-
Notifications
You must be signed in to change notification settings - Fork 588
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC Move public accessible code into a separate directory #2504
Conversation
Impressively large! thanks for taking your time to put this change up! I'm sure we have some experts around but I am not sure about the why or the hows about this. can you elaborate on why this should happen? I am very happy to make changes like this but i just don't really do anything besides Ampache so i'd just like to understand this better. I'm also sure others will be able to weigh in on this too. |
@lachlan-00 Sure, I'll explain it a bit. It's about best practises in the first place. PHP Repository structureMost php repositories follow a certain structure. This is described here https://github.com/php-pds/skeleton
|
The frameworks such as Laravel, symfony, etc approach the organization In this manner. They are "content management systems". They need to be more concerned about security. For it's purpose, I think Ampache is adequately secure. But I think the organization is more for increased development efficiency not security. That's why I push migrating to Laravel. For example, most developers consider images, Audio, etc as media not sources. Also, I would need to know that the new architecture is 100% functional, or at leastfunctionally equivalent to the current architecture. |
I'm a big fan of this change. I have thought about how nice it would be to have all the web content separate from everything else. Thanks for the work, I would be happy to help test as well to see if there are any issues. Given how messy the code is, it should get a through look over. It will be a breaking change, so a major version would be required for this. I wonder if there is a way to include additional notes in the update notifications for when it is implemented. Maybe Ampache can show the git commit message? |
Thanks for your feedback, @wagnered !
Uhm well, that's your POV. From my POV, separating the Frameworks like laravel urge the developer to use such an approach, but this is also standard in most custom enterprise-grade projects I've seen so far. Sure, regarding ampache this means work in the first place, but imho everyone will benefit from it.
Well, I'm happy to prove that :-) But if you consider switching to standard frameworks like laravel, it's ok for me, too (although I'm not a big fan of using frameworks in big projects). Just let me know, I'm happy to help. |
@kuzi-moto I think, this will take a while. As said, I prefer some kind of iterative approach as there are many changes needed to make this really work (More autoloading, Dependency injection, Unit-Testing, ...). |
Just to play Devil's advocate, Not according to The document your refer to or Laravel's architecture. The public folder is at document root in both. Any way, l like Laravel because it is very active, has many built in tools, helpers and packages to ease development. It is also arguably the most popular framework. If you are curious, you can checkout the legacy-laravel branch and see what has been done so far. The work done was during my learning period so you can make light of it. 😇 |
Thank you for the detailed comments @usox Oh god, unit testing is something we need in here so bad. @kuzi-moto we do have "view changes" but it might be good to start putting notes into the update area when notifying. Since changing the changelog style it's actually been the best source for info so it might be a good link to add as well It might be good to branch this into a repo branch that other people can use/pull to as well. |
Yw.
Sure, that could work - seems to be the best way to test it out. Some preparations have to be done in develop, though - e.g. separate prefixes for the internal and external paths, removal of all those If you consider creating a new major version (as @kuzi-moto did), maybe it's time to raise the minimum php version as well? |
The next steps for me are working on the api, so i can slow down on the other features. I've fixed a lot of the code issues i wanted to touch first so i think we branch this and then i start work on the api. That way we have a clean point in time break to work from where i'll only be bugfixing non-api code. so uploads outside the api class should be minimal. I can edit the branch for this pull so i'll make the change tomorrow after work and that's where we go. I will also give you merge into that branch similar to the api client branch we have for @AshotN also i think @wagnered mentioned it but is src denoted anywhere as a required folder or just public? i've only seen public sources in my (minor) experience with other projects. unless there are other folders in src would it be simpler to just leave it as /public? |
Pleae understand that https://github.com/php-pds/skeleton is not a standard. I just installed 7 of the 10 frameworks recommended by DZone. All but YII2 has the public folder at the root. YII has the index.html in the root folder. As for an attacker finding and using a JavaScript file adversely, a non conforming framework would increase defence of this type of attack, especially if directory listing is disabled in the web server. With a conforming framework, the attacker would more likely be able to guess the location of important files. What is highly protective is the use of middleware. Considering you seem highly reluctant to use the word Laravel in your comments that you are concerned about a steep learning curve. I won't deny the fact that for me it was very steep. I am one who requires explicit examples and although there is an abundance of help and examples, I didn't find any explicitly explained. My Laravel branch might fill in any gaps of understanding. |
Furthermore, I would like to apologize for mixing up two things here. First: The
|
(lol @wagnerd open close from a different phone.) anyway, I like the idea of us adopting a clear structure like this and my personal preference is to keep pushing regular php without frameworks because ampache is really one of the only simple music projects left. @usox these comments are what we want to see. rules and process are something ampache needs. again I think we start this in a new branch and @usox I will invite you into the org to help make this change happen. @wagnerd I think your knowledge of moving to laravel will be really important here because of how much you had to do to even get that branch usable. |
Yea I have a phone with a sx inch display and size 10 1/2 hands. The buttons are too close together. |
okay, @usox i've invited you to the Ampache org and if you want to join i'll give you push access to the source-changes branch to allow you to make changes or fixes there. I read over the php-pds/skeleton standard and i think it's a good change for us to adopt so lets get it moving. I'll keep the code changes in develop to a minimum outside the API and break/fixes so allow us time to bake this branch as long as possible. |
Hi @lachlan-00 I'll try to keep up with the recent changes in develop and will merge it into source-changes regularly. |
I've got source-changes set up as a secondary on for testing. Haven't got past the installer yet but also haven't had time to sit on this branch. All I have to do is reorganise the teams and apply it to that branch. Give me 2 hours to fix that up after I get to work. |
okay @usox i've set your branch to source-changes, you have free reign there without pull requests. |
@usox one thing I will do in develop is standardise the require lib/init ,etc calls so when you update src/public it can be a find/replace |
@lachlan-00 Thanks, I already pushed the first set of changes. As I stated in your comment in your commit, I would prefer the usage of DIR instead of prefixes. I already changed that in the source-changes branch in all affected files. |
using dir is fine with me and i was going to suggest it was done in source-changes anyway. Happy with all those changes, i just did it that way in develop to make them all the same for find and replace. |
Hi there
This is a small (ok, not so small) request for comments.
What happend?
src/public
directory.src/public/lib/components/
Why?
src/
andtests
/ directories)There is still much work to do, so I'd like to request some feedback from you first.