mirror of
https://github.com/AnimeThemes/animethemes-server.git
synced 2026-07-11 01:24:46 +02:00
8c7363e95d
* #49, #51 feat(admin): persistent app configuration, nova settings tool, video streaming killswitch * style: Fix StyleCI issues * #41 feat(admin): add sluggable fields * #40 refactor: alias fields should be named slug * #62 feat(api): implementing announcement endpoints * style: fix StyleCI finding * #43 refactor: enum name should prefix model * test: year endpoints & StyleCI findings * fix(seed): resolve bucketed anime attributes, reduce collisions * #67, #68 fix(seed): reduce theme collisions & order seasons chronologically, fix(admin): invitation & lens pruning, fix(api): year endpoint key sorting, style fixes * #45 feat(seed): create anilist resources (#73) * Update tests.yml * #45 feat(seed): create anilist resources * docs: fix shields & link to installation guide, chore: update fortify stubs (#75) * Create CONTRIBUTING.md * #46 Image Resource, seeding anime images and synopsis, fix lens queries, php8 readiness, onboarding compatibility (#76) * #46 feat(seed): image resource, lens query fix, php8 readiness & onboarding * style: StyleCI finding * fix(api): allow themes to eager load images (#78) * #49 fix(videos): use subdomain routing to stream video (#82) * #74 feat(seed): implementing database dump artisan console command (#84) * #74 feat(seed): implementing database dump artisan console command * #74 style: fix StyleCI Finding * fix(video): use int return type via spaceships for set difference callback function (#85) * fix(admin): nova slug field now allows customization on update (#86) * refactor(video): Allow video stream middleware (#87) * refactor(video): is video streaming allowed as middleware * style: StyleCI findings * #88 feat(video): add view count for videos (#90) * #88 feat(video): add view count for videos * style: fix StyleCI findings * Initial unit tests (#93) * test: initial unit tests, community docs, test runner fixes * test: fixing github actions yml * test: fixing github actions yml * test: incremental push for backfilling tests, some cleanup * test: query parser & update jetstream stubs * style: fix StyleCI findings * test: don't expose image links * test: github actions doesn't like composer 2 * test: setup explicit php-version * test: make grill directory for test runner * test: use artisan test runner * test: handle no grills * test: sitemap should test for expected routes * test: install and publish assets before testing * test: add php extensions * test: rename sitemap route * test: provide video subdomain * #81 fix(api): use scout elastic driver package & refactor queries (#94) * #81 fix(api): search resource should implement limiting * fix(api): use new elastic scout driver package for search & refactor queries * fix(api): forgot updates to dependencies * style: fix StyleCI findings * style: fix StyleCI findings * fix(seed): add 2021 pages (#95) * #77 Initial implementation of deep filtering through constrained eager loads (#96) * feat(api): initial deep filtering implementation * fix(test): valid query parser limit must be greater than 0 * fix(api): jsonapi error handler only handles exceptions * style: fix StyleCI findings * fix(api): fix relation reflection * Fixing artist relation resolution (#97) * feat(api): initial deep filtering implementation * fix(test): valid query parser limit must be greater than 0 * fix(api): jsonapi error handler only handles exceptions * style: fix StyleCI findings * fix(api): fix relation reflection * fix(api): artist endpoint relation resolution * Adding Filter Unit Tests, bumping dependencies, updating stubs, actions secret test (#99) * test: filters, chore: update fortify stubs & bump dependencies * test: fix action * test: try another format * test: try another format * test: try another format * #45 feat(seed): create kitsu anime resources (#100) * #45 feat(seed): seed kitsu anime resource * style: fix StyleCI findings * #45 feat(seed): create anidb anime resources (#101) * [WIP] Discord Notifications for database updates, migrating to event dispatcher (#102) * feat: initial draft for discord notifications on database updates, refactor: use model event dispatcher instead of observers * style: fix StyleCI findings * refactor: use interface for discord event, don't serialize models on update & delete, first attempt to clean up embedded fields * style: fix StyleCI findings * refactor: discord embed field traits * fix: circument exception for empty values in embed fields by using a default value * refactor: update related scout indices and cascade deletes * style: fix StyleCI findings * feat: add artist events * feat: incremental commit for entry events * properly cast and format attribute values for update embed fields * feat: refresh video documents when deleting entries * feat: adding external resource events * feat: add events for images * feat: adding invitation events * feat: adding series events * feat: adding series events * feat: add song events * feat: adding synonym events * style: fix StyleCI findings * feat: adding theme events * feat: adding video events * feat: add LaserDisc video source * feat: add video entry events * add anime series events * add anime resource events * add anime image events * add artist image events * add artist resource events * feat: add artist member events * feat: add artist song events * refactor: use contract for readable model naming * style: fix StyleCI findings * feat: provide discord channel id in event, refactor: contracts, concerns, structural cleanup * style: fix