Start refactoring to be a more modern php app.

2025-06-01 15:46:18 -04:00 · 2025-06-01 15:46:18 -04:00 · d3271e43a0
commit d3271e43a0
parent fc576fb730
26 changed files with 169 additions and 43 deletions
--- a/configs/nginx/folder.conf
+++ b/configs/nginx/folder.conf
@ -0,0 +1,77 @@
+server {
+    listen 80;
+    server_name localhost;
+    
+    root /var/www/html;
+    index index.html;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # PHP routing - everything under /tkr goes through index.php
+    location /tkr {
+        alias /var/www/html/public;
+        index index.php;
+
+        # index.php is the entry point
+        # It needs to be sent to php-fpm
+        # But if someone tries to directly access index.php, that file will throw a 404
+        # so bots and scanners can't tell this is a php app
+        location = /tkr/index.php {
+            fastcgi_pass php:9000;
+            fastcgi_param SCRIPT_FILENAME /var/www/html/public/index.php;
+            include fastcgi_params;
+            
+            # Additional FastCGI params
+            fastcgi_param REQUEST_METHOD $request_method;
+            fastcgi_param REQUEST_URI $request_uri;
+            fastcgi_param QUERY_STRING $query_string;
+        }
+
+        # Block attempts to access all other .php files directly
+        # (these are bots and scanners)
+        location ~ ^/tkr/.+\.php$ {
+            return 404;
+        } 
+
+        # forward other requests to the fallback block,
+        # which sends them to php-fpm for handling
+        try_files $uri $uri/ @tkr_fallback;
+    }
+
+    # Fallback for /tkr routing - all non-file requests go to index.php
+    location @tkr_fallback {
+        fastcgi_pass php:9000;
+        fastcgi_param SCRIPT_FILENAME /var/www/html/public/index.php;
+        include fastcgi_params;
+        
+        # Additional FastCGI params
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param REQUEST_URI $request_uri;
+        fastcgi_param QUERY_STRING $query_string;
+    }
+
+    # Cache static files
+    # Note that I don't actually serve most of this (just js and css to start)
+    # but including them all will let caching work later if I add images or something
+    location ~* ^/tkr/.+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        try_files $uri =404;
+    }
+
+    # Deny access to sensitive directories
+    location ~ ^/tkr/(storage|lib|vendor|config) {
+        deny all;
+        return 404;
+    }
+}
--- a/examples/nginx/tkr-nginx.conf
+++ b/examples/nginx/tkr-nginx.conf
@ -1,9 +1,22 @@
 server {
-    listen 80 default_server;
+    #listen 80 default_server;
+    listen 80;
    root /app/public;

-    index index.php index.html index.htm;
+    index index.php;

