veracrypt · gggeek · Oct 14, 2024 · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/.env b/.env
@@ -1,13 +1,56 @@
 # All the values in this file can be overridden in a file named .env.local
 # NB: make sure that one is never stored in git
+
 DB_DSN=sqlite:/var/www/VeraCrypt-CrashCollector/var/data/crashcollector.db
 DB_USER=
 DB_PASSWORD=
 
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+REDIS_PASSWORD=
+
+# When empty, the client's IP address will be taken from $_SERVER['REMOTE_ADDR'].
+# Set it to a non empty string to have the client IP be extracted from a request HTTP header.
+# Supported values: HTTP_CLIENT_IP, HTTP_FASTLY_CLIENT_IP, HTTP_TRUE_CLIENT_IP, HTTP_X_REAL_IP, HTTP_X_FORWARDED_FOR
+# NB: HTTP_FASTLY_CLIENT_IP is not reliable by default, you have to set up dedicated vcl code for that, see https://www.fastly.com/documentation/reference/http/http-headers/Fastly-Client-IP/
+# NB: when setting it to a non empty value, TRUSTED_PROXIES has to be set as well (see below for details).
+CLIENT_IP_HEADER=
+# Csv list of IP addresses of proxies that you trust to set a truthful header identifying the client ip address.
+# This means that the first proxy in the truthful chain _has to_ reset the designated http header if it receives it in
+# its request.
+# When a request comes in from an IP which is not in TRUSTED_PROXIES, $_SERVER['REMOTE_ADDR'] will be used as client IP
+TRUSTED_PROXIES=
+
 APP_DEBUG=false
 
+# NB: should always have a trailing slash
 ROOT_URL=/
 
+# Used for links when sending password-reset emails
+WEBSITE=https://crashcollector.veracrypt.fr
+
+# Used when sending password-reset emails
+[email protected]
+
+# Set to true to make the app generate urls such as `/admin/` instead of `/admin/index.php`.
+# NB: this requires matching webserver configuration, such as `index index.php` for Nginx
+URLS_STRIP_INDEX_DOT_PHP=false
+# Set to true to make the app generate urls such as `/report/upload` instead of `/report/upload.php`.
+# NB: this requires matching webserver configuration, see f.e.
+# https://serverfault.com/questions/761627/nginx-rewrite-to-remove-php-from-files-has-no-effect-but-to-redirect-to-homepag
+URLS_STRIP_PHP_EXTENSION=false
+
+# Enable/disable the feature to allow users self-service password reset via being sent an email, aka. 'forgot password'
+ENABLE_FORGOTPASSWORD=true
+# Enable/disable the feature to allow uploading crash reports via a browser-based form instead of using API as VeraCrypt does
+ENABLE_BROWSER_UPLOAD=false
+
+LOG_DIR=/var/www/VeraCrypt-CrashCollector/var/logs
+# The audit log traces user events such as login, password changes, etc
+AUDIT_LOG_FILE=audit.log
+# see Psr\Log\LogLevel for valid values
+AUDIT_LOG_LEVEL=info
+
 # Algorithm can be set to '2y' (bcrypt), 'argon2i', 'argon2id', the latter 2 only if an appropriate extension is loaded.
 # If left unspecified, the php default algorithm will be used
 PWD_HASH_ALGORITHM=

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,136 +1,148 @@
-# Contributing to VeraCrypt Crash Collector
-
-Thank you for considering contributing to VeraCrypt Crash Collector! Your contributions help improve the project, and we appreciate your effort. The following guidelines will assist you through the contribution process.
-
-## Getting Started
-
-### 1. Fork the Repository
-
-- Navigate to the [VeraCrypt-CrashCollector](https://github.com/veracrypt/VeraCrypt-CrashCollector) repository and click "Fork."
-- Clone your fork locally:
-  ```bash
-  git clone https://github.com/your-username/VeraCrypt-CrashCollector.git
-  ```
-- Set up the upstream remote to keep your fork up-to-date with the original repository:
-  ```bash
-  git remote add upstream https://github.com/veracrypt/VeraCrypt-CrashCollector.git
-  ```
-
-### 2. Set Up Your Development Environment
-
-Ensure you have the required tools installed to run a PHP web application. 
-
-- **PHP**: Make sure you have PHP installed on your system.
