michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable Discovery debug logging for production troubleshooting

Browse Source 
- Add DISCOVERY_LOG_LEVEL=debug
- Add DISCOVERY_SHOW_PROGRESS=true
- Temporary changes for debugging InitializerProcessor fixes on production
This commit is contained in:
Michael Schiemer
2025-08-11 20:13:26 +02:00
parent 59fd3dd3b1
commit 55a330b223
3683 changed files with 2956207 additions and 16948 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/Framework/Http/Middlewares/HoneypotMiddleware.php
View File

@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Framework\Http\Middlewares;
@@ -8,17 +9,20 @@ use App\Framework\Http\Method;
use App\Framework\Http\MiddlewareContext;
use App\Framework\Http\MiddlewarePriority;
use App\Framework\Http\MiddlewarePriorityAttribute;
use App\Framework\Http\Next;
use App\Framework\Http\Request;
use App\Framework\Http\RequestStateManager;
use Psr\Log\LoggerInterface;
use App\Framework\Logging\Logger;
#[MiddlewarePriorityAttribute(MiddlewarePriority::SECURITY, -140)] // Nach CSRF, vor anderen Validierungen
final readonly class HoneypotMiddleware implements HttpMiddleware
{
public function __construct(
private ?LoggerInterface $logger = null
) {}
private ?Logger $logger = null
) {
}
public function __invoke(MiddlewareContext $context, callable $next, RequestStateManager $stateManager): MiddlewareContext
public function __invoke(MiddlewareContext $context, Next $next, RequestStateManager $stateManager): MiddlewareContext
{
$request = $context->request;
@@ -29,20 +33,22 @@ final readonly class HoneypotMiddleware implements HttpMiddleware
return $next($context);
}
private function validateHoneypot($request): void
private function validateHoneypot(Request $request): void
{
$honeypotName = $request->parsedBody->get('_honeypot_name');
if (!$honeypotName) {
if (! $honeypotName) {
$this->logSuspiciousActivity('Missing honeypot name', $request);
throw new \Exception('Spam-Schutz ausgelöst');
}
$honeypotValue = $request->parsedBody->get($honeypotName);
// Honeypot wurde ausgefüllt = Bot erkannt
if (!empty($honeypotValue)) {
if (! empty($honeypotValue)) {
$this->logSuspiciousActivity("Honeypot filled: {$honeypotName} = {$honeypotValue}", $request);
throw new \Exception('Spam-Schutz ausgelöst');
}
@@ -50,26 +56,25 @@ final readonly class HoneypotMiddleware implements HttpMiddleware
$this->validateSubmissionTime($request);
}
private function validateSubmissionTime($request): void
private function validateSubmissionTime(Request $request): void
{
// Formulare, die zu schnell abgeschickt werden, sind verdächtig
$startTime = $request->parsedBody->get('_form_start_time');
if ($startTime && (time() - (int)$startTime) < 2) {
$this->logSuspiciousActivity('Form submitted too quickly', $request);
throw new \Exception('Spam-Schutz ausgelöst');
}
}
private function logSuspiciousActivity(string $reason, $request): void
private function logSuspiciousActivity(string $reason, Request $request): void
{
if ($this->logger) {
$this->logger->warning('Honeypot triggered', [
'reason' => $reason,
'ip' => $request->getClientIp(),
'user_agent' => $request->headers->get('User-Agent') ?? 'unknown',
'url' => $request->uri
]);
}
$this->logger?->warning('Honeypot triggered', [
'reason' => $reason,
'ip' => $request->server->getClientIp()->isPrivate(),
'user_agent' => $request->headers->get('User-Agent') ?? 'unknown',
'url' => $request->path,
]);
}
}