gcch/haiku-atelier-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: gcch:5f332f4068eccbda66e41705240002ad7e46b2b2
Branches Tags
gcch:principale
gcch:wip-effect
gcch:production
gcch:gleam
..
compare: gcch:445593c4b803d5639edfed4278703945ea596faf
Branches Tags
gcch:wip-effect
gcch:production
gcch:principale
gcch:gleam

No commits in common. "5f332f4068eccbda66e41705240002ad7e46b2b2" and "445593c4b803d5639edfed4278703945ea596faf" have entirely different histories.
5f332f4068 ... 445593c4b8

3551 changed files with 198335 additions and 270200 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.dockerignore
View file

@ -1,6 +0,0 @@
*
!composer.json
!composer.lock
!config/*
!web/*
!wp-cli.yml

19
.gitignore vendored
View file

@ -5,15 +5,18 @@ web/app/mu-plugins/*/
web/app/themes/twentytwentyfour/ web/app/themes/twentytwentyfour/
web/app/upgrade web/app/upgrade
web/app/cache/* web/app/cache/*
web/app/languages/ web/app/languages/plugins/
web/app/object-cache.php web/app/object-cache.php
web/app/themes/haiku-atelier-2024/assets/js/*
# WordPress # WordPress
web/wp web/wp
web/vendor web/vendor
web/.htaccess web/.htaccess
# Compilation
web/app/themes/haiku-atelier-2024/assets/js
web/app/themes/haiku-atelier-2024/assets/js/.vite/manifest.json
# Logs # Logs
*.log *.log
@ -53,15 +56,3 @@ build/
/playwright-report/ /playwright-report/
/blob-report/ /blob-report/
/playwright/.cache/ /playwright/.cache/
# Containers
containers/data/*
containers/conf/angie/modules-available
containers/conf/angie/modules-enabled
containers/conf/angie/scripts
containers/conf/angie/snippets
containers/conf/angie/http-waf
# Formateurs
.php-cs-fixer.cache
.twig-cs-fixer.cache

2
.npmrc Executable file
View file

@ -0,0 +1,2 @@
# Nécessaire pour better-typescript-lib
public-hoist-pattern[]=@typescript/*

38
.oxlintrc.json Executable file
View file

@ -0,0 +1,38 @@
{
"$schema": "./node_modules/oxlint/configuration_schema.json",
"env": { "browser": true, "es2020": true, "es2022": true },
"categories": {
"correctness": "error",
"nursery": "error",
"pedantic": "error",
"perf": "warn",
"restriction": "error",
"style": "warn",
"suspicious": "error"
},
"plugins": ["jsdoc", "promise", "unicorn", "jsdoc", "oxc", "promise", "typescript", "unicorn"],
"rules": {
"import/export": "error",
"no-array-for-each": "off",
"no-async-await": "off",
"no-console": "off",
"no-magic-numbers": "warn",
"no-map-spread": "off",
"no-misused-promises": "off",
"no-optional-chaining": "off",
"no-rest-spread-properties": "off",
"no-ternary": "off",
"no-undefined": "off",
"no-unused-expressions": "off",
"no-void": "off",
"prefer-await-to-then": "off",
"promise/prefer-await-to-callbacks": "off",
"sort-imports": "off",
"typescript/array-type": ["error", { "default": "generic", "readonly": "generic" }],
"typescript/consistent-indexed-object-style": ["error", "record"],
"typescript/consistent-type-imports": "error",
"typescript/explicit-function-return-type": "warn",
"unicorn/prefer-dom-node-dataset": "off",
"yoda": ["error", "never"]
}
}

259
.php-cs-fixer.dist.php
View file

@ -1,259 +0,0 @@
<?php
declare(strict_types=1);
use PhpCsFixer\Config;
use PhpCsFixer\Finder;
use PhpCsFixer\Runner;
$finder = new Finder()->in(__DIR__)->exclude([
'vendor',
'web/vendor',
'web/wp',
'web/app/languages',
'web/app/plugins',
'web/app/mu-plugins'
]);
return new Config()
->setRiskyAllowed(true)
->setRules([
'array_syntax' => ['syntax' => 'short'],
'assign_null_coalescing_to_coalesce_equal' => true,
'attribute_empty_parentheses' => ['use_parentheses' => true],
'blank_line_after_namespace' => true,
'blank_lines_before_namespace' => ['min_line_breaks' => 1, 'max_line_breaks' => 2],
'cast_spaces' => true,
'class_attributes_separation' => ['elements' => [
'case' => 'none',
'const' => 'none',
'method' => 'one',
'property' => 'one',
'trait_import' => 'none'
]],
'class_reference_name_casing' => true,
'clean_namespace' => true,
'combine_consecutive_issets' => true,
'combine_consecutive_unsets' => true,
'combine_nested_dirname' => true,
'comment_to_phpdoc' => true,
'constant_case' => true,
'date_time_immutable' => true,
'declare_equal_normalize' => true,
'declare_parentheses' => true,
'declare_strict_types' => true,
'dir_constant' => true,
'echo_tag_syntax' => true,
'encoding' => true,
'ereg_to_preg' => true,
'error_suppression' => true,
'explicit_indirect_variable' => true,
'explicit_string_variable' => true,
'final_class' => true,
'final_internal_class' => true,
'full_opening_tag' => true,
'fully_qualified_strict_types' => ['import_symbols' => true],
'function_to_constant' => true,
'global_namespace_import' => ['import_classes' => true, 'import_constants' => true, 'import_functions' => true],
'heredoc_to_nowdoc' => true,
'integer_literal_case' => true,
'lambda_not_used_import' => true,
'list_syntax' => true,
'logical_operators' => true,
'long_to_shorthand_operator' => true,
'lowercase_cast' => true,
'lowercase_keywords' => true,
'lowercase_static_reference' => true,
'magic_constant_casing' => true,
'magic_method_casing' => true,
'mb_str_functions' => true,
'modernize_strpos' => ['modernize_stripos' => true],
'modernize_types_casting' => true,
'modifier_keywords' => true,
'multiline_comment_opening_closing' => true,
'native_constant_invocation' => true,
'native_function_casing' => true,
'native_function_invocation' => ['include' => ['@compiler_optimized'], 'scope' => 'namespaced', 'strict' => true],
'native_type_declaration_casing' => true,
'new_expression_parentheses' => true,
'no_alias_functions' => ['sets' => ['@all']],
'no_alias_language_construct_call' => true,
'no_alternative_syntax' => true,
'no_binary_string' => true,
'no_closing_tag' => true,
'no_empty_comment' => true,
'no_homoglyph_names' => true,
'no_leading_import_slash' => true,
'no_mixed_echo_print' => ['use' => 'echo'],
'no_multiline_whitespace_around_double_arrow' => true,
'no_multiple_statements_per_line' => true,
'no_null_property_initialization' => true,
'no_php4_constructor' => true,
'no_short_bool_cast' => true,
'no_trailing_comma_in_singleline' => true,
'no_trailing_whitespace_in_comment' => true,
'no_unneeded_braces' => ['namespaces' => true],
'no_unneeded_control_parentheses' => ['statements' => [
'break',
'clone',
'continue',
'echo_print',
'negative_instanceof',
'others',
'return',
'switch_case',
'yield',
'yield_from'
]],
'no_unneeded_final_method' => true,
'no_unneeded_import_alias' => true,
'no_unreachable_default_argument_value' => true,
'no_unset_cast' => true,
'no_unset_on_property' => true,
'no_unused_imports' => true,
'no_useless_concat_operator' => true,
'no_useless_nullsafe_operator' => true,
'no_useless_printf' => true,
'no_useless_return' => true,
'no_useless_sprintf' => true,
'no_whitespace_before_comma_in_array' => ['after_heredoc' => true],
'non_printable_character' => true,
'normalize_index_brace' => true,
'nullable_type_declaration' => ['syntax' => 'union'],
'nullable_type_declaration_for_default_null_value' => true,
'numeric_literal_separator' => ['override_existing' => true, 'strategy' => 'use_separator'],
'ordered_attributes' => true,
'ordered_class_elements' => ['case_sensitive' => false, 'sort_algorithm' => 'alpha'],
'ordered_imports' => ['case_sensitive' => true],
'ordered_interfaces' => true,
'ordered_traits' => true,
'ordered_types' => ['null_adjustment' => 'always_last'],
'phpdoc_readonly_class_comment_to_keyword' => true,
'phpdoc_to_param_type' => true,
'phpdoc_to_property_type' => true,
'phpdoc_to_return_type' => true,
'pow_to_exponentiation' => true,
'protected_to_private' => true,
'psr_autoloading' => true,
'random_api_migration' => ['replacements' => [
'getrandmax' => 'mt_getrandmax',
'rand' => 'mt_rand',
'srand' => 'mt_srand'
]],
'return_assignment' => true,
'self_accessor' => true,
'self_static_accessor' => true,
'set_type_to_cast' => true,
'short_scalar_cast' => true,
'simple_to_complex_string_variable' => true,
'simplified_null_return' => true,
'single_class_element_per_statement' => true,
'single_import_per_statement' => true,
'single_line_after_imports' => true,
'single_line_comment_spacing' => true,
'single_line_comment_style' => true,
'single_line_empty_body' => true,
'single_trait_insert_per_statement' => true,
'standardize_not_equals' => true,
'static_lambda' => true,
'strict_comparison' => true,
'strict_param' => true,
'string_implicit_backslashes' => true,
'string_length_to_empty' => true,
'switch_continue_to_break' => true,
'ternary_to_null_coalescing' => true,
'trim_array_spaces' => true,
'use_arrow_functions' => true,
'void_return' => true,
'whitespace_after_comma_in_array' => ['ensure_single_space' => true],
// ---
// Each line of multi-line DocComments must have an asterisk [PSR-5] and must be aligned with the first one.
'align_multiline_comment' => ['comment_type' => 'all_multiline'],
// There should not be blank lines between docblock and the documented element.
'no_blank_lines_after_phpdoc' => true,
// There should not be empty PHPDoc blocks.
'no_empty_phpdoc' => true,
// Removes @param, @return and @var tags that don't provide any useful information.
'no_superfluous_phpdoc_tags' => [
'allow_hidden_params' => false,
'allow_mixed' => false,
'allow_unused_params' => false
],
// PHPDoc should contain @param for all params.
'phpdoc_add_missing_param_annotation' => ['only_untyped' => false],
// All items of the given PHPDoc tags must be either left-aligned or (by default) aligned vertically.
'phpdoc_align' => true,
// PHPDoc annotation descriptions should not be a sentence.
'phpdoc_annotation_without_dot' => true,
// PHPDoc array<T> type must be used instead of T[].
'phpdoc_array_type' => true,
// Docblocks should have the same indentation as the documented subject.
'phpdoc_indent' => true,
// Fixes PHPDoc inline tags.
'phpdoc_inline_tag_normalizer' => true,
// Changes doc blocks from single to multi line, or reversed. Works for class constants, properties and methods only.
'phpdoc_line_span' => ['const' => 'single', 'method' => 'multi', 'property' => 'single'],
// PHPDoc list type must be used instead of array without a key.
'phpdoc_list_type' => false,
// @access annotations must be removed from PHPDoc.
'phpdoc_no_access' => true,
// No alias PHPDoc tags should be used.
'phpdoc_no_alias_tag' => true,
// @return void and @return null annotations must be removed from PHPDoc.
'phpdoc_no_empty_return' => false,
// @package and @subpackage annotations must be removed from PHPDoc.
'phpdoc_no_package' => true,
// Classy that does not inherit must not have @inheritdoc tags.
'phpdoc_no_useless_inheritdoc' => true,
// Annotations in PHPDoc should be ordered in defined sequence.
'phpdoc_order' => true,
// Order PHPDoc tags by value.
'phpdoc_order_by_value' => true,
// Orders all @param annotations in DocBlocks according to method signature.
'phpdoc_param_order' => true,
// The type of @return annotations of methods returning a reference to itself must the configured one.
'phpdoc_return_self_reference' => true,
// Scalar types should always be written in the same form. int not integer, bool not boolean, float not real or double.
'phpdoc_scalar' => ['types' => [
'boolean',
'callback',
'double',
'integer',
'never-return',
'never-returns',
'no-return',
'real',
'str'
]],
// Annotations in PHPDoc should be grouped together so that annotations of the same type immediately follow each other. Annotations of a different type are separated by a single blank line.
'phpdoc_separation' => [
'groups' => [
['Annotation', 'NamedArgumentConstructor', 'Target'],
['author', 'copyright', 'license'],
['category', 'package', 'subpackage'],
['property', 'property-read', 'property-write'],
['deprecated', 'link', 'see', 'since']
],
'skip_unlisted_annotations' => false
],
// Single line @var PHPDoc should have proper spacing.
'phpdoc_single_line_var_spacing' => true,
// PHPDoc summary should end in either a full stop, exclamation mark, or question mark.
'phpdoc_summary' => true,
// Docblocks should only be used on structural elements.
'phpdoc_to_comment' => false,
// PHPDoc should start and end with content, excluding the very first and last line of the docblocks.
'phpdoc_trim' => true,
// Removes extra blank lines after summary and after description in PHPDoc.
'phpdoc_trim_consecutive_blank_line_separation' => true,
// The correct case must be used for standard PHP types in PHPDoc.
'phpdoc_types' => true,
// Sorts PHPDoc types.
'phpdoc_types_order' => ['null_adjustment' => 'always_last'],
// @var and @type annotations must have type and name in the correct order.
'phpdoc_var_annotation_correct_order' => true,
// @var and @type annotations of classy properties should not contain the name.
'phpdoc_var_without_name' => true
])
->setFinder($finder)
->setParallelConfig(Runner\Parallel\ParallelConfigFactory::detect());

17
.phpactor.json
View file

@ -1,19 +1,6 @@
{ {
"$schema": "./phpactor.schema.json", "$schema": "/opt/phpactor/phpactor.schema.json",
"indexer.exclude_patterns": [
"/vendor/**/Tests/**/*",
"/vendor/**/tests/**/*",
"/var/cache/**/*",
"/vendor/composer/**/*"
],
"language_server.diagnostic_outsource_timeout": 5,
"language_server.diagnostics_on_update": true,
"language_server.diagnostics_on_save": true,
"language_server_highlight.enabled": true,
"language_server_php_cs_fixer.enabled": true,
"language_server_phpstan.config": "phpstan.neon",
"language_server_phpstan.enabled": true, "language_server_phpstan.enabled": true,
"language_server_psalm.enabled": false, "language_server_psalm.enabled": false,
"language_server_reference_finder.soft_timeout": 10, "php_code_sniffer.enabled": false
"language_server_reference_reference_finder.reference_timeout": 10
} }

29
.prettierignore Executable file
View file

@ -0,0 +1,29 @@
# Tout ce qui est traité par dprint
*.css
*.html
*.js
*.json
!package.json
*.jsonc
*.md
*.scss
*.ts
*.twig
*.yml
*.yaml
# Tout sauf le thème
.ddev
web/app/*
!web/app/themes
web/app/themes/haiku-atelier-2024/assets
web/app/languages
web/app/plugins
web/vendor
# Dépendances
composer.lock
pnpm-lock.yaml
# Jujutsu
.jj

