gcch/haiku-atelier-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: gcch:445593c4b803d5639edfed4278703945ea596faf
Branches Tags
gcch:principale
gcch:wip-effect
gcch:production
gcch:gleam
..
compare: gcch:5f332f4068eccbda66e41705240002ad7e46b2b2
Branches Tags
gcch:wip-effect
gcch:production
gcch:principale
gcch:gleam

41 commits
445593c4b8 ... 5f332f4068

Author SHA1 Message Date
gcch
5f332f4068 2026-04-01 2026-04-01 18:31:43 +02:00
gcch
ef19ba2b72 wip avec résolution de conflits 2026-04-01 17:00:10 +02:00
gcch
63b2d2b256 wip + convertis images 2026-04-01 16:50:01 +02:00
gcch
809061c551 temp: transfert entre ordinateurs 2026-04-01 16:44:16 +02:00
gcch
ffeb40aa92 tests: ébauche des tests d'intégration via Playwright 2026-03-30 17:18:19 +02:00
gcch
8db24151b1 corvée(deps) met à jour les dépendances 2026-03-30 17:18:19 +02:00
gcch
42e141679e fix(lsp) rafraîchis les diagnostiques phpactor à la màj d'un fichier 2026-03-30 17:18:19 +02:00
gcch
c7132da639 wip 2026-03-30 17:14:40 +02:00
gcch
61178d4d82 corvée(db) exporte la BDD 2026-01-07 10:21:10 +01:00
gcch
77b51de481 fix(commande) applique le bon montant pour coupon avec montant 2026-01-07 10:15:39 +01:00
gcch
b8e697db99 corvée(deps) met à jour falcon 2026-01-07 10:15:01 +01:00
gcch
a39682d363 fix(produit) rétablis le sélecteur de variation 
- passe temporairement du sélecteur d'attribut au sélecteur de variation, car il n'est pas
  possible de mettre à jour le prix affiché au changement de variation...
 2025-12-17 17:47:46 +01:00
gcch
a5b240cd3f fix(produit) corrige les Produits de la même collection 2025-12-17 17:30:36 +01:00
gcch
05baad8fdd fonc(produit) implémente le multi-variations 2025-12-17 17:01:25 +01:00
gcch
1a3a431b34 fix(api) corrige un schéma WooCommerce 2025-12-17 16:23:40 +01:00
gcch
21a1828144 fix: corrige la configuration Compose + passe à PHP8.5 2025-12-17 16:23:40 +01:00
gcch
fdb6aaa7e9 corvée(fmt) formate 2025-12-17 16:23:40 +01:00
gcch
4720c46ff8 corvée(outils) importe divers configurations 
- phpactor
- php cs fixer
- phpstan
 2025-12-16 23:52:11 +01:00
gcch
0553ca9923 corvée(deps) retire des dépendances Composer inutilisées 2025-12-16 15:57:02 +01:00
gcch
3c936ad0cc corvée: ajoute les fichiers de cache des formateurs à la liste d'exclusion Git 2025-12-16 15:56:23 +01:00
gcch
effef3fedf corvée: supprime les fichiers JS compilés 2025-12-15 23:41:12 +01:00
gcch
6daa0c44e1 corvée: nettoie et formate 
- ajoute les fichiers de langage et les scripts JS aux exclusions Git
- met à jour les dépendances et retire celles pour Vite inutilisées
- formate les YAML et TOML avec la commande du justfile
- nettoie la configuration Vite
 2025-12-15 23:40:57 +01:00
gcch
e5989f7df6 fix(panier) désactive la soustraction pour entrées avec 1 quantité 2025-12-13 17:53:45 +01:00
gcch
8c71a69c1b fonc(stock) implémente gestion basique du stock 2025-12-13 17:38:19 +01:00
gcch
4e6f3911a6 corvée(fmt) formate 2025-12-13 16:38:00 +01:00
gcch
c21e32ecbd corvée(deps) met à jour 2025-12-13 16:36:33 +01:00
gcch
eff18a6ec2 corvée(images) optimise et convertis les images 2025-12-13 16:29:20 +01:00
gcch
4b1351d592 fix(grille-produits) n'affiche pas de prix pour la Carte Cadeau 2025-12-13 16:17:01 +01:00
gcch
c46cb62452 fonc(panier) ajoute la prise en charge de la Carte Cadeau 2025-12-13 16:17:01 +01:00
gcch
c2ec20418e corvée(bdd) export la BDD 2025-12-13 16:17:01 +01:00
gcch
f1098fdf28 fonc: ajoute la prise en charge des attributs de la Carte Cadeau 2025-12-13 16:17:01 +01:00
gcch
c4bbbfc2e6 corvée(images) ajoute les images téléversées 2025-12-13 16:16:55 +01:00
gcch
78de4ebd50 corvée: ajoute les nouveaux téléversements dont ceux optimisés 2025-11-10 18:23:47 +01:00
gcch
c6664a7597 fix: corrige certains soucis avec les emails 2025-11-10 18:19:50 +01:00
gcch
71c35a497f 2025-11-04 2025-11-05 10:32:03 +01:00
gcch
e4eaf6404a 2025-11-03 (bis) 
- ajoute un .dockerignore.
- ajoute un Dockerfile.
- met à jour les dépendances.
- utilise bun comme gestionnaire de paquets npm.
- utilise une configuration Vite en TypeScript.
- ajoute les fichiers compilés JavaScript aux fichiers pris en charge par Git.
 2025-11-03 17:26:39 +01:00
gcch
8bf6b0ceef 2025-11-03 
- met à jour les dépendances Composer et NPM.
- convertis les derniers téléversements en AVIF/JXL/WEBP.
 2025-11-03 10:49:09 +01:00
gcch
d4ceb3731d corvée: convertis les téléversements en différents formats 2025-10-29 11:16:51 +01:00
gcch
c958c3adb9 fix: corrige le problème empêchant l'envoi dans des pays UE 
- un mauvais arrondi était effectué lors de la création de la commande.
 2025-09-12 14:48:11 +02:00
gcch
2a763f1bac corvée: ajoute les dernières traductions 2025-09-12 14:48:02 +02:00
gcch
9525e55580 corvée: ajoute les derniers téléversements 2025-09-12 14:47:50 +02:00
3551 changed files with 267065 additions and 195200 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.dockerignore Normal file
View file

@ -0,0 +1,6 @@
*
!composer.json
!composer.lock
!config/*
!web/*
!wp-cli.yml

19
.gitignore vendored
View file

@ -5,18 +5,15 @@ web/app/mu-plugins/*/
web/app/themes/twentytwentyfour/ web/app/themes/twentytwentyfour/
web/app/upgrade web/app/upgrade
web/app/cache/* web/app/cache/*
web/app/languages/plugins/ web/app/languages/
web/app/object-cache.php web/app/object-cache.php
web/app/themes/haiku-atelier-2024/assets/js/*
# WordPress # WordPress
web/wp web/wp
web/vendor web/vendor
web/.htaccess web/.htaccess
# Compilation
web/app/themes/haiku-atelier-2024/assets/js
web/app/themes/haiku-atelier-2024/assets/js/.vite/manifest.json
# Logs # Logs
*.log *.log
@ -56,3 +53,15 @@ build/
/playwright-report/ /playwright-report/
/blob-report/ /blob-report/
/playwright/.cache/ /playwright/.cache/
# Containers
containers/data/*
containers/conf/angie/modules-available
containers/conf/angie/modules-enabled
containers/conf/angie/scripts
containers/conf/angie/snippets
containers/conf/angie/http-waf
# Formateurs
.php-cs-fixer.cache
.twig-cs-fixer.cache

2
.npmrc
View file

@ -1,2 +0,0 @@
# Nécessaire pour better-typescript-lib
public-hoist-pattern[]=@typescript/*

38
.oxlintrc.json
View file

@ -1,38 +0,0 @@
{
"$schema": "./node_modules/oxlint/configuration_schema.json",
"env": { "browser": true, "es2020": true, "es2022": true },
"categories": {
"correctness": "error",
"nursery": "error",
"pedantic": "error",
"perf": "warn",
"restriction": "error",
"style": "warn",
"suspicious": "error"
},
"plugins": ["jsdoc", "promise", "unicorn", "jsdoc", "oxc", "promise", "typescript", "unicorn"],
"rules": {
"import/export": "error",
"no-array-for-each": "off",
"no-async-await": "off",
"no-console": "off",
"no-magic-numbers": "warn",
"no-map-spread": "off",
"no-misused-promises": "off",
"no-optional-chaining": "off",
"no-rest-spread-properties": "off",
"no-ternary": "off",
"no-undefined": "off",
"no-unused-expressions": "off",
"no-void": "off",
"prefer-await-to-then": "off",
"promise/prefer-await-to-callbacks": "off",
"sort-imports": "off",
"typescript/array-type": ["error", { "default": "generic", "readonly": "generic" }],
"typescript/consistent-indexed-object-style": ["error", "record"],
"typescript/consistent-type-imports": "error",
"typescript/explicit-function-return-type": "warn",
"unicorn/prefer-dom-node-dataset": "off",
"yoda": ["error", "never"]
}
}

259
.php-cs-fixer.dist.php Normal file
View file

@ -0,0 +1,259 @@
<?php
declare(strict_types=1);
use PhpCsFixer\Config;
use PhpCsFixer\Finder;
use PhpCsFixer\Runner;
$finder = new Finder()->in(__DIR__)->exclude([
'vendor',
'web/vendor',
'web/wp',
'web/app/languages',
'web/app/plugins',
'web/app/mu-plugins'
]);
return new Config()
->setRiskyAllowed(true)
->setRules([
'array_syntax' => ['syntax' => 'short'],
'assign_null_coalescing_to_coalesce_equal' => true,
'attribute_empty_parentheses' => ['use_parentheses' => true],
'blank_line_after_namespace' => true,
'blank_lines_before_namespace' => ['min_line_breaks' => 1, 'max_line_breaks' => 2],
'cast_spaces' => true,
'class_attributes_separation' => ['elements' => [
'case' => 'none',
'const' => 'none',
'method' => 'one',
'property' => 'one',
'trait_import' => 'none'
]],
'class_reference_name_casing' => true,
'clean_namespace' => true,
'combine_consecutive_issets' => true,
'combine_consecutive_unsets' => true,
'combine_nested_dirname' => true,
'comment_to_phpdoc' => true,
'constant_case' => true,
'date_time_immutable' => true,
'declare_equal_normalize' => true,
'declare_parentheses' => true,
'declare_strict_types' => true,
'dir_constant' => true,
'echo_tag_syntax' => true,
'encoding' => true,
'ereg_to_preg' => true,
'error_suppression' => true,
'explicit_indirect_variable' => true,
'explicit_string_variable' => true,
'final_class' => true,
'final_internal_class' => true,
'full_opening_tag' => true,
'fully_qualified_strict_types' => ['import_symbols' => true],
'function_to_constant' => true,
'global_namespace_import' => ['import_classes' => true, 'import_constants' => true, 'import_functions' => true],
'heredoc_to_nowdoc' => true,
'integer_literal_case' => true,
'lambda_not_used_import' => true,
'list_syntax' => true,
'logical_operators' => true,
'long_to_shorthand_operator' => true,
'lowercase_cast' => true,
'lowercase_keywords' => true,
'lowercase_static_reference' => true,
'magic_constant_casing' => true,
'magic_method_casing' => true,
'mb_str_functions' => true,
'modernize_strpos' => ['modernize_stripos' => true],
'modernize_types_casting' => true,
'modifier_keywords' => true,
'multiline_comment_opening_closing' => true,
'native_constant_invocation' => true,
'native_function_casing' => true,
'native_function_invocation' => ['include' => ['@compiler_optimized'], 'scope' => 'namespaced', 'strict' => true],
'native_type_declaration_casing' => true,
'new_expression_parentheses' => true,
'no_alias_functions' => ['sets' => ['@all']],
'no_alias_language_construct_call' => true,
'no_alternative_syntax' => true,
'no_binary_string' => true,
'no_closing_tag' => true,
'no_empty_comment' => true,
'no_homoglyph_names' => true,
'no_leading_import_slash' => true,
'no_mixed_echo_print' => ['use' => 'echo'],
'no_multiline_whitespace_around_double_arrow' => true,
'no_multiple_statements_per_line' => true,
'no_null_property_initialization' => true,
'no_php4_constructor' => true,
'no_short_bool_cast' => true,
'no_trailing_comma_in_singleline' => true,
'no_trailing_whitespace_in_comment' => true,
'no_unneeded_braces' => ['namespaces' => true],
'no_unneeded_control_parentheses' => ['statements' => [
'break',
'clone',
'continue',
'echo_print',
'negative_instanceof',
'others',
'return',
'switch_case',
'yield',
'yield_from'
]],
'no_unneeded_final_method' => true,
'no_unneeded_import_alias' => true,
'no_unreachable_default_argument_value' => true,
'no_unset_cast' => true,
'no_unset_on_property' => true,
'no_unused_imports' => true,
'no_useless_concat_operator' => true,
'no_useless_nullsafe_operator' => true,
'no_useless_printf' => true,
'no_useless_return' => true,
'no_useless_sprintf' => true,
'no_whitespace_before_comma_in_array' => ['after_heredoc' => true],
'non_printable_character' => true,
'normalize_index_brace' => true,
'nullable_type_declaration' => ['syntax' => 'union'],
'nullable_type_declaration_for_default_null_value' => true,
'numeric_literal_separator' => ['override_existing' => true, 'strategy' => 'use_separator'],
'ordered_attributes' => true,
'ordered_class_elements' => ['case_sensitive' => false, 'sort_algorithm' => 'alpha'],
'ordered_imports' => ['case_sensitive' => true],
'ordered_interfaces' => true,
'ordered_traits' => true,
'ordered_types' => ['null_adjustment' => 'always_last'],
'phpdoc_readonly_class_comment_to_keyword' => true,
'phpdoc_to_param_type' => true,
'phpdoc_to_property_type' => true,
'phpdoc_to_return_type' => true,
'pow_to_exponentiation' => true,
'protected_to_private' => true,
'psr_autoloading' => true,
'random_api_migration' => ['replacements' => [
'getrandmax' => 'mt_getrandmax',
'rand' => 'mt_rand',
'srand' => 'mt_srand'
]],
'return_assignment' => true,
'self_accessor' => true,
'self_static_accessor' => true,
'set_type_to_cast' => true,
'short_scalar_cast' => true,
'simple_to_complex_string_variable' => true,
'simplified_null_return' => true,
'single_class_element_per_statement' => true,
'single_import_per_statement' => true,
'single_line_after_imports' => true,
'single_line_comment_spacing' => true,
'single_line_comment_style' => true,
'single_line_empty_body' => true,
'single_trait_insert_per_statement' => true,
'standardize_not_equals' => true,
'static_lambda' => true,
'strict_comparison' => true,
'strict_param' => true,
'string_implicit_backslashes' => true,
'string_length_to_empty' => true,
'switch_continue_to_break' => true,
'ternary_to_null_coalescing' => true,
'trim_array_spaces' => true,
'use_arrow_functions' => true,
'void_return' => true,
'whitespace_after_comma_in_array' => ['ensure_single_space' => true],
// ---
// Each line of multi-line DocComments must have an asterisk [PSR-5] and must be aligned with the first one.
'align_multiline_comment' => ['comment_type' => 'all_multiline'],
// There should not be blank lines between docblock and the documented element.
'no_blank_lines_after_phpdoc' => true,
// There should not be empty PHPDoc blocks.
'no_empty_phpdoc' => true,
// Removes @param, @return and @var tags that don't provide any useful information.
'no_superfluous_phpdoc_tags' => [
'allow_hidden_params' => false,
'allow_mixed' => false,
'allow_unused_params' => false
],
// PHPDoc should contain @param for all params.
'phpdoc_add_missing_param_annotation' => ['only_untyped' => false],
// All items of the given PHPDoc tags must be either left-aligned or (by default) aligned vertically.
'phpdoc_align' => true,
// PHPDoc annotation descriptions should not be a sentence.
'phpdoc_annotation_without_dot' => true,
// PHPDoc array<T> type must be used instead of T[].
'phpdoc_array_type' => true,
// Docblocks should have the same indentation as the documented subject.
'phpdoc_indent' => true,
// Fixes PHPDoc inline tags.
'phpdoc_inline_tag_normalizer' => true,
// Changes doc blocks from single to multi line, or reversed. Works for class constants, properties and methods only.
'phpdoc_line_span' => ['const' => 'single', 'method' => 'multi', 'property' => 'single'],
// PHPDoc list type must be used instead of array without a key.
'phpdoc_list_type' => false,
// @access annotations must be removed from PHPDoc.
'phpdoc_no_access' => true,
// No alias PHPDoc tags should be used.
'phpdoc_no_alias_tag' => true,
// @return void and @return null annotations must be removed from PHPDoc.
'phpdoc_no_empty_return' => false,
// @package and @subpackage annotations must be removed from PHPDoc.
'phpdoc_no_package' => true,
// Classy that does not inherit must not have @inheritdoc tags.
'phpdoc_no_useless_inheritdoc' => true,
// Annotations in PHPDoc should be ordered in defined sequence.
'phpdoc_order' => true,
// Order PHPDoc tags by value.
'phpdoc_order_by_value' => true,
// Orders all @param annotations in DocBlocks according to method signature.
'phpdoc_param_order' => true,
// The type of @return annotations of methods returning a reference to itself must the configured one.
'phpdoc_return_self_reference' => true,
// Scalar types should always be written in the same form. int not integer, bool not boolean, float not real or double.
'phpdoc_scalar' => ['types' => [
'boolean',
'callback',
'double',
'integer',
'never-return',
'never-returns',
'no-return',
'real',
'str'
]],
// Annotations in PHPDoc should be grouped together so that annotations of the same type immediately follow each other. Annotations of a different type are separated by a single blank line.
'phpdoc_separation' => [
'groups' => [
['Annotation', 'NamedArgumentConstructor', 'Target'],
['author', 'copyright', 'license'],
['category', 'package', 'subpackage'],
['property', 'property-read', 'property-write'],
['deprecated', 'link', 'see', 'since']
],
'skip_unlisted_annotations' => false
],
// Single line @var PHPDoc should have proper spacing.
'phpdoc_single_line_var_spacing' => true,
// PHPDoc summary should end in either a full stop, exclamation mark, or question mark.
'phpdoc_summary' => true,
// Docblocks should only be used on structural elements.
'phpdoc_to_comment' => false,
// PHPDoc should start and end with content, excluding the very first and last line of the docblocks.
'phpdoc_trim' => true,
// Removes extra blank lines after summary and after description in PHPDoc.
'phpdoc_trim_consecutive_blank_line_separation' => true,
// The correct case must be used for standard PHP types in PHPDoc.
'phpdoc_types' => true,
// Sorts PHPDoc types.
'phpdoc_types_order' => ['null_adjustment' => 'always_last'],
// @var and @type annotations must have type and name in the correct order.
'phpdoc_var_annotation_correct_order' => true,
// @var and @type annotations of classy properties should not contain the name.
'phpdoc_var_without_name' => true
])
->setFinder($finder)
->setParallelConfig(Runner\Parallel\ParallelConfigFactory::detect());