StyleCI findings * style: fix StyleCI findings * fix(admin): don't enforce uniqueness for slugs on creation where customization isn't available * feat: throttle discord notifications * feat: adding announcement events * feat: adding invitation events * feat: adding user events * removing TODOs, localization will be evaluated later * bump dependencies before merge * Make anime index seeder rerunnable (#105) * fix(seeder): make anime index seeder rerunnable * style: fix StyleCI findings * fix(seeder): make anime resource seeder rerunnable (#106) * fix(seeders): make anime season seeder rerunnable (#108) * fix(seeders): make mal seeder rerunnable (#110) * fix(seeders): make anime themes rerunnable (#111) * fix(seeders): make anime themes seeder rerunnable * fix(seeders): handle business fish group * fix(seeders): make artist and series seeders rerunnable (#112) * fix(seeders): make artist song seeder rerunnable (#113) * fix(seeders): make database seed action rerunnable and comprehensive (#114) * Anilist artist seeders (#115) * #45, #80 feat(seeders): add artist resource & cover seeders * style: fix StyleCI findings * test: backfilling event dispatcher tests (#116) * test: backfilling event dispatcher tests * fix: pivot factory directory name * test: discord notifications (#117) * test: policies, discord embed fields, notifications (#118) * test: policies, discord embed fields, notifications * style: fix StyleCI findings * test: models (#119) * test: models * style: fix StyleCI findings * Test: pivots, jobs, mail, json api (#120) * test: pivots, jobs, mail, providers * style: fix StyleCI findings * test: add missing traits to persistent config test for github runner * test: remove provider unit test, should be feature or acceptance test * test: json api - anime, announcement, artist * test: json api - entry endpoints * test: json api - resource endpoints * test: json api - image endpoints * test: json api - series endpoints * test: json api - song endpoints * test: json api - synonym endpoints * test: json api - theme endpoints * test: json api - video endpoints * test: json api - year endpoints * Unit testing Nova (#128) * test: nova unit * style: fix StyleCI findings * #124 chore: php 8 readiness (#129) * #88 feat(api): add views to video resource, fix(api): collection transformation (#130) * Elastic payload filters [incremental] (#131) * #127 feat(api): add top-level filtering to search endpoint * style: fix StyleCI findings * Filter conditions (#132) * feat(api): support for advanced filtering criteria * style: fix StyleCI findings * fix(api): allow elastic host configuration (#133) * fix(api): date filters shall validate allowed formats, timestamp precision (#136) * feat(api): date filters should handle high precision time (#137) * fix(api): add tags to video resource for client slug (#138) * Soft deletes (#139) * feat(api): soft deletion for gatsby incremental builds * style: fix StyleCI findings * sensible defaults for config, test performance, enlightn (#140) * fix(config): default video subdomain, test: performance, chore: enlightn * test: performance fixes * test: fake asset before streaming * fix(config): updating out of date framework stubs, enlightn findings (#141) * fix(config): addressing enlightn findings, updating framework stubs * style: fix StyleCI findings * fix(config): match framework stubs for test runner * feat(config): add horizon dashboard (#142) * fix(config): adding secure headers (#143) * Enlightn pro (#144) * fix(config): enlightn pro * fix(config): fix tests * fix(config): add telescope (#145) * Upgrading jetstream config (#146) * fix(auth): upgrading jetstream stubs, enable terms, fix telescope and tests * style: fix StyleCI findings * fix: laravel-mix 6.0 upgrade * Jetstream ux refactor (#147) * fix(ux): adopt jetstream styling for guest pages * style: fix StyleCI findings * fix(ux): add announcement margin (#148) * feat(docs): adding encoding guides and guidelines (#149) * fix(ux): proper link to encoding guides (#150) * #153 fix: an attempt to address n+1 queries (#165) * #153 fix: an attempt to address n+1 queries * style: fix StyleCI findings * style: fix StyleCI findings * fix(seed): use guzzle client to retrieve contents of external pages (#167) * fix(seed): use guzzle to retrieve external page contents * style: fix StyleCI findings * fix: workflow * fix: workflow * #152 fix: trait for content streaming to optimize image retrieval (#168) * #152 fix: trait for content streaming to optimize image retrieval * style: fix StyleCI finding * fix: hotfix for elastic video index (#169) * #164 feat: add pivot timestamps & qualify conditions (#170) * feat: add pivot timestamps & qualify conditions * fix: remove audits from pivots * #157, #158 feat(docs): add Community & Event subreddit wiki pages (#171) * #157, #158 feat(docs): add Community & Event subreddit wiki pages * refactor: generate URLs * fix(api): add condition for elastic search payload to prevent engine exception (#172) * fix(api): add condition for elastic search payload to prevent engine exception * style: fix StyleCI findings * fix(seed): fail silently if an external service raises an internal exception (#173) * #125 feat(auth): replace user role with jetstream teams (#176) * #125 feat(auth): replace user role with jetstream teams * style: fix StyleCI findings * Onboarding friendliness (#180) * fix: onboarding friendliness, video routing, config best practices, update stubs * style: address StyleCI findings * fix(discord): embed styling updates (#181) * fix(discord): do not raise events on restore