31
.swcrc Executable file
View file

@ -0,0 +1,31 @@
{
"$schema": "https://swc.rs/schema.json",
"jsc": {
"externalHelpers": false,
"keepClassNames": false,
"loose": false,
"minify": {
"compress": true,
"mangle": true
},
"parser": {
"decorators": false,
"decoratorsBeforeExport": false,
"dynamicImport": false,
"exportDefaultFrom": false,
"exportNamespaceFrom": false,
"functionBind": false,
"importMeta": false,
"jsx": false,
"privateMethod": false,
"syntax": "typescript",
"topLevelAwait": false,
"tsx": false
},
"preserveAllComments": false,
"target": "es2020",
"transform": null
},
"minify": true,
"sourceMaps": true
}

12
.zed/settings.json
View file

@ -1,12 +0,0 @@
{
"language_servers": [
"!biome",
"!deno",
"!intelephense",
"!prettier",
"!tailwindcss-language-server",
"!vtsls",
"..."
],
"languages": {}
}

17
README.md
View file

@ -2,23 +2,6 @@
## Dépendances ## Dépendances
### JavaScript et TypeScript
#### Dépendances
- Effect
- a11y-dialog
- lit-html
#### Dépendances de développement
- ESLint
- Oxlint
- Prettier
- SASS
- Stylelint
- Vite
### PHP ### PHP
#### Dépendances #### Dépendances

48
biome.json Executable file
View file

@ -0,0 +1,48 @@
{
"$schema": "https://biomejs.dev/schemas/2.0.4/schema.json",
"assist": { "enabled": false },
"css": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"files": {
"experimentalScannerIgnores": [
"*.min.js",
"vendor",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/wp"
],
"ignoreUnknown": true,
"maxSize": 100000000
},
"formatter": { "enabled": false },
"graphql": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"json": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"linter": {
"enabled": false,
"rules": {
"complexity": { "noForEach": "off" },
"nursery": {
"recommended": true,
"useSortedClasses": {
"fix": "unsafe",
"level": "error",
"options": { "attributes": ["class"], "functions": [""] }
}
},
"style": {
"recommended": true,
"noNonNullAssertion": "off",
"noParameterAssign": "error",
"useAsConstAssertion": "error",
"useDefaultParameterLast": "error",
"useEnumInitializers": "error",
"useSelfClosingElements": "error",
"useSingleVarDeclarator": "error",
"noUnusedTemplateLiteral": "error",
"useNumberNamespace": "error",
"noInferrableTypes": "error",
"noUselessElse": "error"
},
"recommended": true
}
}
}

1719
bun.lock
View file

File diff suppressed because it is too large Load diff

3
cfg/oxlint.config.ts
View file

@ -1,3 +0,0 @@
import config from "@gcch/configuration-oxlint";
export default config;

65
cfg/playwright.config.ts
View file

@ -1,65 +0,0 @@
import { defineConfig, devices } from "@playwright/test";
export default defineConfig({
fullyParallel: true,
reporter: "list",
retries: 1,
testDir: "../tests",
timeout: 10_000,
workers: "100%",
use: {
/* Base URL to use in actions like `await page.goto('/')`. */
baseURL: "https://haikuatelier.gcch.local",
trace: "retry-with-trace",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../containers/data/certs/_wildcard.gcch.local.pem",
keyPath: "../containers/data/certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
},
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { width: 1920, height: 1080 } },
},
// {
// name: "desktop-chromium-1536",
// use: { ...devices["Desktop Chrome"], viewport: { width: 1536, height: 864 } },
// },
// {
// name: "desktop-chromium-1366",
// use: { ...devices["Desktop Chrome"], viewport: { width: 1366, height: 768 } },
// },
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { width: 1920, height: 1080 } },
},
// {
// name: "desktop-firefox-1536",
// use: { ...devices["Desktop Firefox"], viewport: { width: 1536, height: 864 } },
// },
// {
// name: "desktop-firefox-1366",
// use: { ...devices["Desktop Firefox"], viewport: { width: 1366, height: 768 } },
// },
// {
// name: "tablet-chromium-portrait",
// use: { ...devices["Galaxy Tab S9"] },
// },
// {
// name: "tablet-chromium-landscape",
// use: { ...devices["Galaxy Tab S9 landscape"] },
// },
// {
// name: "mobile-chromium-portrait",
// use: { ...devices["Pixel 7"] },
// },
// {
// name: "mobile-chromium-landscape",
// use: { ...devices["Pixel 7 landscape"] },
// },
],
});

7
cfg/prettier.config.ts
View file

@ -1,7 +0,0 @@
import { configClassique } from "@gcch/configuration-prettier";
const config = {
...configClassique,
};
export default config;

37
cfg/prettierignore
View file

@ -1,37 +0,0 @@
# Tout ce qui est traité par dprint
*.css
*.html
*.js
*.md
*.mjs
*.mts
*.php
*.scss
*.ts
*.xml
*.yaml
*.yml
!package.json
# Cache
.cache
# Tout sauf le thème
**/vendor
**/web/app/languages
**/web/app/mu-plugins
**/web/app/plugins
**/web/app/themes/haiku-atelier-2024/assets
**/web/app/themes/twentytwentyfour
**/web/app/uploads
**/web/wp
# Dépendances
composer.lock
bun.lock
# Jujutsu
.jj/
# Zed
.zed/

40
cfg/stylelint.config.ts
View file

@ -1,40 +0,0 @@
// @ts-expect-error -- La dépendance ne dispose pas de types.
import { propertyGroups } from "stylelint-config-clean-order";
/** @type {string[][]} */
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- Impossible de typer correctement avec JSDoc.
const groupesProprietes = Array.from(/** @type {GroupeProprietes} */ propertyGroups);
/** @import { StylelintConfigCleanOrderPropertyGroup } from "./lib/stylelint" */
/** @type {Array<StylelintConfigCleanOrderPropertyGroup>} */
const ordreProprietes = groupesProprietes.map((properties) => ({
emptyLineBefore: "never",
noEmptyLineBetween: true,
properties,
}));
/** @type {import("stylelint").Config} */
export default {
extends: ["stylelint-config-standard-scss", "stylelint-config-sass-guidelines", "stylelint-config-clean-order"],
plugins: ["stylelint-declaration-block-no-ignored-properties"],
rules: {
"@stylistic/function-parentheses-space-inside": null,
"@stylistic/selector-list-comma-newline-after": null,
"@stylistic/string-quotes": null,
"custom-property-pattern": null,
"declaration-block-no-duplicate-custom-properties": true,
"declaration-block-no-duplicate-properties": true,
"declaration-block-no-redundant-longhand-properties": true,
"declaration-block-no-shorthand-property-overrides": true,
"max-nesting-depth": null,
"no-descending-specificity": null,
"no-duplicate-selectors": [true, { disallowInList: false }],
"order/properties-order": [ordreProprietes, { severity: "error", unspecified: "bottomAlphabetical" }],
"plugin/declaration-block-no-ignored-properties": true,
"selector-class-pattern": null,
"selector-id-pattern": null,
"selector-max-compound-selectors": null,
"selector-max-id": null,
"selector-no-qualifying-type": null,
},
};

49
cfg/vite.config.ts
View file

@ -1,49 +0,0 @@
import type { PathsOutput } from "fdir";
import { fdir } from "fdir";
import process from "node:process";
import { defineConfig, loadEnv } from "vite";
const SLUG_THEME = "haiku-atelier-2024";
const SRC_TYPESCRIPT_PATHS: Promise<PathsOutput> = new fdir()
.withBasePath()
.filter((path, isDirectory) => !isDirectory && !path.endsWith("d.ts"))
.withMaxDepth(0)
.crawl(`web/app/themes/${SLUG_THEME}/src/scripts`)
.withPromise();
const PATHS = await SRC_TYPESCRIPT_PATHS;
export default defineConfig(({ mode }) => {
const env = loadEnv(mode, process.cwd(), "VITE");
return {
base: "/",
cacheDir: ".cache/vite",
build: {
assetsDir: ".",
cssMinify: "lightningcss",
emptyOutDir: true,
manifest: true,
minify: env["VITE_MODE"] === "production",
outDir: "./web/app/themes/haiku-atelier-2024/assets/js",
reportCompressedSize: true,
rollupOptions: {
input: PATHS,
output: {
assetFileNames: "[hash].[extname]",
chunkFileNames: "[hash].js",
entryFileNames: "[name].js",
minify: env["VITE_MODE"] === "production",
},
treeshake: true,
},
sourcemap: env["VITE_MODE"] === "development",
target: "es2020",
write: true,
},
css: {
devSourcemap: true,
transformer: "lightningcss",
},
mode: env["VITE_MODE"] ?? "production",
};
});

100
compose.yaml
View file

@ -1,100 +0,0 @@
name: "haikuatelier.fr"
networks:
haiku-network: null
services:
db:
container_name: "haikuatelier.fr-db"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
start_period: "60s"
test:
- "CMD"
- "healthcheck.sh"
- "--connect"
- "--innodb_initialized"
timeout: "5s"
image: "docker.io/library/mariadb:latest"
labels:
- "traefik.enable=false"
networks:
- "haiku-network"
restart: "unless-stopped"
volumes:
- "db-data:/var/lib/mysql:rw"
proxy:
container_name: "haikuatelier.fr-proxy"
depends_on:
- "wordpress"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
test:
- "CMD-SHELL"
- "curl http://localhost/health | grep UP"
timeout: "5s"
image: "docker.io/eilandert/angie:latest"
networks:
- "haiku-network"
restart: "on-failure:3"
volumes:
- "./containers/conf/angie:/etc/angie:rw"
# - "./containers/conf/angie-2:/etc/angie:rw"
- "./containers/data/certs:/etc/angie/ssl:ro"
- "./containers/data/angie/logs:/var/log/angie:rw"
- "./:/var/www/wordpress:rw"
traefik:
container_name: "haikuatelier.fr-traefik"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
test:
- "CMD"
- "traefik"
- "healthcheck"
- "--ping"
timeout: "5s"
image: "traefik"
mem_limit: "256m"
mem_reservation: "128m"
networks:
- "haiku-network"
ports:
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
- "127.0.0.1:8082:8082"
restart: "unless-stopped"
volumes:
- "./containers/conf/traefik/dynamic:/etc/traefik/dynamic:ro"
- "./containers/conf/traefik/traefik.yaml:/etc/traefik/traefik.yml:ro"
- "./containers/data/certs:/etc/certs/:ro"
- "./containers/data/traefik/logs:/var/log/traefik:rw"
- "/var/run/user/1000/podman/podman.sock:/var/run/docker.sock:ro"
wordpress:
container_name: "haikuatelier.fr-wordpress"
depends_on:
- "db"
- "traefik"
env_file:
- path: "./.env"
required: true
image: "localhost/wordpress-haiku-atelier"
networks:
- "haiku-network"
ports:
- "127.0.0.1:9000:9000"
restart: "unless-stopped"
volumes:
- "./containers/conf/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro"
- "./:/var/www/wordpress:rw"
volumes:
db-data: null

151
composer.json
View file

@ -1,101 +1,82 @@
{ {
"autoload": { "name": "roots/bedrock",
"psr-4": { "type": "project",
"HaikuAtelier\\": "web/app/themes/haiku-atelier-2024/src/inc/" "license": "MIT",
} "description": "WordPress boilerplate with Composer, easier configuration, and an improved folder structure",
}, "homepage": "https://roots.io/bedrock/",
"authors": [ "authors": [
{ { "name": "Scott Walkinshaw", "email": "scott.walkinshaw@gmail.com", "homepage": "https://github.com/swalkinshaw" },
"email": "scott.walkinshaw@gmail.com", { "name": "Ben Word", "email": "ben@benword.com", "homepage": "https://github.com/retlehs" }
"homepage": "https://github.com/swalkinshaw",
"name": "Scott Walkinshaw"
},
{
"email": "ben@benword.com",
"homepage": "https://github.com/retlehs",
"name": "Ben Word"
}
], ],
"keywords": ["bedrock", "composer", "roots", "wordpress", "wp", "wp-config"],
"support": {
"issues": "https://github.com/roots/bedrock/issues",
"forum": "https://discourse.roots.io/category/bedrock"
},
"repositories": [
{ "type": "composer", "url": "https://wpackagist.org", "only": ["wpackagist-plugin/*", "wpackagist-theme/*"] }
],
"require": {
"php": ">=8.2",
"composer/installers": "^2.3",
"crell/fp": "^1.0",
"htmlburger/carbon-fields": "^3.6",
"illuminate/support": "^12.18",
"laravel/helpers": "^1.7.1",
"log1x/wp-smtp": "^1.0.2",
"lstrojny/functional-php": "^1.17",
"mnsami/composer-custom-directory-installer": "^2.0",
"nesbot/carbon": "^3.8.2",
"oscarotero/env": "^2.1.1",
"ramsey/uuid": "^4.7.6",
"roots/bedrock-autoloader": "^1.0.4",
"roots/bedrock-disallow-indexing": "^2.0",
"roots/wordpress": "^6.8.1",
"roots/wp-config": "^1.0",
"stripe/stripe-php": "^16.3",
"symfony/uid": "^7.2.0",
"timber/timber": "^2.3",
"vlucas/phpdotenv": "^5.6.1",
"wpackagist-plugin/falcon": "^2.8.4",
"wpackagist-plugin/force-regenerate-thumbnails": "^2.2.1",
"wpackagist-plugin/query-monitor": "^3.17.0",
"wpackagist-plugin/redis-cache": "^2.5.4",
"wpackagist-plugin/wc-multishipping": "^2.5.4",
"wpackagist-plugin/woo-preview-emails": "^2.2.13",
"wpackagist-plugin/woocommerce": "^9.4.3",
"wpackagist-plugin/wp-mail-logging": "^1.13.1",
"wpackagist-plugin/wp-mail-smtp": "^4.2",
"wpackagist-plugin/wp-openapi": "^1.0.16",
"wpackagist-theme/twentytwentyfour": "^1.3"
},
"require-dev": {
"phpstan/extension-installer": "^1.4.3",
"phpstan/phpstan": "^2.0.3",
"roave/security-advisories": "dev-latest",
"squizlabs/php_codesniffer": "^3.11.1",
"szepeviktor/phpstan-wordpress": "2.x-dev"
},
"config": { "config": {
"allow-plugins": {
"carthage-software/mago": true,
"composer/installers": true,
"mnsami/composer-custom-directory-installer": true,
"phpstan/extension-installer": true,
"roots/wordpress-core-installer": true
},
"optimize-autoloader": true, "optimize-autoloader": true,
"preferred-install": "dist", "preferred-install": "dist",
"allow-plugins": {
"composer/installers": true,
"mnsami/composer-custom-directory-installer": true,
"roots/wordpress-core-installer": true,
"phpstan/extension-installer": true
},
"sort-packages": true "sort-packages": true
}, },
"description": "WordPress boilerplate with Composer, easier configuration, and an improved folder structure", "minimum-stability": "dev",
"prefer-stable": true,
"extra": { "extra": {
"installer-paths": { "installer-paths": {
"web/vendor/{$vendor}/{$name}": ["htmlburger/carbon-fields"],
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"], "web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"],
"web/app/plugins/{$name}/": ["type:wordpress-plugin"], "web/app/plugins/{$name}/": ["type:wordpress-plugin"],
"web/app/themes/{$name}/": ["type:wordpress-theme"], "web/app/themes/{$name}/": ["type:wordpress-theme"]
"web/vendor/{$vendor}/{$name}": ["htmlburger/carbon-fields"]
}, },
"wordpress-install-dir": "web/wp" "wordpress-install-dir": "web/wp"
}, },
"homepage": "https://roots.io/bedrock/", "scripts": { "test": ["phpcs"] }
"keywords": ["bedrock", "composer", "roots", "wordpress", "wp", "wp-config"],
"license": "MIT",
"minimum-stability": "dev",
"name": "roots/bedrock",
"prefer-stable": true,
"repositories": [
{
"only": ["wpackagist-plugin/*", "wpackagist-theme/*"],
"type": "composer",
"url": "https://wpackagist.org"
}
],
"require": {
"php": ">=8.5",
"php-standard-library/php-standard-library": "^4.3",
"composer/installers": "^2.3",
"crell/fp": "^1.0",
"htmlburger/carbon-fields": "^3.6.9",
"illuminate/support": "^12.56",
"laravel/helpers": "^1.8.3",
"log1x/wp-smtp": "^1.0.2",
"lstrojny/functional-php": "^1.18",
"mnsami/composer-custom-directory-installer": "^2.0",
"nesbot/carbon": "^3.11.3",
"oscarotero/env": "^2.1.1",
"roots/bedrock-autoloader": "^1.1.0",
"roots/bedrock-disallow-indexing": "^2.1",
"roots/wordpress": "^6.9.4",
"roots/wp-config": "^1.0",
"stripe/stripe-php": "^19.4.1",
"symfony/uid": "^8.0.4",
"timber/timber": "^2.3.3",
"vlucas/phpdotenv": "^5.6.3",
"wpackagist-plugin/falcon": "^2.9.3",
"wpackagist-plugin/force-regenerate-thumbnails": "^2.3.0",
"wpackagist-plugin/query-monitor": "^3.20.4",
"wpackagist-plugin/redis-cache": "^2.7.0",
"wpackagist-plugin/wc-multishipping": "^3.0.2",
"wpackagist-plugin/woo-preview-emails": "^2.2.14",
"wpackagist-plugin/woocommerce": "^10.6.1",
"wpackagist-plugin/wp-mail-logging": "^1.16.0",
"wpackagist-plugin/wp-mail-smtp": "^4.7.1",
"wpackagist-plugin/wp-openapi": "^1.0.27",
"wpackagist-theme/twentytwentyfour": "^1.4"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.94.2",
"php-standard-library/phpstan-extension": "^2.1",
"phpstan/extension-installer": "^1.4.3",
"phpstan/phpstan": "^2.1.45",
"roave/security-advisories": "dev-latest",
"szepeviktor/phpstan-wordpress": "2.x-dev",
"vincentlanglet/twig-cs-fixer": "^3.14"
},
"support": {
"forum": "https://discourse.roots.io/category/bedrock",
"issues": "https://github.com/roots/bedrock/issues"
},
"type": "project"
} }