-- **Web Server**: Use a local web server like Apache or Nginx, or use the built-in PHP development server:
-  ```bash
-  php -S localhost:8000
-  ```
-
-### 3. Create a New Branch
-
-Before you start working, create a new branch for your changes:
-```bash
-git checkout -b feature/your-feature-name
-```
-
-Use a clear, descriptive name for your branch, such as `fix/issue-123` or `feature/new-feature`.
-
-### 4. Make Your Changes
-
-Make your changes in the new branch. Be sure to:
-
-- Follow the **coding standards** and existing conventions.
-- Write **clear, concise comments** where necessary.
-- Add or update **tests** if you are adding new functionality.
-- Regularly run the project to ensure everything is working.
-
-### 5. Test Your Changes
-
-Run the application locally to ensure your changes work using your preferred PHP development setup.
-
-### 6. Commit Your Changes
-
-After making sure everything is working, commit your changes with a meaningful message:
-```bash
-git commit -m "Fix issue with crash report handling in macOS"
-```
-
-Try to keep your commits small and focused on a specific change.
-
-### 7. Push to Your Fork
-
-Push your changes to your fork on GitHub:
-```bash
-git push origin feature/your-feature-name
-```
-
-### 8. Create a Pull Request (PR)
-
-Once your changes are pushed, open a Pull Request (PR) in the original repository:
-
-1. Go to the [Pull Requests](https://github.com/veracrypt/VeraCrypt-CrashCollector/pulls) section.
-2. Click "New Pull Request."
-3. Choose your branch and provide a descriptive title and detailed description of your changes.
-
-Make sure to link to any relevant issues using `Fixes #issue_number` in the description. This will automatically close the linked issue when the PR is merged.
-
-## Code Reviews
-
-All PRs are subject to review by maintainers or other contributors. Please:
-
-- Be open to feedback.
-- Address requested changes promptly.
-- Participate in discussions if necessary.
-
-Reviewing ensures code quality, consistency, and alignment with project goals. Don't hesitate to ask for clarification if you're unsure about any feedback.
-
-## Contribution Guidelines
-
-### Bug Reports
-
-If you encounter a bug, please submit an issue to help us investigate:
-
-- **Title**: A concise description of the issue.
-- **Steps to Reproduce**: A detailed list of steps to reproduce the bug.
-- **Expected Behavior**: What should have happened.
-- **Actual Behavior**: What actually happened, including error messages if applicable.
-- **Versions**: The VeraCrypt version and the OS version (Linux/macOS) you are using.
-- **Logs or Crash Reports**: Attach relevant logs or crash reports, if available.
-
-### Feature Requests
-
-We welcome new feature suggestions! If you have an idea, submit an issue labeled "feature request" with the following details:
-
-- **Use Case**: Why this feature is needed.
-- **Proposed Solution**: A description of how it might work.
-- **Alternatives Considered**: Other possible approaches (if applicable).
-
-### Coding Standards
-
-- Follow the **existing code style** and patterns.
-- Always include **descriptive comments** in your code.
-- Write **unit tests** for new features or bug fixes when applicable.
-- Ensure your changes do not break existing functionality.
-
-### Commit Guidelines
-
-- Keep commits small and focused.
-- Use descriptive commit messages, following this format:
-  - **fix**: for bug fixes.
-  - **feat**: for new features.
-  - **docs**: for documentation changes.
-  - **refactor**: for code improvements.
-  - **test**: for test changes or additions.
-
-Example commit message:
-```
-feat: add crash report parsing for Linux
-```
-
-## License
-
-By contributing to VeraCrypt Crash Collector, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE).
-
----
-
-Thank you for contributing! We look forward to collaborating with you.
+# Contributing to VeraCrypt Crash Collector
+
+Thank you for considering contributing to VeraCrypt Crash Collector! Your contributions help improve the project, and we
+appreciate your effort. The following guidelines will assist you through the contribution process.
+
+## Getting Started
+
+### 1. Fork the Repository
+
+- Navigate to the [VeraCrypt-CrashCollector](https://github.com/veracrypt/VeraCrypt-CrashCollector) repository and click "Fork."
+- Clone your fork locally:
+  ```bash
+  git clone https://github.com/your-username/VeraCrypt-CrashCollector.git
+  ```
+- Set up the upstream remote to keep your fork up-to-date with the original repository:
+  ```bash
+  git remote add upstream https://github.com/veracrypt/VeraCrypt-CrashCollector.git
+  ```
+
+### 2. Set Up Your Development Environment
+
+Ensure you have the required tools installed to run a PHP web application.
