PHPackages mortimer333/dullahan-project - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. mortimer333/dullahan-project ActiveProject[Utility & Helpers](/categories/utility) mortimer333/dullahan-project ============================ Dullahan Skeleton 1.2.3(9mo ago)010GPL-2.0-onlyPHP Since Mar 2Pushed 9mo ago1 watchersCompare [ Source](https://github.com/Mortimer333/dullahan-project)[ Packagist](https://packagist.org/packages/mortimer333/dullahan-project)[ RSS](/packages/mortimer333-dullahan-project/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (27)Versions (11)Used By (0) Dullahan ======== [](#dullahan) Documentation below is basically cheat sheet to help development and might be outdated. Installation ------------ [](#installation) ``` composer create-project mortimer333/dullahan-project ``` Security Cheat Sheet -------------------- [](#security-cheat-sheet) - check leaked passwords - Swagger ------- [](#swagger) - routes will show on swagger only if name starts with `api_` or route start with `/_/` [nelmio/NelmioApiDocBundle#1990](https://github.com/nelmio/NelmioApiDocBundle/issues/1990) Security -------- [](#security) - \#\[CurrentUser\] attribute doesn't work, use `Symfony\Component\Security\Core\Security::getUser()`instead - [symfony/symfony#40333](https://github.com/symfony/symfony/issues/40333) CSRF Token ---------- [](#csrf-token) if we have api platform the csrf token should be generated from FE and added to headers. Let's create it when user logs in, save in the cookie and reuse. It will have few infromation set in: - browser - system - ip This should be enough to determinate when user suddenly changed and log him out. We will be also adding salted app secret for csrf. Email validation ---------------- [](#email-validation) SECRETS ======= [](#secrets) We will be using symfony vault - - can commit keys from config/secrets/dev/ on dev - never commit private key - config/secrets/dev/dev.decrypt.private.php on PROD - run prod with `APP_RUNTIME_ENV=prod php bin/console secrets:generate-keys` - script to periodically change security keys by `secrets:generate-keys --rotate` - To set new env: `php bin/console secrets:set [name]` Fixtures ======== [](#fixtures) To reset test DB and populate it new data use fixtures: ``` APP_ENV=test php bin/console doctrine:fixtures:load ``` or ``` make reset-test-env ``` TESTS ===== [](#tests) We are using [codeception](https://codeception.com/docs/Introduction) (which is base on [PHPUint](https://phpunit.readthedocs.io/en/9.5/index.html)) - Verify for BDD assertions (you will probably have to go to the entity class because codeception changed names of the functions - `vendor/codeception/verify/src/Codeception/Verify/Verifiers/VerifyAny.php`) - [https://github.com/Codeception/Verify/blob/master/docs/supported\_verifiers.md](https://github.com/Codeception/Verify/blob/master/docs/supported_verifiers.md) - `php vendor/bin/codecept build` to generate methods after changing settings - - create Api suit and replace url with your local url: ``` actor: ApiTester modules: enabled: - REST: url: http://api.boardmeister.local/ #