17
.phpactor.json
View file

@ -1,6 +1,19 @@
{ {
"$schema": "/opt/phpactor/phpactor.schema.json", "$schema": "./phpactor.schema.json",
"indexer.exclude_patterns": [
"/vendor/**/Tests/**/*",
"/vendor/**/tests/**/*",
"/var/cache/**/*",
"/vendor/composer/**/*"
],
"language_server.diagnostic_outsource_timeout": 5,
"language_server.diagnostics_on_update": true,
"language_server.diagnostics_on_save": true,
"language_server_highlight.enabled": true,
"language_server_php_cs_fixer.enabled": true,
"language_server_phpstan.config": "phpstan.neon",
"language_server_phpstan.enabled": true, "language_server_phpstan.enabled": true,
"language_server_psalm.enabled": false, "language_server_psalm.enabled": false,
"php_code_sniffer.enabled": false "language_server_reference_finder.soft_timeout": 10,
"language_server_reference_reference_finder.reference_timeout": 10
} }

29
.prettierignore
View file

@ -1,29 +0,0 @@
# Tout ce qui est traité par dprint
*.css
*.html
*.js
*.json
!package.json
*.jsonc
*.md
*.scss
*.ts
*.twig
*.yml
*.yaml
# Tout sauf le thème
.ddev
web/app/*
!web/app/themes
web/app/themes/haiku-atelier-2024/assets
web/app/languages
web/app/plugins
web/vendor
# Dépendances
composer.lock
pnpm-lock.yaml
# Jujutsu
.jj

31
.swcrc
View file

@ -1,31 +0,0 @@
{
"$schema": "https://swc.rs/schema.json",
"jsc": {
"externalHelpers": false,
"keepClassNames": false,
"loose": false,
"minify": {
"compress": true,
"mangle": true
},
"parser": {
"decorators": false,
"decoratorsBeforeExport": false,
"dynamicImport": false,
"exportDefaultFrom": false,
"exportNamespaceFrom": false,
"functionBind": false,
"importMeta": false,
"jsx": false,
"privateMethod": false,
"syntax": "typescript",
"topLevelAwait": false,
"tsx": false
},
"preserveAllComments": false,
"target": "es2020",
"transform": null
},
"minify": true,
"sourceMaps": true
}

12
.zed/settings.json
View file

@ -0,0 +1,12 @@
{
"language_servers": [
"!biome",
"!deno",
"!intelephense",
"!prettier",
"!tailwindcss-language-server",
"!vtsls",
"..."
],
"languages": {}
}

17
README.md
View file

@ -2,6 +2,23 @@
## Dépendances ## Dépendances
### JavaScript et TypeScript
#### Dépendances
- Effect
- a11y-dialog
- lit-html
#### Dépendances de développement
- ESLint
- Oxlint
- Prettier
- SASS
- Stylelint
- Vite
### PHP ### PHP
#### Dépendances #### Dépendances

48
biome.json
View file

@ -1,48 +0,0 @@
{
"$schema": "https://biomejs.dev/schemas/2.0.4/schema.json",
"assist": { "enabled": false },
"css": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"files": {
"experimentalScannerIgnores": [
"*.min.js",
"vendor",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/wp"
],
"ignoreUnknown": true,
"maxSize": 100000000
},
"formatter": { "enabled": false },
"graphql": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"json": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"linter": {
"enabled": false,
"rules": {
"complexity": { "noForEach": "off" },
"nursery": {
"recommended": true,
"useSortedClasses": {
"fix": "unsafe",
"level": "error",
"options": { "attributes": ["class"], "functions": [""] }
}
},
"style": {
"recommended": true,
"noNonNullAssertion": "off",
"noParameterAssign": "error",
"useAsConstAssertion": "error",
"useDefaultParameterLast": "error",
"useEnumInitializers": "error",
"useSelfClosingElements": "error",
"useSingleVarDeclarator": "error",
"noUnusedTemplateLiteral": "error",
"useNumberNamespace": "error",
"noInferrableTypes": "error",
"noUselessElse": "error"
},
"recommended": true
}
}
}

1719
bun.lock
View file

File diff suppressed because it is too large Load diff

0
eslint.config.js → cfg/eslint.config.ts
View file

3
cfg/oxlint.config.ts Normal file
View file

@ -0,0 +1,3 @@
import config from "@gcch/configuration-oxlint";
export default config;

65
cfg/playwright.config.ts Normal file
View file

@ -0,0 +1,65 @@
import { defineConfig, devices } from "@playwright/test";
export default defineConfig({
fullyParallel: true,
reporter: "list",
retries: 1,
testDir: "../tests",
timeout: 10_000,
workers: "100%",
use: {
/* Base URL to use in actions like `await page.goto('/')`. */
baseURL: "https://haikuatelier.gcch.local",
trace: "retry-with-trace",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../containers/data/certs/_wildcard.gcch.local.pem",
keyPath: "../containers/data/certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
},
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { width: 1920, height: 1080 } },
},
// {
// name: "desktop-chromium-1536",
// use: { ...devices["Desktop Chrome"], viewport: { width: 1536, height: 864 } },
// },
// {
// name: "desktop-chromium-1366",
// use: { ...devices["Desktop Chrome"], viewport: { width: 1366, height: 768 } },
// },
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { width: 1920, height: 1080 } },
},
// {
// name: "desktop-firefox-1536",
// use: { ...devices["Desktop Firefox"], viewport: { width: 1536, height: 864 } },
// },
// {
// name: "desktop-firefox-1366",
// use: { ...devices["Desktop Firefox"], viewport: { width: 1366, height: 768 } },
// },
// {
// name: "tablet-chromium-portrait",
// use: { ...devices["Galaxy Tab S9"] },
// },
// {
// name: "tablet-chromium-landscape",
// use: { ...devices["Galaxy Tab S9 landscape"] },
// },
// {
// name: "mobile-chromium-portrait",
// use: { ...devices["Pixel 7"] },
// },
// {
// name: "mobile-chromium-landscape",
// use: { ...devices["Pixel 7 landscape"] },
// },
],
});

7
cfg/prettier.config.ts Executable file
View file

@ -0,0 +1,7 @@
import { configClassique } from "@gcch/configuration-prettier";
const config = {
...configClassique,
};
export default config;

37
cfg/prettierignore Executable file
View file

@ -0,0 +1,37 @@
# Tout ce qui est traité par dprint
*.css
*.html
*.js
*.md
*.mjs
*.mts
*.php
*.scss
*.ts
*.xml
*.yaml
*.yml
!package.json
# Cache
.cache
# Tout sauf le thème
**/vendor
**/web/app/languages
**/web/app/mu-plugins
**/web/app/plugins
**/web/app/themes/haiku-atelier-2024/assets
**/web/app/themes/twentytwentyfour
**/web/app/uploads
**/web/wp
# Dépendances
composer.lock
bun.lock
# Jujutsu
.jj/
# Zed
.zed/

40
cfg/stylelint.config.ts Executable file
View file

@ -0,0 +1,40 @@
// @ts-expect-error -- La dépendance ne dispose pas de types.
import { propertyGroups } from "stylelint-config-clean-order";
/** @type {string[][]} */
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- Impossible de typer correctement avec JSDoc.
const groupesProprietes = Array.from(/** @type {GroupeProprietes} */ propertyGroups);
/** @import { StylelintConfigCleanOrderPropertyGroup } from "./lib/stylelint" */
/** @type {Array<StylelintConfigCleanOrderPropertyGroup>} */
const ordreProprietes = groupesProprietes.map((properties) => ({
emptyLineBefore: "never",
noEmptyLineBetween: true,
properties,
}));
/** @type {import("stylelint").Config} */
export default {
extends: ["stylelint-config-standard-scss", "stylelint-config-sass-guidelines", "stylelint-config-clean-order"],
plugins: ["stylelint-declaration-block-no-ignored-properties"],
rules: {
"@stylistic/function-parentheses-space-inside": null,
"@stylistic/selector-list-comma-newline-after": null,
"@stylistic/string-quotes": null,
"custom-property-pattern": null,
"declaration-block-no-duplicate-custom-properties": true,
"declaration-block-no-duplicate-properties": true,
"declaration-block-no-redundant-longhand-properties": true,
"declaration-block-no-shorthand-property-overrides": true,
"max-nesting-depth": null,
"no-descending-specificity": null,
"no-duplicate-selectors": [true, { disallowInList: false }],
"order/properties-order": [ordreProprietes, { severity: "error", unspecified: "bottomAlphabetical" }],
"plugin/declaration-block-no-ignored-properties": true,
"selector-class-pattern": null,
"selector-id-pattern": null,
"selector-max-compound-selectors": null,
"selector-max-id": null,
"selector-no-qualifying-type": null,
},
};

49
cfg/vite.config.ts Executable file
View file

@ -0,0 +1,49 @@
import type { PathsOutput } from "fdir";
import { fdir } from "fdir";
import process from "node:process";
import { defineConfig, loadEnv } from "vite";
const SLUG_THEME = "haiku-atelier-2024";
const SRC_TYPESCRIPT_PATHS: Promise<PathsOutput> = new fdir()
.withBasePath()
.filter((path, isDirectory) => !isDirectory && !path.endsWith("d.ts"))
.withMaxDepth(0)
.crawl(`web/app/themes/${SLUG_THEME}/src/scripts`)
.withPromise();
const PATHS = await SRC_TYPESCRIPT_PATHS;
export default defineConfig(({ mode }) => {
const env = loadEnv(mode, process.cwd(), "VITE");
return {
base: "/",
cacheDir: ".cache/vite",
build: {
assetsDir: ".",
cssMinify: "lightningcss",
emptyOutDir: true,
manifest: true,
minify: env["VITE_MODE"] === "production",
outDir: "./web/app/themes/haiku-atelier-2024/assets/js",
reportCompressedSize: true,
rollupOptions: {
input: PATHS,
output: {
assetFileNames: "[hash].[extname]",
chunkFileNames: "[hash].js",
entryFileNames: "[name].js",
minify: env["VITE_MODE"] === "production",
},
treeshake: true,
},
sourcemap: env["VITE_MODE"] === "development",
target: "es2020",
write: true,
},
css: {
devSourcemap: true,
transformer: "lightningcss",
},
mode: env["VITE_MODE"] ?? "production",
};
});

100
compose.yaml Executable file
View file

@ -0,0 +1,100 @@
name: "haikuatelier.fr"
networks:
haiku-network: null
services:
db:
container_name: "haikuatelier.fr-db"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
start_period: "60s"
test:
- "CMD"
- "healthcheck.sh"
- "--connect"
- "--innodb_initialized"
timeout: "5s"
image: "docker.io/library/mariadb:latest"
labels:
- "traefik.enable=false"
networks:
- "haiku-network"
restart: "unless-stopped"
volumes:
- "db-data:/var/lib/mysql:rw"
proxy:
container_name: "haikuatelier.fr-proxy"
depends_on:
- "wordpress"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
test:
- "CMD-SHELL"
- "curl http://localhost/health | grep UP"
timeout: "5s"
image: "docker.io/eilandert/angie:latest"
networks:
- "haiku-network"
restart: "on-failure:3"
volumes:
- "./containers/conf/angie:/etc/angie:rw"
# - "./containers/conf/angie-2:/etc/angie:rw"
- "./containers/data/certs:/etc/angie/ssl:ro"
- "./containers/data/angie/logs:/var/log/angie:rw"
- "./:/var/www/wordpress:rw"
traefik:
container_name: "haikuatelier.fr-traefik"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
test:
- "CMD"
- "traefik"
- "healthcheck"
- "--ping"
timeout: "5s"
image: "traefik"
mem_limit: "256m"
mem_reservation: "128m"
networks:
- "haiku-network"
ports:
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
- "127.0.0.1:8082:8082"
restart: "unless-stopped"
volumes:
- "./containers/conf/traefik/dynamic:/etc/traefik/dynamic:ro"
- "./containers/conf/traefik/traefik.yaml:/etc/traefik/traefik.yml:ro"
- "./containers/data/certs:/etc/certs/:ro"
- "./containers/data/traefik/logs:/var/log/traefik:rw"
- "/var/run/user/1000/podman/podman.sock:/var/run/docker.sock:ro"
wordpress:
container_name: "haikuatelier.fr-wordpress"
depends_on:
- "db"
- "traefik"
env_file:
- path: "./.env"
required: true
image: "localhost/wordpress-haiku-atelier"
networks:
- "haiku-network"
ports:
- "127.0.0.1:9000:9000"
restart: "unless-stopped"
volumes:
- "./containers/conf/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro"
- "./:/var/www/wordpress:rw"
volumes:
db-data: null

