Update main from develop (#742)

* Change back to just centre

* Create build-and-push-to-dockerhub.yml (#716)

* feat: moved docker files into service (#721)

* chore: added debug to the workflow

* chore: tryng new branch name

* chore: tryng new branch name

* chore: tryng new branch name

* chore: tryng new branch name

* fix: added workflow dispatch

* fix: cleraned up branch name

* docs: tweak on release process

* feat: workfloes on all branches

* chore: docs and a reimbursed seeder (#703)

* Dev/large file encryption (#725)

* feat: added ui for log downloads by f-year

* feat: Encrypts and Decrypts MVL files.

* chore: removed and improved some comments

* chore: added amnual trigger for workflow

---------

Co-authored-by: Tobias Batch <tobias@neontribe.co.uk>

* Update build-and-push-to-dockerhub.yml

* fix: suppressed record with null values inthe payment tempate

* fix: early update on workflow files

* Added command line file decryption and echo (#726)

* feat: added first draft of arc:mvl:cat - untested.

* chore: added some comments

* chore: added some comments

* Write encrypted logs to file rather than database (#727)

* feat: added ui for log downloads by f-year

* feat: Encrypts and Decrypts MVL files.

* chore: removed and improved some comments

* feat: Logs now export as encrypted CSV files, instead of to a database.

* chore: Added more comments.

* chore: Removed unused imports.

* BREAKING CHANGE: Encrypted market logs are now saved as '.arcx.csv' (was '.csv')

* chore: disabled workflow

* fix: labels in the docker

* fix: docker logs to std out

* Dev/large file encryption (#729)

* feat: added ui for log downloads by f-year

* feat: Encrypts and Decrypts MVL files.

* chore: removed and improved some comments

* feat: added ui for log downloads by f-year (#728)

* feat: added ui for log downloads by f-year

* fix: resolved conflicts on VoucherController.php

* fix: linting

---------

Co-authored-by: Tobias Batch <tobias@neontribe.co.uk>

* docs: added diags for erd and server layout (#731)

* docs: added diags for erd and server layout

* docs: added server descriptions

* docs: updated docs on server set up

* Updated to include more of the images.

* feat: adds voucher state history to voucher deep exports (#736)

* feat: adds voucher state history to voucher deep exports

* fix: don't override base model function you muppet

* fix: removed unneeded (and mispelled) function

* feat: adds a cli encrypter (#734)

* chore: upgrade php packages (#738)

* chore: post merge cleanup!

* feat: fixed docker build for prod env

* fix: permissisons on passport keys for the docker

* chore: docker instructions

* chore: stand alone docker start up

* Dev/add commitlint (#741)

* feat: added commit lint

* fix: added postinstall

* chore(deps): bump phpseclib/phpseclib from 3.0.20 to 3.0.36 (#744)

Bumps [phpseclib/phpseclib](https://github.com/phpseclib/phpseclib) from 3.0.20 to 3.0.36.
- [Release notes](https://github.com/phpseclib/phpseclib/releases)
- [Changelog](https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md)
- [Commits](phpseclib/phpseclib@3.0.20...3.0.36)

---
updated-dependencies:
- dependency-name: phpseclib/phpseclib
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump follow-redirects from 1.15.2 to 1.15.5 (#745)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.2 to 1.15.5.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.5)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump phenx/php-svg-lib from 0.5.0 to 0.5.2 (#743)

Bumps [phenx/php-svg-lib](https://github.com/PhenX/php-svg-lib) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/PhenX/php-svg-lib/releases)
- [Commits](dompdf/php-svg-lib@0.5.0...0.5.2)

---
updated-dependencies:
- dependency-name: phenx/php-svg-lib
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: lauragurney <laura.gurney@gmail.com>
Co-authored-by: lauragurney <laura@neontribe.co.uk>
Co-authored-by: Gabriel Lancaster-West <116901054+gxnda@users.noreply.github.com>
Co-authored-by: charles strange <charles@neontribe.co.uk>
Co-authored-by: charlesstrange2 <25037036+charlesstrange2@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.docker/dbtest.php

