80:80"
+      - "8080:80"
     environment:
       - PHPLDAPADMIN_LDAP_HOSTS=openldap
       - PHPLDAPADMIN_HTTPS=false
     depends_on:
       - openldap
     networks:
-      - openldap
+      - container_network
 
 volumes:
   mysql_data:
+  caddy_data:
+  caddy_config:
 
 networks:
-  openldap:
+  container_network:
     driver: bridge