3833
composer.lock generated
View file

File diff suppressed because it is too large Load diff

158
config/application.php
View file

@ -1,5 +1,4 @@
<?php <?php
/** /**
* Your base production configuration goes in this file. Environment-specific * Your base production configuration goes in this file. Environment-specific
* overrides go in their respective config/environments/{{WP_ENV}}.php file. * overrides go in their respective config/environments/{{WP_ENV}}.php file.
@ -9,138 +8,153 @@
* can. * can.
*/ */
declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
// USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES // USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES
Env\Env::$options = 31; Env\Env::$options = 31;
/** /**
* Directory containing all of the site's files. * Directory containing all of the site's files
* *
* @var string * @var string
*/ */
$root_dir = dirname(__DIR__); $root_dir = dirname(__DIR__);
/** /**
* Document Root. * Document Root
* *
* @var string * @var string
*/ */
$webroot_dir = $root_dir . '/web'; $webroot_dir = $root_dir . "/web";
/* /**
* Use Dotenv to set required environment variables and load .env file in root * Use Dotenv to set required environment variables and load .env file in root
* .env.local will override .env if it exists * .env.local will override .env if it exists
*/ */
if (file_exists($root_dir . '/.env')) { if (file_exists($root_dir . "/.env")) {
$env_files = file_exists($root_dir . '/.env.local') ? ['.env', '.env.local'] : ['.env']; $env_files = file_exists($root_dir . "/.env.local") ? [".env", ".env.local"] : [".env"];
$dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false); $dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false);
$dotenv->load(); $dotenv->load();
$dotenv->required(['WP_HOME', 'WP_SITEURL']); $dotenv->required(["WP_HOME", "WP_SITEURL"]);
if (!env('DATABASE_URL')) { if (!env("DATABASE_URL")) {
$dotenv->required(['DB_NAME', 'DB_USER', 'DB_PASSWORD']); $dotenv->required(["DB_NAME", "DB_USER", "DB_PASSWORD"]);
} }
} }
/* /**
* Set up our global environment constant and load its config first * Set up our global environment constant and load its config first
* Default: production * Default: production
*/ */
define('WP_ENV', env('WP_ENV') ?: 'production'); define("WP_ENV", env("WP_ENV") ?: "production");
// Infer WP_ENVIRONMENT_TYPE based on WP_ENV /**
if (!env('WP_ENVIRONMENT_TYPE') && in_array(WP_ENV, ['production', 'staging', 'development', 'local'], true)) { * Infer WP_ENVIRONMENT_TYPE based on WP_ENV
Config::define('WP_ENVIRONMENT_TYPE', WP_ENV); */
if (!env("WP_ENVIRONMENT_TYPE") && in_array(WP_ENV, ["production", "staging", "development", "local"])) {
Config::define("WP_ENVIRONMENT_TYPE", WP_ENV);
} }
// URLs /**
Config::define('WP_HOME', env('WP_HOME')); * URLs
Config::define('WP_SITEURL', env('WP_SITEURL')); */
Config::define("WP_HOME", env("WP_HOME"));
Config::define("WP_SITEURL", env("WP_SITEURL"));
// Custom Content Directory /**
Config::define('CONTENT_DIR', '/app'); * Custom Content Directory
Config::define('WP_CONTENT_DIR', $webroot_dir . Config::get('CONTENT_DIR')); */
Config::define('WP_CONTENT_URL', Config::get('WP_HOME') . Config::get('CONTENT_DIR')); Config::define("CONTENT_DIR", "/app");
Config::define("WP_CONTENT_DIR", $webroot_dir . Config::get("CONTENT_DIR"));
Config::define("WP_CONTENT_URL", Config::get("WP_HOME") . Config::get("CONTENT_DIR"));
// DB settings /**
if (env('DB_SSL')) { * DB settings
Config::define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL); */
if (env("DB_SSL")) {
Config::define("MYSQL_CLIENT_FLAGS", MYSQLI_CLIENT_SSL);
} }
Config::define('DB_NAME', env('DB_NAME')); Config::define("DB_NAME", env("DB_NAME"));
Config::define('DB_USER', env('DB_USER')); Config::define("DB_USER", env("DB_USER"));
Config::define('DB_PASSWORD', env('DB_PASSWORD')); Config::define("DB_PASSWORD", env("DB_PASSWORD"));
Config::define('DB_HOST', env('DB_HOST') ?: 'localhost'); Config::define("DB_HOST", env("DB_HOST") ?: "localhost");
Config::define('DB_CHARSET', 'utf8mb4'); Config::define("DB_CHARSET", "utf8mb4");
Config::define('DB_COLLATE', ''); Config::define("DB_COLLATE", "");
$table_prefix = env('DB_PREFIX') ?: 'wp_'; $table_prefix = env("DB_PREFIX") ?: "wp_";
if (env('DATABASE_URL')) { if (env("DATABASE_URL")) {
$dsn = (object) parse_url(env('DATABASE_URL')); $dsn = (object) parse_url(env("DATABASE_URL"));
Config::define('DB_NAME', mb_substr($dsn->path, 1)); Config::define("DB_NAME", substr($dsn->path, 1));
Config::define('DB_USER', $dsn->user); Config::define("DB_USER", $dsn->user);
Config::define('DB_PASSWORD', $dsn->pass ?? null); Config::define("DB_PASSWORD", isset($dsn->pass) ? $dsn->pass : null);
Config::define('DB_HOST', isset($dsn->port) ? "{$dsn->host}:{$dsn->port}" : $dsn->host); Config::define("DB_HOST", isset($dsn->port) ? "{$dsn->host}:{$dsn->port}" : $dsn->host);
} }
// Authentication Unique Keys and Salts /**
Config::define('AUTH_KEY', env('AUTH_KEY')); * Authentication Unique Keys and Salts
Config::define('SECURE_AUTH_KEY', env('SECURE_AUTH_KEY')); */
Config::define('LOGGED_IN_KEY', env('LOGGED_IN_KEY')); Config::define("AUTH_KEY", env("AUTH_KEY"));
Config::define('NONCE_KEY', env('NONCE_KEY')); Config::define("SECURE_AUTH_KEY", env("SECURE_AUTH_KEY"));
Config::define('AUTH_SALT', env('AUTH_SALT')); Config::define("LOGGED_IN_KEY", env("LOGGED_IN_KEY"));
Config::define('SECURE_AUTH_SALT', env('SECURE_AUTH_SALT')); Config::define("NONCE_KEY", env("NONCE_KEY"));
Config::define('LOGGED_IN_SALT', env('LOGGED_IN_SALT')); Config::define("AUTH_SALT", env("AUTH_SALT"));
Config::define('NONCE_SALT', env('NONCE_SALT')); Config::define("SECURE_AUTH_SALT", env("SECURE_AUTH_SALT"));
Config::define("LOGGED_IN_SALT", env("LOGGED_IN_SALT"));
Config::define("NONCE_SALT", env("NONCE_SALT"));
// Custom Settings /**
Config::define('AUTOMATIC_UPDATER_DISABLED', true); * Custom Settings
Config::define('DISABLE_WP_CRON', env('DISABLE_WP_CRON') ?: false); */
Config::define("AUTOMATIC_UPDATER_DISABLED", true);
Config::define("DISABLE_WP_CRON", env("DISABLE_WP_CRON") ?: false);
// Disable the plugin and theme file editor in the admin // Disable the plugin and theme file editor in the admin
Config::define('DISALLOW_FILE_EDIT', true); Config::define("DISALLOW_FILE_EDIT", true);
// Disable plugin and theme updates and installation from the admin // Disable plugin and theme updates and installation from the admin
Config::define('DISALLOW_FILE_MODS', true); Config::define("DISALLOW_FILE_MODS", true);
// Limit the number of post revisions // Limit the number of post revisions
Config::define('WP_POST_REVISIONS', env('WP_POST_REVISIONS') ?? true); Config::define("WP_POST_REVISIONS", env("WP_POST_REVISIONS") ?? true);
// Debugging Settings /**
Config::define('WP_DEBUG_DISPLAY', false); * Debugging Settings
Config::define('WP_DEBUG_LOG', false); */
Config::define('SCRIPT_DEBUG', false); Config::define("WP_DEBUG_DISPLAY", false);
ini_set('display_errors', '0'); Config::define("WP_DEBUG_LOG", false);
Config::define("SCRIPT_DEBUG", false);
ini_set("display_errors", "0");
// Plugins /**
Config::define('WPMU_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/mu-plugins'); * Plugins
Config::define('WP_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/plugins'); */
Config::define("WPMU_PLUGIN_DIR", Config::get("WP_CONTENT_DIR") . "/mu-plugins");
Config::define("WP_PLUGIN_DIR", Config::get("WP_CONTENT_DIR") . "/plugins");
/* /**
* Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer
* See https://codex.wordpress.org/Function_Reference/is_ssl#Notes * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes
*/ */
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO']) { if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] === "https") {
$_SERVER['HTTPS'] = 'on'; $_SERVER["HTTPS"] = "on";
} }
$env_config = __DIR__ . '/environments/' . WP_ENV . '.php'; $env_config = __DIR__ . "/environments/" . WP_ENV . ".php";
if (file_exists($env_config)) { if (file_exists($env_config)) {
include_once $env_config; require_once $env_config;
} }
Config::apply(); Config::apply();
// Bootstrap WordPress /**
if (!defined('ABSPATH')) { * Bootstrap WordPress
define('ABSPATH', $webroot_dir . '/wp/'); */
if (!defined("ABSPATH")) {
define("ABSPATH", $webroot_dir . "/wp/");
} }

34
config/environments/development.php
View file

@ -1,37 +1,35 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'development'. * Configuration overrides for WP_ENV === 'development'
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define('SAVEQUERIES', true); Config::define("SAVEQUERIES", true);
Config::define('WP_DEBUG', true); Config::define("WP_DEBUG", true);
Config::define('WP_DEBUG_DISPLAY', true); Config::define("WP_DEBUG_DISPLAY", false);
Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true); Config::define("WP_DEBUG_LOG", env("WP_DEBUG_LOG") ?? true);
Config::define('WP_DISABLE_FATAL_ERROR_HANDLER', true); Config::define("WP_DISABLE_FATAL_ERROR_HANDLER", true);
Config::define('SCRIPT_DEBUG', true); Config::define("SCRIPT_DEBUG", true);
Config::define('DISALLOW_INDEXING', true); Config::define("DISALLOW_INDEXING", true);
ini_set('display_errors', '1'); ini_set("display_errors", "1");
// Enable plugin and theme updates and installation from the admin // Enable plugin and theme updates and installation from the admin
Config::define('DISALLOW_FILE_MODS', false); Config::define("DISALLOW_FILE_MODS", false);
// WooCommerce // WooCommerce
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY"));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET"));
// Stripe // Stripe
Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET')); Config::define("STRIPE_API_SECRET", env("STRIPE_API_SECRET"));
// Redis // Redis
Config::define('WP_REDIS_HOST', env('WP_REDIS_HOST')); Config::define("WP_REDIS_HOST", env("WP_REDIS_HOST"));
Config::define('WP_REDIS_PASSWORD', env('WP_REDIS_PASSWORD')); Config::define("WP_REDIS_PASSWORD", env("WP_REDIS_PASSWORD"));
// Désactive la mise à jour des traductions automatiques // Désactive la mise à jour des traductions automatiques
Config::define('WP_AUTO_UPDATE_TRANSLATION', false); Config::define("WP_AUTO_UPDATE_TRANSLATION", false);