@@ -0,0 +1,55 @@
+<?php
+$DB_HOST = $argv[1];
+$DB_BASE = $argv[2];
+$DB_PORT = $argv[3];
+$DB_USER = $argv[4];
+$DB_PASS = $argv[5];
+
+# echo "Testing DB:";
+# echo "*";
+# echo "* new \PDO(mysql:host=$DB_HOST;dbname=$DB_BASE;port=$DB_PORT, $DB_USER, $DB_PASS, [ \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION ]);";
+# echo "*";
+
+try {
+ $pdo = new \PDO("mysql:host=$DB_HOST;dbname=$DB_BASE;port=$DB_PORT", "$DB_USER", "$DB_PASS", [
+ \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION
+ ]);
+} catch(\Exception $ex) {
+ switch ($ex->getCode()) {
+ // we can immediately stop startup here and show the error message
+ case 1045:
+ echo 'Access denied (1045)';
+ die(1);
+ // we can immediately stop startup here and show the error message
+ case 1049:
+ echo 'Unknown database (1049)';
+ die(2);
+ // a lot of errors share the same meaningless error code zero
+ case 0:
+ // this error includes the database name, so we can only search for the static part of the error message
+ if (stripos($ex->getMessage(), 'SQLSTATE[HY000] [1049] Unknown database') !== false) {
+ echo 'Unknown database (0-1049)';
+ die(3);
+ }
+ switch ($ex->getMessage()) {
+ // eg. no response (fw) - the startup script should retry it a couple of times
+ case 'SQLSTATE[HY000] [2002] Operation timed out':
+ echo 'Operation timed out (0-2002)';
+ die(4);
+ // special case "localhost" with a stopped db server (should not happen in docker compose setup)
+ case 'SQLSTATE[HY000] [2002] No such file or directory':
+ echo 'Connection could not be established (0-2002)';
+ die(5);
+ // using IP with stopped db server - the startup script should retry it a couple of times
+ case 'SQLSTATE[HY000] [2002] Connection refused':
+ echo 'Connection refused (0-2002)';
+ die(5);
+ }
+ echo $ex->getMessage() . " (0)";
+ die(7);
+ default:
+ // unknown error
+ echo $ex->getMessage() . " (?)";
+ die(10);
+ }
+}

.docker/docker-compose.yml

@@ -0,0 +1,62 @@
+version: '3.5'
+services:
+
+ sqldb:
+ image: mysql:5.7
+ environment:
+ - MYSQL_DATABASE=arcv
+ - MYSQL_USER=arcvuser
+ - MYSQL_PASSWORD=arcvpassword
+ - MYSQL_ROOT_PASSWORD=changemeplease
+ command: --default-storage-engine innodb
+ restart: unless-stopped
+ healthcheck:
+ test: mysqladmin -p$$MYSQL_ROOT_PASSWORD ping -h localhost
+ interval: 20s
+ start_period: 10s
+ timeout: 10s
+ retries: 3
+
+ web:
+ image: nginx
+ ports:
+ - 8080:80
+ volumes:
+ - ./nginx_default.conf:/etc/nginx/conf.d/default.conf
+ - ../:/opt/project:ro
+
+ service:
+ image: arc-service:dev
+ build:
+ context: ..
+ target: dev
+ environment:
+ - APP_URL=http://arcv-service.test
+ - ARC_MARKET_URL=http://arcv-market.test
+ - ARC_STORE_DOMAIN=arcv-store.test
+ - DB_CONNECTION=mysql
+ - DB_HOST=sqldb
+ - DB_PORT=3306
+ - DB_DATABASE=arcv
+ - DB_USERNAME=arcvuser
+ - DB_PASSWORD=arcvpassword
+ - LOG_CHANNEL=stderr
+ - MAIL_HOST=mailer
+ - MAIL_PORT=1025
+ - SESSION_SECURE_COOKIE=false
+ volumes:
+ # this seems to overwrite the .env file that passport HAS to have as a file
+ - ..:/opt/project
+ extra_hosts:
+ - "host.docker.internal:host-gateway"
+ - "arcv-service.test:host-gateway"
+ - "arcv-store.test:host-gateway"
+ - "arcv-market.test:host-gateway"
+
+ mailer:
+ image: schickling/mailcatcher
+ ports:
+ - "${MAILER_ADMIN_PORT:-2080}:1080"
+
+volumes:
+ service_public:

.docker/entry-point.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+function checkDatabase() {
+ echo "Wait for MySQL DB connection ..."
+ echo -n "Checking DB"
+ until php /dbtest.php "$DB_HOST" "$DB_DATABASE" "$DB_PORT" "$DB_USERNAME" "$DB_PASSWORD"; do
+ echo -n "."
+ sleep 3
+ done
+ echo " ✅ Connection established"
+}
+
+function handleStartup() {
+ # in production we will have a .env mounted into the container, this will have (at least) a
+ # APP_KEY, if we don't have a .env we will create one
+ if [ ! -e /opt/project/.env ]; then
+ if [ "$APP_ENV" == "production" ]; then
+ echo "No .env file present."
+ echo "Your are running a prod environment version but there is no .env file present"
+ echo "You need to mount one into this container or the system cannot proceed."
+ exit 1
+ else
+ touch .env
+ fi
+ fi
+
+ grep APP_KEY .env
+ # shellcheck disable=SC2181
+ if [ "$?" != 0 ]; then
+ echo "APP_KEY=''" > .env
+ php /opt/project/artisan key:generate
+ fi
+
+ # These are idempotent, run them anyway
+ php /opt/project/artisan migrate
+ if [ "$APP_ENV" == "local" ] || [ "$APP_ENV" == "dev" ] || [ "$APP_ENV" == "development" ] ; then
+ # check the DB, if there are no vouchers install fixtures
+ voucher_count=$(/opt/project/artisan tinker --execute='print(App\Voucher::all()->count())')
+ if [ "$voucher_count" == "0" ]; then
+ php /opt/project/artisan migrate:refresh --seed --force
+ fi
+ fi
+
+ php /passport-install.php
+ chmod 644 /opt/project/storage/oauth-p*
+
+ if [ -e /docker-entrypoint-initdb.d ]; then
+ for filename in /docker-entrypoint-init.d/*; do
+ if [ "${filename##*.}" == "sh" ]; then
+ # shellcheck disable=SC1090
+ source /docker-entrypoint-initdb.d/"$filename"
+ fi
+ done
+ fi
+ yarn production
+}
+
+checkDatabase
+handleStartup
+
+if [ -n "$RUN_AS" ]; then
+ GROUP_ID=${RUN_AS#*:}
+ USER_ID=${RUN_AS%:*} # drops substring from last occurrence of `SubStr` to end of string
+
+ GROUP_NAME=$(id -ng "$GROUP_ID")
+ if [ -z "$GROUP_NAME" ]; then
+ addgroup --gid "$GROUP_ID" arcuser
+ GROUP_NAME=arcuser
+ fi
+
+ USER_NAME=$(id -n "$USER_ID")
+ if [ -z "$USER_NAME" ]; then
+ adduser -G "$GROUP_NAME" -u "$USER_ID" arcuser
+ USER_NAME=arcuser
+ fi
+ sed -i "s/user = www-data/user = $USER_NAME/g" /usr/local/etc/php-fpm.d/www.conf
+ sed -i "s/group = www-data/group = $GROUP_NAME/g" /usr/local/etc/php-fpm.d/www.conf
+
+ chown -R $USER_NAME:$GROUP_NAME /opt/project/storage
+fi
+
+env | sort
+
+exec php-fpm
+
+exit

