add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks - Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists - Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services - Add Microsoft OIDC SSO, API token management, and user lifecycle features - Add swagger-ui vendor integration and OpenAPI spec - Add production Docker setup and bin/ scripts - Update composer dependencies, config, templates, and frontend assets throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -6,6 +6,7 @@ use MintyPHP\Repository\Settings\SettingRepository;
|
||||
use MintyPHP\Repository\Tenant\TenantRepository;
|
||||
use MintyPHP\Repository\Access\RoleRepository;
|
||||
use MintyPHP\Repository\Org\DepartmentRepository;
|
||||
use MintyPHP\Support\Crypto;
|
||||
|
||||
class SettingService
|
||||
{
|
||||
@@ -18,6 +19,12 @@ class SettingService
|
||||
public const APP_THEME_USER_KEY = 'app_theme_user';
|
||||
public const APP_REGISTRATION_KEY = 'app_registration';
|
||||
public const APP_PRIMARY_COLOR_KEY = 'app_primary_color';
|
||||
public const API_TOKEN_DEFAULT_TTL_DAYS_KEY = 'api_token_default_ttl_days';
|
||||
public const API_TOKEN_MAX_TTL_DAYS_KEY = 'api_token_max_ttl_days';
|
||||
public const API_CORS_ALLOWED_ORIGINS_KEY = 'api_cors_allowed_origins';
|
||||
public const MICROSOFT_SHARED_CLIENT_ID_KEY = 'microsoft_shared_client_id';
|
||||
public const MICROSOFT_SHARED_CLIENT_SECRET_ENC_KEY = 'microsoft_shared_client_secret_enc';
|
||||
public const MICROSOFT_AUTHORITY_KEY = 'microsoft_authority';
|
||||
public const SMTP_HOST_KEY = 'smtp_host';
|
||||
public const SMTP_PORT_KEY = 'smtp_port';
|
||||
public const SMTP_USER_KEY = 'smtp_user';
|
||||
@@ -25,6 +32,16 @@ class SettingService
|
||||
public const SMTP_SECURE_KEY = 'smtp_secure';
|
||||
public const SMTP_FROM_KEY = 'smtp_from';
|
||||
public const SMTP_FROM_NAME_KEY = 'smtp_from_name';
|
||||
public const USER_INACTIVITY_DEACTIVATE_DAYS_KEY = 'user_inactivity_deactivate_days';
|
||||
public const USER_INACTIVITY_DELETE_DAYS_KEY = 'user_inactivity_delete_days';
|
||||
private const API_TOKEN_DEFAULT_TTL_DAYS_FALLBACK = 90;
|
||||
private const API_TOKEN_MAX_TTL_DAYS_FALLBACK = 365;
|
||||
private const API_TOKEN_TTL_DAYS_MIN = 1;
|
||||
private const API_TOKEN_TTL_DAYS_HARD_MAX = 3650;
|
||||
private const USER_INACTIVITY_DEACTIVATE_DAYS_FALLBACK = 180;
|
||||
private const USER_INACTIVITY_DELETE_DAYS_FALLBACK = 365;
|
||||
private const USER_INACTIVITY_DAYS_MIN = 0;
|
||||
private const USER_INACTIVITY_DAYS_MAX = 3650;
|
||||
|
||||
public static function get(string $key): ?array
|
||||
{
|
||||
@@ -60,7 +77,7 @@ class SettingService
|
||||
{
|
||||
$value = $tenantId && $tenantId > 0 ? (string) $tenantId : null;
|
||||
if ($value !== null) {
|
||||
$exists = TenantRepository::find($tenantId ?? 0);
|
||||
$exists = TenantRepository::find($tenantId);
|
||||
if (!$exists) {
|
||||
return false;
|
||||
}
|
||||
@@ -79,7 +96,7 @@ class SettingService
|
||||
{
|
||||
$value = $roleId && $roleId > 0 ? (string) $roleId : null;
|
||||
if ($value !== null) {
|
||||
$exists = RoleRepository::find($roleId ?? 0);
|
||||
$exists = RoleRepository::find($roleId);
|
||||
if (!$exists) {
|
||||
return false;
|
||||
}
|
||||
@@ -98,7 +115,7 @@ class SettingService
|
||||
{
|
||||
$value = $departmentId && $departmentId > 0 ? (string) $departmentId : null;
|
||||
if ($value !== null) {
|
||||
$exists = DepartmentRepository::find($departmentId ?? 0);
|
||||
$exists = DepartmentRepository::find($departmentId);
|
||||
if (!$exists) {
|
||||
return false;
|
||||
}
|
||||