22
config/environments/production.php
View file

@ -1,25 +1,23 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'production'. * Configuration overrides for WP_ENV === 'production'
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define('WP_DEBUG', true); Config::define("WP_DEBUG", true);
Config::define('WP_DEBUG_DISPLAY', false); Config::define("WP_DEBUG_DISPLAY", false);
Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true); Config::define("WP_DEBUG_LOG", env("WP_DEBUG_LOG") ?? true);
Config::define('WP_DISABLE_FATAL_ERROR_HANDLER', false); Config::define("WP_DISABLE_FATAL_ERROR_HANDLER", false);
Config::define('DISALLOW_INDEXING', false); Config::define("DISALLOW_INDEXING", false);
Config::define('DISALLOW_FILE_MODS', false); Config::define("DISALLOW_FILE_MODS", false);
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY"));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET"));
// Stripe // Stripe
Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET')); Config::define("STRIPE_API_SECRET", env("STRIPE_API_SECRET"));

10
config/environments/staging.php
View file

@ -1,15 +1,13 @@
<?php <?php
/** /**
* Configuration overrides for WP_ENV === 'staging'. * Configuration overrides for WP_ENV === 'staging'
*/ */
declare(strict_types=1); declare(strict_types=1);
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env; use function Env\env;
Config::define('DISALLOW_INDEXING', true); Config::define("DISALLOW_INDEXING", true);
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define("WOOCOMMERCE_API_CONSUMER_KEY", env("WOOCOMMERCE_API_CONSUMER_KEY"));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define("WOOCOMMERCE_API_CONSUMER_SECRET", env("WOOCOMMERCE_API_CONSUMER_SECRET"));

46
containers/Dockerfile
View file

@ -1,46 +0,0 @@
# syntax=docker/dockerfile:1
FROM docker.io/library/alpine:latest AS repo
# Ajoute Git.
RUN set -eux && apk add --no-cache \
bash \
git \
;
# Récupère les fichiers du site pour la branche « Production ».
RUN git clone --branch production --depth 1 http://git.gcch.fr/gcch/haiku-atelier-2024.git "/tmp/repo"
FROM docker.io/library/wordpress:php8.5-fpm-alpine AS php
ENTRYPOINT []
LABEL org.opencontainers.image.title=wordpress-haiku-atelier \
org.opencontainers.image.description="WordPress pour Haiku Atelier" \
org.opencontainers.image.authors="gcch" \
org.opencontainers.image.vendor="gcch" \
org.opencontainers.image.licenses=AGPL-3.0
# Installe wp-cli.
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp
# Installe Composer.
RUN php -r "copy('https://getcomposer.org/installer', './composer-setup.php');" && php ./composer-setup.php && mv composer.phar /usr/local/bin/composer && rm composer-setup.php
RUN set -eux && apk add --no-cache \
fish \
ghostscript \
imagemagick \
mariadb-client \
;
VOLUME /var/www/wordpress
WORKDIR /var/www/wordpress
# Récupère les fichiers du projet.
COPY --from=repo --chmod=775 "/tmp/repo/" .
RUN chown www-data: -R .
# Installe les dépendences Composer.
RUN composer install
EXPOSE 9000
CMD ["php-fpm"]

57
containers/conf/angie/angie.conf
View file

@ -1,57 +0,0 @@
worker_processes 1;
user root;
# Modules
include /etc/angie/modules-enabled/*.conf;
pcre_jit on;
pid /run/angie.pid;
error_log /dev/stdout info;
error_log /var/log/angie/angie.log warn;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
############# Angie conf
include /etc/angie/mime.types;
include /etc/angie/compression.conf;
include /etc/angie/fastcgi.conf;
error_log /dev/stdout info;
aio threads;
aio_write on;
directio 256k;
sendfile on;
sendfile_max_chunk 256k;
server_names_hash_bucket_size 128;
tcp_nodelay on;
tcp_nopush on;
http2 on;
source_charset utf-8; # same value as "charset"
############## Let Angie see client real IPs
real_ip_header X-Forwarded-For;
set_real_ip_from traefik;
############## Angie security
client_body_buffer_size 10K;
client_body_timeout 12;
client_header_buffer_size 1k;
client_header_timeout 12;
client_max_body_size 8M;
keepalive_timeout 15;
large_client_header_buffers 4 8k;
proxy_hide_header X-Powered-By;
send_timeout 10;
server_tokens off;
############# WP conf
include /etc/angie/haikuatelier.conf;
}

85
containers/conf/angie/angie.conf-original
View file

@ -1,85 +0,0 @@
user www-data;
worker_processes auto;
pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/angie/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/angie/access.log;
error_log /var/log/angie/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

176
containers/conf/angie/angie.conf-packaged
View file

@ -1,176 +0,0 @@
###
## This file comes with the "NGINX Mainline and modules" on https://deb.paranoid.nl/nginx-modules
## It contains various optimizations, examples and tweaks.
####
user www-data;
worker_processes auto;
worker_rlimit_nofile 10000;
pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf;
events {
worker_connections 65535;
multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
aio threads;
aio_write on;
sendfile on;
directio 256k;
sendfile_max_chunk 256k;
tcp_nopush off;
tcp_nodelay on;
types_hash_max_size 2048;
server_names_hash_bucket_size 128;
variables_hash_max_size 1024;
# server_name_in_redirect off;
include /etc/angie/mime.types;
default_type application/octet-stream;
###
## Enable security_headers only if you installed/enabled the module
###
# security_headers on;
# hide_server_tokens on;
# fastcgi_hide_header X-Powered-By;
# server_tokens off;
##
# Optimizing TLS over TCP to reduce latency (Cloudflare patch)
##
#ssl_dyn_rec_enable on;
##
# Enable HTTP2 and HTTP3
#
http2 on;
#http3 on;
#
##
##
# SSL Settings
##
# Enable only if you are running on a openssl3 build and kernel 4.17 or higher
# You need to do `modprobe tls` to load the kernel TLS module
#ssl_conf_command Options KTLS;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_dhparam /etc/angie/dhparam.pem;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_session_tickets off;
ssl_early_data on;
ssl_session_cache shared:SSL:10m;
ssl_session_cache shared:le_nginx_SSL:10m; #letsencrypt only
ssl_session_timeout 1440m;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8 valid=300;
##
# Logging Settings
##
## Log Format
log_format main '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
access_log /var/log/angie/access.log;
error_log /var/log/angie/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
###
## Miscellaneous
###
keepalive_disable none; # allow all browsers to use keepalive connections
keepalive_requests 50; # number of requests per connection, does not affect SPDY
max_ranges 1; # allow a single range header for resumed downloads and to stop large range header DoS attacks
msie_padding off;
#open_file_cache max=10000 inactive=2h;
#open_file_cache_errors on;
#open_file_cache_min_uses 1;
#open_file_cache_valid 1h;
output_buffers 2 512k;
#postpone_output 1440; # postpone sends to match our machine's MSS
read_ahead 512K; # kernel read head set to the output_buffers
server_name_in_redirect off; # if off, angie will use the requested Host header
source_charset utf-8; # same value as "charset"
# Buffer size for POST submissions
client_body_buffer_size 10K;
client_max_body_size 16m;
# Buffer size for Headers
client_header_buffer_size 1k;
# Allow the server to close the connection after a client stops
# responding.
# Frees up socket-associated memory.
#
reset_timedout_connection on;
# Timeouts, do not keep connections open longer then necessary to reduce
# resource usage and deny Slowloris type attacks.
client_body_timeout 10s; # maximum time between packets the client can pause when sending angie any data
client_header_timeout 10s; # maximum time the client has to send the entire header to angie
keepalive_timeout 120s; # timeout which a single keep-alive client connection will stay open
##
# Virtual Host Configs
##
include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

28
containers/conf/angie/compression.conf
View file

@ -1,28 +0,0 @@
gzip on;
gzip_comp_level 9;
gzip_http_version 1.1;
gzip_min_length 512;
gzip_buffers 32 4K;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_static on;
gzip_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
brotli on;
brotli_buffers 32 4K;
brotli_comp_level 6;
brotli_min_length 1000;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
zstd on;
zstd_buffers 32 4K;
zstd_comp_level 3;
zstd_min_length 1000;
zstd_static on;
zstd_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;

13
containers/conf/angie/dhparam.pem
View file

@ -1,13 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

21
containers/conf/angie/fastcgi.conf
View file

@ -1,21 +0,0 @@
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_hide_header X-Powered-By;
fastcgi_index index.php;

56
containers/conf/angie/haikuatelier.conf
View file

@ -1,56 +0,0 @@
server {
listen 80;
server_name _;
root /var/www/wordpress/web/;
index index.html index.php;
access_log /var/log/angie/haikuatelier-access.log;
error_log /var/log/angie/haikuatelier-error.log;
# Pour éviter des erreurs liés à des requêtes trop lourdes.
fastcgi_buffers 16 32k;
fastcgi_buffer_size 64k;
fastcgi_busy_buffers_size 64k;
# Point d'accès pour vérifier la santé du conteneur Angie.
location = /health {
access_log off;
add_header "Content-Type" "text/plain";
return 200 "UP";
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/angie/fastcgi.conf;
fastcgi_pass wordpress:9000;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
location ~* \.(?:ico|svg|css|js|gif|jpe?g|png|avif|jxl|webp|avif|woff2?)$ {
access_log off;
expires max;
add_header "Cache-Control" "public, immutable";
}
location * {
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "Access-Control-Allow-Origin" "*";
add_header "Cross-Origin-Opener-Policy" "unsafe-none";
add_header "Cross-Origin-Resource-Policy" "cross-origin";
}
}

99
containers/conf/angie/mime.types
View file

@ -1,99 +0,0 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

96
containers/conf/angie/naxsi_rules/blocking/10000000_scanner.rules
View file

@ -1,96 +0,0 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/20000000_web_security.rules
View file

@ -1,172 +0,0 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/30000000_wordpress.rules
View file

@ -1,16 +0,0 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/40000000_php_security.rules
View file

@ -1,66 +0,0 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

96
containers/conf/angie/naxsi_rules/blocking/blocking/10000000_scanner.rules
View file

@ -1,96 +0,0 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/blocking/20000000_web_security.rules
View file

@ -1,172 +0,0 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/blocking/30000000_wordpress.rules
View file

@ -1,16 +0,0 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/blocking/40000000_php_security.rules
View file

@ -1,66 +0,0 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

15
containers/conf/angie/naxsi_rules/blocking/blocking/50000000_sql_injection.rules
View file

@ -1,15 +0,0 @@
#######################################
## SQL Injection ids: 50000000 ##
#######################################
# Transact-SQL General Extended Stored Procedures
# https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/general-extended-stored-procedures-transact-sql
MainRule id:50000000 "s:$SQL:8" "rx:xp_(cmdshell|enumgroups|grantlogin|logevent|loginconfig|logininfo|msver|revokelogin|sprintf|sqlmaint|sscanf)" "mz:BODY|HEADERS|ARGS|URL" "msg:Transact-SQL GESP";
# Classic SQL injection
MainRule id:50000001 "s:$SQL:8" "rx:(CHAR|CONCAT|CONCAT_WS)\([0-9a-fx,]+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000002 "s:$SQL:8" "rx:SLEEP(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000003 "s:$SQL:8" "rx:\bBENCHMARK\b\([0-9,]+.+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000004 "s:$SQL:8" "rx:\b(UNION|INFORMATION_SCHEMA)\b.*(#|--|\*)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000005 "s:$SQL:8" "rx:(MD\d|SHA\d+)(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000006 "s:$SQL:8" "rx:DBMS_PIPE|RECEIVE_MESSAGE|WAITFOR|DELAY" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";

95
containers/conf/angie/naxsi_rules/naxsi_core.rules
View file

@ -1,95 +0,0 @@
##################################
## INTERNAL RULES IDS:1-999 ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;
#@MainRule "msg:no generic rules" id:19;
#@MainRule "msg:bad utf8" id:20;
#@MainRule "msg:illegal host header" id:21;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile|bigint" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:semicolon" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:comma" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double arobase (@@)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;
MainRule "rx:::json|to_json|jsonb?_build|jsonb?_object|jsonb?_each|jsonb?_extract|jsonb?_typeof|jsonb?_array|jsonb_set|json_query|json_keys" "msg:json functions and operators" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1018;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
MainRule "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110;
MainRule "str:zip://" "msg:zip:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1111;
MainRule "str:expect://" "msg:expect:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1112;
MainRule "str:input://" "msg:input:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1113;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
MainRule "str:/..;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1207;
MainRule "str:/.;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1208;
MainRule "str:/.%2e/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1209;
MainRule "str:/%2e./" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1210;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:open square backet ([), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht|\.jsp" "msg:asp/php/jsp/htaccess file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
MainRule "rx:^[\.a-z0-9_\- ]+$" negative "msg:uploaded filename contains non-printable ascii chars" "mz:FILE_EXT" "s:$UPLOAD:8" id:1501;

7
containers/conf/angie/naxsi_rules/whitelists/dokuwiki.rules
View file

@ -1,7 +0,0 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/drupal.rules
View file

@ -1,61 +0,0 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/etherpad-lite.rules
View file

@ -1,7 +0,0 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

10
containers/conf/angie/naxsi_rules/whitelists/iris.rules
View file

@ -1,10 +0,0 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

10
containers/conf/angie/naxsi_rules/whitelists/rutorrent.rules
View file

@ -1,10 +0,0 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/dokuwiki.rules
View file

@ -1,7 +0,0 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/whitelists/drupal.rules
View file

@ -1,61 +0,0 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/etherpad-lite.rules
View file

@ -1,7 +0,0 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

5
containers/conf/angie/naxsi_rules/whitelists/whitelists/generic.rules
View file

@ -1,5 +0,0 @@
# whitelist robots.txt
BasicRule wl:20000003 "mz:$URL:/robots.txt|URL";
# whitelist /.well-known/security.txt
BasicRule wl:20000003,20000045 "mz:$URL:/.well-known/security.txt|URL";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/iris.rules
View file

@ -1,10 +0,0 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

124
containers/conf/angie/naxsi_rules/whitelists/whitelists/jellyfin.rules
View file