save operation (#182) * fix(redis): detect redis enabled, optimize throttling, only use redis is enabled (#183) * fix(redis): named rate limiters expect a specific number of arguments (#184) * #155 fix(api): changing resource inclusion strategy defaults (#185) * fix(api): changing resource inclusion strategy defaults * style: fix StyleCI findings * fix(tests): missed an instance of docs that incorrectly state that all allowed resources are included by default * fix(api): adding missing checks for strictness of query string structure (#186) * feat(api): pagination strategies and constrained eager loads for search (#187) * feat(search): allow filter conditions in elasticsearch payload (#188) * #155 fix(api): don't default to max allowed paging results, trim allowed includes (#190) * fix(api): don't default to max allowed paging results, trim allowed includes * style: fix StyleCI findings * style: fix StyleCI findings * chore: adding favicon, new common position, bumping dependencies (#191) * chore: add favicon, bump dependencies, add new common position * fix(test): specify max page size for announcement index tests * feat(admin): add unlinked videos lens (#194) * #159 fix(admin): adding date range filters for timestamps (#196) * #159 fix(admin): adding date range filters for timestamps * style: fix StyleCI finding * chore: bump dependencies, framework updates, optimize events & policies & seeders (#198) * chore: bump dependencies, framework updates, optimize events & policies & seeders * style: fix StyleCI findings * Transparency (#197) * feat: initial commit for transparency models * style: fix StyleCI findings * feat(transparency): starting landing page * style: fix StyleCI findings * refactor: namespace for billing models * style: fix StyleCI findings * fix(transparency): adding subheadings and better styling for readability * feat(transparency): add filtering and validation * style: fix StyleCI findings * refactor: reconcile against repositories, feat(transparency): reconcile balances, test: donate, transparency * style: fix StyleCI findings * fix: transaction reconcilation, selected month * fix: balance/transaction reconcilation tests * style: fix StyleCI findings * chore: bump dependencies, update stubs, doc & naming cleanup (#199) * chore: bump dependencies, update stubs, doc & naming cleanup * fix: revert change to resend invitation messages * chore: addressing phpstorm code inspection findings (#200) * refactor: phpstorm linting * style: fix StyleCI findings * style: StyleCI should use PHP 8 * style: fix StyleCI findings * feat: enable event discovery, fix: strict typing & lazy loading errors (#201) * chore: bump dependencies (#202) * fix: transparency filtering, fix: psalm findings, chore: plural types in docs (#205) * fix: transparency filtering, fix: psalm findings, chore: plural types in docs * style: fix StyleCI findings * style: fix StyleCI findings * fix: strict type errors in seeders * fix(transparency): restore ordering & adjust reconcile job time, refactor: use lambdas in reconcile traits for comparison (#206) * fix(transparency): restore ordering & adjust reconcile job time, refactor: use lambdas in reconcile traits for comparison * style: fix StyleCI findings * Chore 2021 06 07 (#210) * chore: strict type exception, best OP IX, ordering, first-pass namespacing cleanup * style: fix StyleCI findings * style: fix StyleCI findings * chore: bump dependencies (#212) * Namespacing (#214) * refactor: model namespacing * style: fix StyleCI findings * feat(api): validate filter values for integer columns, chore: update improvement & host docs (#215) * feat(api): validate filter values for integer columns, chore: update improvement & host docs * forgot the test class * style fixes * chore: bump dependencies (#216) * #213 feat(config): support read and write connections (#217) * fix(auth): remove registration link from team invitation mail (#218) * #219 feat(queue): schedule pruned failed jobs command (#224) * fix(api): support discovery of elasticsearch query payloads by matching property for namespacing concerns (#227) * fix(admin): editors should be able to create songs for themes, resource strict type error (#228) * #44 feat(api): migrating docs from swagger to vuepress (#230) * Test nova namespacing (#235) * chore: bump dependencies, refactor: test & nova namespacing * style: fix StyleCI findings * feat(db): schedule daily animethemes-web db-plugin dump (#236) * feat(db): schedule daily animethemes-web db-plugin dump (#237) * fix(api): addressing strict type errors for top-level elasticsearch filter value (#239) * fix(api): allow sorting on searches (#241) * #208, #220 feat(api): add like operator and additional filters [incremental] (#242) * feat(api): add like and not like operators * #208, #220 feat(api): add like operator and additional filters [incremental] * fix(auth): use signed URLs for invite-only registrations (#243) * #203 fix(auth): use signed URLs for invite-only registrations * #203 style: fix StyleCI * #203 fix(auth): remove psalm annotations * #203 fix(auth): exclude sensitive data from parameter logging * #203 fix(auth): exclude sensitive data from parameter logging * #203 fix(auth): exclude sensitive data from parameter logging * #208 feat(api): adding id filters (#244) * feat(api): add id columns, fix(auth): remove fortify register route * style: fix StyleCI findings * fix(api): mismatched class comments * fix(console): we have to assume that the video disk uses the s3 driver (#245) * chore: use http facade instead of guzzle client (#246) * chore: use http