147
composer.json
View file

@ -1,82 +1,101 @@
{ {
"name": "roots/bedrock", "autoload": {
"type": "project", "psr-4": {
"license": "MIT", "HaikuAtelier\\": "web/app/themes/haiku-atelier-2024/src/inc/"
"description": "WordPress boilerplate with Composer, easier configuration, and an improved folder structure", }
"homepage": "https://roots.io/bedrock/", },
"authors": [ "authors": [
{ "name": "Scott Walkinshaw", "email": "scott.walkinshaw@gmail.com", "homepage": "https://github.com/swalkinshaw" }, {
{ "name": "Ben Word", "email": "ben@benword.com", "homepage": "https://github.com/retlehs" } "email": "scott.walkinshaw@gmail.com",
"homepage": "https://github.com/swalkinshaw",
"name": "Scott Walkinshaw"
},
{
"email": "ben@benword.com",
"homepage": "https://github.com/retlehs",
"name": "Ben Word"
}
], ],
"keywords": ["bedrock", "composer", "roots", "wordpress", "wp", "wp-config"],
"support": {
"issues": "https://github.com/roots/bedrock/issues",
"forum": "https://discourse.roots.io/category/bedrock"
},
"repositories": [
{ "type": "composer", "url": "https://wpackagist.org", "only": ["wpackagist-plugin/*", "wpackagist-theme/*"] }
],
"require": {
"php": ">=8.2",
"composer/installers": "^2.3",
"crell/fp": "^1.0",
"htmlburger/carbon-fields": "^3.6",
"illuminate/support": "^12.18",
"laravel/helpers": "^1.7.1",
"log1x/wp-smtp": "^1.0.2",
"lstrojny/functional-php": "^1.17",
"mnsami/composer-custom-directory-installer": "^2.0",
"nesbot/carbon": "^3.8.2",
"oscarotero/env": "^2.1.1",
"ramsey/uuid": "^4.7.6",
"roots/bedrock-autoloader": "^1.0.4",
"roots/bedrock-disallow-indexing": "^2.0",
"roots/wordpress": "^6.8.1",
"roots/wp-config": "^1.0",
"stripe/stripe-php": "^16.3",
"symfony/uid": "^7.2.0",
"timber/timber": "^2.3",
"vlucas/phpdotenv": "^5.6.1",
"wpackagist-plugin/falcon": "^2.8.4",
"wpackagist-plugin/force-regenerate-thumbnails": "^2.2.1",
"wpackagist-plugin/query-monitor": "^3.17.0",
"wpackagist-plugin/redis-cache": "^2.5.4",
"wpackagist-plugin/wc-multishipping": "^2.5.4",
"wpackagist-plugin/woo-preview-emails": "^2.2.13",
"wpackagist-plugin/woocommerce": "^9.4.3",
"wpackagist-plugin/wp-mail-logging": "^1.13.1",
"wpackagist-plugin/wp-mail-smtp": "^4.2",
"wpackagist-plugin/wp-openapi": "^1.0.16",
"wpackagist-theme/twentytwentyfour": "^1.3"
},
"require-dev": {
"phpstan/extension-installer": "^1.4.3",
"phpstan/phpstan": "^2.0.3",
"roave/security-advisories": "dev-latest",
"squizlabs/php_codesniffer": "^3.11.1",
"szepeviktor/phpstan-wordpress": "2.x-dev"
},
"config": { "config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"allow-plugins": { "allow-plugins": {
"carthage-software/mago": true,
"composer/installers": true, "composer/installers": true,
"mnsami/composer-custom-directory-installer": true, "mnsami/composer-custom-directory-installer": true,
"roots/wordpress-core-installer": true, "phpstan/extension-installer": true,
"phpstan/extension-installer": true "roots/wordpress-core-installer": true
}, },
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true "sort-packages": true
}, },
"minimum-stability": "dev", "description": "WordPress boilerplate with Composer, easier configuration, and an improved folder structure",
"prefer-stable": true,
"extra": { "extra": {
"installer-paths": { "installer-paths": {
"web/vendor/{$vendor}/{$name}": ["htmlburger/carbon-fields"],
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"], "web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"],
"web/app/plugins/{$name}/": ["type:wordpress-plugin"], "web/app/plugins/{$name}/": ["type:wordpress-plugin"],
"web/app/themes/{$name}/": ["type:wordpress-theme"] "web/app/themes/{$name}/": ["type:wordpress-theme"],
"web/vendor/{$vendor}/{$name}": ["htmlburger/carbon-fields"]
}, },
"wordpress-install-dir": "web/wp" "wordpress-install-dir": "web/wp"
}, },
"scripts": { "test": ["phpcs"] } "homepage": "https://roots.io/bedrock/",
"keywords": ["bedrock", "composer", "roots", "wordpress", "wp", "wp-config"],
"license": "MIT",
"minimum-stability": "dev",
"name": "roots/bedrock",
"prefer-stable": true,
"repositories": [
{
"only": ["wpackagist-plugin/*", "wpackagist-theme/*"],
"type": "composer",
"url": "https://wpackagist.org"
}
],
"require": {
"php": ">=8.5",
"php-standard-library/php-standard-library": "^4.3",
"composer/installers": "^2.3",
"crell/fp": "^1.0",
"htmlburger/carbon-fields": "^3.6.9",
"illuminate/support": "^12.56",
"laravel/helpers": "^1.8.3",
"log1x/wp-smtp": "^1.0.2",
"lstrojny/functional-php": "^1.18",
"mnsami/composer-custom-directory-installer": "^2.0",
"nesbot/carbon": "^3.11.3",
"oscarotero/env": "^2.1.1",
"roots/bedrock-autoloader": "^1.1.0",
"roots/bedrock-disallow-indexing": "^2.1",
"roots/wordpress": "^6.9.4",
"roots/wp-config": "^1.0",
"stripe/stripe-php": "^19.4.1",
"symfony/uid": "^8.0.4",
"timber/timber": "^2.3.3",
"vlucas/phpdotenv": "^5.6.3",
"wpackagist-plugin/falcon": "^2.9.3",
"wpackagist-plugin/force-regenerate-thumbnails": "^2.3.0",
"wpackagist-plugin/query-monitor": "^3.20.4",
"wpackagist-plugin/redis-cache": "^2.7.0",
"wpackagist-plugin/wc-multishipping": "^3.0.2",
"wpackagist-plugin/woo-preview-emails": "^2.2.14",
"wpackagist-plugin/woocommerce": "^10.6.1",
"wpackagist-plugin/wp-mail-logging": "^1.16.0",
"wpackagist-plugin/wp-mail-smtp": "^4.7.1",
"wpackagist-plugin/wp-openapi": "^1.0.27",
"wpackagist-theme/twentytwentyfour": "^1.4"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.94.2",
"php-standard-library/phpstan-extension": "^2.1",
"phpstan/extension-installer": "^1.4.3",
"phpstan/phpstan": "^2.1.45",
"roave/security-advisories": "dev-latest",
"szepeviktor/phpstan-wordpress": "2.x-dev",
"vincentlanglet/twig-cs-fixer": "^3.14"
},
"support": {
"forum": "https://discourse.roots.io/category/bedrock",
"issues": "https://github.com/roots/bedrock/issues"
},
"type": "project"
} }

3841
composer.lock generated
View file

File diff suppressed because it is too large Load diff

158
config/application.php
View file

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Your base production configuration goes in this file. Environment-specific * Your base production configuration goes in this file. Environment-specific
* overrides go in their respective config/environments/{{WP_ENV}}.php file. * overrides go in their respective config/environments/{{WP_ENV}}.php file.
@ -8,153 +9,138 @@
* can. * can.
*/ */
declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
// USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES // USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES
Env\Env::$options = 31; Env\Env::$options = 31;
/** /**
* Directory containing all of the site's files * Directory containing all of the site's files.
* *
* @var string * @var string
*/ */
$root_dir = dirname(__DIR__); $root_dir = dirname(__DIR__);
/** /**
* Document Root * Document Root.
* *
* @var string * @var string
*/ */
$webroot_dir = $root_dir . "/web"; $webroot_dir = $root_dir . '/web';
/** /*
* Use Dotenv to set required environment variables and load .env file in root * Use Dotenv to set required environment variables and load .env file in root
* .env.local will override .env if it exists * .env.local will override .env if it exists
*/ */
if (file_exists($root_dir . "/.env")) { if (file_exists($root_dir . '/.env')) {
$env_files = file_exists($root_dir . "/.env.local") ? [".env", ".env.local"] : [".env"]; $env_files = file_exists($root_dir . '/.env.local') ? ['.env', '.env.local'] : ['.env'];
$dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false); $dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false);
$dotenv->load(); $dotenv->load();
$dotenv->required(["WP_HOME", "WP_SITEURL"]); $dotenv->required(['WP_HOME', 'WP_SITEURL']);
if (!env("DATABASE_URL")) { if (!env('DATABASE_URL')) {
$dotenv->required(["DB_NAME", "DB_USER", "DB_PASSWORD"]); $dotenv->required(['DB_NAME', 'DB_USER', 'DB_PASSWORD']);
} }
} }
/** /*
* Set up our global environment constant and load its config first * Set up our global environment constant and load its config first
* Default: production * Default: production
*/ */
define("WP_ENV", env("WP_ENV") ?: "production"); define('WP_ENV', env('WP_ENV') ?: 'production');
/** // Infer WP_ENVIRONMENT_TYPE based on WP_ENV
* Infer WP_ENVIRONMENT_TYPE based on WP_ENV if (!env('WP_ENVIRONMENT_TYPE') && in_array(WP_ENV, ['production', 'staging', 'development', 'local'], true)) {
*/ Config::define('WP_ENVIRONMENT_TYPE', WP_ENV);
if (!env("WP_ENVIRONMENT_TYPE") && in_array(WP_ENV, ["production", "staging", "development", "local"])) {
Config::define("WP_ENVIRONMENT_TYPE", WP_ENV);
} }
/** // URLs
* URLs Config::define('WP_HOME', env('WP_HOME'));
*/ Config::define('WP_SITEURL', env('WP_SITEURL'));
Config::define("WP_HOME", env("WP_HOME"));
Config::define("WP_SITEURL", env("WP_SITEURL"));
/** // Custom Content Directory
* Custom Content Directory Config::define('CONTENT_DIR', '/app');
*/ Config::define('WP_CONTENT_DIR', $webroot_dir . Config::get('CONTENT_DIR'));
Config::define("CONTENT_DIR", "/app"); Config::define('WP_CONTENT_URL', Config::get('WP_HOME') . Config::get('CONTENT_DIR'));
Config::define("WP_CONTENT_DIR", $webroot_dir . Config::get("CONTENT_DIR"));
Config::define("WP_CONTENT_URL", Config::get("WP_HOME") . Config::get("CONTENT_DIR"));
/** // DB settings
* DB settings if (env('DB_SSL')) {
*/ Config::define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
if (env("DB_SSL")) {
Config::define("MYSQL_CLIENT_FLAGS", MYSQLI_CLIENT_SSL);
} }
Config::define("DB_NAME", env("DB_NAME")); Config::define('DB_NAME', env('DB_NAME'));
Config::define("DB_USER", env("DB_USER")); Config::define('DB_USER', env('DB_USER'));
Config::define("DB_PASSWORD", env("DB_PASSWORD")); Config::define('DB_PASSWORD', env('DB_PASSWORD'));
Config::define("DB_HOST", env("DB_HOST") ?: "localhost"); Config::define('DB_HOST', env('DB_HOST') ?: 'localhost');
Config::define("DB_CHARSET", "utf8mb4"); Config::define('DB_CHARSET', 'utf8mb4');
Config::define("DB_COLLATE", ""); Config::define('DB_COLLATE', '');
$table_prefix = env("DB_PREFIX") ?: "wp_"; $table_prefix = env('DB_PREFIX') ?: 'wp_';
if (env("DATABASE_URL")) { if (env('DATABASE_URL')) {
$dsn = (object) parse_url(env("DATABASE_URL")); $dsn = (object) parse_url(env('DATABASE_URL'));
Config::define("DB_NAME", substr($dsn->path, 1)); Config::define('DB_NAME', mb_substr($dsn->path, 1));
Config::define("DB_USER", $dsn->user); Config::define('DB_USER', $dsn->user);
Config::define("DB_PASSWORD", isset($dsn->pass) ? $dsn->pass : null); Config::define('DB_PASSWORD', $dsn->pass ?? null);
Config::define("DB_HOST", isset($dsn->port) ? "{$dsn->host}:{$dsn->port}" : $dsn->host); Config::define('DB_HOST', isset($dsn->port) ? "{$dsn->host}:{$dsn->port}" : $dsn->host);
} }
/** // Authentication Unique Keys and Salts
* Authentication Unique Keys and Salts Config::define('AUTH_KEY', env('AUTH_KEY'));
*/ Config::define('SECURE_AUTH_KEY', env('SECURE_AUTH_KEY'));
Config::define("AUTH_KEY", env("AUTH_KEY")); Config::define('LOGGED_IN_KEY', env('LOGGED_IN_KEY'));
Config::define("SECURE_AUTH_KEY", env("SECURE_AUTH_KEY")); Config::define('NONCE_KEY', env('NONCE_KEY'));
Config::define("LOGGED_IN_KEY", env("LOGGED_IN_KEY")); Config::define('AUTH_SALT', env('AUTH_SALT'));
Config::define("NONCE_KEY", env("NONCE_KEY")); Config::define('SECURE_AUTH_SALT', env('SECURE_AUTH_SALT'));
Config::define("AUTH_SALT", env("AUTH_SALT")); Config::define('LOGGED_IN_SALT', env('LOGGED_IN_SALT'));
Config::define("SECURE_AUTH_SALT", env("SECURE_AUTH_SALT")); Config::define('NONCE_SALT', env('NONCE_SALT'));
Config::define("LOGGED_IN_SALT", env("LOGGED_IN_SALT"));
Config::define("NONCE_SALT", env("NONCE_SALT"));
/** // Custom Settings
* Custom Settings Config::define('AUTOMATIC_UPDATER_DISABLED', true);
*/ Config::define('DISABLE_WP_CRON', env('DISABLE_WP_CRON') ?: false);
Config::define("AUTOMATIC_UPDATER_DISABLED", true);
Config::define("DISABLE_WP_CRON", env("DISABLE_WP_CRON") ?: false);
// Disable the plugin and theme file editor in the admin // Disable the plugin and theme file editor in the admin
Config::define("DISALLOW_FILE_EDIT", true); Config::define('DISALLOW_FILE_EDIT', true);
// Disable plugin and theme updates and installation from the admin // Disable plugin and theme updates and installation from the admin
Config::define("DISALLOW_FILE_MODS", true); Config::define('DISALLOW_FILE_MODS', true);
// Limit the number of post revisions // Limit the number of post revisions
Config::define("WP_POST_REVISIONS", env("WP_POST_REVISIONS") ?? true); Config::define('WP_POST_REVISIONS', env('WP_POST_REVISIONS') ?? true);
/** // Debugging Settings
* Debugging Settings Config::define('WP_DEBUG_DISPLAY', false);
*/ Config::define('WP_DEBUG_LOG', false);
Config::define("WP_DEBUG_DISPLAY", false); Config::define('SCRIPT_DEBUG', false);
Config::define("WP_DEBUG_LOG", false); ini_set('display_errors', '0');
Config::define("SCRIPT_DEBUG", false);
ini_set("display_errors", "0");
/** // Plugins
* Plugins Config::define('WPMU_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/mu-plugins');
*/ Config::define('WP_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/plugins');
Config::define("WPMU_PLUGIN_DIR", Config::get("WP_CONTENT_DIR") . "/mu-plugins");
Config::define("WP_PLUGIN_DIR", Config::get("WP_CONTENT_DIR") . "/plugins");
/** /*
* Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer
* See https://codex.wordpress.org/Function_Reference/is_ssl#Notes * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes
*/ */
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") { if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO']) {
$_SERVER["HTTPS"] = "on"; $_SERVER['HTTPS'] = 'on';
} }
$env_config = __DIR__ . "/environments/" . WP_ENV . ".php"; $env_config = __DIR__ . '/environments/' . WP_ENV . '.php';
if (file_exists($env_config)) { if (file_exists($env_config)) {
require_once $env_config; include_once $env_config;
} }
Config::apply(); Config::apply();
/** // Bootstrap WordPress
* Bootstrap WordPress if (!defined('ABSPATH')) {
*/ define('ABSPATH', $webroot_dir . '/wp/');
if (!defined("ABSPATH")) {
define("ABSPATH", $webroot_dir . "/wp/");
} }