@ -1,124 +0,0 @@
# Jellyfin rules
# global
BasicRule wl:2,11 "mz:BODY";
BasicRule wl:17 "mz:$HEADERS_VAR:accept";
BasicRule wl:1000 "mz:URL";
BasicRule wl:1000,1002 "mz:$HEADERS_VAR:cookie";
# /Users.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Users.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Users.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberAudioSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberSubtitleSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortBy$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Ids$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^MediaTypes$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortOrder$|$URL_X:^/Users/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^IncludeItemTypes$|$URL_X:^/Users/[0-9a-f-]*/Items$";
# /Users/authenticatebyname
BasicRule wl:1010,1011,1012,1302 "mz:$BODY_VAR:Pw|$URL:/Users/authenticatebyname";
# /UserItems/Resume
BasicRule wl:1015 "mz:$ARGS_VAR:fields|$URL:/UserItems/Resume";
# /Shows.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Seasons$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Episodes$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^NextUpDateCutoff$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1015 "mz:$ARGS_VAR:StartIndex|$URL:/Shows/NextUp?";
# /DisplayPreferences
BasicRule wl:15,1000,1001,1015,1101,1205 "mz:BODY|$URL:/DisplayPreferences/usersettings";
BasicRule wl:1000 "mz:$BODY_VAR_X:^chromecastVersion$|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^ShowBackdrop$|NAME|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1101 "mz:BODY|NAME|$URL:/DisplayPreferences/usersettings";
# /Items.*
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:URL|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^inheritFromParent$|NAME|$URL_X:^/Items/[0-9a-f-]*/ThemeMedia$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Items.*$";
BasicRule wl:1005 "mz:$BODY_VAR_X:^Value$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Items";
BasicRule wl:1015 "mz:$BODY_VAR_X:^VideoCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^AudioCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^Container$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$ARGS_VAR:ExcludeLocationTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Filters|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:ImageTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:IncludeItemTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Recursive|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortOrder|$URL:/Items?";
# /Shows/Upcoming
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Shows/Upcoming";
# /Movies/Recommendations
BasicRule wl:1000,1015 "mz:$ARGS_VAR:Fields|$URL:/Movies/Recommendations";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Movies/Recommendations";
# /System/Configuration
BasicRule wl:1013,1015 "mz:$BODY_VAR:SortRemoveCharacters|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:LibraryUpdateDuration|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:Name|$URL:/System/Configuration";
BasicRule wl:1101 "mz:$BODY_VAR:Url|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:LibraryMonitorDelay|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:ThrottleDelaySeconds|NAME|$URL:/System/Configuration/encoding";
# /System/Configuration/branding
BasicRule wl:1000,1001,1002,1003,1004,1008,1009,1010,1011,1015,1016,1205 "mz:$BODY_VAR:CustomCss|$URL:/System/Configuration/branding";
BasicRule wl:1302 "mz:$BODY_VAR:LoginDisclaimer|$URL:/System/Configuration/branding";
# /Sessions
BasicRule wl:1000 "mz:$BODY_VAR:EventName|$URL:/Sessions/Playing/Progress";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:AudioCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:VideoCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1200 "mz:$HEADERS_VAR:cookie|$URL:/Sessions/Logout";
# Branding
BasicRule wl:1015 "mz:$BODY_VAR:Splashscreen|$URL:/Branding/Splashscreen";
# /Library
BasicRule wl:1005,1008,1205 "mz:$BODY_VAR:CustomTagDelimiters|$URL:/Library/VirtualFolders/LibraryOptions";
# /Playlists
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
# /SyncPlay
BasicRule wl:1013 "mz:$BODY_VAR:GroupName|$URL:/SyncPlay/New";
# /Videos.*
BasicRule wl:12 "mz:ARGS|$URL_X:^/videos/.*$";
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Videos/.*$";
BasicRule wl:1015 "mz:ARGS|$URL_X:^/videos/.*$";
# /LiveTv
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/LiveTv/Programs/Recommended";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs/Recommended";
# Playback Reporting Plugin
# /user_usage_stats
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/PlayActivity";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/HourlyReport";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/DurationHistogramReport";
# Artist
BasicRule wl:1000,1015 "mz:$ARGS_VAR:fields|$URL:/Artists";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Artists";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Artists";
# Persons
BasicRule wl:1000,1013 "mz:$ARGS_VAR:fields|$URL:/Persons";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Persons";
BasicRule wl:1100 "mz:$ARGS_VAR:searchTerm|$URL:/Persons";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/rutorrent.rules
View file

@ -1,10 +0,0 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

26
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress-minimal.rules
View file

@ -1,26 +0,0 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress.rules
View file

@ -1,152 +0,0 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/whitelists/zerobin.rules
View file

@ -1,8 +0,0 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

26
containers/conf/angie/naxsi_rules/whitelists/wordpress-minimal.rules
View file

@ -1,26 +0,0 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/wordpress.rules
View file

@ -1,152 +0,0 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/zerobin.rules
View file

@ -1,8 +0,0 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

20
containers/conf/angie/sites-available/default
View file

@ -1,20 +0,0 @@
server {
listen 80 default_server backlog=2048 reuseport fastopen=256;
listen [::]:80 default_server backlog=2048 reuseport fastopen=256;
# redirect all http traffic to https
#return 301 https://$host$request_uri;
# Reject everything on your default IP
location / { return 444; }
}
server {
listen 443 ssl reuseport fastopen=256 backlog=2048;
listen [::]:443 ssl reuseport fastopen=256 backlog=2048;
# Reject everything on your default IP
location / { return 444; }
ssl_reject_handshake on;
}

91
containers/conf/angie/sites-available/example
View file

@ -1,91 +0,0 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of angie configuration files in order to fully unleash the power of angie.
# https://www.angie.com/resources/wiki/start/
# https://www.angie.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/angie/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the angie packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/angie-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.angie-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with angie's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

15
containers/conf/php.ini
View file

@ -1,15 +0,0 @@
allow_url_fopen=0
allow_url_include=0
cgi.fix_pathinfo=0
display_errors=0
display_startup_errors=0
expose_php=0
file_uploads=On
max_execution_time=600
max_input_time=600
max_input_vars=2000
memory_limit=1024M
open_basedir="/"
post_max_size=32M
register_globals=Off
upload_max_filesize=32M

7
containers/conf/traefik/dynamic/certs.yaml
View file

@ -1,7 +0,0 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
tls:
certificates:
- certFile: "/etc/certs/_wildcard.gcch.local.pem"
keyFile: "/etc/certs/_wildcard.gcch.local-key.pem"

59
containers/conf/traefik/dynamic/general.yaml
View file

@ -1,59 +0,0 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
middlewares:
compression:
compress:
excludedContentTypes:
- text/event-stream
security:
headers:
accessControlAllowCredentials: true
accessControlAllowHeaders: "content-type"
accessControlAllowMethods:
- GET
- OPTIONS
- POST
- PUT
accessControlAllowOriginListRegex: "https://.*\\.gcch\\.local(.*)"
accessControlMaxAge: 100
addVaryHeader: true
browserXssFilter: true
contentTypeNosniff: true
customFrameOptionsValue: SAMEORIGIN
featurePolicy: "camera 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'; vibrate 'self';"
forceSTSHeader: false
frameDeny: true
hostsProxyHeaders:
- "X-Forwarded-Host"
isDevelopment: true
referrerPolicy: "origin"
stsPreload: true
stsSeconds: 315360000
tls:
options:
default:
alpnProtocols:
- h2
- http/1.1
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
minVersion: VersionTLS12
sniStrict: true
mintls13:
minVersion: VersionTLS13

48
containers/conf/traefik/dynamic/routers.yaml
View file

@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
routers:
haikuatelier:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`haikuatelier.gcch.local`)
service: service-haikuatelier
tls: true
jaeger:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`jaeger.gcch.local`)
service: service-jaeger
tls: true
jaeger-http:
entryPoints:
- websecure
middlewares:
- compression
- security
rule: Host(`jaeger-http.gcch.local`)
service: service-jaeger-http
tls: true
monitor:
entryPoints:
- websecure
rule: Host(`monitor.gcch.local`)
service: api@internal
tls: true
whoami:
entryPoints:
- websecure
rule: Host(`gcch.local`)
service: service-whoami
tls: true

24
containers/conf/traefik/dynamic/services.yaml
View file

@ -1,24 +0,0 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
http:
services:
service-haikuatelier:
loadBalancer:
servers:
- url: "http://proxy:80"
service-jaeger:
loadBalancer:
servers:
- url: "http://jaeger:16686"
service-jaeger-http:
loadBalancer:
servers:
- url: "http://jaeger:4318"
service-whoami:
loadBalancer:
servers:
- url: "http://whoami"

60
containers/conf/traefik/traefik.yaml
View file

@ -1,60 +0,0 @@
---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json
accessLog:
# Journalise l'accès aux ressources internes.
addInternals: false
# Chemin du fichier où les journaux seront enregistrés.
bufferingSize: 100
# Format des journaux.
filePath: "/var/log/traefik/access_log.log"
# Créé un buffer de n lignes avant d'écrire les journaux. Permet de journaliser de manière asynchrone.
format: "common"
api:
# Active le tableau de bord Traefik.
dashboard: true
# Active des points d'accès de déboguage.
debug: false
# Rend l'API directement disponible sans sécurisation.
insecure: true
entryPoints:
ping:
address: ":8082"
web:
address: ":80"
http:
redirections:
entryPoint:
scheme: https
to: websecure
websecure:
address: ":443"
global:
# Vérifie la disponibilité d'une version plus récente de Traefik.
checkNewVersion: true
# Partage des données avec l'éditeur de Traefik.
sendAnonymousUsage: false
log:
filePath: "/var/log/traefik/traefik.log"
format: common
level: "INFO"
maxBackups: 0
maxSize: 100
ping:
# Nom du point d'entrée de ping.
entryPoint: "ping"
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
network: haiku-network
watch: true
file:
directory: "/etc/traefik/dynamic"
watch: true

3
containers/conf/valkey.conf
View file

@ -1,3 +0,0 @@
appendonly yes
maxmemory 1024mb
maxmemory-policy allkeys-lru

46
cspell.json
View file

@ -1,48 +1,4 @@
{ {
"dictionaries": ["fr-fr", "en-gb"], "dictionaries": ["fr-fr", "en-gb"],
"userWords": [ "words": ["GLITCHTIP", "Vali", "fdir", "mobily", "oxlint", "valibot", "zstandard", "Eles", "logtape"]
"lightningcss",
"haikuatelier",
"healthcheck",
"traefik",
"innodb",
"jaegertracing",
"eilandert",
"valkey",
"somaxconn",
"woocommerce",
"Squiz",
"twentytwentyfour",
"symfony",
"phpstan",
"codesniffer",
"muplugin",
"wpautop",
"ERRMODE",
"laravel",
"multishipping",
"multiformats",
"curryfication",
"giftcard",
"taplo",
"phpactor"
],
"words": [
"GLITCHTIP",
"Vali",
"fdir",
"mobily",
"oxlint",
"valibot",
"zstandard",
"Eles",
"logtape",
"wpackagist",
"phpdotenv",
"friendsofphp",
"htmlburger",
"Crell",
"wpdb",
"classlike"
]
} }

15660
db/haiku_atelier-2025-11-03-b8ad85b.sql
View file

File diff suppressed because one or more lines are too long

18270
db/haiku_atelier-2025-12-03-c65939b.sql
View file

File diff suppressed because one or more lines are too long

17197
db/haiku_atelier-2026-01-07-486c0e1.sql
View file

File diff suppressed because one or more lines are too long

17135
db/haiku_atelier-2026-02-24-fa6557c.sql
View file

File diff suppressed because one or more lines are too long

16776
db/haiku_atelier-2026-04-01-5410760.sql
View file

File diff suppressed because one or more lines are too long

4
docs/JOURNAL.md
View file

@ -1,9 +1,5 @@
# Journal de développement # Journal de développement
## 2026-01-09
- Faire un modèle _Twig_ pour l'injection de données _JSON_ dans le _HTML_ d'une page.
## 2025-06-13 ## 2025-06-13
### Informations produit sous forme de grille ### Informations produit sous forme de grille

6
docs/TESTS.md
View file

@ -1,6 +0,0 @@
- Produits
- Aller sur tous les Produits
- La page doit correctement se charger
- Il est possible d'ajouter chaque variation au Panier
- Il n'est pas possible d'ajouter un Produit sans stock au Panier
- Le backend renvoie une erreur quand une demande d'ajout au Panier pour un Produit sans stock est malgré tout effectuée

6
docs/TODO.md
View file

@ -1,9 +1,3 @@
## 2026-02-19
- Créer un _timer_ et _service_ `systemd` adossés à un script réalisant un export de la BDD de production du site Haiku toutes les semaines dans le dossier `db` du répertoire.
---
- PAGE PANIER - PAGE PANIER
- [-] Bouton « Réinitialiser » pour les Articles - [-] Bouton « Réinitialiser » pour les Articles
- [-] Bouton « Réinitialiser » pour les Adresses - [-] Bouton « Réinitialiser » pour les Adresses

11
docs/lol/cute.ts
View file

@ -1,5 +1,12 @@
const etapes = ["┌(・ω・)┘", "└(・ω・)┐", "┌(;・ω・)┘", "└(;・ω・)┐", "┌(;・ω・;)┘", "└(;・ω・;)┐"]; const etapes = [
const assigneTexte = (texte: string): void => (ELEMENTS.BOUTON_CODE_PROMO.textContent = texte); "┌(・ω・)┘",
"└(・ω・)┐",
"┌(;・ω・)┘",
"└(;・ω・)┐",
"┌(;・ω・;)┘",
"└(;・ω・;)┐",
];
const assigneTexte = (texte: string): void => ELEMENTS.BOUTON_CODE_PROMO.textContent = texte;
let index = 0; let index = 0;
const z = {}; const z = {};
const callback = () => { const callback = () => {

122
dprint.json Executable file
View file

@ -0,0 +1,122 @@
{
"excludes": [
"**/node_modules",
"**/pnpm-lock.yaml",
"./lib/",
"web/app/languages",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/vendor"
],
"exec": {
"cacheKey": "1",
"commands": [
{ "command": "prettier --ignore-unknown --write --stdin-filepath {{file_path}}", "exts": ["php", "xml"] },
{ "command": "just --dump", "fileNames": ["justfile"], "stdin": true }
],
"cwd": "${originConfigDir}",
"indentWidth": 2,
"lineWidth": 120,
"timeout": 30,
"useTabs": false
},
"indentWidth": 2,
"json": {
"commentLine.forceSpaceAfterSlashes": true,
"indentWidth": 2,
"jsonTrailingCommaFiles": [".swcrc", "biome.jsonc", "settings.json", "tsconfig.json"],
"lineWidth": 120,
"newLineKind": "lf",
"preferSingleLine": true,
"trailingCommas": "never",
"useTabs": false
},
"lineWidth": 120,
"malva": {
"alignComments": true,
"attrValueQuotes": "always",
"blockSelectorLinebreak": "wrap",
"declarationOrder": null,
"formatComments": true,
"hexCase": "lower",
"hexColorLength": "short",
"indentWidth": 2,
"keyframeSelectorNotation": "keyword",
"lineBreak": "lf",
"linebreakInPseudoParens": true,
"omitNumberLeadingZero": false,
"operatorLinebreak": "before",
"preferSingleLine": true,
"printWidth": 100,
"quotes": "alwaysDouble",
"singleLineBlockThreshold": null,
"singleLineTopLevelDeclarations": false,
"trailingComma": false,
"useTabs": false
},
"markup": {
"closingBracketSameLine": false,
"closingTagLineBreakForEmpty": "never",
"component.selfClosing": false,
"doctypeKeywordCase": "lower",
"formatComments": true,
"html.normal.selfClosing": false,
"html.void.selfClosing": false,
"indentWidth": 2,
"lineBreak": "lf",
"maxAttrsPerLine": 1,
"printWidth": 120,
"quotes": "double",
"scriptFormatter": "dprint",
"scriptIndent": true,
"styleIndent": true,
"svg.selfClosing": true,
"useTabs": false,
"whitespaceSensitivity": "strict"
},
"newLineKind": "lf",
"plugins": [
"https://plugins.dprint.dev/typescript-0.95.8.wasm",
"https://plugins.dprint.dev/json-0.20.0.wasm",
"https://plugins.dprint.dev/markdown-0.19.0.wasm",
"https://plugins.dprint.dev/toml-0.7.0.wasm",
"https://plugins.dprint.dev/g-plane/malva-v0.12.1.wasm",
"https://plugins.dprint.dev/g-plane/markup_fmt-v0.22.0.wasm",
"https://plugins.dprint.dev/g-plane/pretty_yaml-v0.5.1.wasm",
"https://plugins.dprint.dev/exec-0.5.1.json@492414e39dea4dccc07b4af796d2f4efdb89e84bae2bd4e1e924c0cc050855bf"
],
"toml": {
"cargo.applyConventions": true,
"comment.forceLeadingSpace": true,
"indentWidth": 2,
"lineWidth": 120,
"newLineKind": "lf",
"useTabs": false
},
"typescript": {
"arrowFunction.useParentheses": "preferNone",
"conditionalExpression.operatorPosition": "nextLine",
"conditionalExpression.preferSingleLine": true,
"exportDeclaration.sortNamedExports": "maintain",
"importDeclaration.sortNamedImports": "maintain",
"module.sortExportDeclarations": "maintain",
"module.sortImportDeclarations": "maintain",
"quoteProps": "asNeeded",
"trailingCommas": "onlyMultiLine",
"useBraces": "whenNotSingleLine"
},
"yaml": {
"braceSpacing": true,
"bracketSpacing": false,
"formatComments": true,
"indentBlockSequenceInMap": true,
"indentWidth": 2,
"lineBreak": "lf",
"preferSingleLine": false,
"printWidth": 120,
"quotes": "preferDouble",
"trailingComma": true,
"trimTrailingWhitespaces": true,
"trimTrailingZero": false
}
}