facade instead of guzzle * style: fix StyleCI findings * fix(transparency): change type for transaction external id column (#247) * fix(views): hide view recording behind feature flag in middleware layer (#248) * #162 feat(console): prune stale database dumps (#249) * chore: bumping dependencies (#250) * #77 feat(api): add random sort & allow sort key-column mutation, refactor: use data facade & extract criteria / parsers from api query (#251) * feat(api): add random sort & allow sort key-column mutation, refactor: use date facade & extract criteria/parsers from api query * style: fix StyleCI findings * refactor: make criteria function names consistent * fix(api): enum filters should use description instead of key (#252) * chore: fix namespace of tests for PSR-4 compliance (#253) * fix(api): sort criteria should be applied to sorts in order (#254) * fix(api): circumvent exception caused by entry version field mapping (#255) * #42 fix: namespace nested anime types [incremental] (#256) * #42 fix: namespace nested anime types * style: fix StyleCI findings * fix: delete new migrations * #42 fix(api): nested api resources (#257) * #42 fix(api): nested api resources * style: fix StyleCI findings * fix(api): fix limit parsing for pagination strategy (#258) * fix(api): rename search indices to match table names (#259) * chore: bump dependencies (#260) * #72 feat(api): initial commit for studio resource (#261) * #72 feat(api): initial commit for studio resource * style: fix StyleCI finding * fix: rollback faker change (#262) * fix(admin): addressing staging exceptions (#263) * fix(api): make studio collection wrap plural (#264) * feat(api): add relation sort (#265) * feat(api): add relation sort * style: fix StyleCI findings * #160 feat(api): initial implementation of relation filter (#266) * feat(api): initial implementation of relation filter * style: fix StyleCI findings * chore: apply select binding to query builder to reduce memory footprint (#267) * chore: apply select binding to query builder to reduce memory footprint * fix: always include name attributes * feat(api): initial commit for api form requests (#268) * feat(api): initial commit for api form requests * style: fix StyleCI findings * fix(api): correcting year index, abstracting search rules * feat(api): validate sparse fieldsets (#269) * feat(api): validate api sparse fieldsets * style: fix StyleCI findings * chore: bump & prune dependencies, update stubs, address static analysis findings (#270) * chore: bump & prune dependencies, update stubs, address static analysis findings * chore: bump static analysis level * test: use new lazily refresh database trait (#271) * test: use new lazily refresh database trait for test cases * style: fix StyleCI findings * fix(api): address exceptions for resource inclusion in search endpoint & minimize requests (#272) * fix(api): address exceptions for resource inclusion in search endpoint & minimize requests * style: fix StyleCI findings * fix(api): revert search resource inclusion fix (#273) * fix(api): plurality of resource wrap should be consistent (#274) * chore: add static analysis github action (#275) * chore: add static analysis action * chore: test static analysis failure * chore: revert * chore: rename static analysis job * chore: add badge to readme * [WIP] StudioResource pivot table (#277) * Added app.css and app.js to .gitignore * Created migration for the studio resource pivot * Created studio resource pivot class * Created relations in Studio and ExternalResource for pivot table * Added StudioResource table to database dump command * Created Events for StudioResource pivot * Added allowed include to Studio and External Resource schema * Created StudioResourceFactory * Added StudioResource attributes to the json resource * Added relations to nova resources * Created new policies for StudioResource pivot * Created unit tests for StudioResource pivot * Apply fixes from StyleCI * Fixed $allowedTables sorting * Fixed various mistakes found in code review. * Apply fixes from StyleCI * Fixed ordering of ATTRIBUTE constants * Fixed mistakes found in 2nd code review. * Apply fixes from StyleCI * Added StudioResourcePivot to StudioSchema fields * Fixed nova "studios" resource in ExternalResource * Apply fixes from StyleCI Co-authored-by: ProWeebDev <ProWeebDev@users.noreply.github.com> Co-authored-by: vagrant <vagrant@homestead> * chore: bump dependencies, stub updates, use framework casting for enums, arrow functions (#278) * fix(admin): unlinked resource lens should consider studio relation (#279) * fix(db): seed studio resources when seeding anime studios (#282) * #72 fix(admin): add lenses for studio resources (#283) * fix(admin): add lenses for studio resources * style: fix StyleCI findings * fix(admin): check feature flags before handling jobs or notifications (#284) * fix(admin): check feature flags before handling job or notification, relation cleanup in events * style: fix StyleCI findings * feat(api): add config item endpoints & make featured theme configurable (#285) * feat(api): add config item endpoints & make featured theme configurable * feat(api): add config item endpoints & make featured theme configurable [missing config file] * fix(seed): support 2022 & mal client ID header, chore: bump dependencies & stubs (#286) * chore: adopt constructor property promotion prior to php 8.1 upgrade (#287) * chore: adopt constructor property promotion * style: fix StyleCI findings * API Query Types (#288) * fix(api): extract query & search service types, chore: bump dependencies & update stubs * style: fix StyleCI findings * fix: bump incompatible dependencies * test: restore quietly (#289) * fix(console): only allow includeTables option in db dump for sqlite v3.32.0+ (#290) * chore: void typehint, static access fixes, reduce regex, unwrap variables, avoid magic method accessors, grammar & typos (#291) * chore: prune middleware stubs (#292) * chore: prune middleware stubs * chore: prune middleware stubs - forgot modified files * fix: prefer raising exceptions to failing silently or exiting early [incremental] (#293) * fix: prefer raising exceptions to failing silently or exiting early * style: address StyleCI findings * fix: prefer raising exceptions to failing silently or exiting early (#294) * feat: adding pages resource (#296) * feat: add pages resource * style: address StyleCI findings * chore: fix links, missing admin config, buggy test (#297) * Search validation (#298) * feat(api): validate search endpoint parameters [incremental] * style: fix StyleCI findings * feat(api): add scoping to sorts & cleanup validation for endpoints (#299) * fix(api): conditionally validate filter values [incremental] (#300) * fix(api): conditionally validate filter values * style: fix StyleCI findings * feat: update to laravel 9 (#301) * feat: update to Laravel 9 * fix(test): force update of phpstan by removing enlightn & addressing new static analysis findings * style: address StyleCI finding * upgrade to php 8.1 (#302) * feat: upgrade to php 8.1 * test: fix test configuration * feat(api): support select clause for api queries (#303) * feat(api): support select clause for api queries * style: fix StyleCI findings * fix(api): some fields for video resources were the wrong type * chore: update dependencies (#304) * feat(console): add ability to dump document-related database tables (#305) * feat(api): validate allowed filter types [incremental] (#306) * feat(api): validate allowed filter types [incremental] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: framework & anime implementation] (#307) * feat(api): support extended write endpoints [incremental: framework & anime implementation] * style: fix StyleCI findings * fix(api): write endpoints need to check token ability as well as policy ability * feat(api): support extended write endpoints [incremental: artists] (#308) * feat(api): support extended write endpoints [incremental: external resources] (#309) * feat(api): support extended write endpoints [incremental: external resources] * feat(api): support extended write endpoints [incremental: external resources] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: series] (#310) * feat(api): support extended write endpoints [incremental: songs] (#311) * feat(api): support extended write endpoints [incremental: studios] (#312) * fix(api): support extended write endpoints [incremental: synonyms] (#313) * feat(api): support extended write endpoints [incremental: synonyms] * fix(tests): don't create slug that violates constraint * feat(api): support extended write endpoints [incremental: themes] (#314) * feat(api): support extended write endpoints [incremental: entries] (#315) * feat(api): support extended write endpoints [incremental: entries] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: announcements] (#316) * feat(api): support extended write endpoints [incremental: announcements] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: videos] (#317) * feat(api): support extended write endpoints [incremental: videos] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: pages] (#318) * feat(api): support extended write endpoints [incremental: pages] * style: fix StyleCI findings * feat(api): support extended write endpoints [incremental: balances] (#319) * feat(api): support extended write endpoints [incremental: transactions] (#320) * feat(api): support extended write endpoints [incremental: images] (#321) * Delete reddit seeders (#322) * fix(db): remove reddit seeders * fix(db): remove reddit seeders - update seeder * fix(api): don't serve images from laravel * chore: update dependencies & stubs (#323) * chore: update dependencies & stubs * fix: update dependency version constraints * refactor: discover routes in controller attributes (#324) * feat(admin): update to Nova V4 (#325) * feat(admin): update to Nova V4 * style: fix StyleCI findings * fix(admin): address exceptions & apply fixes from day 1 patches (#326) * feat(admin): Added AnimeThemes branding to Nova (#327) * fix(admin): explicitly declare searchable columns as columns (#328) * fix(admin): explicitly declare searchable columns as columns * fix(admin): missing removal of searchable column declaration on synonyms * feat(admin): add subtitles to distinguish entries in searches (#329) * feat(admin): backfill anime studios & make resources actionable (#330) * feat(admin): backfill anime studios & make resources actionable * style: fix StyleCI findings * feat(admin): support db queue connection (#331) * feat(admin): backfill anime kitsu resources (#332) * feat(admin): backfill anime kitsu resources * style: fix StyleCI findings * fix(admin): add theme from song (#333) * feat(elastic): Improved search query payload for anime (#334) * feat(admin): backfill anidb resources (#335) * feat(admin): backfill anidb resources * style: address StyleCI findings * fix(admin): address eager loading with resource fields (#336) * feat(api): allow client to bypass API rate limiter (#337) * refactor: backfill anime should not require a specific external resource site (#338) * refactor: backfill anime should not require a specific external