34
config/environments/development.php
View file

@ -1,35 +1,37 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'development' * Configuration overrides for WP_ENV === 'development'.
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define("SAVEQUERIES", true); Config::define('SAVEQUERIES', true);
Config::define("WP_DEBUG", true); Config::define('WP_DEBUG', true);
Config::define("WP_DEBUG_DISPLAY", false); Config::define('WP_DEBUG_DISPLAY', true);
Config::define("WP_DEBUG_LOG", env("WP_DEBUG_LOG") ?? true); Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true);
Config::define("WP_DISABLE_FATAL_ERROR_HANDLER", true); Config::define('WP_DISABLE_FATAL_ERROR_HANDLER', true);
Config::define("SCRIPT_DEBUG", true); Config::define('SCRIPT_DEBUG', true);
Config::define("DISALLOW_INDEXING", true); Config::define('DISALLOW_INDEXING', true);
ini_set("display_errors", "1"); ini_set('display_errors', '1');
// Enable plugin and theme updates and installation from the admin // Enable plugin and theme updates and installation from the admin
Config::define("DISALLOW_FILE_MODS", false); Config::define('DISALLOW_FILE_MODS', false);
// WooCommerce // WooCommerce
Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY")); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET")); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));
// Stripe // Stripe
Config::define("STRIPE_API_SECRET", env("STRIPE_API_SECRET")); Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET'));
// Redis // Redis
Config::define("WP_REDIS_HOST", env("WP_REDIS_HOST")); Config::define('WP_REDIS_HOST', env('WP_REDIS_HOST'));
Config::define("WP_REDIS_PASSWORD", env("WP_REDIS_PASSWORD")); Config::define('WP_REDIS_PASSWORD', env('WP_REDIS_PASSWORD'));
// Désactive la mise à jour des traductions automatiques // Désactive la mise à jour des traductions automatiques
Config::define("WP_AUTO_UPDATE_TRANSLATION", false); Config::define('WP_AUTO_UPDATE_TRANSLATION', false);

22
config/environments/production.php
View file

@ -1,23 +1,25 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'production' * Configuration overrides for WP_ENV === 'production'.
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define("WP_DEBUG", true); Config::define('WP_DEBUG', true);
Config::define("WP_DEBUG_DISPLAY", false); Config::define('WP_DEBUG_DISPLAY', false);
Config::define("WP_DEBUG_LOG", env("WP_DEBUG_LOG") ?? true); Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true);
Config::define("WP_DISABLE_FATAL_ERROR_HANDLER", false); Config::define('WP_DISABLE_FATAL_ERROR_HANDLER', false);
Config::define("DISALLOW_INDEXING", false); Config::define('DISALLOW_INDEXING', false);
Config::define("DISALLOW_FILE_MODS", false); Config::define('DISALLOW_FILE_MODS', false);
Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY")); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET")); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));
// Stripe // Stripe
Config::define("STRIPE_API_SECRET", env("STRIPE_API_SECRET")); Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET'));

10
config/environments/staging.php
View file

@ -1,13 +1,15 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'staging' * Configuration overrides for WP_ENV === 'staging'.
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define("DISALLOW_INDEXING", true); Config::define('DISALLOW_INDEXING', true);
Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY")); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET")); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));

46
containers/Dockerfile Normal file
View file

@ -0,0 +1,46 @@
# syntax=docker/dockerfile:1
FROM docker.io/library/alpine:latest AS repo
# Ajoute Git.
RUN set -eux && apk add --no-cache \
bash \
git \
;
# Récupère les fichiers du site pour la branche « Production ».
RUN git clone --branch production --depth 1 http://git.gcch.fr/gcch/haiku-atelier-2024.git "/tmp/repo"
FROM docker.io/library/wordpress:php8.5-fpm-alpine AS php
ENTRYPOINT []
LABEL org.opencontainers.image.title=wordpress-haiku-atelier \
org.opencontainers.image.description="WordPress pour Haiku Atelier" \
org.opencontainers.image.authors="gcch" \
org.opencontainers.image.vendor="gcch" \
org.opencontainers.image.licenses=AGPL-3.0
# Installe wp-cli.
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp
# Installe Composer.
RUN php -r "copy('https://getcomposer.org/installer', './composer-setup.php');" && php ./composer-setup.php && mv composer.phar /usr/local/bin/composer && rm composer-setup.php
RUN set -eux && apk add --no-cache \
fish \
ghostscript \
imagemagick \
mariadb-client \
;
VOLUME /var/www/wordpress
WORKDIR /var/www/wordpress
# Récupère les fichiers du projet.
COPY --from=repo --chmod=775 "/tmp/repo/" .
RUN chown www-data: -R .
# Installe les dépendences Composer.
RUN composer install
EXPOSE 9000
CMD ["php-fpm"]

57
containers/conf/angie/angie.conf Executable file
View file

@ -0,0 +1,57 @@
worker_processes 1;
user root;
# Modules
include /etc/angie/modules-enabled/*.conf;
pcre_jit on;
pid /run/angie.pid;
error_log /dev/stdout info;
error_log /var/log/angie/angie.log warn;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
############# Angie conf
include /etc/angie/mime.types;
include /etc/angie/compression.conf;
include /etc/angie/fastcgi.conf;
error_log /dev/stdout info;
aio threads;
aio_write on;
directio 256k;
sendfile on;
sendfile_max_chunk 256k;
server_names_hash_bucket_size 128;
tcp_nodelay on;
tcp_nopush on;
http2 on;
source_charset utf-8; # same value as "charset"
############## Let Angie see client real IPs
real_ip_header X-Forwarded-For;
set_real_ip_from traefik;
############## Angie security
client_body_buffer_size 10K;
client_body_timeout 12;
client_header_buffer_size 1k;
client_header_timeout 12;
client_max_body_size 8M;
keepalive_timeout 15;
large_client_header_buffers 4 8k;
proxy_hide_header X-Powered-By;
send_timeout 10;
server_tokens off;
############# WP conf
include /etc/angie/haikuatelier.conf;
}

85
containers/conf/angie/angie.conf-original Normal file
View file

@ -0,0 +1,85 @@
user www-data;
worker_processes auto;
pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/angie/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/angie/access.log;
error_log /var/log/angie/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

176
containers/conf/angie/angie.conf-packaged Normal file
View file

@ -0,0 +1,176 @@
###
## This file comes with the "NGINX Mainline and modules" on https://deb.paranoid.nl/nginx-modules
## It contains various optimizations, examples and tweaks.
####
user www-data;
worker_processes auto;
worker_rlimit_nofile 10000;
pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf;
events {
worker_connections 65535;
multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
aio threads;
aio_write on;
sendfile on;
directio 256k;
sendfile_max_chunk 256k;
tcp_nopush off;
tcp_nodelay on;
types_hash_max_size 2048;
server_names_hash_bucket_size 128;
variables_hash_max_size 1024;
# server_name_in_redirect off;
include /etc/angie/mime.types;
default_type application/octet-stream;
###
## Enable security_headers only if you installed/enabled the module
###
# security_headers on;
# hide_server_tokens on;
# fastcgi_hide_header X-Powered-By;
# server_tokens off;
##
# Optimizing TLS over TCP to reduce latency (Cloudflare patch)
##
#ssl_dyn_rec_enable on;
##
# Enable HTTP2 and HTTP3
#
http2 on;
#http3 on;
#
##
##
# SSL Settings
##
# Enable only if you are running on a openssl3 build and kernel 4.17 or higher
# You need to do `modprobe tls` to load the kernel TLS module
#ssl_conf_command Options KTLS;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_dhparam /etc/angie/dhparam.pem;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_session_tickets off;
ssl_early_data on;
ssl_session_cache shared:SSL:10m;
ssl_session_cache shared:le_nginx_SSL:10m; #letsencrypt only
ssl_session_timeout 1440m;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8 valid=300;
##
# Logging Settings
##
## Log Format
log_format main '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
access_log /var/log/angie/access.log;
error_log /var/log/angie/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
###
## Miscellaneous
###
keepalive_disable none; # allow all browsers to use keepalive connections
keepalive_requests 50; # number of requests per connection, does not affect SPDY
max_ranges 1; # allow a single range header for resumed downloads and to stop large range header DoS attacks
msie_padding off;
#open_file_cache max=10000 inactive=2h;
#open_file_cache_errors on;
#open_file_cache_min_uses 1;
#open_file_cache_valid 1h;
output_buffers 2 512k;
#postpone_output 1440; # postpone sends to match our machine's MSS
read_ahead 512K; # kernel read head set to the output_buffers
server_name_in_redirect off; # if off, angie will use the requested Host header
source_charset utf-8; # same value as "charset"
# Buffer size for POST submissions
client_body_buffer_size 10K;
client_max_body_size 16m;
# Buffer size for Headers
client_header_buffer_size 1k;
# Allow the server to close the connection after a client stops
# responding.
# Frees up socket-associated memory.
#
reset_timedout_connection on;
# Timeouts, do not keep connections open longer then necessary to reduce
# resource usage and deny Slowloris type attacks.
client_body_timeout 10s; # maximum time between packets the client can pause when sending angie any data
client_header_timeout 10s; # maximum time the client has to send the entire header to angie
keepalive_timeout 120s; # timeout which a single keep-alive client connection will stay open
##
# Virtual Host Configs
##
include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

28
containers/conf/angie/compression.conf Executable file
View file

@ -0,0 +1,28 @@
gzip on;
gzip_comp_level 9;
gzip_http_version 1.1;
gzip_min_length 512;
gzip_buffers 32 4K;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_static on;
gzip_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
brotli on;
brotli_buffers 32 4K;
brotli_comp_level 6;
brotli_min_length 1000;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
zstd on;
zstd_buffers 32 4K;
zstd_comp_level 3;
zstd_min_length 1000;
zstd_static on;
zstd_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;

13
containers/conf/angie/dhparam.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

21
containers/conf/angie/fastcgi.conf Executable file
View file

@ -0,0 +1,21 @@
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_hide_header X-Powered-By;
fastcgi_index index.php;

56
containers/conf/angie/haikuatelier.conf Executable file
View file

@ -0,0 +1,56 @@
server {
listen 80;
server_name _;
root /var/www/wordpress/web/;
index index.html index.php;
access_log /var/log/angie/haikuatelier-access.log;
error_log /var/log/angie/haikuatelier-error.log;
# Pour éviter des erreurs liés à des requêtes trop lourdes.
fastcgi_buffers 16 32k;
fastcgi_buffer_size 64k;
fastcgi_busy_buffers_size 64k;
# Point d'accès pour vérifier la santé du conteneur Angie.
location = /health {
access_log off;
add_header "Content-Type" "text/plain";
return 200 "UP";
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/angie/fastcgi.conf;
fastcgi_pass wordpress:9000;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
location ~* \.(?:ico|svg|css|js|gif|jpe?g|png|avif|jxl|webp|avif|woff2?)$ {
access_log off;
expires max;
add_header "Cache-Control" "public, immutable";
}
location * {
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "Access-Control-Allow-Origin" "*";
add_header "Cross-Origin-Opener-Policy" "unsafe-none";
add_header "Cross-Origin-Resource-Policy" "cross-origin";
}
}

99
containers/conf/angie/mime.types Normal file
View file

@ -0,0 +1,99 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

96
containers/conf/angie/naxsi_rules/blocking/10000000_scanner.rules Normal file
View file

@ -0,0 +1,96 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/20000000_web_security.rules Normal file
View file

@ -0,0 +1,172 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/30000000_wordpress.rules Normal file
View file

@ -0,0 +1,16 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/40000000_php_security.rules Normal file
View file

@ -0,0 +1,66 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

96
containers/conf/angie/naxsi_rules/blocking/blocking/10000000_scanner.rules Normal file
View file

@ -0,0 +1,96 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/blocking/20000000_web_security.rules Normal file
View file

@ -0,0 +1,172 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/blocking/30000000_wordpress.rules Normal file
View file

@ -0,0 +1,16 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/blocking/40000000_php_security.rules Normal file
View file

@ -0,0 +1,66 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

15
containers/conf/angie/naxsi_rules/blocking/blocking/50000000_sql_injection.rules Normal file
View file

@ -0,0 +1,15 @@
#######################################
## SQL Injection ids: 50000000 ##
#######################################
# Transact-SQL General Extended Stored Procedures
# https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/general-extended-stored-procedures-transact-sql
MainRule id:50000000 "s:$SQL:8" "rx:xp_(cmdshell|enumgroups|grantlogin|logevent|loginconfig|logininfo|msver|revokelogin|sprintf|sqlmaint|sscanf)" "mz:BODY|HEADERS|ARGS|URL" "msg:Transact-SQL GESP";
# Classic SQL injection
MainRule id:50000001 "s:$SQL:8" "rx:(CHAR|CONCAT|CONCAT_WS)\([0-9a-fx,]+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000002 "s:$SQL:8" "rx:SLEEP(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000003 "s:$SQL:8" "rx:\bBENCHMARK\b\([0-9,]+.+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000004 "s:$SQL:8" "rx:\b(UNION|INFORMATION_SCHEMA)\b.*(#|--|\*)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000005 "s:$SQL:8" "rx:(MD\d|SHA\d+)(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000006 "s:$SQL:8" "rx:DBMS_PIPE|RECEIVE_MESSAGE|WAITFOR|DELAY" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";

95
containers/conf/angie/naxsi_rules/naxsi_core.rules Normal file
View file

@ -0,0 +1,95 @@
##################################
## INTERNAL RULES IDS:1-999 ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;
#@MainRule "msg:no generic rules" id:19;
#@MainRule "msg:bad utf8" id:20;
#@MainRule "msg:illegal host header" id:21;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile|bigint" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:semicolon" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:comma" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double arobase (@@)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;
MainRule "rx:::json|to_json|jsonb?_build|jsonb?_object|jsonb?_each|jsonb?_extract|jsonb?_typeof|jsonb?_array|jsonb_set|json_query|json_keys" "msg:json functions and operators" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1018;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
MainRule "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110;
MainRule "str:zip://" "msg:zip:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1111;
MainRule "str:expect://" "msg:expect:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1112;
MainRule "str:input://" "msg:input:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1113;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
MainRule "str:/..;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1207;
MainRule "str:/.;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1208;
MainRule "str:/.%2e/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1209;
MainRule "str:/%2e./" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1210;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:open square backet ([), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht|\.jsp" "msg:asp/php/jsp/htaccess file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
MainRule "rx:^[\.a-z0-9_\- ]+$" negative "msg:uploaded filename contains non-printable ascii chars" "mz:FILE_EXT" "s:$UPLOAD:8" id:1501;