0
cfg/eslint.config.ts → eslint.config.js
View file

89
justfile
View file

@ -1,4 +1,10 @@
set shell := ["fish", "-c"] set shell := ["fish", "-c"]
set unstable := true
cacheFolder := ".cache"
eslintCacheFile := "eslintcache"
prettierCacheFile := "prettiercache"
stylelintCacheFile := "stylelintcache"
# Recette par défaut. # Recette par défaut.
default: dev default: dev
@ -17,57 +23,52 @@ update:
# Formatte avec Prettier et dprint. # Formatte avec Prettier et dprint.
[group('qualité')] [group('qualité')]
format: format:
bun prettier \ @echo "Formatage de l'ensemble du code avec Prettier et dprint."
--cache --cache-location ".cache/prettiercache" \ bunx prettier \
--config "cfg/prettier.config.ts" \ --cache \
--ignore-path "cfg/prettierignore" \ --cache-location "{{ cacheFolder }}/{{ prettierCacheFile }}" \
--ignore-unknown \ --ignore-unknown \
--parallel-workers 8 \ --write \
--write . .
# TwigCsFixher dprint fmt
-vendor/bin/twig-cs-fixer fix web/app/themes/haiku-atelier-2024/
# PhpCsFixer
-vendor/bin/php-cs-fixer fix --allow-risky yes
dprint --config "~/.config/dprint/dprint.jsonc" fmt
fish scripts/format-sort-files.fish
# Compile, minifie et optimise Sass vers CSS. # Compile, minifie et optimise Sass vers CSS.
[group('css')] [group('css')]
build-css: build-css:
@bun sass \ @bunx sass \
--update \ --update \
"web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css" "web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/main.css" -- "web/app/themes/haiku-atelier-2024/assets/css/main.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css"
@bun lightningcss \ @bunx lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \
@ -76,12 +77,13 @@ build-css:
# Compile le CSS à chaque changement de fichier. # Compile le CSS à chaque changement de fichier.
[group('css')] [group('css')]
watch-css: watch-css:
@watchexec -w "web/app/themes/haiku-atelier-2024/src/sass" -- just build-css @just dev
@watchexec -w "web/app/themes/haiku-atelier-2024/src/sass" -- just build-css reload-tab
# Compile TypeScript en JavaScript. # Compile TypeScript en JavaScript.
[group('js')] [group('js')]
build-js: build-js:
@bun --bun vite build --config "cfg/vite.config.ts" @bunx vite build
# Compile tout. # Compile tout.
[group('css')] [group('css')]
@ -94,28 +96,27 @@ build-all:
# Compile TypeScript à chaque changement de fichier. # Compile TypeScript à chaque changement de fichier.
[group('js')] [group('js')]
watch-js: watch-js:
bun vite build --watch bunx vite build --watch
# Vérifie le code TypeScript avec des analyseurs statiques. # Vérifie le code TypeScript avec des analyseurs statiques.
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-js: lint-js:
-bun eslint "web/app/themes/haiku-atelier-2024/src/scripts" -bunx eslint "web/app/themes/haiku-atelier-2024/src/scripts"
bun --bun oxlint \ -bunx biome check --reporter=summary "web/app/themes/haiku-atelier-2024/src/scripts"
--config cfg/oxlint.config.ts \ -bunx oxlint "web/app/themes/haiku-atelier-2024/src/scripts"
--format stylish
# Vérifie le code Sass avec Stylelint. # Vérifie le code Sass avec Stylelint.
[group('css')] [group('css')]
[group('qualité')] [group('qualité')]
lint-css: lint-css:
-bun stylelint --config "cfg/stylelint.config.ts" "web/app/themes/haiku-atelier-2024/src/sass/" --fix -bunx stylelint "web/app/themes/haiku-atelier-2024/src/sass/" --fix
# Vérifie le code TypeScript mort avec knip # Vérifie le code TypeScript mort avec knip
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-code-mort: lint-code-mort:
-bun knip -bunx knip
# Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu. # Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu.
[group('vcs')] [group('vcs')]
@ -142,31 +143,3 @@ reload-tab:
set -f WSURL (curl -s http://127.1:9222/json | fx '.[0].webSocketDebuggerUrl') set -f WSURL (curl -s http://127.1:9222/json | fx '.[0].webSocketDebuggerUrl')
set -f REQUEST '{ "id": 2, "method": "Page.reload", "params": { "ignoreCache": true, "scriptToEvaluateOnLoad": "" } }' set -f REQUEST '{ "id": 2, "method": "Page.reload", "params": { "ignoreCache": true, "scriptToEvaluateOnLoad": "" } }'
echo $REQUEST | websocat $WSURL echo $REQUEST | websocat $WSURL
# Créé l'image OCI.
[group('container')]
build-wordpress-container:
@podman build -t wordpress-haiku-atelier:latest --progress=plain --file "containers/Dockerfile" .
# Lance les services.
[group('container')]
up-services:
@podman compose up -d
# Arrête les services.
[group('container')]
down-services:
@podman compose down
# Redémarre les services.
[group('container')]
restart-services:
@podman compose restart
# Met à jour les conteneurs images des conteneurs.
[group('container')]
pull-images:
bun "scripts/pull-container-images.ts"
export_production_db:
fish "scripts/déclenche-sauvegarde-bdd-production.fish"

120430
lib/openapi3_1.json
View file

File diff suppressed because it is too large Load diff

120430
lib/wp-json-openapi.json
View file

File diff suppressed because it is too large Load diff

162414
lib/wp-json-schema.json
View file

File diff suppressed because it is too large Load diff

32
mago.toml
View file

@ -1,32 +0,0 @@
php-version = "8.5"
stack-size = 8388608
threads = 8
[source]
excludes = ["web/wp/wp-admin/includes/noop.php"]
extensions = ["php"]
includes = ["config", "vendor", "web/app/plugins", "web/vendor", "web/wp"]
paths = ["web/app/themes/haiku-atelier-2024"]
[linter]
integrations = ["wordpress"]
[linter.rules]
ambiguous-function-call = { enabled = true }
halstead = { effort-threshold = 7000 }
literal-named-argument = { enabled = false }
no-redundant-readonly = { enabled = true }
no-redundant-use = { enabled = true }
no-variable-variable = { enabled = true }
[analyzer]
allow-possibly-undefined-array-keys = true
analyze-dead-code = true
check-arrow-function-missing-type-hints = true
check-closure-missing-type-hints = true
check-missing-type-hints = true
check-throws = true
find-unused-definitions = true
find-unused-expressions = true
perform-heuristic-checks = true
strict-list-index-checks = true

99
package.json
View file

@ -7,61 +7,64 @@
"license": "ISC", "license": "ISC",
"main": "index.js", "main": "index.js",
"keywords": [], "keywords": [],
"scripts": { "scripts": { "knip": "knip" },
"knip": "knip"
},
"dependencies": { "dependencies": {
"@logtape/logtape": "^1.0.2",
"@mobily/ts-belt": "v4.0.0-rc.5", "@mobily/ts-belt": "v4.0.0-rc.5",
"@sentry/browser": "^10.47.0", "@sentry/browser": "^9.34.0",
"a11y-dialog": "^8.1.4", "a11y-dialog": "^8.1.4",
"effect": "^3.21.0", "chalk": "^5.4.1",
"lit-html": "^3.3.1", "lit-html": "^3.3.0",
"loglevel": "^1.9.2",
"loglevel-plugin-prefix": "^0.8.4",
"optics-ts": "^2.4.1",
"purify-ts": "2.1.2", "purify-ts": "2.1.2",
"ts-pattern": "^5.9.0", "ts-pattern": "^5.7.1",
"valibot": "1.1.0" "valibot": "1.1.0"
}, },
"devDependencies": { "devDependencies": {
"@effect/language-service": "^0.84.2", "@biomejs/biome": "^2.0.6",
"@gcch/configuration-eslint": "git+https://git.gcch.fr/gcch/configuration-eslint#62ee424274", "@cspell/dict-fr-fr": "^2.3.0",
"@gcch/configuration-oxlint": "git+https://git.gcch.fr/gcch/configuration-oxlint#c53b1c1f78", "@eslint/js": "^9.30.1",
"@gcch/configuration-prettier": "git+https://git.gcch.fr/gcch/configuration-prettier#8de937e801", "@playwright/test": "^1.53.2",
"@playwright/test": "^1.59.0", "@prettier/plugin-php": "^0.22.4",
"@sentry/core": "^10.47.0", "@prettier/plugin-xml": "^3.4.1",
"@types/bun": "^1.3.11", "@sentry/core": "^9.34.0",
"@types/node": "^25.5.0", "@swc/cli": "0.7.7",
"@vitejs/plugin-legacy": "^8.0.1", "@types/eslint__js": "^9.14.0",
"better-typescript-lib": "^2.12.0", "@types/node": "^24.0.10",
"browserslist": "^4.28.2", "@vitejs/plugin-legacy": "^7.0.0",
"caniuse-lite": "^1.0.30001784", "better-typescript-lib": "^2.11.0",
"eslint": "^10.1.0", "browserslist": "^4.25.1",
"eslint-plugin-functional": "^9.0.4", "eslint": "^9.30.1",
"eslint-plugin-jsx-a11y": "^6.10.2", "eslint-plugin-oxlint": "^1.5.0",
"eslint-plugin-oxlint": "^1.58.0", "eslint-plugin-perfectionist": "^4.15.0",
"eslint-plugin-perfectionist": "^5.7.0", "fdir": "^6.4.6",
"eslint-plugin-sonarjs": "^4.0.2", "globals": "^16.3.0",
"fdir": "^6.5.0", "knip": "^5.61.3",
"globals": "^17.4.0", "lightningcss-cli": "^1.30.1",
"jiti": "^2.6.1", "oxlint": "^1.5.0",
"knip": "^6.1.1", "picomatch": "^4.0.2",
"lightningcss": "^1.32.0", "playwright": "^1.53.2",
"lightningcss-cli": "^1.32.0", "prettier": "^3.6.2",
"oxlint": "^1.58.0", "prettier-plugin-pkg": "^0.21.1",
"oxlint-tsgolint": "^0.19.0",
"playwright": "^1.59.0",
"prettier": "^3.8.1",
"prettier-plugin-pkg": "^0.22.1",
"prettier-plugin-sh": "^0.18.0", "prettier-plugin-sh": "^0.18.0",
"sass-embedded": "^1.98.0", "sass-embedded": "^1.89.2",
"stylelint": "^17.6.0", "stylelint": "^16.21.1",
"stylelint-config-clean-order": "^8.0.1", "stylelint-config-clean-order": "^7.0.0",
"stylelint-config-sass-guidelines": "^13.0.0", "stylelint-config-sass-guidelines": "^12.1.0",
"stylelint-config-standard-scss": "^17.0.0", "stylelint-config-standard-scss": "^15.0.1",
"stylelint-declaration-block-no-ignored-properties": "^3.0.0", "stylelint-declaration-block-no-ignored-properties": "^2.8.0",
"stylelint-plugin-logical-css": "^2.1.0", "stylelint-plugin-logical-css": "^1.2.3",
"typescript": "6.0.2", "typescript": "5.8.3",
"typescript-eslint": "^8.48.1", "typescript-eslint": "^8.35.1",
"vite": "^8.0.3", "vite": "^7.0.2",
"vite-tsconfig-paths": "^6.1.1" "vite-plugin-compression2": "^2.2.0",
"vite-plugin-manifest-sri": "^0.2.0",
"vite-plugin-node-polyfills": "^0.23.0",
"vite-plugin-valibot-env": "^1.0.1",
"vite-tsconfig-paths": "^5.1.4",
"wp-types": "^4.68.1"
}, },
"browserslist": [ "browserslist": [
"chrome >0 and last 3 years", "chrome >0 and last 3 years",
@ -76,5 +79,5 @@
"entry": ["web/app/themes/haiku-atelier-2024/src/scripts/*.ts"], "entry": ["web/app/themes/haiku-atelier-2024/src/scripts/*.ts"],
"project": ["web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"] "project": ["web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"]
}, },
"trustedDependencies": ["@parcel/watcher", "core-js"] "trustedDependencies": ["@biomejs/biome", "@parcel/watcher", "@swc/core", "core-js", "esbuild", "lightningcss-cli"]
} }