@@ -184,23 +201,7 @@ class SettingService
|
||||
|
||||
private static function allowedThemes(): array
|
||||
{
|
||||
$file = dirname(__DIR__, 3) . '/config/themes.php';
|
||||
if (!is_file($file)) {
|
||||
return ['light', 'dark'];
|
||||
}
|
||||
$themes = include $file;
|
||||
if (!is_array($themes)) {
|
||||
return ['light', 'dark'];
|
||||
}
|
||||
$keys = [];
|
||||
foreach ($themes as $key => $label) {
|
||||
$key = strtolower(trim((string) $key));
|
||||
$label = trim((string) $label);
|
||||
if ($key !== '' && $label !== '') {
|
||||
$keys[] = $key;
|
||||
}
|
||||
}
|
||||
return $keys ?: ['light', 'dark'];
|
||||
return array_keys(ThemeConfigService::all());
|
||||
}
|
||||
|
||||
public static function isRegistrationEnabled(): bool
|
||||
@@ -219,6 +220,289 @@ class SettingService
|
||||
return SettingRepository::set(self::APP_REGISTRATION_KEY, $value, $desc);
|
||||
}
|
||||
|
||||
public static function getApiTokenDefaultTtlDays(): int
|
||||
{
|
||||
$maxDays = self::getApiTokenMaxTtlDays();
|
||||
$value = self::getInt(self::API_TOKEN_DEFAULT_TTL_DAYS_KEY);
|
||||
if ($value !== null && $value >= self::API_TOKEN_TTL_DAYS_MIN && $value <= self::API_TOKEN_TTL_DAYS_HARD_MAX) {
|
||||
return min($value, $maxDays);
|
||||
}
|
||||
return min(self::API_TOKEN_DEFAULT_TTL_DAYS_FALLBACK, $maxDays);
|
||||
}
|
||||
|
||||
public static function setApiTokenDefaultTtlDays(?int $days, ?string $description = null): bool
|
||||
{
|
||||
$value = $days ?? self::API_TOKEN_DEFAULT_TTL_DAYS_FALLBACK;
|
||||
if ($value < self::API_TOKEN_TTL_DAYS_MIN || $value > self::API_TOKEN_TTL_DAYS_HARD_MAX) {
|
||||
return false;
|
||||
}
|
||||
if ($value > self::getApiTokenMaxTtlDays()) {
|
||||
return false;
|
||||
}
|
||||
$desc = $description ?? 'setting.api_token_default_ttl_days';
|
||||
return SettingRepository::set(self::API_TOKEN_DEFAULT_TTL_DAYS_KEY, (string) $value, $desc);
|
||||
}
|
||||
|
||||
public static function getApiTokenMaxTtlDays(): int
|
||||
{
|
||||
$value = self::getInt(self::API_TOKEN_MAX_TTL_DAYS_KEY);
|
||||
if ($value !== null && $value >= self::API_TOKEN_TTL_DAYS_MIN && $value <= self::API_TOKEN_TTL_DAYS_HARD_MAX) {
|
||||
return $value;
|
||||
}
|
||||
return self::API_TOKEN_MAX_TTL_DAYS_FALLBACK;
|
||||
}
|
||||
|
||||
public static function setApiTokenMaxTtlDays(?int $days, ?string $description = null): bool
|
||||
{
|
||||
$value = $days ?? self::API_TOKEN_MAX_TTL_DAYS_FALLBACK;
|
||||
if ($value < self::API_TOKEN_TTL_DAYS_MIN || $value > self::API_TOKEN_TTL_DAYS_HARD_MAX) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$currentDefault = self::getInt(self::API_TOKEN_DEFAULT_TTL_DAYS_KEY);
|
||||
if ($currentDefault !== null && $currentDefault > $value) {
|
||||
$defaultUpdated = SettingRepository::set(
|
||||
self::API_TOKEN_DEFAULT_TTL_DAYS_KEY,
|
||||
(string) $value,
|
||||
'setting.api_token_default_ttl_days'
|
||||
);
|
||||
if (!$defaultUpdated) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$desc = $description ?? 'setting.api_token_max_ttl_days';
|
||||
return SettingRepository::set(self::API_TOKEN_MAX_TTL_DAYS_KEY, (string) $value, $desc);
|
||||
}
|
||||
|
||||
public static function getUserInactivityDeactivateDays(): int
|
||||
{
|
||||
$value = self::getInt(self::USER_INACTIVITY_DEACTIVATE_DAYS_KEY);
|
||||
if ($value !== null && self::isValidInactivityDays($value)) {
|
||||
return $value;
|
||||
}
|
||||
return self::USER_INACTIVITY_DEACTIVATE_DAYS_FALLBACK;
|
||||
}
|
||||
|
||||
public static function setUserInactivityDeactivateDays(?int $days, ?string $description = null): bool
|
||||
{
|
||||