7
containers/conf/angie/naxsi_rules/whitelists/dokuwiki.rules Normal file
View file

@ -0,0 +1,7 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/drupal.rules Normal file
View file

@ -0,0 +1,61 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/etherpad-lite.rules Normal file
View file

@ -0,0 +1,7 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

10
containers/conf/angie/naxsi_rules/whitelists/iris.rules Normal file
View file

@ -0,0 +1,10 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

10
containers/conf/angie/naxsi_rules/whitelists/rutorrent.rules Normal file
View file

@ -0,0 +1,10 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/dokuwiki.rules Normal file
View file

@ -0,0 +1,7 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/whitelists/drupal.rules Normal file
View file

@ -0,0 +1,61 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/etherpad-lite.rules Normal file
View file

@ -0,0 +1,7 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

5
containers/conf/angie/naxsi_rules/whitelists/whitelists/generic.rules Normal file
View file

@ -0,0 +1,5 @@
# whitelist robots.txt
BasicRule wl:20000003 "mz:$URL:/robots.txt|URL";
# whitelist /.well-known/security.txt
BasicRule wl:20000003,20000045 "mz:$URL:/.well-known/security.txt|URL";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/iris.rules Normal file
View file

@ -0,0 +1,10 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

124
containers/conf/angie/naxsi_rules/whitelists/whitelists/jellyfin.rules Normal file
View file

@ -0,0 +1,124 @@
# Jellyfin rules
# global
BasicRule wl:2,11 "mz:BODY";
BasicRule wl:17 "mz:$HEADERS_VAR:accept";
BasicRule wl:1000 "mz:URL";
BasicRule wl:1000,1002 "mz:$HEADERS_VAR:cookie";
# /Users.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Users.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Users.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberAudioSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberSubtitleSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortBy$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Ids$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^MediaTypes$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortOrder$|$URL_X:^/Users/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^IncludeItemTypes$|$URL_X:^/Users/[0-9a-f-]*/Items$";
# /Users/authenticatebyname
BasicRule wl:1010,1011,1012,1302 "mz:$BODY_VAR:Pw|$URL:/Users/authenticatebyname";
# /UserItems/Resume
BasicRule wl:1015 "mz:$ARGS_VAR:fields|$URL:/UserItems/Resume";
# /Shows.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Seasons$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Episodes$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^NextUpDateCutoff$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1015 "mz:$ARGS_VAR:StartIndex|$URL:/Shows/NextUp?";
# /DisplayPreferences
BasicRule wl:15,1000,1001,1015,1101,1205 "mz:BODY|$URL:/DisplayPreferences/usersettings";
BasicRule wl:1000 "mz:$BODY_VAR_X:^chromecastVersion$|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^ShowBackdrop$|NAME|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1101 "mz:BODY|NAME|$URL:/DisplayPreferences/usersettings";
# /Items.*
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:URL|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^inheritFromParent$|NAME|$URL_X:^/Items/[0-9a-f-]*/ThemeMedia$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Items.*$";
BasicRule wl:1005 "mz:$BODY_VAR_X:^Value$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Items";
BasicRule wl:1015 "mz:$BODY_VAR_X:^VideoCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^AudioCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^Container$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$ARGS_VAR:ExcludeLocationTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Filters|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:ImageTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:IncludeItemTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Recursive|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortOrder|$URL:/Items?";
# /Shows/Upcoming
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Shows/Upcoming";
# /Movies/Recommendations
BasicRule wl:1000,1015 "mz:$ARGS_VAR:Fields|$URL:/Movies/Recommendations";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Movies/Recommendations";
# /System/Configuration
BasicRule wl:1013,1015 "mz:$BODY_VAR:SortRemoveCharacters|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:LibraryUpdateDuration|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:Name|$URL:/System/Configuration";
BasicRule wl:1101 "mz:$BODY_VAR:Url|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:LibraryMonitorDelay|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:ThrottleDelaySeconds|NAME|$URL:/System/Configuration/encoding";
# /System/Configuration/branding
BasicRule wl:1000,1001,1002,1003,1004,1008,1009,1010,1011,1015,1016,1205 "mz:$BODY_VAR:CustomCss|$URL:/System/Configuration/branding";
BasicRule wl:1302 "mz:$BODY_VAR:LoginDisclaimer|$URL:/System/Configuration/branding";
# /Sessions
BasicRule wl:1000 "mz:$BODY_VAR:EventName|$URL:/Sessions/Playing/Progress";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:AudioCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:VideoCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1200 "mz:$HEADERS_VAR:cookie|$URL:/Sessions/Logout";
# Branding
BasicRule wl:1015 "mz:$BODY_VAR:Splashscreen|$URL:/Branding/Splashscreen";
# /Library
BasicRule wl:1005,1008,1205 "mz:$BODY_VAR:CustomTagDelimiters|$URL:/Library/VirtualFolders/LibraryOptions";
# /Playlists
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
# /SyncPlay
BasicRule wl:1013 "mz:$BODY_VAR:GroupName|$URL:/SyncPlay/New";
# /Videos.*
BasicRule wl:12 "mz:ARGS|$URL_X:^/videos/.*$";
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Videos/.*$";
BasicRule wl:1015 "mz:ARGS|$URL_X:^/videos/.*$";
# /LiveTv
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/LiveTv/Programs/Recommended";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs/Recommended";
# Playback Reporting Plugin
# /user_usage_stats
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/PlayActivity";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/HourlyReport";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/DurationHistogramReport";
# Artist
BasicRule wl:1000,1015 "mz:$ARGS_VAR:fields|$URL:/Artists";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Artists";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Artists";
# Persons
BasicRule wl:1000,1013 "mz:$ARGS_VAR:fields|$URL:/Persons";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Persons";
BasicRule wl:1100 "mz:$ARGS_VAR:searchTerm|$URL:/Persons";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/rutorrent.rules Normal file
View file

@ -0,0 +1,10 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

26
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress-minimal.rules Normal file
View file

@ -0,0 +1,26 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress.rules Normal file
View file

@ -0,0 +1,152 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/whitelists/zerobin.rules Normal file
View file

@ -0,0 +1,8 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

26
containers/conf/angie/naxsi_rules/whitelists/wordpress-minimal.rules Normal file
View file

@ -0,0 +1,26 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/wordpress.rules Normal file
View file

@ -0,0 +1,152 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/zerobin.rules Normal file
View file

@ -0,0 +1,8 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

20
containers/conf/angie/sites-available/default Normal file
View file

@ -0,0 +1,20 @@
server {
listen 80 default_server backlog=2048 reuseport fastopen=256;
listen [::]:80 default_server backlog=2048 reuseport fastopen=256;
# redirect all http traffic to https
#return 301 https://$host$request_uri;
# Reject everything on your default IP
location / { return 444; }
}
server {
listen 443 ssl reuseport fastopen=256 backlog=2048;
listen [::]:443 ssl reuseport fastopen=256 backlog=2048;
# Reject everything on your default IP
location / { return 444; }
ssl_reject_handshake on;
}

91
containers/conf/angie/sites-available/example Normal file
View file

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of angie configuration files in order to fully unleash the power of angie.
# https://www.angie.com/resources/wiki/start/
# https://www.angie.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/angie/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the angie packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/angie-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.angie-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with angie's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

15
containers/conf/php.ini Executable file
View file

@ -0,0 +1,15 @@
allow_url_fopen=0
allow_url_include=0
cgi.fix_pathinfo=0
display_errors=0
display_startup_errors=0
expose_php=0
file_uploads=On
max_execution_time=600
max_input_time=600
max_input_vars=2000
memory_limit=1024M
open_basedir="/"
post_max_size=32M
register_globals=Off
upload_max_filesize=32M

7
containers/conf/traefik/dynamic/certs.yaml Executable file
View file

@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
tls:
certificates:
- certFile: "/etc/certs/_wildcard.gcch.local.pem"
keyFile: "/etc/certs/_wildcard.gcch.local-key.pem"

59
containers/conf/traefik/dynamic/general.yaml Executable file
View file

@ -0,0 +1,59 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
middlewares:
compression:
compress:
excludedContentTypes:
- text/event-stream
security:
headers:
accessControlAllowCredentials: true
accessControlAllowHeaders: "content-type"
accessControlAllowMethods:
- GET
- OPTIONS
- POST
- PUT
accessControlAllowOriginListRegex: "https://.*\\.gcch\\.local(.*)"
accessControlMaxAge: 100
addVaryHeader: true
browserXssFilter: true
contentTypeNosniff: true
customFrameOptionsValue: SAMEORIGIN
featurePolicy: "camera 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'; vibrate 'self';"
forceSTSHeader: false
frameDeny: true
hostsProxyHeaders:
- "X-Forwarded-Host"
isDevelopment: true
referrerPolicy: "origin"
stsPreload: true
stsSeconds: 315360000
tls:
options:
default:
alpnProtocols:
- h2
- http/1.1
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
minVersion: VersionTLS12
sniStrict: true
mintls13:
minVersion: VersionTLS13

48
containers/conf/traefik/dynamic/routers.yaml Executable file
View file

@ -0,0 +1,48 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
routers:
haikuatelier:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`haikuatelier.gcch.local`)
service: service-haikuatelier
tls: true
jaeger:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`jaeger.gcch.local`)
service: service-jaeger
tls: true
jaeger-http:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`jaeger-http.gcch.local`)
service: service-jaeger-http
tls: true
monitor:
entryPoints:
- websecure
rule: Host(`monitor.gcch.local`)
service: api@internal
tls: true
whoami:
entryPoints:
- websecure
rule: Host(`gcch.local`)
service: service-whoami
tls: true

24
containers/conf/traefik/dynamic/services.yaml Executable file
View file

@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
services:
service-haikuatelier:
loadBalancer:
servers:
- url: "http://proxy:80"
service-jaeger:
loadBalancer:
servers:
- url: "http://jaeger:16686"
service-jaeger-http:
loadBalancer:
servers:
- url: "http://jaeger:4318"
service-whoami:
loadBalancer:
servers:
- url: "http://whoami"

60
containers/conf/traefik/traefik.yaml Executable file
View file

@ -0,0 +1,60 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
accessLog:
# Journalise l'accès aux ressources internes.
addInternals: false
# Chemin du fichier où les journaux seront enregistrés.
bufferingSize: 100
# Format des journaux.
filePath: "/var/log/traefik/access_log.log"
# Créé un buffer de n lignes avant d'écrire les journaux. Permet de journaliser de manière asynchrone.
format: "common"
api:
# Active le tableau de bord Traefik.
dashboard: true
# Active des points d'accès de déboguage.
debug: false
# Rend l'API directement disponible sans sécurisation.
insecure: true
entryPoints:
ping:
address: ":8082"
web:
address: ":80"
http:
redirections:
entryPoint:
scheme: https
to: websecure
websecure:
address: ":443"
global:
# Vérifie la disponibilité d'une version plus récente de Traefik.
checkNewVersion: true
# Partage des données avec l'éditeur de Traefik.
sendAnonymousUsage: false
log:
filePath: "/var/log/traefik/traefik.log"
format: common
level: "INFO"
maxBackups: 0
maxSize: 100
ping:
# Nom du point d'entrée de ping.
entryPoint: "ping"
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
network: haiku-network
watch: true
file:
directory: "/etc/traefik/dynamic"
watch: true

3
containers/conf/valkey.conf Executable file
View file

@ -0,0 +1,3 @@
appendonly yes
maxmemory 1024mb
maxmemory-policy allkeys-lru

46
cspell.json
View file

@ -1,4 +1,48 @@
{ {
"dictionaries": ["fr-fr", "en-gb"], "dictionaries": ["fr-fr", "en-gb"],
"words": ["GLITCHTIP", "Vali", "fdir", "mobily", "oxlint", "valibot", "zstandard", "Eles", "logtape"] "userWords": [
"lightningcss",
"haikuatelier",
"healthcheck",
"traefik",
"innodb",
"jaegertracing",
"eilandert",
"valkey",
"somaxconn",
"woocommerce",
"Squiz",
"twentytwentyfour",
"symfony",
"phpstan",
"codesniffer",
"muplugin",
"wpautop",
"ERRMODE",
"laravel",
"multishipping",
"multiformats",
"curryfication",
"giftcard",
"taplo",
"phpactor"
],
"words": [
"GLITCHTIP",
"Vali",
"fdir",
"mobily",
"oxlint",
"valibot",
"zstandard",
"Eles",
"logtape",
"wpackagist",
"phpdotenv",
"friendsofphp",
"htmlburger",
"Crell",
"wpdb",
"classlike"
]
} }

15660
db/haiku_atelier-2025-11-03-b8ad85b.sql Normal file
View file

File diff suppressed because one or more lines are too long

18270
db/haiku_atelier-2025-12-03-c65939b.sql Normal file
View file

File diff suppressed because one or more lines are too long

17197
db/haiku_atelier-2026-01-07-486c0e1.sql Normal file
View file

File diff suppressed because one or more lines are too long

17135
db/haiku_atelier-2026-02-24-fa6557c.sql Normal file
View file

File diff suppressed because one or more lines are too long

16776
db/haiku_atelier-2026-04-01-5410760.sql Normal file
View file

File diff suppressed because one or more lines are too long

4
docs/JOURNAL.md
View file

@ -1,5 +1,9 @@
# Journal de développement # Journal de développement
## 2026-01-09
- Faire un modèle _Twig_ pour l'injection de données _JSON_ dans le _HTML_ d'une page.
## 2025-06-13 ## 2025-06-13
### Informations produit sous forme de grille ### Informations produit sous forme de grille

6
docs/TESTS.md Normal file
View file

@ -0,0 +1,6 @@
- Produits
- Aller sur tous les Produits
- La page doit correctement se charger
- Il est possible d'ajouter chaque variation au Panier
- Il n'est pas possible d'ajouter un Produit sans stock au Panier
- Le backend renvoie une erreur quand une demande d'ajout au Panier pour un Produit sans stock est malgré tout effectuée

6
docs/TODO.md
View file

@ -1,3 +1,9 @@
## 2026-02-19
- Créer un _timer_ et _service_ `systemd` adossés à un script réalisant un export de la BDD de production du site Haiku toutes les semaines dans le dossier `db` du répertoire.
---
- PAGE PANIER - PAGE PANIER
- [-] Bouton « Réinitialiser » pour les Articles - [-] Bouton « Réinitialiser » pour les Articles
- [-] Bouton « Réinitialiser » pour les Adresses - [-] Bouton « Réinitialiser » pour les Adresses

11
docs/lol/cute.ts
View file

@ -1,12 +1,5 @@
const etapes = [ const etapes = ["┌(・ω・)┘", "└(・ω・)┐", "┌(;・ω・)┘", "└(;・ω・)┐", "┌(;・ω・;)┘", "└(;・ω・;)┐"];
"┌(・ω・)┘", const assigneTexte = (texte: string): void => (ELEMENTS.BOUTON_CODE_PROMO.textContent = texte);
"└(・ω・)┐",
"┌(;・ω・)┘",
"└(;・ω・)┐",
"┌(;・ω・;)┘",
"└(;・ω・;)┐",
];
const assigneTexte = (texte: string): void => ELEMENTS.BOUTON_CODE_PROMO.textContent = texte;
let index = 0; let index = 0;
const z = {}; const z = {};
const callback = () => { const callback = () => {