492
phpactor.schema.json
View file

@ -1,492 +0,0 @@
{
"$schema": "https:\/\/json-schema.org\/draft-07\/schema",
"properties": {
"$schema": {
"default": "",
"description": "Path to JSON schema, which can be used for config autocompletion, use phpactor config:initialize to update"
},
"behat.config_path": {
"default": "%project_root%\/behat.yml",
"description": "Path to the main behat.yml (including the filename behat.yml)"
},
"behat.symfony.di_xml_path": {
"description": "If using Symfony, set this path to the XML container dump to find contexts which are defined as services"
},
"class_to_file.brute_force_conversion": {
"default": true,
"description": "If composer not found, fallback to scanning all files (very time consuming depending on project size)"
},
"class_to_file.project_root": {
"default": "%project_root%",
"description": "Root path of the project (e.g. where composer.json is)"
},
"code_transform.class_new.variants": {
"default": [],
"description": "Variants which should be suggested when class-create is invoked"
},
"code_transform.import_globals": {
"default": false,
"description": "Import functions even if they are in the global namespace"
},
"code_transform.indentation": {
"default": " ",
"description": "Indentation chars to use in code generation and transformation"
},
"code_transform.refactor.generate_accessor.prefix": {
"default": "",
"description": "Prefix to use for generated accessors"
},
"code_transform.refactor.generate_accessor.upper_case_first": {
"default": false,
"description": "If the first letter of a generated accessor should be made uppercase"
},
"code_transform.refactor.generate_mutator.fluent": {
"default": false,
"description": "If the mutator should be fluent"
},
"code_transform.refactor.generate_mutator.prefix": {
"default": "set",
"description": "Prefix to use for generated mutators"
},
"code_transform.refactor.generate_mutator.upper_case_first": {
"default": true,
"description": "If the first letter of a generated mutator should be made uppercase"
},
"code_transform.refactor.object_fill.hint": {
"default": true,
"description": "Object fill refactoring: show hint as a comment"
},
"code_transform.refactor.object_fill.named_parameters": {
"default": true,
"description": "Object fill refactoring: use named parameters"
},
"code_transform.template_paths": {
"default": ["%project_config%\/templates", "%config%\/templates"],
"description": "Paths in which to look for code templates"
},
"command": { "description": "Internal use only - name of the command which was executed" },
"completion.dedupe": { "default": true, "description": "If results should be de-duplicated" },
"completion.dedupe_match_fqn": {
"default": true,
"description": "If ``completion.dedupe``, consider the class FQN in addition to the completion suggestion"
},
"completion.label_formatter": {
"default": "helpful",
"description": "Definition of how to format entries in the completion list",
"enum": ["helpful", "fqn"]
},
"completion.limit": { "description": "Sets a limit on the number of completion suggestions for any request" },
"completion_worse.completor.attribute.enabled": {
"default": true,
"description": "Enable or disable the ``attribute`` completor.\n\nCompletion for attribute class names."
},
"completion_worse.completor.class.limit": {
"default": 100,
"description": "Suggestion limit for the filesystem based SCF class_completor"
},
"completion_worse.completor.class_like.enabled": {
"default": true,
"description": "Enable or disable the ``class_like`` completor.\n\nCompletion for class like contexts."
},
"completion_worse.completor.class_member.enabled": {
"default": true,
"description": "Enable or disable the ``class_member`` completor.\n\nCompletion for class members."
},
"completion_worse.completor.constant.enabled": { "default": false, "description": null },
"completion_worse.completor.constructor.enabled": {
"default": true,
"description": "Enable or disable the ``constructor`` completor.\n\nCompletion for constructors."
},
"completion_worse.completor.declared_class.enabled": {
"default": true,
"description": "Enable or disable the ``declared_class`` completor.\n\nCompletion for classes defined in the Phpactor runtime."
},
"completion_worse.completor.declared_constant.enabled": {
"default": true,
"description": "Enable or disable the ``declared_constant`` completor.\n\nCompletion for constants defined in the Phpactor runtime."
},
"completion_worse.completor.declared_function.enabled": {
"default": true,
"description": "Enable or disable the ``declared_function`` completor.\n\nCompletion for functions defined in the Phpactor runtime."
},
"completion_worse.completor.docblock.enabled": {
"default": true,
"description": "Enable or disable the ``docblock`` completor.\n\nDocblock completion."
},
"completion_worse.completor.doctrine_annotation.enabled": {
"default": true,
"description": "Enable or disable the ``doctrine_annotation`` completor.\n\nCompletion for annotations provided by the Doctrine annotation library."
},
"completion_worse.completor.expression_name_search.enabled": {
"default": true,
"description": "Enable or disable the ``expression_name_search`` completor.\n\nCompletion for class names, constants and functions at expression positions that are located in the index."
},
"completion_worse.completor.imported_names.enabled": {
"default": true,
"description": "Enable or disable the ``imported_names`` completor.\n\nCompletion for names imported into the current namespace."
},
"completion_worse.completor.keyword.enabled": {
"default": true,
"description": "Enable or disable the ``keyword`` completor.\n\nCompletion for keywords (not very accurate)."
},
"completion_worse.completor.local_variable.enabled": {
"default": true,
"description": "Enable or disable the ``local_variable`` completor.\n\nCompletion for local variables."
},
"completion_worse.completor.named_parameter.enabled": {
"default": true,
"description": "Enable or disable the ``named_parameter`` completor.\n\nCompletion for named parameters."
},
"completion_worse.completor.scf_class.enabled": {
"default": true,
"description": "Enable or disable the ``scf_class`` completor.\n\nBrute force completion for class names (not recommended)."
},
"completion_worse.completor.subscript.enabled": {
"default": true,
"description": "Enable or disable the ``subscript`` completor.\n\nCompletion for subscript (array access from array shapes)."
},
"completion_worse.completor.symfony.enabled": {
"default": true,
"description": "Enable\/disable the Symfony completor - depends on Symfony extension being enabled"
},
"completion_worse.completor.type.enabled": {
"default": true,
"description": "Enable or disable the ``type`` completor.\n\nCompletion for scalar types."
},
"completion_worse.completor.use.enabled": {
"default": true,
"description": "Enable or disable the ``use`` completor.\n\nCompletion for use imports."
},
"completion_worse.completor.worse_parameter.enabled": {
"default": true,
"description": "Enable or disable the ``worse_parameter`` completor.\n\nCompletion for method or function parameters."
},
"completion_worse.debug": { "default": false, "description": "Include debug info in completion results" },
"completion_worse.experimantal": { "default": false, "description": "Enable experimental functionality" },
"completion_worse.name_completion_priority": {
"default": "proximity",
"description": "Strategy to use when ordering completion results for classes and functions:\n\n- `proximity`: Classes and functions will be ordered by their proximity to the text document being edited.\n- `none`: No ordering will be applied."
},
"completion_worse.snippets": { "default": true, "description": "Enable or disable completion snippets" },
"composer.autoload_deregister": {
"default": true,
"description": "Immediately de-register the autoloader once it has been included (prevent conflicts with Phpactor's autoloader). Some platforms may require this to be disabled"
},
"composer.autoloader_path": {
"default": "%project_root%\/vendor\/autoload.php",
"description": "Path to project's autoloader, can be an array"
},
"composer.class_maps_only": {
"default": true,
"description": "Register the composer class maps only, do not register the autoloader - RECOMMENDED"
},
"composer.enable": {
"default": true,
"description": "Include of the projects autoloader to facilitate class location. Note that when including an autoloader code _may_ be executed. This option may be disabled when using the indexer"
},
"console.decorated": {
"description": "Whether to decorate messages (null for auto-guessing)",
"enum": [true, false, null]
},
"console.verbosity": { "default": 32, "description": "Verbosity level", "enum": [16, 32, 64, 128, 256] },
"console_dumper_default": {
"default": "indented",
"description": "Name of the \"dumper\" (renderer) to use for some CLI commands"
},
"core.min_memory_limit": {
"default": 1610612736,
"description": "Ensure that PHP has a memory_limit of at least this amount in bytes"
},
"file_path_resolver.app_name": { "default": "phpactor", "description": null },
"file_path_resolver.application_root": { "description": null },
"file_path_resolver.enable_cache": { "default": true, "description": null },
"file_path_resolver.enable_logging": { "default": true, "description": null },
"file_path_resolver.project_root": { "default": "\/opt\/phpactor", "description": null },
"indexer.buffer_time": {
"default": 500,
"description": "For real-time indexers only: the time, in milliseconds, to buffer the results",
"type": ["integer"]
},
"indexer.enabled_watchers": {
"default": ["inotify", "watchman", "find", "php"],
"description": "List of allowed watchers. The first watcher that supports the current system will be used",
"type": ["object"]
},
"indexer.exclude_patterns": {
"default": ["\/vendor\/**\/Tests\/**\/*", "\/vendor\/**\/tests\/**\/*", "\/vendor\/composer\/**\/*"],
"description": "Glob patterns to exclude while indexing",
"type": ["object"]
},
"indexer.follow_symlinks": {
"default": false,
"description": "To allow indexer to follow symlinks",
"type": ["boolean"]
},
"indexer.implementation_finder.deep": {
"default": true,
"description": "Recurse over class implementations to resolve all class implementations (not just the classes directly implementing the subject)",
"type": ["boolean"]
},
"indexer.include_patterns": {
"default": ["\/**\/*.php", "\/**\/*.phar"],
"description": "Glob patterns to include while indexing",
"type": ["object"]
},
"indexer.index_path": {
"default": "%cache%\/index\/%project_id%",
"description": "Path where the index should be saved",
"type": ["string"]
},
"indexer.poll_time": {
"default": 5000,
"description": "For polling indexers only: the time, in milliseconds, between polls (e.g. filesystem scans)",
"type": ["integer"]
},
"indexer.project_root": {
"default": "%project_root%",
"description": "The root path to use for scanning the index",
"type": ["string"]
},
"indexer.reference_finder.deep": {
"default": true,
"description": "Recurse over class implementations to resolve all references",
"type": ["boolean"]
},
"indexer.stub_paths": {
"default": [],
"description": "Paths to external folders to index. They will be indexed only once, if you want to take any changes into account you will have to reindex your project manually.",
"type": ["object"]
},
"indexer.supported_extensions": {
"default": ["php", "phar"],
"description": "File extensions (e.g. `php`) for files that should be indexed",
"type": ["object"]
},
"language_server.catch_errors": { "default": true, "description": null },
"language_server.diagnostic_exclude_paths": {
"default": [],
"description": "List of paths to exclude from diagnostics, e.g. `vendor\/**\/*`"
},
"language_server.diagnostic_outsource": {
"default": true,
"description": "If applicable diagnostics should be \"outsourced\" to a different process"
},
"language_server.diagnostic_outsource_timeout": {
"default": 5,
"description": "Kill the diagnostics process if it outlives this timeout"
},
"language_server.diagnostic_providers": {
"description": "Specify which diagnostic providers should be active (default to all)"
},
"language_server.diagnostic_sleep_time": {
"default": 1000,
"description": "Amount of time to wait before analyzing the code again for diagnostics"
},
"language_server.diagnostics_on_open": {
"default": true,
"description": "Perform diagnostics when opening a text document"
},
"language_server.diagnostics_on_save": {
"default": true,
"description": "Perform diagnostics when the text document is saved"
},
"language_server.diagnostics_on_update": {
"default": true,
"description": "Perform diagnostics when the text document is updated"
},
"language_server.enable_workspace": {
"default": true,
"description": "If workspace management \/ text synchronization should be enabled (this isn't required for some language server implementations, e.g. static analyzers)"
},
"language_server.file_event_globs": { "default": ["**\/*.php"], "description": null },
"language_server.file_events": { "default": true, "description": "Register to receive file events" },
"language_server.method_alias_map": {
"default": [],
"description": "Allow method names to be re-mapped. Useful for maintaining backwards compatibility"
},
"language_server.phpactor_bin": {
"default": "\/opt\/phpactor\/lib\/Extension\/LanguageServer\/..\/..\/..\/bin\/phpactor",
"description": "Internal use only - name path to Phpactor binary"
},
"language_server.profile": { "default": false, "description": "Logs timing information for incoming LSP requests" },
"language_server.self_destruct_timeout": {
"default": 2500,
"description": "Wait this amount of time (in milliseconds) after a shutdown request before self-destructing"
},
"language_server.session_parameters": {
"default": [],
"description": "Phpactor parameters (config) that apply only to the language server session"
},
"language_server.shutdown_grace_period": {
"default": 200,
"description": "Amount of time (in milliseconds) to wait before responding to a shutdown notification"
},
"language_server.trace": {
"default": false,
"description": "Log incoming and outgoing messages (needs log formatter to be set to ``json``)"
},
"language_server_code_transform.import_globals": {
"default": false,
"description": "Show hints for non-imported global classes and functions"
},
"language_server_code_transform.import_name.report_non_existing_names": {
"default": true,
"description": "Show an error if a diagnostic name cannot be resolved - can produce false positives"
},
"language_server_completion.trim_leading_dollar": {
"default": false,
"description": "If the leading dollar should be trimmed for variable completion suggestions"
},
"language_server_configuration.auto_config": {
"default": true,
"description": "Prompt to enable extensions which apply to your project on language server start",
"type": ["boolean"]
},
"language_server_indexer.reindex_timeout": {
"default": 300,
"description": "Unconditionally reindex modified files every N seconds"
},
"language_server_indexer.workspace_symbol_search_limit": { "default": 250, "description": null },
"language_server_php_cs_fixer.bin": {
"default": "%project_root%\/vendor\/bin\/php-cs-fixer",
"description": "Path to the php-cs-fixer executable"
},
"language_server_php_cs_fixer.config": {
"description": "Set custom PHP CS config path. Ex., %project_root%\/.php-cs-fixer.php"
},
"language_server_php_cs_fixer.env": {
"default": { "PHP_CS_FIXER_IGNORE_ENV": true, "XDEBUG_MODE": "off" },
"description": "Environment for PHP CS Fixer (e.g. to set PHP_CS_FIXER_IGNORE_ENV)"
},
"language_server_php_cs_fixer.show_diagnostics": {
"default": true,
"description": "Whether PHP CS Fixer diagnostics are shown"
},
"language_server_phpstan.bin": {
"default": "%project_root%\/vendor\/bin\/phpstan",
"description": "Path to the PHPStan executable"
},
"language_server_phpstan.config": { "description": "Override the PHPStan configuration file" },
"language_server_phpstan.level": { "description": "Override the PHPStan level" },
"language_server_phpstan.mem_limit": { "description": "Override the PHPStan memory limit" },
"language_server_psalm.bin": {
"default": "%project_root%\/vendor\/bin\/psalm",
"description": "Path to psalm if different from vendor\/bin\/psalm",
"type": ["string"]
},
"language_server_psalm.error_level": {
"description": "Override level at which Psalm should report errors (lower => more errors)"
},
"language_server_psalm.show_info": {
"default": true,
"description": "If infos from psalm should be displayed",
"type": ["boolean"]
},
"language_server_psalm.threads": {
"default": 1,
"description": "Set the number of threads Psalm should use. Warning: NULL will use as many as possible and may crash your computer",
"type": ["integer"]
},
"language_server_psalm.timeout": {
"default": 15,
"description": "Kill the psalm process after this number of seconds",
"type": ["integer"]
},
"language_server_psalm.use_cache": {
"default": true,
"description": "If the Psalm cache should be used (see the `--no-cache` option)",
"type": ["boolean"]
},
"language_server_reference_reference_finder.reference_timeout": {
"default": 60,
"description": "Stop searching for references after this time (in seconds) has expired"
},
"language_server_worse_reflection.diagnostics.enable": { "default": true, "description": "Enable diagnostics" },
"language_server_worse_reflection.inlay_hints.enable": {
"default": false,
"description": "Enable inlay hints (experimental)"
},
"language_server_worse_reflection.inlay_hints.params": {
"default": true,
"description": "Show inlay hints for parameters"
},
"language_server_worse_reflection.inlay_hints.types": {
"default": false,
"description": "Show inlay type hints for variables"
},
"language_server_worse_reflection.workspace_index.update_interval": {
"default": 100,
"description": "Minimum interval to update the workspace index as documents are updated (in milliseconds)"
},
"logger.name": { "default": "logger", "description": null, "type": ["string"] },
"logging.enabled": { "default": false, "description": null, "type": ["boolean"] },
"logging.fingers_crossed": { "default": false, "description": null, "type": ["boolean"] },
"logging.formatter": { "description": null },
"logging.level": {
"default": "warning",
"description": null,
"enum": ["emergency", "alert", "critical", "error", "warning", "notice", "info", "debug"],
"type": ["string"]
},
"logging.path": { "default": "application.log", "description": null, "type": ["string"] },
"navigator.autocreate": { "default": [], "description": null },
"navigator.destinations": { "default": [], "description": null },
"object_renderer.template_paths.markdown": {
"default": ["%project_config%\/templates\/markdown", "%config%\/templates\/markdown"],
"description": "Paths in which to look for templates for hover information."
},
"php.version": {
"description": "Consider this value to be the project\\'s version of PHP (e.g. `7.4`). If omitted\nit will check `composer.json` (by the configured platform then the PHP requirement) before\nfalling back to the PHP version of the current process."
},
"php_code_sniffer.args": { "default": [], "description": "Additional arguments to pass to the PHPCS process" },
"php_code_sniffer.bin": {
"default": "%project_root%\/vendor\/bin\/phpcs",
"description": "Path to the phpcs executable"
},
"php_code_sniffer.cwd": { "description": "Working directory for PHPCS" },
"php_code_sniffer.env": {
"default": { "XDEBUG_MODE": "off" },
"description": "Environment for PHP_CodeSniffer (e.g. to set XDEBUG_MODE)"
},
"php_code_sniffer.show_diagnostics": {
"default": true,
"description": "Whether PHP_CodeSniffer diagnostics are shown"
},
"public_services_only": {
"default": false,
"description": "Only consider public services when providing analysis for the service locator"
},
"rpc.replay_path": { "default": "%cache%\/replay.json", "description": "Path where the replays should be stored" },
"rpc.store_replay": { "default": false, "description": "Should replays be stored?" },
"source_code_filesystem.project_root": { "default": "%project_root%", "description": null },
"symfony.xml_path": {
"default": "%project_root%\/var\/cache\/dev\/App_KernelDevDebugContainer.xml",
"description": "Path to the Symfony container XML dump file"
},
"worse_reflection.cache_dir": {
"default": "%cache%\/worse-reflection",
"description": "Cache directory for stubs"
},
"worse_reflection.cache_lifetime": {
"default": 1,
"description": "If caching is enabled, limit the amount of time a cache entry can stay alive"
},
"worse_reflection.diagnostics.undefined_variable.suggestion_levenshtein_disatance": {
"default": 4,
"description": "Levenshtein distance to use when suggesting corrections for variable names",
"type": ["integer"]
},
"worse_reflection.enable_cache": { "default": true, "description": "If reflection caching should be enabled" },
"worse_reflection.enable_context_location": {
"default": true,
"description": "If source code is passed to a ``Reflector`` then temporarily make it available as a\nsource location. Note this should NOT be enabled if the source code can be\nlocated in another (e.g. when running a Language Server)"
},
"worse_reflection.stub_dir": {
"default": "%application_root%\/vendor\/jetbrains\/phpstorm-stubs",
"description": "Location of the core PHP stubs - these will be scanned and cached on the first request"
},
"xdebug_disable": { "default": true, "description": "If XDebug should be automatically disabled" }
},
"title": "Phpactor Configuration Schema",
"type": "object"
}

