diff --git a/.gitignore b/.gitignore index 9826d8b11..54395ac73 100644 --- a/.gitignore +++ b/.gitignore @@ -38,7 +38,8 @@ public/app/themes/clarity/dist public/app/themes/clarity/node_modules # WordPress -public/wp +public/wp/* +!public/wp/.keep # WordPress Plugin additions public/app/ewww diff --git a/Makefile b/Makefile index b3c1bdbfc..9be2bea70 100644 --- a/Makefile +++ b/Makefile @@ -49,19 +49,11 @@ node-cdn: # █▀▀ █▀█ █▀▄▀█ █▀█ █▀█ █▀ █▀▀ █▀█ # █▄▄ █▄█ █░▀░█ █▀▀ █▄█ ▄█ ██▄ █▀▄ -composer-update: - @docker compose exec php-fpm ./bin/local-composer-update.sh ash - @make composer - composer-assets: @chmod +x ./bin/local-composer-assets.sh @docker compose exec php-fpm ./bin/local-composer-assets.sh ash -composer-copy: - @chmod +x ./bin/local-composer-assets-copy.sh - @./bin/local-composer-assets-copy.sh - -composer: composer-assets composer-copy +composer: composer-assets # █▀ █░█ █▀▀ █░░ █░░ diff --git a/bin/local-composer-assets.sh b/bin/local-composer-assets.sh index f13aa6330..787ae0e4e 100755 --- a/bin/local-composer-assets.sh +++ b/bin/local-composer-assets.sh @@ -4,22 +4,4 @@ source bin/composer-auth.sh if [ ! -d "./vendor" ]; then composer install - - echo "Generating checksum..." - zip -r -f --quiet vendor ./vendor - sha1sum vendor.zip > vendor.sha1 - echo "Done." -fi - -if [ ! -d "./vendor-assets" ]; then - # Nginx file sharing regex-parts - regex_files='\(htm\|html\|js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|webmanifest\)' - regex_path='\(app\/themes\/clarity\|app\/mu\-plugins\|app\/plugins\|wp\)' - - echo "Generating vendor-assets directory..." - - mkdir -p ./vendor-assets - find public/ -name '*node_modules*' -prune -name '*uploads*' -prune -name '*clarity/src*' -prune -name '*clarity/webpack*' -prune -o -type f -regex "public\/${regex_path}.*\.${regex_files}" -exec cp --parent "{}" vendor-assets/ \; - - echo "Done." fi diff --git a/bin/local-composer-update.sh b/bin/local-composer-update.sh deleted file mode 100755 index 2721fa152..000000000 --- a/bin/local-composer-update.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env ash - -source bin/composer-auth.sh - -composer update - -## check for changes -echo "Checking for changes..." -zip -r -f --quiet vendor vendor -sha1sum -c -s vendor.sha1 - -## $? = 0 if ok, 1 if not -# remove vendor-assets -if [ $? == "1" ]; then - rm -rf ./vendor-assets - sha1sum vendor.zip > vendor.sha1 -fi - -echo "Done." - diff --git a/bin/local-key-gen.sh b/bin/local-key-gen.sh index b21285c28..e640b7a21 100755 --- a/bin/local-key-gen.sh +++ b/bin/local-key-gen.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# This script creates a JWT sectet, RSA key pair and copies them to the clipboard - ready for pasting into .env. +# This script creates a JWT secret, RSA key pair and copies them to the clipboard - ready for pasting into .env. # The script follows the instructions from the AWS 'Creating key pairs for your signers' documentation: # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs @@ -16,8 +16,8 @@ openssl rsa -pubout -in /tmp/intranet_private_key.pem -out /tmp/intranet_public_ AWS_CLOUDFRONT_PUBLIC_KEY=$(cat /tmp/intranet_public_key.pem) # First 8 chars of hash AWS_CLOUDFRONT_PUBLIC_KEY_SHORT_HASH="$(echo "$AWS_CLOUDFRONT_PUBLIC_KEY" | openssl dgst -binary -sha256 | xxd -p -c 32 | cut -c 1-8)" -# Build the object, similar to terraform's output. -AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT="[{\"id\":\"GENERATED_BY_AWS\",\"key\":\"$AWS_CLOUDFRONT_PUBLIC_KEY_SHORT_HASH\"}]" +# Build the object, similar to terraform output. +AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT="[{\"id\":\"GENERATED_BY_AWS\",\"comment\":\"$AWS_CLOUDFRONT_PUBLIC_KEY_SHORT_HASH\"}]" AWS_CLOUDFRONT_PRIVATE_KEY=$(cat /tmp/intranet_private_key.pem) # First 8 chars of hash diff --git a/docker-compose.yml b/docker-compose.yml index 0384a4af3..95d6361a9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,8 +35,13 @@ services: volumes: - dist:/var/www/html/public/app/themes/clarity/dist - php-socket:/sock + ### Deploy scripts - ./deploy/config/local/nginx/php-fpm.conf:/etc/nginx/php-fpm.conf - ./deploy/config/local/nginx/server.conf:/etc/nginx/conf.d/default.conf + ### Assets + - ./public/app/plugins:/var/www/html/public/app/plugins + - ./public/app/themes/justice/screenshot.png:/var/www/html/public/app/themes/justice/screenshot.png + - ./public/wp:/var/www/html/public/wp - ./public/index.php:/var/www/html/public/index.php environment: VIRTUAL_HOST: ${SERVER_NAME} diff --git a/public/app/themes/clarity/inc/security.php b/public/app/themes/clarity/inc/security.php index db1affbc0..2ce681459 100644 --- a/public/app/themes/clarity/inc/security.php +++ b/public/app/themes/clarity/inc/security.php @@ -4,6 +4,8 @@ // --------------------------------------------- // Prevents WordPress from "guessing" URLs +use Roots\WPConfig\Config; + function no_redirect_on_404($redirect_url) { if (is_404()) { @@ -48,3 +50,34 @@ function control_login_period($expirein) return 180 * DAY_IN_SECONDS; // Cookies set to expire in 180 days. } add_filter('auth_cookie_expiration', 'control_login_period'); + +/** + * Handle loopback requests. + * + * Handle requests to the application host, by sending them to the loopback url. + * + * @param false|array|WP_Error $response + * @param array $parsed_args + * @param string $url + * @return false|array|WP_Error + */ +add_filter('pre_http_request', function (false|array|WP_Error $response, array $parsed_args, string $url): false|array|WP_Error +{ + // Is the request url to the application host? + if (parse_url($url, PHP_URL_HOST) !== parse_url(get_home_url(), PHP_URL_HOST)) { + return $response; + } + + // Replace the URL. + $new_url = str_replace(get_home_url(), 'http://localhost:8080', $url); + + // We don't need to verify ssl, calling a trusted container. + $parsed_args['sslverify'] = false; + + // Get an instance of WP_Http. + $http = _wp_http_get_object(); + + // Return the result. + return $http->request($new_url, $parsed_args); +}, 10, 3); +