122
dprint.json
View file

@ -1,122 +0,0 @@
{
"excludes": [
"**/node_modules",
"**/pnpm-lock.yaml",
"./lib/",
"web/app/languages",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/vendor"
],
"exec": {
"cacheKey": "1",
"commands": [
{ "command": "prettier --ignore-unknown --write --stdin-filepath {{file_path}}", "exts": ["php", "xml"] },
{ "command": "just --dump", "fileNames": ["justfile"], "stdin": true }
],
"cwd": "${originConfigDir}",
"indentWidth": 2,
"lineWidth": 120,
"timeout": 30,
"useTabs": false
},
"indentWidth": 2,
"json": {
"commentLine.forceSpaceAfterSlashes": true,
"indentWidth": 2,
"jsonTrailingCommaFiles": [".swcrc", "biome.jsonc", "settings.json", "tsconfig.json"],
"lineWidth": 120,
"newLineKind": "lf",
"preferSingleLine": true,
"trailingCommas": "never",
"useTabs": false
},
"lineWidth": 120,
"malva": {
"alignComments": true,
"attrValueQuotes": "always",
"blockSelectorLinebreak": "wrap",
"declarationOrder": null,
"formatComments": true,
"hexCase": "lower",
"hexColorLength": "short",
"indentWidth": 2,
"keyframeSelectorNotation": "keyword",
"lineBreak": "lf",
"linebreakInPseudoParens": true,
"omitNumberLeadingZero": false,
"operatorLinebreak": "before",
"preferSingleLine": true,
"printWidth": 100,
"quotes": "alwaysDouble",
"singleLineBlockThreshold": null,
"singleLineTopLevelDeclarations": false,
"trailingComma": false,
"useTabs": false
},
"markup": {
"closingBracketSameLine": false,
"closingTagLineBreakForEmpty": "never",
"component.selfClosing": false,
"doctypeKeywordCase": "lower",
"formatComments": true,
"html.normal.selfClosing": false,
"html.void.selfClosing": false,
"indentWidth": 2,
"lineBreak": "lf",
"maxAttrsPerLine": 1,
"printWidth": 120,
"quotes": "double",
"scriptFormatter": "dprint",
"scriptIndent": true,
"styleIndent": true,
"svg.selfClosing": true,
"useTabs": false,
"whitespaceSensitivity": "strict"
},
"newLineKind": "lf",
"plugins": [
"https://plugins.dprint.dev/typescript-0.95.8.wasm",
"https://plugins.dprint.dev/json-0.20.0.wasm",
"https://plugins.dprint.dev/markdown-0.19.0.wasm",
"https://plugins.dprint.dev/toml-0.7.0.wasm",
"https://plugins.dprint.dev/g-plane/malva-v0.12.1.wasm",
"https://plugins.dprint.dev/g-plane/markup_fmt-v0.22.0.wasm",
"https://plugins.dprint.dev/g-plane/pretty_yaml-v0.5.1.wasm",
"https://plugins.dprint.dev/exec-0.5.1.json@492414e39dea4dccc07b4af796d2f4efdb89e84bae2bd4e1e924c0cc050855bf"
],
"toml": {
"cargo.applyConventions": true,
"comment.forceLeadingSpace": true,
"indentWidth": 2,
"lineWidth": 120,
"newLineKind": "lf",
"useTabs": false
},
"typescript": {
"arrowFunction.useParentheses": "preferNone",
"conditionalExpression.operatorPosition": "nextLine",
"conditionalExpression.preferSingleLine": true,
"exportDeclaration.sortNamedExports": "maintain",
"importDeclaration.sortNamedImports": "maintain",
"module.sortExportDeclarations": "maintain",
"module.sortImportDeclarations": "maintain",
"quoteProps": "asNeeded",
"trailingCommas": "onlyMultiLine",
"useBraces": "whenNotSingleLine"
},
"yaml": {
"braceSpacing": true,
"bracketSpacing": false,
"formatComments": true,
"indentBlockSequenceInMap": true,
"indentWidth": 2,
"lineBreak": "lf",
"preferSingleLine": false,
"printWidth": 120,
"quotes": "preferDouble",
"trailingComma": true,
"trimTrailingWhitespaces": true,
"trimTrailingZero": false
}
}

89
justfile
View file

@ -1,10 +1,4 @@
set shell := ["fish", "-c"] set shell := ["fish", "-c"]
set unstable := true
cacheFolder := ".cache"
eslintCacheFile := "eslintcache"
prettierCacheFile := "prettiercache"
stylelintCacheFile := "stylelintcache"
# Recette par défaut. # Recette par défaut.
default: dev default: dev
@ -23,52 +17,57 @@ update:
# Formatte avec Prettier et dprint. # Formatte avec Prettier et dprint.
[group('qualité')] [group('qualité')]
format: format:
@echo "Formatage de l'ensemble du code avec Prettier et dprint." bun prettier \
bunx prettier \ --cache --cache-location ".cache/prettiercache" \
--cache \ --config "cfg/prettier.config.ts" \
--cache-location "{{ cacheFolder }}/{{ prettierCacheFile }}" \ --ignore-path "cfg/prettierignore" \
--ignore-unknown \ --ignore-unknown \
--write \ --parallel-workers 8 \
. --write .
dprint fmt # TwigCsFixher
-vendor/bin/twig-cs-fixer fix web/app/themes/haiku-atelier-2024/
# PhpCsFixer
-vendor/bin/php-cs-fixer fix --allow-risky yes
dprint --config "~/.config/dprint/dprint.jsonc" fmt
fish scripts/format-sort-files.fish
# Compile, minifie et optimise Sass vers CSS. # Compile, minifie et optimise Sass vers CSS.
[group('css')] [group('css')]
build-css: build-css:
@bunx sass \ @bun sass \
--update \ --update \
"web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css" "web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/main.css" -- "web/app/themes/haiku-atelier-2024/assets/css/main.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css"
@bunx lightningcss \ @bun lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \
@ -77,13 +76,12 @@ build-css:
# Compile le CSS à chaque changement de fichier. # Compile le CSS à chaque changement de fichier.
[group('css')] [group('css')]
watch-css: watch-css:
@just dev @watchexec -w "web/app/themes/haiku-atelier-2024/src/sass" -- just build-css
@watchexec -w "web/app/themes/haiku-atelier-2024/src/sass" -- just build-css reload-tab
# Compile TypeScript en JavaScript. # Compile TypeScript en JavaScript.
[group('js')] [group('js')]
build-js: build-js:
@bunx vite build @bun --bun vite build --config "cfg/vite.config.ts"
# Compile tout. # Compile tout.
[group('css')] [group('css')]
@ -96,27 +94,28 @@ build-all:
# Compile TypeScript à chaque changement de fichier. # Compile TypeScript à chaque changement de fichier.
[group('js')] [group('js')]
watch-js: watch-js:
bunx vite build --watch bun vite build --watch
# Vérifie le code TypeScript avec des analyseurs statiques. # Vérifie le code TypeScript avec des analyseurs statiques.
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-js: lint-js:
-bunx eslint "web/app/themes/haiku-atelier-2024/src/scripts" -bun eslint "web/app/themes/haiku-atelier-2024/src/scripts"
-bunx biome check --reporter=summary "web/app/themes/haiku-atelier-2024/src/scripts" bun --bun oxlint \
-bunx oxlint "web/app/themes/haiku-atelier-2024/src/scripts" --config cfg/oxlint.config.ts \
--format stylish
# Vérifie le code Sass avec Stylelint. # Vérifie le code Sass avec Stylelint.
[group('css')] [group('css')]
[group('qualité')] [group('qualité')]
lint-css: lint-css:
-bunx stylelint "web/app/themes/haiku-atelier-2024/src/sass/" --fix -bun stylelint --config "cfg/stylelint.config.ts" "web/app/themes/haiku-atelier-2024/src/sass/" --fix
# Vérifie le code TypeScript mort avec knip # Vérifie le code TypeScript mort avec knip
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-code-mort: lint-code-mort:
-bunx knip -bun knip
# Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu. # Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu.
[group('vcs')] [group('vcs')]
@ -143,3 +142,31 @@ reload-tab:
set -f WSURL (curl -s http://127.1:9222/json | fx '.[0].webSocketDebuggerUrl') set -f WSURL (curl -s http://127.1:9222/json | fx '.[0].webSocketDebuggerUrl')
set -f REQUEST '{ "id": 2, "method": "Page.reload", "params": { "ignoreCache": true, "scriptToEvaluateOnLoad": "" } }' set -f REQUEST '{ "id": 2, "method": "Page.reload", "params": { "ignoreCache": true, "scriptToEvaluateOnLoad": "" } }'
echo $REQUEST | websocat $WSURL echo $REQUEST | websocat $WSURL
# Créé l'image OCI.
[group('container')]
build-wordpress-container:
@podman build -t wordpress-haiku-atelier:latest --progress=plain --file "containers/Dockerfile" .
# Lance les services.
[group('container')]
up-services:
@podman compose up -d
# Arrête les services.
[group('container')]
down-services:
@podman compose down
# Redémarre les services.
[group('container')]
restart-services:
@podman compose restart
# Met à jour les conteneurs images des conteneurs.
[group('container')]
pull-images:
bun "scripts/pull-container-images.ts"
export_production_db:
fish "scripts/déclenche-sauvegarde-bdd-production.fish"

117532
lib/openapi3_1.json
View file

File diff suppressed because it is too large Load diff

117532
lib/wp-json-openapi.json
View file

File diff suppressed because it is too large Load diff

165064
lib/wp-json-schema.json
View file

File diff suppressed because it is too large Load diff

32
mago.toml Normal file
View file

@ -0,0 +1,32 @@
php-version = "8.5"
stack-size = 8388608
threads = 8
[source]
excludes = ["web/wp/wp-admin/includes/noop.php"]
extensions = ["php"]
includes = ["config", "vendor", "web/app/plugins", "web/vendor", "web/wp"]
paths = ["web/app/themes/haiku-atelier-2024"]
[linter]
integrations = ["wordpress"]
[linter.rules]
ambiguous-function-call = { enabled = true }
halstead = { effort-threshold = 7000 }
literal-named-argument = { enabled = false }
no-redundant-readonly = { enabled = true }
no-redundant-use = { enabled = true }
no-variable-variable = { enabled = true }
[analyzer]
allow-possibly-undefined-array-keys = true
analyze-dead-code = true
check-arrow-function-missing-type-hints = true
check-closure-missing-type-hints = true
check-missing-type-hints = true
check-throws = true
find-unused-definitions = true
find-unused-expressions = true
perform-heuristic-checks = true
strict-list-index-checks = true

99
package.json
View file

@ -7,64 +7,61 @@
"license": "ISC", "license": "ISC",
"main": "index.js", "main": "index.js",
"keywords": [], "keywords": [],
"scripts": { "knip": "knip" }, "scripts": {
"knip": "knip"
},
"dependencies": { "dependencies": {
"@logtape/logtape": "^1.0.2",
"@mobily/ts-belt": "v4.0.0-rc.5", "@mobily/ts-belt": "v4.0.0-rc.5",
"@sentry/browser": "^9.34.0", "@sentry/browser": "^10.47.0",
"a11y-dialog": "^8.1.4", "a11y-dialog": "^8.1.4",
"chalk": "^5.4.1", "effect": "^3.21.0",
"lit-html": "^3.3.0", "lit-html": "^3.3.1",
"loglevel": "^1.9.2",
"loglevel-plugin-prefix": "^0.8.4",
"optics-ts": "^2.4.1",
"purify-ts": "2.1.2", "purify-ts": "2.1.2",
"ts-pattern": "^5.7.1", "ts-pattern": "^5.9.0",
"valibot": "1.1.0" "valibot": "1.1.0"
}, },
"devDependencies": { "devDependencies": {
"@biomejs/biome": "^2.0.6", "@effect/language-service": "^0.84.2",
"@cspell/dict-fr-fr": "^2.3.0", "@gcch/configuration-eslint": "git+https://git.gcch.fr/gcch/configuration-eslint#62ee424274",
"@eslint/js": "^9.30.1", "@gcch/configuration-oxlint": "git+https://git.gcch.fr/gcch/configuration-oxlint#c53b1c1f78",
"@playwright/test": "^1.53.2", "@gcch/configuration-prettier": "git+https://git.gcch.fr/gcch/configuration-prettier#8de937e801",
"@prettier/plugin-php": "^0.22.4", "@playwright/test": "^1.59.0",
"@prettier/plugin-xml": "^3.4.1", "@sentry/core": "^10.47.0",
"@sentry/core": "^9.34.0", "@types/bun": "^1.3.11",
"@swc/cli": "0.7.7", "@types/node": "^25.5.0",
"@types/eslint__js": "^9.14.0", "@vitejs/plugin-legacy": "^8.0.1",
"@types/node": "^24.0.10", "better-typescript-lib": "^2.12.0",
"@vitejs/plugin-legacy": "^7.0.0", "browserslist": "^4.28.2",
"better-typescript-lib": "^2.11.0", "caniuse-lite": "^1.0.30001784",
"browserslist": "^4.25.1", "eslint": "^10.1.0",
"eslint": "^9.30.1", "eslint-plugin-functional": "^9.0.4",
"eslint-plugin-oxlint": "^1.5.0", "eslint-plugin-jsx-a11y": "^6.10.2",
"eslint-plugin-perfectionist": "^4.15.0", "eslint-plugin-oxlint": "^1.58.0",
"fdir": "^6.4.6", "eslint-plugin-perfectionist": "^5.7.0",
"globals": "^16.3.0", "eslint-plugin-sonarjs": "^4.0.2",
"knip": "^5.61.3", "fdir": "^6.5.0",
"lightningcss-cli": "^1.30.1", "globals": "^17.4.0",
"oxlint": "^1.5.0", "jiti": "^2.6.1",
"picomatch": "^4.0.2", "knip": "^6.1.1",
"playwright": "^1.53.2", "lightningcss": "^1.32.0",
"prettier": "^3.6.2", "lightningcss-cli": "^1.32.0",
"prettier-plugin-pkg": "^0.21.1", "oxlint": "^1.58.0",
"oxlint-tsgolint": "^0.19.0",
"playwright": "^1.59.0",
"prettier": "^3.8.1",
"prettier-plugin-pkg": "^0.22.1",
"prettier-plugin-sh": "^0.18.0", "prettier-plugin-sh": "^0.18.0",
"sass-embedded": "^1.89.2", "sass-embedded": "^1.98.0",
"stylelint": "^16.21.1", "stylelint": "^17.6.0",
"stylelint-config-clean-order": "^7.0.0", "stylelint-config-clean-order": "^8.0.1",
"stylelint-config-sass-guidelines": "^12.1.0", "stylelint-config-sass-guidelines": "^13.0.0",
"stylelint-config-standard-scss": "^15.0.1", "stylelint-config-standard-scss": "^17.0.0",
"stylelint-declaration-block-no-ignored-properties": "^2.8.0", "stylelint-declaration-block-no-ignored-properties": "^3.0.0",
"stylelint-plugin-logical-css": "^1.2.3", "stylelint-plugin-logical-css": "^2.1.0",
"typescript": "5.8.3", "typescript": "6.0.2",
"typescript-eslint": "^8.35.1", "typescript-eslint": "^8.48.1",
"vite": "^7.0.2", "vite": "^8.0.3",
"vite-plugin-compression2": "^2.2.0", "vite-tsconfig-paths": "^6.1.1"
"vite-plugin-manifest-sri": "^0.2.0",
"vite-plugin-node-polyfills": "^0.23.0",
"vite-plugin-valibot-env": "^1.0.1",
"vite-tsconfig-paths": "^5.1.4",
"wp-types": "^4.68.1"
}, },
"browserslist": [ "browserslist": [
"chrome >0 and last 3 years", "chrome >0 and last 3 years",
@ -79,5 +76,5 @@
"entry": ["web/app/themes/haiku-atelier-2024/src/scripts/*.ts"], "entry": ["web/app/themes/haiku-atelier-2024/src/scripts/*.ts"],
"project": ["web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"] "project": ["web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"]
}, },
"trustedDependencies": ["@biomejs/biome", "@parcel/watcher", "@swc/core", "core-js", "esbuild", "lightningcss-cli"] "trustedDependencies": ["@parcel/watcher", "core-js"]
} }

