Browse Source

Advanced application enhancements.

- Turned on CSRF validation by default.
- Added access control for login, signup and logout for frontend application.
- Added access control for login, logout and index for backend application.
- YII_ENV is now defined for all applications.
- No trace is writted to logs if debug is turned off.
- Added default error view for frontend and backend.
- In frontend application captcha will always ask for "testme" if YII_ENV is defined as "test".
tags/2.0.0-beta
Alexander Makarov 11 years ago
parent
commit
f5778b6bf0
  1. 8
      apps/advanced/backend/config/main.php
  2. 30
      apps/advanced/backend/controllers/SiteController.php
  3. 29
      apps/advanced/backend/views/site/error.php
  4. 2
      apps/advanced/environments/dev/backend/web/index.php
  5. 3
      apps/advanced/environments/dev/frontend/web/index.php
  6. 1
      apps/advanced/environments/dev/yii
  7. 2
      apps/advanced/environments/prod/backend/web/index.php
  8. 3
      apps/advanced/environments/prod/frontend/web/index.php
  9. 1
      apps/advanced/environments/prod/yii
  10. 8
      apps/advanced/frontend/config/main.php
  11. 26
      apps/advanced/frontend/controllers/SiteController.php
  12. 29
      apps/advanced/frontend/views/site/error.php

8
apps/advanced/backend/config/main.php

@ -17,13 +17,16 @@ return array(
'modules' => array( 'modules' => array(
), ),
'components' => array( 'components' => array(
'request' => array(
'enableCsrfValidation' => true,
),
'db' => $params['components.db'], 'db' => $params['components.db'],
'cache' => $params['components.cache'], 'cache' => $params['components.cache'],
'user' => array( 'user' => array(
'class' => 'yii\web\User',
'identityClass' => 'common\models\User', 'identityClass' => 'common\models\User',
), ),
'log' => array( 'log' => array(
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => array( 'targets' => array(
array( array(
'class' => 'yii\log\FileTarget', 'class' => 'yii\log\FileTarget',
@ -31,6 +34,9 @@ return array(
), ),
), ),
), ),
'errorHandler' => array(
'errorAction' => 'site/error',
),
), ),
'params' => $params, 'params' => $params,
); );

30
apps/advanced/backend/controllers/SiteController.php

@ -8,6 +8,36 @@ use common\models\LoginForm;
class SiteController extends Controller class SiteController extends Controller
{ {
public function behaviors()
{
return array(
'access' => array(
'class' => \yii\web\AccessControl::className(),
'rules' => array(
array(
'actions' => array('login'),
'allow' => true,
'roles' => array('?'),
),
array(
'actions' => array('logout', 'index'),
'allow' => true,
'roles' => array('@'),
),
),
),
);
}
public function actions()
{
return array(
'error' => array(
'class' => 'yii\web\ErrorAction',
),
);
}
public function actionIndex() public function actionIndex()
{ {
return $this->render('index'); return $this->render('index');

29
apps/advanced/backend/views/site/error.php

@ -0,0 +1,29 @@
<?php
use yii\helpers\Html;
/**
* @var yii\base\View $this
* @var string $name
* @var string $message
* @var Exception $exception
*/
$this->title = $name;
?>
<div class="site-error">
<h1><?php echo Html::encode($this->title); ?></h1>
<div class="alert alert-danger">
<?php echo nl2br(Html::encode($message)); ?>
</div>
<p>
The above error occurred while the Web server was processing your request.
</p>
<p>
Please contact us if you think this is a server error. Thank you.
</p>
</div>

2
apps/advanced/environments/dev/backend/web/index.php

@ -1,6 +1,6 @@
<?php <?php
// comment out the following line to disable debug mode
defined('YII_DEBUG') or define('YII_DEBUG', true); defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');
require(__DIR__ . '/../../vendor/autoload.php'); require(__DIR__ . '/../../vendor/autoload.php');
require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php'); require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

3
apps/advanced/environments/dev/frontend/web/index.php

@ -1,7 +1,6 @@
<?php <?php
// comment out the following line to disable debug mode
defined('YII_DEBUG') or define('YII_DEBUG', true); defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');
require(__DIR__ . '/../../vendor/autoload.php'); require(__DIR__ . '/../../vendor/autoload.php');
require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php'); require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