58
phpcs.xml Executable file
View file

@ -0,0 +1,58 @@
<?xml version="1.0"?>
<ruleset name="Roots">
<description>Roots Coding Standards</description>
<!-- Scan all files in directory -->
<file>.</file>
<!-- Scan only PHP files -->
<arg
name="extensions"
value="php"
/>
<!-- Ignore WordPress and Composer dependencies -->
<exclude-pattern>web/wp</exclude-pattern>
<exclude-pattern>web/app/themes/twentytwentyfour/</exclude-pattern>
<exclude-pattern>vendor/</exclude-pattern>
<!-- Show colors in console -->
<arg value="-colors" />
<!-- Show sniff codes in all reports -->
<arg value="ns" />
<!-- Use PSR-2 as a base -->
<rule ref="PSR2" />
<!-- Désactivate certaines règles -->
<rule ref="Generic">
<exclude name="Generic.Arrays.DisallowShortArraySyntax.Found" />
<exclude name="Generic.Files.EndFileNoNewline.Found" />
<exclude name="Generic.Files.LowercasedFilename.NotFound" />
<exclude name="Generic.Functions.OpeningFunctionBraceBsdAllman.BraceOnSameLine" />
<exclude name="Generic.NamingConventions.CamelCapsFunctionName.NotCamelCaps" />
<exclude name="Generic.NamingConventions.CamelCapsFunctionName.ScopeNotCamelCaps" />
<exclude name="Generic.PHP.ClosingPHPTag.NotFound" />
<exclude name="Generic.PHP.UpperCaseConstant.Found" />
<exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed" />
<exclude name="Generic.WhiteSpace.ScopeIndent.Incorrect" />
<exclude name="Generic.WhiteSpace.ScopeIndent.IncorrectExact" />
</rule>
<rule ref="PSR1">
<exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps" />
</rule>
<rule ref="PSR2">
<exclude name="PSR2.Classes.ClassDeclaration.OpenBraceNewLine" />
</rule>
<rule ref="Squiz">
<exclude name="Squiz.Commenting.ClosingDeclarationComment.Missing" />
<exclude name="Squiz.Commenting.InlineComment.InvalidEndChar" />
<exclude name="Squiz.Functions.MultiLineFunctionDeclaration.BraceOnSameLine" />
<exclude name="Squiz.NamingConventions.ValidFunctionName.NotCamelCaps" />
<exclude name="Squiz.NamingConventions.ValidVariableName.NotCamelCaps" />
<exclude name="Squiz.Strings.DoubleQuoteUsage.NotRequired" />
<exclude name="Squiz.WhiteSpace.FunctionClosingBraceSpace.SpacingBeforeClose" />
<exclude name="Squiz.WhiteSpace.FunctionSpacing.After" />
</rule>
</ruleset>

61
phpstan.neon
View file

@ -1,51 +1,12 @@
# Utilise la version de développement de PHPStan
includes:
- phar://phpstan.phar/conf/bleedingEdge.neon
parameters: parameters:
# When set to true, it reports use of dynamic properties as undefined. level: 6
checkDynamicProperties: true paths:
checkExplicitMixedMissingReturn: true - web/app/themes/haiku-atelier-2024
# When set to true, it reports function and method calls with incorrect name case. scanDirectories:
checkFunctionNameCase: true - vendor
# When set to true, it reports references to built-in classes with incorrect name case. - web/app/plugins
checkInternalClassCaseSensitivity: true - web/vendor
# When set to true, it reports return typehints that could be narrowed down because some of the listed types are never returned from a public or protected method. - web/wp
checkTooWideReturnTypesInProtectedAndPublicMethods: true typeAliases:
# When set to true, it reports properties with native types that werent initialized in the class constructor. InformationsProduitShop: 'array{id: int, nom: string, prix: string, photo_repos: string, photo_survol: string, url: string}'
checkUninitializedProperties: false InformationsVariation: 'array{id: int, titre: string, prix: string}'
reportUnmatchedIgnoredErrors: false
# When set to true, it reports violations of parameter type contravariance and return type covariance.
reportMaybesInMethodSignatures: true
# By default PHPStan reports wrong type in @var tag only for native types on the right side of =. With reportWrongPhpDocTypeInVarTag set to true it will consider PHPDoc types too.
reportWrongPhpDocTypeInVarTag: true
# Setting treatPhpDocTypesAsCertain to false relaxes some of the rules around type-checking.
treatPhpDocTypesAsCertain: true
parallel:
jobSize: 20
maximumNumberOfProcesses: 32
minimumNumberOfJobsPerProcess: 2
level: max
scanDirectories:
- config
- vendor
- web/app
- web/vendor
- web/wp
scanFiles:
- .php-cs-fixer.dist.php
- web/index.php
- web/wp-config.php
paths:
- web/app/themes/haiku-atelier-2024
excludePaths:
analyseAndScan:
- web/app/db.php (?)
- web/app/languages
- web/app/themes/twentytwentyfour

92
playwright.config.ts Normal file
View file

@ -0,0 +1,92 @@
import { defineConfig, devices } from "@playwright/test";
/**
* Read environment variables from file.
* https://github.com/motdotla/dotenv
*/
// import dotenv from 'dotenv';
// import path from 'path';
// dotenv.config({ path: path.resolve(__dirname, '.env') });
/**
* See https://playwright.dev/docs/test-configuration.
*/
export default defineConfig({
testDir: "./tests",
/* Run tests in files in parallel */
fullyParallel: true,
/* Fail the build on CI if you accidentally left test.only in the source code. */
forbidOnly: !!process.env.CI,
/* Retry on CI only */
retries: process.env.CI ? 2 : 0,
/* Opt out of parallel tests on CI. */
workers: process.env.CI ? 1 : undefined,
/* Reporter to use. See https://playwright.dev/docs/test-reporters */
reporter: "list",
/* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
use: {
/* Base URL to use in actions like `await page.goto('/')`. */
// baseURL: 'http://localhost:3000',
/* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
trace: "on-first-retry",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../certs/_wildcard.gcch.local.pem",
keyPath: "../certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
},
/* Configure projects for major browsers */
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-chromium-1536",
use: { ...devices["Desktop Chrome"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-chromium-1366",
use: { ...devices["Desktop Chrome"], viewport: { width: 1366, height: 768 } },
},
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-firefox-1536",
use: { ...devices["Desktop Firefox"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-firefox-1366",
use: { ...devices["Desktop Firefox"], viewport: { width: 1366, height: 768 } },
},
{
name: "tablet-chromium-portrait",
use: { ...devices["Galaxy Tab S9"] },
},
{
name: "tablet-chromium-landscape",
use: { ...devices["Galaxy Tab S9 landscape"] },
},
{
name: "mobile-chromium-portrait",
use: { ...devices["Pixel 7"] },
},
{
name: "mobile-chromium-landscape",
use: { ...devices["Pixel 7 landscape"] },
},
],
/* Run your local dev server before starting the tests */
// webServer: {
// command: 'npm run start',
// url: 'http://localhost:3000',
// reuseExistingServer: !process.env.CI,
// },
});

56
prettier.config.js Executable file
View file

@ -0,0 +1,56 @@
/** @type {import("prettier").Config} */
export default {
arrowParens: "avoid",
bracketSameLine: false,
bracketSpacing: true,
embeddedLanguageFormatting: "auto",
endOfLine: "lf",
experimentalTernaries: true,
htmlWhitespaceSensitivity: "ignore",
overrides: [
// Pour les fichiers PHP sans HTML
{
files: ["*.php"],
options: {
braceStyle: "1tbs",
parser: "php",
phpVersion: "8.2",
plugins: ["@prettier/plugin-php"],
trailingCommaPHP: true,
},
},
// Pour les fichiers XML
{
files: ["*.xml"],
options: {
bracketSameLine: false,
parser: "xml",
plugins: ["@prettier/plugin-xml"],
printWidth: 120,
singleAttributePerLine: true,
tabWidth: 2,
xmlQuoteAttributes: "double",
xmlSelfClosingSpace: true,
xmlSortAttributesByKey: true,
xmlWhitespaceSensitivity: "strict",
},
},
// package.json
{
files: ["package.json"],
options: {
plugins: ["prettier-plugin-pkg"],
},
},
],
plugins: ["prettier-plugin-sh"],
printWidth: 120,
proseWrap: "never",
quoteProps: "as-needed",
semi: true,
singleAttributePerLine: true,
singleQuote: false,
tabWidth: 2,
trailingComma: "all",
useTabs: false,
};

25
psalm.xml Executable file
View file

@ -0,0 +1,25 @@
<?xml version="1.0"?>
<psalm
xmlns="https://getpsalm.org/schema/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
autoloader="web/wp-config.php"
errorLevel="4"
findUnusedBaselineEntry="true"
findUnusedCode="true"
resolveFromConfigFile="true"
>
<projectFiles>
<directory name="config" />
<directory name="web" />
<ignoreFiles>
<directory name="vendor" />
</ignoreFiles>
</projectFiles>
<plugins>
<pluginClass class="PsalmWordPress\Plugin">
<useDefaultStubs value="false" />
</pluginClass>
</plugins>
</psalm>

7
scripts/SCRIPT.fish Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/fish
for image in *.png
gm convert -resize 1000 $image ok-$image.png
end
flaca -p *

19
scripts/SUBSET.fish Executable file
View file

@ -0,0 +1,19 @@
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--flavor=woff2 \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.woff2" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.ttf" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli

68
scripts/convertis-images.fish
View file

@ -1,68 +0,0 @@
#!/usr/bin/fish
for jpg in **/*.{jpg,jpeg}
echo $jpg
set -f avif (path change-extension 'avif' "$jpg")
set -f jxl (path change-extension 'jxl' "$jpg")
set -f png (path change-extension 'png' "$jpg")
set -f dimensions (magick identify -format "%w-%h" $jpg)
set -f dimensions (string split "-" $dimensions)
if test $dimensions[1] -eq 1920 || test $dimensions[2] -eq 1920
set -f a_bonnes_dimensions true
else
set -f a_bonnes_dimensions false
end
if test -e $avif && test -e $jxl
echo -e "\tAll there."
continue
end
magick "$jpg" -resize 1920x1920\> "$png" >/dev/null
if ! test -e $jxl
if test $a_bonnes_dimensions = false
cjxl \
--allow_jpeg_reconstruction=1 \
--brotli_effort=11 \
--container=1 \
--effort=9 \
--lossless_jpeg=1 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
djxl \
--num_threads=-1 \
$jxl $jpg &>/dev/null
end
cjxl \
--allow_jpeg_reconstruction=0 \
--brotli_effort=11 \
--container=1 \
--effort=10 \
--quality=70 \
--lossless_jpeg=0 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
echo -e "\t$jxl"
set -f avif (path change-extension 'avif' "$jpg")
if ! test -e $avif
avifenc \
-q 70 \
-s 0 \
-c aom \
-y 420 \
"$png" "$avif" &>/dev/null
echo -e "\t$avif"
end
rm $png
end
end

4
scripts/déclenche-sauvegarde-bdd-production.fish
View file

@ -1,4 +0,0 @@
#!/usr/bin/fish
ssh ade -- fish /srv/haikuatelier.com/scripts/sauvegarde-bdd-production.fish
rclone copy --check-first --progress --multi-thread-streams 8 ade:/srv/haikuatelier.com/db /home/gcch/Répertoires/git.gcch.fr/gcch/haiku-atelier-2024/db

12
scripts/format-sort-files.fish
View file

@ -1,12 +0,0 @@
#!/usr/bin/fish
set -f fichiers_toml (fd --glob "*.toml")
set -f fichiers_angie (fd --glob "*.conf" containers/conf/angie)
for toml in $fichiers_toml
tombi format "$toml"
end
for angie in $angie
nginxfmt "$angie"
end

Some files were not shown because too many files have changed in this diff Show more