resource site * style: fix StyleCI findings * fix: fall-through anime studio backfilling * feat(admin): backfill ann anime studios (#339) * feat(api): Added allowed include paths needed for client (#340) * feat(admin): backfill anilist anime resources (#341) * feat(admin): backfill mal resources (#342) * feat(admin): backfill mal resources * style: fix StyleCI findings * feat(admin): backfill ann resources (#343) * fix(admin): fix admin & moderation gates (#344) * feat(admin): backfill anime images (#347) * feat(admin): backfill anime images * style: fix StyleCI findings * Update videos controller to serve videos through nginx (#346) * Update videos controller to serve videos through nginx The proposed change will pass the video through nginx instead of using PHP. * refactor: use default response & update tests * style: fix StyleCI findings Co-authored-by: paranarimasu <33796518+paranarimasu@users.noreply.github.com> * chore: nginx redirect hotfix, remove reconciliation scheduler task & bump nova (#348) * fix(admin): make nested types discoverable & make relations filterable (#349) * fix(admin): make nested types discoverable & make relations filterable * fix(admin): policy functions for nested types were named incorrectly * Admin deletion notifications (#350) * feat(admin): notify admins of soft deletions for review * style: fix StyleCI findings * Chore 2022 04 27 (#351) * chore: bump dependencies & address admin config errors * style: fix StyleCI finding * feat(admin): allow backfilling multiple anime & fixing resource reconciliation (#352) * feat(console): allow video reconciliation against a specific path (#353) * refactor(events): use covariance to build proper type hierarchy for event classes (#354) * chore: bump dependencies (#355) * chore: bump dependencies * style: fix StyleCI findings * chore: prune instance of make & update sanctum token expiration (#356) * feat: replace jetstream teams with spatie permissions (#357) * feat: replace jetstream teams with spatie permissions * style: fix StyleCI findings * style: fix StyleCI finding * fix(tests): address performance issues with seeding permissions * style: fix StyleCI finding * fix(admin): disable wildcard permissions due to performance issues * fix: remove abilities from permission resource * fix: make migrations more fault proof, support db cache & fix user factory permission creation * chore: bump dependencies, fix(admin): a few QoL changes (#358) * fix(admin): make resource field dependency more nullsafe to accommodate official sites (#359) * chore: bumping dependencies, updating stubs & cleanup sweep (#360) * chore: bumping dependencies, updating stubs & cleanup sweep * style: fix StyleCI findings * fix(api): fix discovery of ES Query Payload classes after namespace refactor (#361) * fix(api): has filter validation (#362) * feat: log authentication events, chore: another cleanup sweep (#370) * feat: log authentication events, chore: another cleanup sweep * test: remove status code assertion for test runner env * test: remove streaming test to prevent exception in test runner * chore: bump minimum required laravel framework version * fix(api): support sorting on text fields in elasticsearch queries (#371) * feat(api): filter on keyword multifield for text mappings (#372) * chore: bump dependencies (#373) * chore: bump dependencies * fix: suppress false positive static analysis finding * feat: use permission to determine if api rate limiter can be bypassed (#374) * fix(api): use animethemeentryvideo pivot for featured theme (#375) * fix(api): add missing featured theme relations (#376) * fix(api): song.title relation sort for theme search index (#377) * fix(api): register all sort criteria at once to avoid overriding (#378) * feat: support customization of domains and paths of route groups (#379) * feat: support customization of domains and paths of route groups * fix fallback test url * style: fix StyleCI finding * fix: video url should not append path by default (#380) * fix: remove old database migrations & update robots.txt Co-authored-by: ProWeebDev <34277874+ProWeebDev@users.noreply.github.com> Co-authored-by: ProWeebDev <ProWeebDev@users.noreply.github.com> Co-authored-by: vagrant <vagrant@homestead> Co-authored-by: Manuel S <ManuelDevelopment@users.noreply.github.com>
664 lines
16 KiB
PHP
664 lines
16 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
return [
|
|
|
|
/*
|
|
* Server
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server
|
|
*
|
|
* Note: when server is empty string, it will not add to response header
|
|
*/
|
|
|
|
'server' => '',
|
|
|
|
/*
|
|
* X-Content-Type-Options
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
|
*
|
|
* Available Value: 'nosniff'
|
|
*/
|
|
|
|
'x-content-type-options' => 'nosniff',
|
|
|
|
/*
|
|
* X-Download-Options
|
|
*
|
|
* Reference: https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
|
|
*
|
|
* Available Value: 'noopen'
|
|
*/
|
|
|
|
'x-download-options' => 'noopen',
|
|
|
|
/*
|
|
* X-Frame-Options
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
*
|
|
* Available Value: 'deny', 'sameorigin', 'allow-from <uri>'
|
|
*/
|
|
|
|
'x-frame-options' => 'sameorigin',
|
|
|
|
/*
|
|
* X-Permitted-Cross-Domain-Policies
|
|
*
|
|
* Reference: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
|
|
*
|
|
* Available Value: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename'
|
|
*/
|
|
|
|
'x-permitted-cross-domain-policies' => 'none',
|
|
|
|
/*
|
|
* X-Powered-By
|
|
*
|
|
* Note: it will not add to response header if the value is empty string.