492
phpactor.schema.json Normal file
View file

@ -0,0 +1,492 @@
{
"$schema": "https:\/\/json-schema.org\/draft-07\/schema",
"properties": {
"$schema": {
"default": "",
"description": "Path to JSON schema, which can be used for config autocompletion, use phpactor config:initialize to update"
},
"behat.config_path": {
"default": "%project_root%\/behat.yml",
"description": "Path to the main behat.yml (including the filename behat.yml)"
},
"behat.symfony.di_xml_path": {
"description": "If using Symfony, set this path to the XML container dump to find contexts which are defined as services"
},
"class_to_file.brute_force_conversion": {
"default": true,
"description": "If composer not found, fallback to scanning all files (very time consuming depending on project size)"
},
"class_to_file.project_root": {
"default": "%project_root%",
"description": "Root path of the project (e.g. where composer.json is)"
},
"code_transform.class_new.variants": {
"default": [],
"description": "Variants which should be suggested when class-create is invoked"
},
"code_transform.import_globals": {
"default": false,
"description": "Import functions even if they are in the global namespace"
},
"code_transform.indentation": {
"default": " ",
"description": "Indentation chars to use in code generation and transformation"
},
"code_transform.refactor.generate_accessor.prefix": {
"default": "",
"description": "Prefix to use for generated accessors"
},
"code_transform.refactor.generate_accessor.upper_case_first": {
"default": false,
"description": "If the first letter of a generated accessor should be made uppercase"
},
"code_transform.refactor.generate_mutator.fluent": {
"default": false,
"description": "If the mutator should be fluent"
},
"code_transform.refactor.generate_mutator.prefix": {
"default": "set",
"description": "Prefix to use for generated mutators"
},
"code_transform.refactor.generate_mutator.upper_case_first": {
"default": true,
"description": "If the first letter of a generated mutator should be made uppercase"
},
"code_transform.refactor.object_fill.hint": {
"default": true,
"description": "Object fill refactoring: show hint as a comment"
},
"code_transform.refactor.object_fill.named_parameters": {
"default": true,
"description": "Object fill refactoring: use named parameters"
},
"code_transform.template_paths": {
"default": ["%project_config%\/templates", "%config%\/templates"],
"description": "Paths in which to look for code templates"
},
"command": { "description": "Internal use only - name of the command which was executed" },
"completion.dedupe": { "default": true, "description": "If results should be de-duplicated" },
"completion.dedupe_match_fqn": {
"default": true,
"description": "If ``completion.dedupe``, consider the class FQN in addition to the completion suggestion"
},
"completion.label_formatter": {
"default": "helpful",
"description": "Definition of how to format entries in the completion list",
"enum": ["helpful", "fqn"]
},
"completion.limit": { "description": "Sets a limit on the number of completion suggestions for any request" },
"completion_worse.completor.attribute.enabled": {
"default": true,
"description": "Enable or disable the ``attribute`` completor.\n\nCompletion for attribute class names."
},
"completion_worse.completor.class.limit": {
"default": 100,
"description": "Suggestion limit for the filesystem based SCF class_completor"
},
"completion_worse.completor.class_like.enabled": {
"default": true,
"description": "Enable or disable the ``class_like`` completor.\n\nCompletion for class like contexts."
},
"completion_worse.completor.class_member.enabled": {
"default": true,
"description": "Enable or disable the ``class_member`` completor.\n\nCompletion for class members."
},
"completion_worse.completor.constant.enabled": { "default": false, "description": null },
"completion_worse.completor.constructor.enabled": {
"default": true,
"description": "Enable or disable the ``constructor`` completor.\n\nCompletion for constructors."
},
"completion_worse.completor.declared_class.enabled": {
"default": true,
"description": "Enable or disable the ``declared_class`` completor.\n\nCompletion for classes defined in the Phpactor runtime."
},
"completion_worse.completor.declared_constant.enabled": {
"default": true,
"description": "Enable or disable the ``declared_constant`` completor.\n\nCompletion for constants defined in the Phpactor runtime."
},
"completion_worse.completor.declared_function.enabled": {
"default": true,
"description": "Enable or disable the ``declared_function`` completor.\n\nCompletion for functions defined in the Phpactor runtime."
},
"completion_worse.completor.docblock.enabled": {
"default": true,
"description": "Enable or disable the ``docblock`` completor.\n\nDocblock completion."
},
"completion_worse.completor.doctrine_annotation.enabled": {
"default": true,
"description": "Enable or disable the ``doctrine_annotation`` completor.\n\nCompletion for annotations provided by the Doctrine annotation library."
},
"completion_worse.completor.expression_name_search.enabled": {
"default": true,
"description": "Enable or disable the ``expression_name_search`` completor.\n\nCompletion for class names, constants and functions at expression positions that are located in the index."
},
"completion_worse.completor.imported_names.enabled": {
"default": true,
"description": "Enable or disable the ``imported_names`` completor.\n\nCompletion for names imported into the current namespace."
},
"completion_worse.completor.keyword.enabled": {
"default": true,
"description": "Enable or disable the ``keyword`` completor.\n\nCompletion for keywords (not very accurate)."
},
"completion_worse.completor.local_variable.enabled": {
"default": true,
"description": "Enable or disable the ``local_variable`` completor.\n\nCompletion for local variables."
},
"completion_worse.completor.named_parameter.enabled": {
"default": true,
"description": "Enable or disable the ``named_parameter`` completor.\n\nCompletion for named parameters."
},
"completion_worse.completor.scf_class.enabled": {
"default": true,
"description": "Enable or disable the ``scf_class`` completor.\n\nBrute force completion for class names (not recommended)."
},
"completion_worse.completor.subscript.enabled": {
"default": true,
"description": "Enable or disable the ``subscript`` completor.\n\nCompletion for subscript (array access from array shapes)."
},
"completion_worse.completor.symfony.enabled": {
"default": true,
"description": "Enable\/disable the Symfony completor - depends on Symfony extension being enabled"
},
"completion_worse.completor.type.enabled": {
"default": true,
"description": "Enable or disable the ``type`` completor.\n\nCompletion for scalar types."
},
"completion_worse.completor.use.enabled": {
"default": true,
"description": "Enable or disable the ``use`` completor.\n\nCompletion for use imports."
},
"completion_worse.completor.worse_parameter.enabled": {
"default": true,
"description": "Enable or disable the ``worse_parameter`` completor.\n\nCompletion for method or function parameters."
},
"completion_worse.debug": { "default": false, "description": "Include debug info in completion results" },
"completion_worse.experimantal": { "default": false, "description": "Enable experimental functionality" },
"completion_worse.name_completion_priority": {
"default": "proximity",
"description": "Strategy to use when ordering completion results for classes and functions:\n\n- `proximity`: Classes and functions will be ordered by their proximity to the text document being edited.\n- `none`: No ordering will be applied."
},
"completion_worse.snippets": { "default": true, "description": "Enable or disable completion snippets" },
"composer.autoload_deregister": {
"default": true,
"description": "Immediately de-register the autoloader once it has been included (prevent conflicts with Phpactor's autoloader). Some platforms may require this to be disabled"
},
"composer.autoloader_path": {
"default": "%project_root%\/vendor\/autoload.php",
"description": "Path to project's autoloader, can be an array"
},
"composer.class_maps_only": {
"default": true,
"description": "Register the composer class maps only, do not register the autoloader - RECOMMENDED"
},
"composer.enable": {
"default": true,
"description": "Include of the projects autoloader to facilitate class location. Note that when including an autoloader code _may_ be executed. This option may be disabled when using the indexer"
},
"console.decorated": {
"description": "Whether to decorate messages (null for auto-guessing)",
"enum": [true, false, null]
},
"console.verbosity": { "default": 32, "description": "Verbosity level", "enum": [16, 32, 64, 128, 256] },
"console_dumper_default": {
"default": "indented",
"description": "Name of the \"dumper\" (renderer) to use for some CLI commands"
},
"core.min_memory_limit": {
"default": 1610612736,
"description": "Ensure that PHP has a memory_limit of at least this amount in bytes"
},
"file_path_resolver.app_name": { "default": "phpactor", "description": null },
"file_path_resolver.application_root": { "description": null },
"file_path_resolver.enable_cache": { "default": true, "description": null },
"file_path_resolver.enable_logging": { "default": true, "description": null },
"file_path_resolver.project_root": { "default": "\/opt\/phpactor", "description": null },
"indexer.buffer_time": {
"default": 500,
"description": "For real-time indexers only: the time, in milliseconds, to buffer the results",
"type": ["integer"]
},
"indexer.enabled_watchers": {
"default": ["inotify", "watchman", "find", "php"],
"description": "List of allowed watchers. The first watcher that supports the current system will be used",
"type": ["object"]
},
"indexer.exclude_patterns": {
"default": ["\/vendor\/**\/Tests\/**\/*", "\/vendor\/**\/tests\/**\/*", "\/vendor\/composer\/**\/*"],
"description": "Glob patterns to exclude while indexing",
"type": ["object"]
},
"indexer.follow_symlinks": {
"default": false,
"description": "To allow indexer to follow symlinks",
"type": ["boolean"]
},
"indexer.implementation_finder.deep": {
"default": true,
"description": "Recurse over class implementations to resolve all class implementations (not just the classes directly implementing the subject)",
"type": ["boolean"]
},
"indexer.include_patterns": {
"default": ["\/**\/*.php", "\/**\/*.phar"],
"description": "Glob patterns to include while indexing",
"type": ["object"]
},
"indexer.index_path": {
"default": "%cache%\/index\/%project_id%",
"description": "Path where the index should be saved",
"type": ["string"]
},
"indexer.poll_time": {
"default": 5000,
"description": "For polling indexers only: the time, in milliseconds, between polls (e.g. filesystem scans)",
"type": ["integer"]
},
"indexer.project_root": {
"default": "%project_root%",
"description": "The root path to use for scanning the index",
"type": ["string"]
},
"indexer.reference_finder.deep": {
"default": true,
"description": "Recurse over class implementations to resolve all references",
"type": ["boolean"]
},
"indexer.stub_paths": {
"default": [],
"description": "Paths to external folders to index. They will be indexed only once, if you want to take any changes into account you will have to reindex your project manually.",
"type": ["object"]
},
"indexer.supported_extensions": {
"default": ["php", "phar"],
"description": "File extensions (e.g. `php`) for files that should be indexed",
"type": ["object"]
},
"language_server.catch_errors": { "default": true, "description": null },
"language_server.diagnostic_exclude_paths": {
"default": [],
"description": "List of paths to exclude from diagnostics, e.g. `vendor\/**\/*`"
},
"language_server.diagnostic_outsource": {
"default": true,
"description": "If applicable diagnostics should be \"outsourced\" to a different process"
},
"language_server.diagnostic_outsource_timeout": {
"default": 5,
"description": "Kill the diagnostics process if it outlives this timeout"
},
"language_server.diagnostic_providers": {
"description": "Specify which diagnostic providers should be active (default to all)"
},
"language_server.diagnostic_sleep_time": {
"default": 1000,
"description": "Amount of time to wait before analyzing the code again for diagnostics"
},
"language_server.diagnostics_on_open": {
"default": true,
"description": "Perform diagnostics when opening a text document"
},
"language_server.diagnostics_on_save": {
"default": true,
"description": "Perform diagnostics when the text document is saved"
},
"language_server.diagnostics_on_update": {
"default": true,
"description": "Perform diagnostics when the text document is updated"
},
"language_server.enable_workspace": {
"default": true,
"description": "If workspace management \/ text synchronization should be enabled (this isn't required for some language server implementations, e.g. static analyzers)"
},
"language_server.file_event_globs": { "default": ["**\/*.php"], "description": null },
"language_server.file_events": { "default": true, "description": "Register to receive file events" },
"language_server.method_alias_map": {
"default": [],
"description": "Allow method names to be re-mapped. Useful for maintaining backwards compatibility"
},
"language_server.phpactor_bin": {
"default": "\/opt\/phpactor\/lib\/Extension\/LanguageServer\/..\/..\/..\/bin\/phpactor",
"description": "Internal use only - name path to Phpactor binary"
},
"language_server.profile": { "default": false, "description": "Logs timing information for incoming LSP requests" },
"language_server.self_destruct_timeout": {
"default": 2500,
"description": "Wait this amount of time (in milliseconds) after a shutdown request before self-destructing"
},
"language_server.session_parameters": {
"default": [],
"description": "Phpactor parameters (config) that apply only to the language server session"
},
"language_server.shutdown_grace_period": {
"default": 200,
"description": "Amount of time (in milliseconds) to wait before responding to a shutdown notification"
},
"language_server.trace": {
"default": false,
"description": "Log incoming and outgoing messages (needs log formatter to be set to ``json``)"
},
"language_server_code_transform.import_globals": {
"default": false,
"description": "Show hints for non-imported global classes and functions"
},
"language_server_code_transform.import_name.report_non_existing_names": {
"default": true,
"description": "Show an error if a diagnostic name cannot be resolved - can produce false positives"
},
"language_server_completion.trim_leading_dollar": {
"default": false,
"description": "If the leading dollar should be trimmed for variable completion suggestions"
},
"language_server_configuration.auto_config": {
"default": true,
"description": "Prompt to enable extensions which apply to your project on language server start",
"type": ["boolean"]
},
"language_server_indexer.reindex_timeout": {
"default": 300,
"description": "Unconditionally reindex modified files every N seconds"
},
"language_server_indexer.workspace_symbol_search_limit": { "default": 250, "description": null },
"language_server_php_cs_fixer.bin": {
"default": "%project_root%\/vendor\/bin\/php-cs-fixer",
"description": "Path to the php-cs-fixer executable"
},
"language_server_php_cs_fixer.config": {
"description": "Set custom PHP CS config path. Ex., %project_root%\/.php-cs-fixer.php"
},
"language_server_php_cs_fixer.env": {
"default": { "PHP_CS_FIXER_IGNORE_ENV": true, "XDEBUG_MODE": "off" },
"description": "Environment for PHP CS Fixer (e.g. to set PHP_CS_FIXER_IGNORE_ENV)"
},
"language_server_php_cs_fixer.show_diagnostics": {
"default": true,
"description": "Whether PHP CS Fixer diagnostics are shown"
},
"language_server_phpstan.bin": {
"default": "%project_root%\/vendor\/bin\/phpstan",
"description": "Path to the PHPStan executable"
},
"language_server_phpstan.config": { "description": "Override the PHPStan configuration file" },
"language_server_phpstan.level": { "description": "Override the PHPStan level" },
"language_server_phpstan.mem_limit": { "description": "Override the PHPStan memory limit" },
"language_server_psalm.bin": {
"default": "%project_root%\/vendor\/bin\/psalm",
"description": "Path to psalm if different from vendor\/bin\/psalm",
"type": ["string"]
},
"language_server_psalm.error_level": {
"description": "Override level at which Psalm should report errors (lower => more errors)"
},
"language_server_psalm.show_info": {
"default": true,
"description": "If infos from psalm should be displayed",
"type": ["boolean"]
},
"language_server_psalm.threads": {
"default": 1,
"description": "Set the number of threads Psalm should use. Warning: NULL will use as many as possible and may crash your computer",
"type": ["integer"]
},
"language_server_psalm.timeout": {
"default": 15,
"description": "Kill the psalm process after this number of seconds",
"type": ["integer"]
},
"language_server_psalm.use_cache": {
"default": true,
"description": "If the Psalm cache should be used (see the `--no-cache` option)",
"type": ["boolean"]
},
"language_server_reference_reference_finder.reference_timeout": {
"default": 60,
"description": "Stop searching for references after this time (in seconds) has expired"
},
"language_server_worse_reflection.diagnostics.enable": { "default": true, "description": "Enable diagnostics" },
"language_server_worse_reflection.inlay_hints.enable": {
"default": false,
"description": "Enable inlay hints (experimental)"
},
"language_server_worse_reflection.inlay_hints.params": {
"default": true,
"description": "Show inlay hints for parameters"
},
"language_server_worse_reflection.inlay_hints.types": {
"default": false,
"description": "Show inlay type hints for variables"
},
"language_server_worse_reflection.workspace_index.update_interval": {
"default": 100,
"description": "Minimum interval to update the workspace index as documents are updated (in milliseconds)"
},
"logger.name": { "default": "logger", "description": null, "type": ["string"] },
"logging.enabled": { "default": false, "description": null, "type": ["boolean"] },
"logging.fingers_crossed": { "default": false, "description": null, "type": ["boolean"] },
"logging.formatter": { "description": null },
"logging.level": {
"default": "warning",
"description": null,
"enum": ["emergency", "alert", "critical", "error", "warning", "notice", "info", "debug"],
"type": ["string"]
},
"logging.path": { "default": "application.log", "description": null, "type": ["string"] },
"navigator.autocreate": { "default": [], "description": null },
"navigator.destinations": { "default": [], "description": null },
"object_renderer.template_paths.markdown": {
"default": ["%project_config%\/templates\/markdown", "%config%\/templates\/markdown"],
"description": "Paths in which to look for templates for hover information."
},
"php.version": {
"description": "Consider this value to be the project\\'s version of PHP (e.g. `7.4`). If omitted\nit will check `composer.json` (by the configured platform then the PHP requirement) before\nfalling back to the PHP version of the current process."
},
"php_code_sniffer.args": { "default": [], "description": "Additional arguments to pass to the PHPCS process" },
"php_code_sniffer.bin": {
"default": "%project_root%\/vendor\/bin\/phpcs",
"description": "Path to the phpcs executable"
},
"php_code_sniffer.cwd": { "description": "Working directory for PHPCS" },
"php_code_sniffer.env": {
"default": { "XDEBUG_MODE": "off" },
"description": "Environment for PHP_CodeSniffer (e.g. to set XDEBUG_MODE)"
},
"php_code_sniffer.show_diagnostics": {
"default": true,
"description": "Whether PHP_CodeSniffer diagnostics are shown"
},
"public_services_only": {
"default": false,
"description": "Only consider public services when providing analysis for the service locator"
},
"rpc.replay_path": { "default": "%cache%\/replay.json", "description": "Path where the replays should be stored" },
"rpc.store_replay": { "default": false, "description": "Should replays be stored?" },
"source_code_filesystem.project_root": { "default": "%project_root%", "description": null },
"symfony.xml_path": {
"default": "%project_root%\/var\/cache\/dev\/App_KernelDevDebugContainer.xml",
"description": "Path to the Symfony container XML dump file"
},
"worse_reflection.cache_dir": {
"default": "%cache%\/worse-reflection",
"description": "Cache directory for stubs"
},
"worse_reflection.cache_lifetime": {
"default": 1,
"description": "If caching is enabled, limit the amount of time a cache entry can stay alive"
},
"worse_reflection.diagnostics.undefined_variable.suggestion_levenshtein_disatance": {
"default": 4,
"description": "Levenshtein distance to use when suggesting corrections for variable names",
"type": ["integer"]
},
"worse_reflection.enable_cache": { "default": true, "description": "If reflection caching should be enabled" },
"worse_reflection.enable_context_location": {
"default": true,
"description": "If source code is passed to a ``Reflector`` then temporarily make it available as a\nsource location. Note this should NOT be enabled if the source code can be\nlocated in another (e.g. when running a Language Server)"
},
"worse_reflection.stub_dir": {
"default": "%application_root%\/vendor\/jetbrains\/phpstorm-stubs",
"description": "Location of the core PHP stubs - these will be scanned and cached on the first request"
},
"xdebug_disable": { "default": true, "description": "If XDebug should be automatically disabled" }
},
"title": "Phpactor Configuration Schema",
"type": "object"
}