+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+    
    location ~ \.php$ {
        fastcgi_pass php:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,29 @@
+services:
+  nginx:
+    image: nginx:alpine
+    container_name: nginx-server
+    ports:
+      - "80:80"
+    volumes:
+      - ./src:/var/www/html
+      - ./configs/nginx/folder.conf:/etc/nginx/conf.d/default.conf
+    depends_on:
+      - php
+    restart: unless-stopped
+
+  php:
+    image: php:8.2-fpm-alpine
+    container_name: php-fpm
+    volumes:
+      - ./src:/var/www/html
+    command: >
+      sh -c "
+      chown -R www-data:www-data /var/www/html/storage &&
+      chmod -R 775 /var/www/html/storage &&
+      php-fpm
+      "
+    restart: unless-stopped
+
+volumes:
+  src:
+    driver: local
--- a/examples/nginx/docker-compose.yml
+++ b/examples/nginx/docker-compose.yml
@ -1,12 +0,0 @@
-services:
-    web:
-        image: nginx:latest
-        ports:
-            - "80:80"
-        volumes:
-            - ./tkr-nginx-folder.conf:/etc/nginx/conf.d/default.conf
-            - ./../../tkr:/tkr
-    php:
-        image: php:fpm
-        volumes:
-            - ./../../tkr:/tkr
--- a/examples/nginx/tkr-nginx-folder.conf
+++ b/examples/nginx/tkr-nginx-folder.conf
@ -1,29 +0,0 @@
-server {
-    listen 80 default_server;
-    root /usr/share/nginx/html;
-
-    location ^~ /tkr {
-        index index.php;
-        alias /tkr/public;
-
-        location ~ ^/tkr(/.+\.php)$ {
-            fastcgi_pass php:9000;
-            include fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME /tkr/public/$1;
-            fastcgi_param SCRIPT_NAME $uri;
-            fastcgi_param REQUEST_METHOD  $request_method;
-            fastcgi_param CONTENT_TYPE    $content_type;
-            fastcgi_param CONTENT_LENGTH  $content_length;
-        }
-    }
-
-    # Deny anything else
-    location / {
-        try_files $uri $uri/ =404;
-    }
-
-    # Deny access to hidden or stray files
-    location ~* \.(htaccess|env|ini|log|bak)$ {
-        deny all;
-    }
-}
--- a/src/bootstrap.php
+++ b/src/bootstrap.php
--- a/src/classes/Config.php
+++ b/src/classes/Config.php
--- a/src/classes/User.php
+++ b/src/classes/User.php
--- a/src/lib/emoji.php
+++ b/src/lib/emoji.php
--- a/src/lib/mood.php
+++ b/src/lib/mood.php
--- a/src/lib/session.php
+++ b/src/lib/session.php
--- a/src/lib/ticks.php
+++ b/src/lib/ticks.php
--- a/src/lib/util.php
+++ b/src/lib/util.php
--- a/src/public/admin.php
+++ b/src/public/admin.php
--- a/src/public/atom/index.php
+++ b/src/public/atom/index.php
--- a/src/public/css/tkr.css
+++ b/src/public/css/tkr.css
--- a/src/public/index.php
+++ b/src/public/index.php
@ -0,0 +1,48 @@
+<?php
+
+// Define your base path (subdirectory)
+$basePath = '/tkr';
+
+// Get HTTP data
+$method = $_SERVER['REQUEST_METHOD'];
+$request = $_SERVER['REQUEST_URI'];
+
+// Remove the base path from the URL
+// and strip the trailing slash from the resulting route
+$path = parse_url($request, PHP_URL_PATH);
+
+if (strpos($path, $basePath) === 0) {
+    $path = substr($path, strlen($basePath));
+}
+
+$path = trim($path, '/');
+
+function route($pattern, $callback, $methods = ['GET']) {
+    global $path, $method;
+    
+    if (!in_array($method, $methods)) {
+        return false;
+    }
+    
+    // Convert route pattern to regex
+    $pattern = preg_replace('/\{([^}]+)\}/', '([^/]+)', $pattern);
+    $pattern = '#^' . $pattern . '$#';
+    
+    if (preg_match($pattern, $path, $matches)) {
+        array_shift($matches); // Remove full match
+        call_user_func_array($callback, $matches);
+        return true;
+    }
+    
+    return false;
+}
+
+// Set content type
+header('Content-Type: text/html; charset=utf-8');
+echo "Path: " . $path;
+
+// Define your routes
+route('', function() {
+    echo '<h1>Home Page</h1>';
+    echo '<p>Welcome to the home page!</p>';
+});
--- a/src/public/index.php.bak
+++ b/src/public/index.php.bak
--- a/src/public/login.php
+++ b/src/public/login.php
--- a/src/public/logout.php
+++ b/src/public/logout.php
--- a/src/public/rss/index.php
+++ b/src/public/rss/index.php
--- a/src/public/save_tick.php
+++ b/src/public/save_tick.php
--- a/src/public/set_mood.php
+++ b/src/public/set_mood.php
--- a/src/public/setup.php
+++ b/src/public/setup.php
--- a/src/public/tick.php
+++ b/src/public/tick.php
--- a/src/storage/.gitkeep
+++ b/src/storage/.gitkeep