|
|
*/
|
|
|
|
'x-powered-by' => '',
|
|
|
|
/*
|
|
* X-XSS-Protection
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
|
*
|
|
* Available Value: '1', '0', '1; mode=block'
|
|
*/
|
|
|
|
'x-xss-protection' => '1; mode=block',
|
|
|
|
/*
|
|
* Referrer-Policy
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
|
*
|
|
* Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin',
|
|
* 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
|
|
*/
|
|
|
|
'referrer-policy' => 'no-referrer',
|
|
|
|
/*
|
|
* Clear-Site-Data
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
|
|
*/
|
|
|
|
'clear-site-data' => [
|
|
'enable' => (bool) env('ENABLE_CLEAR_SITE_DATA', false),
|
|
|
|
'all' => false,
|
|
|
|
'cache' => true,
|
|
|
|
'cookies' => true,
|
|
|
|
'storage' => true,
|
|
|
|
'executionContexts' => true,
|
|
],
|
|
|
|
/*
|
|
* HTTP Strict Transport Security
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
|
|
*
|
|
* Please ensure your website had set up ssl/tls before enable hsts.
|
|
*/
|
|
|
|
'hsts' => [
|
|
'enable' => (bool) env('ENABLE_HSTS', false),
|
|
|
|
'max-age' => 31536000,
|
|
|
|
'include-sub-domains' => false,
|
|
|
|
'preload' => false,
|
|
],
|
|
|
|
/*
|
|
* Expect-CT
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
|
|
*/
|
|
|
|
'expect-ct' => [
|
|
'enable' => (bool) env('ENABLE_EXPECT_CT', false),
|
|
|
|
'max-age' => 2147483648,
|
|
|
|
'enforce' => false,
|
|
|
|
// report uri must be absolute-URI
|
|
'report-uri' => null,
|
|
],
|
|
|
|
/*
|
|
* Permissions Policy
|
|
*
|
|
* Reference: https://w3c.github.io/webappsec-permissions-policy/
|
|
*/
|
|
|
|
'permissions-policy' => [
|
|
'enable' => (bool) env('ENABLE_PERMISSIONS_POLICY', false),
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/accelerometer
|
|
'accelerometer' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/ambient-light-sensor
|
|
'ambient-light-sensor' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay
|
|
'autoplay' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/battery
|
|
'battery' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/camera
|
|
'camera' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://www.chromestatus.com/feature/5690888397258752
|
|
'cross-origin-isolated' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture
|
|
'display-capture' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain
|
|
'document-domain' => [
|
|
'none' => false,
|
|
|
|
'*' => true,
|
|
|
|
'self' => false,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/encrypted-media
|
|
'encrypted-media' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://wicg.github.io/page-lifecycle/#execution-while-not-rendered
|
|
'execution-while-not-rendered' => [
|
|
'none' => false,
|
|
|
|
'*' => true,
|
|
|
|
'self' => false,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://wicg.github.io/page-lifecycle/#execution-while-out-of-viewport
|
|
'execution-while-out-of-viewport' => [
|
|
'none' => false,
|
|
|
|
'*' => true,
|
|
|
|
'self' => false,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/fullscreen
|
|
'fullscreen' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/geolocation
|
|
'geolocation' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/gyroscope
|
|
'gyroscope' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/magnetometer
|
|
'magnetometer' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/microphone
|
|
'microphone' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/midi
|
|
'midi' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://drafts.csswg.org/css-nav-1/
|
|
'navigation-override' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/payment
|
|
'payment' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/picture-in-picture
|
|
'picture-in-picture' => [
|
|
'none' => false,
|
|
|
|
'*' => true,
|
|
|
|
'self' => false,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials-get
|
|
'publickey-credentials-get' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/screen-wake-lock
|
|
'screen-wake-lock' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/sync-xhr
|
|
'sync-xhr' => [
|
|
'none' => false,
|
|
|
|
'*' => true,
|
|
|
|
'self' => false,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/usb
|
|
'usb' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/web-share
|
|
'web-share' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking
|
|
'xr-spatial-tracking' => [
|
