From a61d5b28f79641fc0cabf7ed8fb645944523d822 Mon Sep 17 00:00:00 2001 From: Chuck Adams Date: Wed, 29 Jan 2025 18:08:53 -0700 Subject: [PATCH] drop api keys on downloads (#149) * refactor: rearrange and update Dockerfiles * fix: disable api keys on download endpoints --- docker/laravel-worker/Dockerfile | 6 ++---- docker/webapp/Dockerfile | 13 +++++++------ routes/inc/download.php | 5 +++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docker/laravel-worker/Dockerfile b/docker/laravel-worker/Dockerfile index d401d50..4ed2b2b 100644 --- a/docker/laravel-worker/Dockerfile +++ b/docker/laravel-worker/Dockerfile @@ -1,7 +1,7 @@ FROM php:8.3-cli AS base -COPY --from=composer:2.8.3 /usr/bin/composer /usr/bin/composer -ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/download/2.5.2/install-php-extensions /usr/local/bin/ +COPY --from=composer:2.8.5 /usr/bin/composer /usr/bin/composer +ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/download/2.7.14/install-php-extensions /usr/local/bin/ RUN apt update && apt install -y bash git postgresql-client zip @@ -33,7 +33,5 @@ RUN chown -R app:app /app USER app -RUN composer install --no-dev --no-interaction --no-progress --optimize-autoloader --working-dir=/app - RUN composer install --no-dev --no-interaction --no-progress --optimize-autoloader --working-dir=/app \ && mkdir -p storage/logs storage/app/public storage/app/private storage/framework/sessions storage/framework/views storage/framework/cache/data diff --git a/docker/webapp/Dockerfile b/docker/webapp/Dockerfile index 3ab4696..41bee38 100644 --- a/docker/webapp/Dockerfile +++ b/docker/webapp/Dockerfile @@ -1,7 +1,7 @@ FROM dunglas/frankenphp:1.4.1-php8.4.3-bookworm AS base -COPY --from=composer:2.8.3 /usr/bin/composer /usr/bin/composer -ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/download/2.5.2/install-php-extensions /usr/local/bin/ +COPY --from=composer:2.8.5 /usr/bin/composer /usr/bin/composer +ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/download/2.7.14/install-php-extensions /usr/local/bin/ RUN apt update && apt install -y bash zip @@ -11,15 +11,18 @@ COPY ./docker/webapp/Caddyfile /etc/caddy/Caddyfile COPY ./docker/webapp/php.ini /usr/local/etc/php/php.ini # frankenphp sets XDG_CONFIG_HOME=/config and XDG_DATA_HOME=/data, and I won't change these in case they're hardwired + RUN useradd --create-home --shell /bin/bash app \ - && chown -R app:app /config /data + && chown -R app:app /config /data \ + && apt update \ + && apt install -y nodejs npm postgresql-client WORKDIR /app ################ FROM base AS dev -RUN apt update && apt install -y git nodejs npm postgresql-client +RUN apt update && apt install -y git RUN install-php-extensions xdebug @@ -34,8 +37,6 @@ FROM base AS prod COPY . /app RUN chown -R app:app /app -RUN apt update && apt install -y nodejs npm - USER app RUN composer install --no-dev --no-interaction --no-progress --optimize-autoloader --working-dir=/app \ diff --git a/routes/inc/download.php b/routes/inc/download.php index c0346d2..5922d75 100644 --- a/routes/inc/download.php +++ b/routes/inc/download.php @@ -9,11 +9,12 @@ use Illuminate\Routing\Router; use Illuminate\Support\Facades\Route; -$auth_middleware = config('app.aspirecloud.api_authentication_enable') ? ['auth:sanctum'] : []; +// downloads can never require api keys, they're fetched by ordinary browser UI and by WP in places we don't hook. +// $auth_middleware = config('app.aspirecloud.api_authentication_enable') ? ['auth:sanctum'] : []; $cache_seconds = config('app.aspirecloud.download.cache_seconds'); $middleware = [ "cache.headers:public;max_age=$cache_seconds", // we're streaming responses, so no etags - ...$auth_middleware, + // ...$auth_middleware, ]; Route::prefix('/')