58
phpcs.xml
View file

@ -1,58 +0,0 @@
<?xml version="1.0"?>
<ruleset name="Roots">
<description>Roots Coding Standards</description>
<!-- Scan all files in directory -->
<file>.</file>
<!-- Scan only PHP files -->
<arg
name="extensions"
value="php"
/>
<!-- Ignore WordPress and Composer dependencies -->
<exclude-pattern>web/wp</exclude-pattern>
<exclude-pattern>web/app/themes/twentytwentyfour/</exclude-pattern>
<exclude-pattern>vendor/</exclude-pattern>
<!-- Show colors in console -->
<arg value="-colors" />
<!-- Show sniff codes in all reports -->
<arg value="ns" />
<!-- Use PSR-2 as a base -->
<rule ref="PSR2" />
<!-- Désactivate certaines règles -->
<rule ref="Generic">
<exclude name="Generic.Arrays.DisallowShortArraySyntax.Found" />
<exclude name="Generic.Files.EndFileNoNewline.Found" />
<exclude name="Generic.Files.LowercasedFilename.NotFound" />
<exclude name="Generic.Functions.OpeningFunctionBraceBsdAllman.BraceOnSameLine" />
<exclude name="Generic.NamingConventions.CamelCapsFunctionName.NotCamelCaps" />
<exclude name="Generic.NamingConventions.CamelCapsFunctionName.ScopeNotCamelCaps" />
<exclude name="Generic.PHP.ClosingPHPTag.NotFound" />
<exclude name="Generic.PHP.UpperCaseConstant.Found" />
<exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed" />
<exclude name="Generic.WhiteSpace.ScopeIndent.Incorrect" />
<exclude name="Generic.WhiteSpace.ScopeIndent.IncorrectExact" />
</rule>
<rule ref="PSR1">
<exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps" />
</rule>
<rule ref="PSR2">
<exclude name="PSR2.Classes.ClassDeclaration.OpenBraceNewLine" />
</rule>
<rule ref="Squiz">
<exclude name="Squiz.Commenting.ClosingDeclarationComment.Missing" />
<exclude name="Squiz.Commenting.InlineComment.InvalidEndChar" />
<exclude name="Squiz.Functions.MultiLineFunctionDeclaration.BraceOnSameLine" />
<exclude name="Squiz.NamingConventions.ValidFunctionName.NotCamelCaps" />
<exclude name="Squiz.NamingConventions.ValidVariableName.NotCamelCaps" />
<exclude name="Squiz.Strings.DoubleQuoteUsage.NotRequired" />
<exclude name="Squiz.WhiteSpace.FunctionClosingBraceSpace.SpacingBeforeClose" />
<exclude name="Squiz.WhiteSpace.FunctionSpacing.After" />
</rule>
</ruleset>

61
phpstan.neon
View file

@ -1,12 +1,51 @@
# Utilise la version de développement de PHPStan
includes:
- phar://phpstan.phar/conf/bleedingEdge.neon
parameters: parameters:
level: 6 # When set to true, it reports use of dynamic properties as undefined.
paths: checkDynamicProperties: true
- web/app/themes/haiku-atelier-2024 checkExplicitMixedMissingReturn: true
scanDirectories: # When set to true, it reports function and method calls with incorrect name case.
- vendor checkFunctionNameCase: true
- web/app/plugins # When set to true, it reports references to built-in classes with incorrect name case.
- web/vendor checkInternalClassCaseSensitivity: true
- web/wp # When set to true, it reports return typehints that could be narrowed down because some of the listed types are never returned from a public or protected method.
typeAliases: checkTooWideReturnTypesInProtectedAndPublicMethods: true
InformationsProduitShop: 'array{id: int, nom: string, prix: string, photo_repos: string, photo_survol: string, url: string}' # When set to true, it reports properties with native types that werent initialized in the class constructor.
InformationsVariation: 'array{id: int, titre: string, prix: string}' checkUninitializedProperties: false
reportUnmatchedIgnoredErrors: false
# When set to true, it reports violations of parameter type contravariance and return type covariance.
reportMaybesInMethodSignatures: true
# By default PHPStan reports wrong type in @var tag only for native types on the right side of =. With reportWrongPhpDocTypeInVarTag set to true it will consider PHPDoc types too.
reportWrongPhpDocTypeInVarTag: true
# Setting treatPhpDocTypesAsCertain to false relaxes some of the rules around type-checking.
treatPhpDocTypesAsCertain: true
parallel:
jobSize: 20
maximumNumberOfProcesses: 32
minimumNumberOfJobsPerProcess: 2
level: max
scanDirectories:
- config
- vendor
- web/app
- web/vendor
- web/wp
scanFiles:
- .php-cs-fixer.dist.php
- web/index.php
- web/wp-config.php
paths:
- web/app/themes/haiku-atelier-2024
excludePaths:
analyseAndScan:
- web/app/db.php (?)
- web/app/languages
- web/app/themes/twentytwentyfour

92
playwright.config.ts
View file

@ -1,92 +0,0 @@
import { defineConfig, devices } from "@playwright/test";
/**
* Read environment variables from file.
* https://github.com/motdotla/dotenv
*/
// import dotenv from 'dotenv';
// import path from 'path';
// dotenv.config({ path: path.resolve(__dirname, '.env') });
/**
* See https://playwright.dev/docs/test-configuration.
*/
export default defineConfig({
testDir: "./tests",
/* Run tests in files in parallel */
fullyParallel: true,
/* Fail the build on CI if you accidentally left test.only in the source code. */
forbidOnly: !!process.env.CI,
/* Retry on CI only */
retries: process.env.CI ? 2 : 0,
/* Opt out of parallel tests on CI. */
workers: process.env.CI ? 1 : undefined,
/* Reporter to use. See https://playwright.dev/docs/test-reporters */
reporter: "list",
/* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
use: {
/* Base URL to use in actions like `await page.goto('/')`. */
// baseURL: 'http://localhost:3000',
/* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
trace: "on-first-retry",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../certs/_wildcard.gcch.local.pem",
keyPath: "../certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
},
/* Configure projects for major browsers */
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-chromium-1536",
use: { ...devices["Desktop Chrome"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-chromium-1366",
use: { ...devices["Desktop Chrome"], viewport: { width: 1366, height: 768 } },
},
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-firefox-1536",
use: { ...devices["Desktop Firefox"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-firefox-1366",
use: { ...devices["Desktop Firefox"], viewport: { width: 1366, height: 768 } },
},
{
name: "tablet-chromium-portrait",
use: { ...devices["Galaxy Tab S9"] },
},
{
name: "tablet-chromium-landscape",
use: { ...devices["Galaxy Tab S9 landscape"] },
},
{
name: "mobile-chromium-portrait",
use: { ...devices["Pixel 7"] },
},
{
name: "mobile-chromium-landscape",
use: { ...devices["Pixel 7 landscape"] },
},
],
/* Run your local dev server before starting the tests */
// webServer: {
// command: 'npm run start',
// url: 'http://localhost:3000',
// reuseExistingServer: !process.env.CI,
// },
});

56
prettier.config.js
View file

@ -1,56 +0,0 @@
/** @type {import("prettier").Config} */
export default {
arrowParens: "avoid",
bracketSameLine: false,
bracketSpacing: true,
embeddedLanguageFormatting: "auto",
endOfLine: "lf",
experimentalTernaries: true,
htmlWhitespaceSensitivity: "ignore",
overrides: [
// Pour les fichiers PHP sans HTML
{
files: ["*.php"],
options: {
braceStyle: "1tbs",
parser: "php",
phpVersion: "8.2",
plugins: ["@prettier/plugin-php"],
trailingCommaPHP: true,
},
},
// Pour les fichiers XML
{
files: ["*.xml"],
options: {
bracketSameLine: false,
parser: "xml",
plugins: ["@prettier/plugin-xml"],
printWidth: 120,
singleAttributePerLine: true,
tabWidth: 2,
xmlQuoteAttributes: "double",
xmlSelfClosingSpace: true,
xmlSortAttributesByKey: true,
xmlWhitespaceSensitivity: "strict",
},
},
// package.json
{
files: ["package.json"],
options: {
plugins: ["prettier-plugin-pkg"],
},
},
],
plugins: ["prettier-plugin-sh"],
printWidth: 120,
proseWrap: "never",
quoteProps: "as-needed",
semi: true,
singleAttributePerLine: true,
singleQuote: false,
tabWidth: 2,
trailingComma: "all",
useTabs: false,
};

25
psalm.xml
View file

@ -1,25 +0,0 @@
<?xml version="1.0"?>
<psalm
xmlns="https://getpsalm.org/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
autoloader="web/wp-config.php"
errorLevel="4"
findUnusedBaselineEntry="true"
findUnusedCode="true"
resolveFromConfigFile="true"
>
<projectFiles>
<directory name="config" />
<directory name="web" />
<ignoreFiles>
<directory name="vendor" />
</ignoreFiles>
</projectFiles>
<plugins>
<pluginClass class="PsalmWordPress\Plugin">
<useDefaultStubs value="false" />
</pluginClass>
</plugins>
</psalm>

7
scripts/SCRIPT.fish
View file

@ -1,7 +0,0 @@
#!/usr/bin/fish
for image in *.png
gm convert -resize 1000 $image ok-$image.png
end
flaca -p *

19
scripts/SUBSET.fish
View file

@ -1,19 +0,0 @@
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--flavor=woff2 \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.woff2" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.ttf" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli

68
scripts/convertis-images.fish Executable file
View file

@ -0,0 +1,68 @@
#!/usr/bin/fish
for jpg in **/*.{jpg,jpeg}
echo $jpg
set -f avif (path change-extension 'avif' "$jpg")
set -f jxl (path change-extension 'jxl' "$jpg")
set -f png (path change-extension 'png' "$jpg")
set -f dimensions (magick identify -format "%w-%h" $jpg)
set -f dimensions (string split "-" $dimensions)
if test $dimensions[1] -eq 1920 || test $dimensions[2] -eq 1920
set -f a_bonnes_dimensions true
else
set -f a_bonnes_dimensions false
end
if test -e $avif && test -e $jxl
echo -e "\tAll there."
continue
end
magick "$jpg" -resize 1920x1920\> "$png" >/dev/null
if ! test -e $jxl
if test $a_bonnes_dimensions = false
cjxl \
--allow_jpeg_reconstruction=1 \
--brotli_effort=11 \
--container=1 \
--effort=9 \
--lossless_jpeg=1 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
djxl \
--num_threads=-1 \
$jxl $jpg &>/dev/null
end
cjxl \
--allow_jpeg_reconstruction=0 \
--brotli_effort=11 \
--container=1 \
--effort=10 \
--quality=70 \
--lossless_jpeg=0 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
echo -e "\t$jxl"
set -f avif (path change-extension 'avif' "$jpg")
if ! test -e $avif
avifenc \
-q 70 \
-s 0 \
-c aom \
-y 420 \
"$png" "$avif" &>/dev/null
echo -e "\t$avif"
end
rm $png
end
end

4
scripts/déclenche-sauvegarde-bdd-production.fish Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/fish
ssh ade -- fish /srv/haikuatelier.com/scripts/sauvegarde-bdd-production.fish
rclone copy --check-first --progress --multi-thread-streams 8 ade:/srv/haikuatelier.com/db /home/gcch/Répertoires/git.gcch.fr/gcch/haiku-atelier-2024/db

12
scripts/format-sort-files.fish Executable file
View file

@ -0,0 +1,12 @@
#!/usr/bin/fish
set -f fichiers_toml (fd --glob "*.toml")
set -f fichiers_angie (fd --glob "*.conf" containers/conf/angie)
for toml in $fichiers_toml
tombi format "$toml"
end
for angie in $angie
nginxfmt "$angie"
end

Some files were not shown because too many files have changed in this diff Show more