.docker/nginx_default.conf

@@ -0,0 +1,60 @@
+server {
+ listen 80;
+ root /usr/share/nginx/html;
+ index index.html;
+
+ server_name _;
+
+ location / {
+ try_files $uri /index.html;
+ }
+
+ location /ping {
+ access_log off;
+ add_header 'Content-Type' 'application/json';
+ return 200 '{"status":"UP"}';
+ }
+}
+
+server {
+ listen 80;
+ server_name arcv-service.test arcv-store.test;
+ root /opt/project/public;
+
+ index index.php;
+
+ location / {
+ try_files $uri $uri/ /index.php?$query_string;
+ }
+
+ location /ping {
+ access_log off;
+ add_header 'Content-Type' 'application/json';
+ return 200 '{"status":"UP"}';
+ }
+
+ location ~ \.php$ {
+ try_files $uri =404;
+ fastcgi_pass service:9000;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+ }
+
+ ssl_protocols TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+ ssl_session_timeout 10m;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_tickets off; # Requires nginx >= 1.5.9
+ # ssl_stapling on; # Requires nginx >= 1.3.7
+ # ssl_stapling_verify on; # Requires nginx => 1.3.7
+ resolver 8.8.8.8 8.8.4.4 valid=300s;
+ resolver_timeout 5s;
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+}
+

.docker/passport-install.php

@@ -0,0 +1,40 @@
+<?php
+
+if (! is_writeable("/opt/project/.env")) {
+ echo "Can't write to .env file\n";
+ exit(1);
+}
+
+$contents = file_get_contents("/opt/project/.env");
+if (getenv("APP_ENV") == "prod" && strpos($contents, "PASSWORD_CLIENT_SECRET")) {
+ echo "PASSWORD_CLIENT_SECRET exists and env is production, not overwriting\n";
+ exit(0);
+}
+
+$lines = explode("\n", $contents);
+$cleaned = [];
+print_r($lines);
+foreach ($lines as $line) {
+ if (!strpos($line, "PASSWORD_CLIENT") || !strpos($line, "PASSWORD_CLIENT_SECRET")) {
+ $cleaned[] = $line;
+ }
+}
+
+$output = [];
+
+exec('php artisan passport:keys --force');
+exec("php artisan passport:client --password --name '" . getenv("APP_NAME") . " Password Grant Client' --provider=users", $output);
+print_r($output);
+foreach ($output as $line) {
+ if (str_starts_with($line, "Client ID")) {
+ $elements = explode(" ", $line);
+ $cleaned[] = "PASSWORD_CLIENT=" . $elements[2];
+ }
+ if (str_starts_with($line, "Client secret")) {
+ $elements = explode(" ", $line);
+ $cleaned[] = "PASSWORD_CLIENT_SECRET=" . $elements[2];
+ }
+}
+exec("chmod 600 /opt/project/storage/*.key");
+
+file_put_contents("/opt/project/.env", implode("\n", $lines + $cleaned));

.docker/xdebug.ini

@@ -0,0 +1,6 @@
+zend_extension=xdebug
+
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.client_host=host.docker.internal
+xdebug.start_with_request=yes

.gitignore

@@ -33,3 +33,5 @@ tests/Browser/screenshots/
 passport.install
 coverage
 .php-cs-fixer.cache
+*.swp
+app/local

.husky/commit-msg

@@ -0,0 +1 @@
+npx --no -- commitlint --edit $1

.nvmrc

@@ -1 +1 @@
-lts/gallium
+stable