$value = $days ?? self::USER_INACTIVITY_DEACTIVATE_DAYS_FALLBACK;
|
||||
if (!self::isValidInactivityDays($value)) {
|
||||
return false;
|
||||
}
|
||||
if ($value === 0) {
|
||||
$deleteUpdated = SettingRepository::set(
|
||||
self::USER_INACTIVITY_DELETE_DAYS_KEY,
|
||||
'0',
|
||||
'setting.user_inactivity_delete_days'
|
||||
);
|
||||
if (!$deleteUpdated) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
$desc = $description ?? 'setting.user_inactivity_deactivate_days';
|
||||
return SettingRepository::set(self::USER_INACTIVITY_DEACTIVATE_DAYS_KEY, (string) $value, $desc);
|
||||
}
|
||||
|
||||
public static function getUserInactivityDeleteDays(): int
|
||||
{
|
||||
$deactivateDays = self::getUserInactivityDeactivateDays();
|
||||
if ($deactivateDays <= 0) {
|
||||
return 0;
|
||||
}
|
||||
$value = self::getInt(self::USER_INACTIVITY_DELETE_DAYS_KEY);
|
||||
if ($value !== null && self::isValidInactivityDays($value)) {
|
||||
return $value;
|
||||
}
|
||||
return self::USER_INACTIVITY_DELETE_DAYS_FALLBACK;
|
||||
}
|
||||
|
||||
public static function setUserInactivityDeleteDays(?int $days, ?string $description = null): bool
|
||||
{
|
||||
$value = $days ?? self::USER_INACTIVITY_DELETE_DAYS_FALLBACK;
|
||||
if (!self::isValidInactivityDays($value)) {
|
||||
return false;
|
||||
}
|
||||
if ($value > 0 && self::getUserInactivityDeactivateDays() <= 0) {
|
||||
return false;
|
||||
}
|
||||
$desc = $description ?? 'setting.user_inactivity_delete_days';
|
||||
return SettingRepository::set(self::USER_INACTIVITY_DELETE_DAYS_KEY, (string) $value, $desc);
|
||||
}
|
||||
|
||||
public static function getApiCorsAllowedOrigins(): array
|
||||
{
|
||||
$stored = SettingRepository::getValue(self::API_CORS_ALLOWED_ORIGINS_KEY);
|
||||
if ($stored === null || trim($stored) === '') {
|
||||
return [];
|
||||
}
|
||||
return self::parseCorsOrigins($stored, false) ?? [];
|
||||
}
|
||||
|
||||
public static function getApiCorsAllowedOriginsText(): string
|
||||
{
|
||||
$origins = self::getApiCorsAllowedOrigins();
|
||||
return implode("\n", $origins);
|
||||
}
|
||||
|
||||
public static function setApiCorsAllowedOrigins(?string $rawOrigins, ?string $description = null): bool
|
||||
{
|
||||
$value = (string) ($rawOrigins ?? '');
|
||||
if (trim($value) === '') {
|
||||
return SettingRepository::set(
|
||||
self::API_CORS_ALLOWED_ORIGINS_KEY,
|
||||
null,
|
||||
$description ?? 'setting.api_cors_allowed_origins'
|
||||
);
|
||||
}
|
||||
|
||||
$origins = self::parseCorsOrigins($value, true);
|
||||
if ($origins === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return SettingRepository::set(
|
||||
self::API_CORS_ALLOWED_ORIGINS_KEY,
|
||||
implode("\n", $origins),
|
||||
$description ?? 'setting.api_cors_allowed_origins'
|
||||
);
|
||||
}
|
||||
|
||||
private static function parseCorsOrigins(string $rawOrigins, bool $strict): ?array
|
||||
{
|
||||
$parts = preg_split('/[\r\n,]+/', $rawOrigins) ?: [];
|
||||
$normalizedOrigins = [];
|
||||
foreach ($parts as $part) {
|
||||
$origin = self::normalizeCorsOrigin($part);
|
||||
if ($origin === null) {
|
||||
if ($strict && trim((string) $part) !== '') {
|
||||
return null;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$normalizedOrigins[$origin] = true;
|
||||
}
|
||||
return array_keys($normalizedOrigins);
|
||||
}
|
||||
|
||||
private static function normalizeCorsOrigin(string $origin): ?string
|
||||
{
|
||||
$origin = trim($origin);
|
||||
if ($origin === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
// Browser Origin header never contains a trailing slash.