+
+- **PHP**: Make sure you have PHP installed on your system.
+- **Redis**: Make sure you have a Redis server installed on your system or reachable from it
+- **Web Server**: Use a local web server like Apache or Nginx, or use the built-in PHP development server:
+  ```bash
+  php -S localhost:8000
+  ```
+
+### 3. Create a New Branch
+
+Before you start working, create a new branch for your changes:
+```bash
+git checkout -b feature/your-feature-name
+```
+
+Use a clear, descriptive name for your branch, such as `fix/issue-123` or `feature/new-feature`.
+
+### 4. Make Your Changes
+
+Make your changes in the new branch. Be sure to:
+
+- Follow the **coding standards** and existing conventions.
+- Write **clear, concise comments** where necessary.
+- Add or update **tests** if you are adding new functionality.
+- Regularly run the project to ensure everything is working.
+
+### 5. Test Your Changes
+
+Run the application locally to ensure your changes work using your preferred PHP development setup.
+
+### 6. Commit Your Changes
+
+After making sure everything is working, commit your changes with a meaningful message:
+```bash
+git commit -m "Fix issue with crash report handling in macOS"
+```
+
+Try to keep your commits small and focused on a specific change.
+
+### 7. Push to Your Fork
+
+Push your changes to your fork on GitHub:
+```bash
+git push origin feature/your-feature-name
+```
+
+### 8. Create a Pull Request (PR)
+
+Once your changes are pushed, open a Pull Request (PR) in the original repository:
+
+1. Go to the [Pull Requests](https://github.com/veracrypt/VeraCrypt-CrashCollector/pulls) section.
+2. Click "New Pull Request."
+3. Choose your branch and provide a descriptive title and detailed description of your changes.
+
+Make sure to link to any relevant issues using `Fixes #issue_number` in the description. This will automatically close the linked issue when the PR is merged.
+
+## Code Reviews
+
+All PRs are subject to review by maintainers or other contributors. Please:
+
+- Be open to feedback.
+- Address requested changes promptly.
+- Participate in discussions if necessary.
+
+Reviewing ensures code quality, consistency, and alignment with project goals. Don't hesitate to ask for clarification if you're unsure about any feedback.
+
+## Contribution Guidelines
+
+### Bug Reports
+
+If you encounter a bug, please submit an issue to help us investigate:
+
+- **Title**: A concise description of the issue.
+- **Steps to Reproduce**: A detailed list of steps to reproduce the bug.
+- **Expected Behavior**: What should have happened.
+- **Actual Behavior**: What actually happened, including error messages if applicable.
+- **Versions**: The VeraCrypt version and the OS version (Linux/macOS) you are using.
+- **Logs or Crash Reports**: Attach relevant logs or crash reports, if available.
+
+### Feature Requests
+
+We welcome new feature suggestions! If you have an idea, submit an issue labeled "feature request" with the following details:
+
+- **Use Case**: Why this feature is needed.
+- **Proposed Solution**: A description of how it might work.
+- **Alternatives Considered**: Other possible approaches (if applicable).
+
+### Design Guidelines
+
+- Reduce external dependencies as much as possible. Ideally, this package should not depend on any external library
+  or service
+- Security is paramount
+- Use strict typing whenever possible
+-
+
+### Coding Standards
+
+- Follow the **existing code style** and patterns.
+  Code formatting rules are specified in the `.editorconfig` file.
+  HTML styling is based on Bootstrap, version 5.3.
+- Always include **descriptive comments** in your code.
+- Write either **unit tests** or **functional tests** for new features or bug fixes when applicable.
+- Ensure your changes do not break existing functionality.
+
+### Commit Guidelines
+
+- Keep commits small and focused.
+- Use descriptive commit messages, following this format:
+  - **fix**: for bug fixes.
+  - **feat**: for new features.
+  - **docs**: for documentation changes.
+  - **refactor**: for code improvements.
+  - **test**: for test changes or additions.
+
+Example commit message:
+```
+feat: add crash report parsing for Linux
+```
+
+## License
+
+By contributing to VeraCrypt Crash Collector, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE).
+
+---
+
+Thank you for contributing! We look forward to collaborating with you.