smartbooster / core-bundle
Bundle grouping all vendor, generic utils and services that we use on each project
Installs: 2 535
Dependents: 1
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 0
Type:symfony-bundle
Requires
- php: ^8.1
- doctrine/doctrine-fixtures-bundle: ^3.4
- doctrine/orm: ^2.13
- egulias/email-validator: ^3.0|^4.0
- nelmio/security-bundle: ^2.8 || ^3.0
- sentry/sentry-symfony: ^4.9
- symfony/apache-pack: ^1.0
- symfony/form: ^5.4|^6.2
- symfony/framework-bundle: ^5.4|^6.2
- symfony/security-bundle: ^5.4|^6.2
- symfony/translation: ^5.4|^6.2
- theofidry/alice-data-fixtures: ^1.5
Requires (Dev)
- smartbooster/standard-bundle: ^1.0
- symfony/flex: ^2
- symfony/phpunit-bridge: ^5.4|^6.2
- symfony/runtime: ^5.4|^6.2
- symfony/twig-bundle: ^5.4|^6.2
This package is auto-updated.
Last update: 2024-11-14 13:40:01 UTC
README
Bundle grouping all vendor, generic utils and services that we use on each project
What's inside !
- Config IniOverrideConfig service to easily override php.ini options
- Monitoring routes for uptime tracking, phpinfo debugging and more
- DataFixtures abstract helper
- Query functions to extends Doctrine DQL capacity
- SentryCallback with special CleverCloud dedicated behavior
- Utils for Array, Date, Math, Regex and String
- Validator constraints for EmailChain, Modulo, Password and more
Installation
composer require smartbooster/core-bundle
Enable Monitoring routes
To enable the monitoring routes, add the following codes to your config/routes.yaml file :
_smart_core: resource: . type: smart_core # We recommand to restrict thoses routes on a secure subdomain host: "admin.%domain%"
The path ^/anonymous must have PUBLIC_ACCESS in the project security.yaml config for the probe route to be accessible without user
# security.yaml access_control: - { path: ^/anonymous, roles: PUBLIC_ACCESS }
Extra DQL functions
Add the following code to your config/packages/doctrine.yaml according to your missing functions needs:
doctrine: # ... orm: # ... dql: string_functions: group_concat: Smart\CoreBundle\Query\MySQL\GroupConcat
Sentry configuration
To use our SentryCallback add the following to your config/packages/sentry.yaml :
when@prod: sentry: dsn: '%env(SENTRY_DSN)%' options: environment: '%env(ENVIRONMENT)%' before_send: 'sentry.callback.before_send' integrations: - 'Sentry\Integration\IgnoreErrorsIntegration' register_error_listener: false services: Sentry\Integration\IgnoreErrorsIntegration: arguments: $options: ignore_exceptions: - 'Symfony\Component\Security\Core\Exception\AccessDeniedException' sentry.callback.before_send: class: 'Smart\CoreBundle\Sentry\SentryCallback' factory: [ '@Smart\CoreBundle\Sentry\SentryCallback', 'getBeforeSend' ]
Also declare the following in your config/packages/monolog.yaml :
when@prod: monolog: handlers: # other handlers sentry: type: service id: Sentry\Monolog\Handler
And define the Sentry\Monolog\Handler service in your services.yaml :
services: # other services Sentry\Monolog\Handler: arguments: $hub: '@Sentry\State\HubInterface' $level: !php/const Monolog\Logger::ERROR
Nelmio Security recommendations
We recommand to setup a Content Security Policy in addition to the config generated by the nelmio security recipe:
nelmio_security: # ... # Content Security Policy csp: enabled: true hosts: [] content_types: [] enforce: # see full description below level1_fallback: true # only send directives supported by the browser, defaults to false # this is a port of https://github.com/twitter/secureheaders/blob/83a564a235c8be1a8a3901373dbc769da32f6ed7/lib/secure_headers/headers/policy_management.rb#L97 browser_adaptive: enabled: true # this is a full list of known case, you must keep only useful script in project script-src: - 'self' - 'unsafe-inline' - 'unsafe-eval' - 'https://maps.googleapis.com' - 'https://use.fontawesome.com' - 'https://www.google-analytics.com' - 'https://www.youtube.com' - 'https://www.youtube-nocookie.com' - 'https://js.stripe.com' - 'https://canny.io/' - 'https://www.google.com/' - 'https://www.gstatic.com/' - 'https://code.iconify.design' - 'https://cdn.jsdelivr.net' - 'http://embed.typeform.com' - 'https://embed.typeform.com' block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport
Contributing
Pull requests are welcome.
Thanks to everyone who has contributed already.
This project is supported by SmartBooster