1
apps/advanced/environments/dev/yii

@ -9,6 +9,7 @@
*/ */
defined('YII_DEBUG') or define('YII_DEBUG', true); defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');
// fcgi doesn't have STDIN defined by default // fcgi doesn't have STDIN defined by default
defined('STDIN') or define('STDIN', fopen('php://stdin', 'r')); defined('STDIN') or define('STDIN', fopen('php://stdin', 'r'));

2
apps/advanced/environments/prod/backend/web/index.php

@ -1,6 +1,6 @@
<?php <?php
// comment out the following line to disable debug mode
defined('YII_DEBUG') or define('YII_DEBUG', false); defined('YII_DEBUG') or define('YII_DEBUG', false);
defined('YII_ENV') or define('YII_ENV', 'prod');
require(__DIR__ . '/../../vendor/autoload.php'); require(__DIR__ . '/../../vendor/autoload.php');
require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php'); require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

3
apps/advanced/environments/prod/frontend/web/index.php

@ -1,7 +1,6 @@
<?php <?php
// comment out the following line to disable debug mode
defined('YII_DEBUG') or define('YII_DEBUG', false); defined('YII_DEBUG') or define('YII_DEBUG', false);
defined('YII_ENV') or define('YII_ENV', 'prod');
require(__DIR__ . '/../../vendor/autoload.php'); require(__DIR__ . '/../../vendor/autoload.php');
require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php'); require(__DIR__ . '/../../vendor/yiisoft/yii2/yii/Yii.php');

1
apps/advanced/environments/prod/yii

@ -9,6 +9,7 @@
*/ */
defined('YII_DEBUG') or define('YII_DEBUG', false); defined('YII_DEBUG') or define('YII_DEBUG', false);
defined('YII_ENV') or define('YII_ENV', 'prod');
// fcgi doesn't have STDIN defined by default // fcgi doesn't have STDIN defined by default
defined('STDIN') or define('STDIN', fopen('php://stdin', 'r')); defined('STDIN') or define('STDIN', fopen('php://stdin', 'r'));

8
apps/advanced/frontend/config/main.php

@ -17,13 +17,16 @@ return array(
'gii' => 'yii\gii\Module' 'gii' => 'yii\gii\Module'
), ),
'components' => array( 'components' => array(
'request' => array(
'enableCsrfValidation' => true,
),
'db' => $params['components.db'], 'db' => $params['components.db'],
'cache' => $params['components.cache'], 'cache' => $params['components.cache'],
'user' => array( 'user' => array(
'class' => 'yii\web\User',
'identityClass' => 'common\models\User', 'identityClass' => 'common\models\User',
), ),
'log' => array( 'log' => array(
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => array( 'targets' => array(
array( array(
'class' => 'yii\log\FileTarget', 'class' => 'yii\log\FileTarget',
@ -31,6 +34,9 @@ return array(
), ),
), ),
), ),
'errorHandler' => array(
'errorAction' => 'site/error',
),
), ),
'params' => $params, 'params' => $params,
); );

26
apps/advanced/frontend/controllers/SiteController.php

@ -12,11 +12,37 @@ use yii\helpers\Security;
class SiteController extends Controller class SiteController extends Controller
{ {
public function behaviors()
{
return array(
'access' => array(
'class' => \yii\web\AccessControl::className(),
'only' => array('login', 'logout', 'signup'),
'rules' => array(
array(
'actions' => array('login', 'signup'),
'allow' => true,
'roles' => array('?'),
),
array(
'actions' => array('logout'),
'allow' => true,
'roles' => array('@'),
),
),
),
);
}
public function actions() public function actions()
{ {
return array( return array(
'error' => array(
'class' => 'yii\web\ErrorAction',
),
'captcha' => array( 'captcha' => array(
'class' => 'yii\captcha\CaptchaAction', 'class' => 'yii\captcha\CaptchaAction',
'fixedVerifyCode' => YII_ENV_TEST ? 'testme' : null,
), ),
); );
} }

29
apps/advanced/frontend/views/site/error.php

@ -0,0 +1,29 @@
<?php
use yii\helpers\Html;
/**
* @var yii\base\View $this
* @var string $name
* @var string $message
* @var Exception $exception
*/
$this->title = $name;
?>
<div class="site-error">
<h1><?php echo Html::encode($this->title); ?></h1>
<div class="alert alert-danger">
<?php echo nl2br(Html::encode($message)); ?>
</div>
<p>
The above error occurred while the Web server was processing your request.
</p>
<p>
Please contact us if you think this is a server error. Thank you.
</p>
</div>
Loading…
Cancel
Save