|
'none' => false,
|
|
|
|
'*' => false,
|
|
|
|
'self' => true,
|
|
|
|
'origins' => [],
|
|
],
|
|
],
|
|
|
|
/*
|
|
* Content Security Policy
|
|
*
|
|
* Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
|
|
*/
|
|
|
|
'csp' => [
|
|
'enable' => (bool) env('ENABLE_CSP', true),
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
|
|
'report-only' => false,
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
|
|
'report-to' => '',
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
|
|
'report-uri' => [
|
|
// uri
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content
|
|
'block-all-mixed-content' => false,
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
|
|
'upgrade-insecure-requests' => false,
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
|
|
'base-uri' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src
|
|
'child-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
|
|
'connect-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
|
|
'default-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
|
|
'font-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action
|
|
'form-action' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
|
|
'frame-ancestors' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
|
|
'frame-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
|
|
'img-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
|
|
'manifest-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src
|
|
'media-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to
|
|
'navigate-to' => [
|
|
'unsafe-allow-redirects' => false,
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src
|
|
'object-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/plugin-types
|
|
'plugin-types' => [
|
|
// 'application/pdf',
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src
|
|
'prefetch-src' => [
|
|
//
|
|
],
|
|
|
|
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#integration-with-content-security-policy
|
|
'require-trusted-types-for' => [
|
|
'script' => false,
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
|
|
'sandbox' => [
|
|
'enable' => false,
|
|
|
|
'allow-downloads-without-user-activation' => false,
|
|
|
|
'allow-forms' => false,
|
|
|
|
'allow-modals' => false,
|
|
|
|
'allow-orientation-lock' => false,
|
|
|
|
'allow-pointer-lock' => false,
|
|
|
|
'allow-popups' => false,
|
|
|
|
'allow-popups-to-escape-sandbox' => false,
|
|
|
|
'allow-presentation' => false,
|
|
|
|
'allow-same-origin' => false,
|
|
|
|
'allow-scripts' => false,
|
|
|
|
'allow-storage-access-by-user-activation' => false,
|
|
|
|
'allow-top-navigation' => false,
|
|
|
|
'allow-top-navigation-by-user-activation' => false,
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
|
|
'script-src' => [
|
|
'none' => false,
|
|
|
|
'self' => false,
|
|
|
|
'report-sample' => false,
|
|
|
|
'allow' => [
|
|
// 'url',
|
|
],
|
|
|
|
'schemes' => [
|
|
// 'data:',
|
|
// 'https:',
|
|
],
|
|
|
|
/* followings are only work for `script` and `style` related directives */
|
|
|
|
'unsafe-inline' => false,
|
|
|
|
'unsafe-eval' => false,
|
|
|
|
// https://www.w3.org/TR/CSP3/#unsafe-hashes-usage
|
|
'unsafe-hashes' => false,
|
|
|
|
// Enable `strict-dynamic` will *ignore* `self`, `unsafe-inline`,
|
|
// `allow` and `schemes`. You can find more information from:
|
|
// https://www.w3.org/TR/CSP3/#strict-dynamic-usage
|
|
'strict-dynamic' => false,
|
|
|
|
'hashes' => [
|
|
'sha256' => [
|
|
// 'sha256-hash-value-with-base64-encode',
|
|
],
|
|
|
|
'sha384' => [
|
|
// 'sha384-hash-value-with-base64-encode',
|
|
],
|
|
|
|
'sha512' => [
|
|
// 'sha512-hash-value-with-base64-encode',
|
|
],
|
|
],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-attr
|
|
'script-src-attr' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem
|
|
'script-src-elem' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
|
|
'style-src' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-attr
|
|
'style-src-attr' => [
|
|
//
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-elem
|
|
'style-src-elem' => [
|
|
//
|
|
],
|
|
|
|
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive
|
|
'trusted-types' => [
|
|
'enable' => false,
|
|
|
|
'allow-duplicates' => false,
|
|
|
|
'default' => false,
|
|
|
|
'policies' => [
|
|
//
|
|
],
|
|
],
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
|
|
'worker-src' => [
|
|
//
|
|
],
|
|
],
|
|
];
|