|
||||
$origin = rtrim($origin, '/');
|
||||
if ($origin === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
$parsed = parse_url($origin);
|
||||
if (!is_array($parsed)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$scheme = strtolower((string) ($parsed['scheme'] ?? ''));
|
||||
$host = strtolower((string) ($parsed['host'] ?? ''));
|
||||
$port = isset($parsed['port']) ? (int) $parsed['port'] : null;
|
||||
|
||||
if (!in_array($scheme, ['http', 'https'], true) || $host === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (
|
||||
isset($parsed['path'])
|
||||
|| isset($parsed['query'])
|
||||
|| isset($parsed['fragment'])
|
||||
|| isset($parsed['user'])
|
||||
|| isset($parsed['pass'])
|
||||
) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$defaultPort = ($scheme === 'https') ? 443 : 80;
|
||||
$portSuffix = ($port !== null && $port !== $defaultPort) ? ':' . $port : '';
|
||||
return $scheme . '://' . $host . $portSuffix;
|
||||
}
|
||||
|
||||
public static function getMicrosoftSharedClientId(): ?string
|
||||
{
|
||||
$value = SettingRepository::getValue(self::MICROSOFT_SHARED_CLIENT_ID_KEY);
|
||||
$value = $value !== null ? trim((string) $value) : '';
|
||||
return $value !== '' ? $value : null;
|
||||
}
|
||||
|
||||
public static function setMicrosoftSharedClientId(?string $clientId, ?string $description = null): bool
|
||||
{
|
||||
$value = $clientId !== null ? trim((string) $clientId) : '';
|
||||
if ($value === '') {
|
||||
$value = null;
|
||||
}
|
||||
$desc = $description ?? 'setting.microsoft_shared_client_id';
|
||||
return SettingRepository::set(self::MICROSOFT_SHARED_CLIENT_ID_KEY, $value, $desc);
|
||||
}
|
||||
|
||||
public static function getMicrosoftSharedClientSecretEncrypted(): ?string
|
||||
{
|
||||
$value = SettingRepository::getValue(self::MICROSOFT_SHARED_CLIENT_SECRET_ENC_KEY);
|
||||
$value = $value !== null ? trim((string) $value) : '';
|
||||
return $value !== '' ? $value : null;
|
||||
}
|
||||
|
||||
public static function getMicrosoftSharedClientSecret(): ?string
|
||||
{
|
||||
$encrypted = self::getMicrosoftSharedClientSecretEncrypted();
|
||||
if ($encrypted === null) {
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
$decrypted = Crypto::decryptString($encrypted);
|
||||
} catch (\Throwable $exception) {
|
||||
return null;
|
||||
}
|
||||
$decrypted = trim($decrypted);
|
||||
return $decrypted !== '' ? $decrypted : null;
|
||||
}
|
||||
|
||||
public static function setMicrosoftSharedClientSecret(?string $secret, ?string $description = null): bool
|
||||
{
|
||||
$value = $secret !== null ? trim((string) $secret) : '';
|
||||
if ($value === '') {
|
||||
return SettingRepository::set(
|
||||
self::MICROSOFT_SHARED_CLIENT_SECRET_ENC_KEY,
|
||||
null,
|
||||
$description ?? 'setting.microsoft_shared_client_secret_enc'
|
||||
);
|
||||
}
|
||||
$encrypted = Crypto::encryptString($value);
|
||||
$desc = $description ?? 'setting.microsoft_shared_client_secret_enc';
|
||||
return SettingRepository::set(self::MICROSOFT_SHARED_CLIENT_SECRET_ENC_KEY, $encrypted, $desc);
|
||||
}
|
||||
|
||||
public static function getMicrosoftAuthority(): string
|
||||
{
|
||||
$value = SettingRepository::getValue(self::MICROSOFT_AUTHORITY_KEY);
|
||||
$value = trim((string) ($value ?? ''));
|
||||
if ($value === '') {
|
||||
return 'https://login.microsoftonline.com/common/v2.0';
|
||||
}
|
||||
return rtrim($value, '/');
|
||||
}
|
||||
|
||||
public static function setMicrosoftAuthority(?string $authority, ?string $description = null): bool
|
||||
{
|
||||
$value = trim((string) ($authority ?? ''));
|
||||
if ($value === '') {
|
||||
$value = 'https://login.microsoftonline.com/common/v2.0';
|
||||
}
|
||||
if (!preg_match('#^https://#i', $value)) {
|
||||
return false;
|
||||
}
|
||||
$desc = $description ?? 'setting.microsoft_authority';
|
||||
return SettingRepository::set(self::MICROSOFT_AUTHORITY_KEY, rtrim($value, '/'), $desc);
|
||||
}
|
||||
|
||||
public static function getAppPrimaryColor(): ?string
|
||||
{
|
||||
$value = SettingRepository::getValue(self::APP_PRIMARY_COLOR_KEY);
|
||||
@@ -375,4 +659,9 @@ class SettingService
|
||||
$desc = $description ?? 'setting.smtp_from_name';
|
||||
return SettingRepository::set(self::SMTP_FROM_NAME_KEY, $value, $desc);
|
||||
}
|
||||
|
||||
private static function isValidInactivityDays(int $days): bool
|
||||
{
|
||||
return $days >= self::USER_INACTIVITY_DAYS_MIN && $days <= self::USER_INACTIVITY_DAYS_MAX;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user