michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(Production): Complete production deployment infrastructure

Browse Source 
- Add comprehensive health check system with multiple endpoints
- Add Prometheus metrics endpoint
- Add production logging configurations (5 strategies)
- Add complete deployment documentation suite:
  * QUICKSTART.md - 30-minute deployment guide
  * DEPLOYMENT_CHECKLIST.md - Printable verification checklist
  * DEPLOYMENT_WORKFLOW.md - Complete deployment lifecycle
  * PRODUCTION_DEPLOYMENT.md - Comprehensive technical reference
  * production-logging.md - Logging configuration guide
  * ANSIBLE_DEPLOYMENT.md - Infrastructure as Code automation
  * README.md - Navigation hub
  * DEPLOYMENT_SUMMARY.md - Executive summary
- Add deployment scripts and automation
- Add DEPLOYMENT_PLAN.md - Concrete plan for immediate deployment
- Update README with production-ready features

All production infrastructure is now complete and ready for deployment.
This commit is contained in:
Michael Schiemer
2025-10-25 19:18:37 +02:00
parent caa85db796
commit fc3d7e6357
83016 changed files with 378904 additions and 20919 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
src/Framework/Exception/Security/CsrfValidationFailedException.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
declare(strict_types=1);
namespace App\Framework\Exception\Security;
use App\Framework\Exception\Core\SecurityErrorCode;
use App\Framework\Exception\ExceptionContext;
use App\Framework\Exception\FrameworkException;
/**
* CSRF Token Validation Failed Exception
*/
final class CsrfValidationFailedException extends FrameworkException
{
public static function tokenValidationFailed(string $formId): self
{
$context = ExceptionContext::forOperation('security.csrf', 'CsrfMiddleware')
->withData([
'form_id' => $formId,
'validation_type' => 'token_mismatch',
'client_ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
])
->withMetadata([
'security_threat' => 'potential_csrf_attack',
'requires_investigation' => true,
]);
return self::fromContext(
message: 'CSRF token validation failed. This may indicate a security threat.',
context: $context,
errorCode: SecurityErrorCode::CSRF_TOKEN_INVALID
);
}
public static function missingTokenOrFormId(bool $missingFormId, bool $missingToken): self
{
$missing = [];
if ($missingFormId) {
$missing[] = 'form_id';
}
if ($missingToken) {
$missing[] = 'csrf_token';
}
$context = ExceptionContext::forOperation('security.csrf', 'CsrfMiddleware')
->withData([
'missing_fields' => $missing,
'validation_type' => 'missing_required_fields',
]);
return self::fromContext(
message: 'CSRF protection requires both form ID and token',
context: $context,
errorCode: SecurityErrorCode::CSRF_TOKEN_INVALID
);
}
public static function invalidTokenFormat(string $error): self
{
$context = ExceptionContext::forOperation('security.csrf', 'CsrfMiddleware')
->withData([
'validation_type' => 'invalid_format',
'format_error' => $error,
]);
return self::fromContext(
message: "Invalid CSRF token format: {$error}",
context: $context,
errorCode: SecurityErrorCode::CSRF_TOKEN_INVALID
);
}
}

86
src/Framework/Exception/Security/HoneypotTriggeredException.php Normal file
View File

@@ -0,0 +1,86 @@
<?php
declare(strict_types=1);
namespace App\Framework\Exception\Security;
use App\Framework\Exception\ErrorCode;
use App\Framework\Exception\ExceptionContext;
use App\Framework\Exception\SecurityException;
use App\Framework\Security\Events\BotDetectedEvent;
/**
* Exception for honeypot spam protection triggers
*/
final class HoneypotTriggeredException extends SecurityException
{
public static function missingHoneypotName(): self
{
$event = new BotDetectedEvent(
reason: 'Missing honeypot field in form submission',
ip: $_SERVER['REMOTE_ADDR'] ?? 'unknown',
userAgent: $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'
);
$context = ExceptionContext::forOperation('security.honeypot', 'HoneypotMiddleware')
->withData([
'validation_type' => 'missing_honeypot_name',
'risk_level' => 'high',
]);
return new self(
securityEvent: $event,
message: 'Spam protection triggered: Missing honeypot field',
additionalContext: $context
);
}
public static function honeypotFilled(string $fieldName, string $value): self
{
$event = new BotDetectedEvent(
reason: "Honeypot field '{$fieldName}' was filled",
ip: $_SERVER['REMOTE_ADDR'] ?? 'unknown',
userAgent: $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'
);
$context = ExceptionContext::forOperation('security.honeypot', 'HoneypotMiddleware')
->withData([
'validation_type' => 'honeypot_filled',
'field_name' => $fieldName,
'field_value_length' => strlen($value),
'risk_level' => 'high',
])
->withDebug([
'field_value' => substr($value, 0, 100), // Limit für Logging
]);
return new self(
securityEvent: $event,
message: 'Spam protection triggered: Honeypot field was filled',
additionalContext: $context
);
}
public static function submittedTooQuickly(int $elapsedSeconds, int $minimumSeconds = 2): self
{
$event = new BotDetectedEvent(
reason: "Form submitted too quickly ({$elapsedSeconds}s < {$minimumSeconds}s)",
ip: $_SERVER['REMOTE_ADDR'] ?? 'unknown',
userAgent: $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'
);
$context = ExceptionContext::forOperation('security.honeypot', 'HoneypotMiddleware')
->withData([
'validation_type' => 'submission_too_fast',
'elapsed_seconds' => $elapsedSeconds,
'minimum_seconds' => $minimumSeconds,
'risk_level' => 'medium',
]);
return new self(
securityEvent: $event,
message: 'Spam protection triggered: Form submitted too quickly',
additionalContext: $context
);
}
}

4
src/Framework/Exception/Security/PathTraversalAttemptException.php
View File

@@ -4,7 +4,7 @@ declare(strict_types=1);
namespace App\Framework\Exception\Security;
use App\Framework\Exception\ErrorCode;
use App\Framework\Exception\Core\SecurityErrorCode;
use App\Framework\Exception\ExceptionContext;
use App\Framework\Exception\FrameworkException;
@@ -56,7 +56,7 @@ final class PathTraversalAttemptException extends FrameworkException
context: $context,
code: 400, // Bad Request
previous: $previous,
errorCode: ErrorCode::SECURITY_PATH_TRAVERSAL
errorCode: SecurityErrorCode::PATH_TRAVERSAL_DETECTED
);
}

4
src/Framework/Exception/Security/SqlInjectionAttemptException.php
View File

@@ -4,7 +4,7 @@ declare(strict_types=1);
namespace App\Framework\Exception\Security;
use App\Framework\Exception\ErrorCode;
use App\Framework\Exception\Core\SecurityErrorCode;
use App\Framework\Exception\ExceptionContext;
use App\Framework\Exception\FrameworkException;
@@ -61,7 +61,7 @@ final class SqlInjectionAttemptException extends FrameworkException
context: $context,
code: 400, // Bad Request
previous: $previous,
errorCode: ErrorCode::SECURITY_SQL_INJECTION
errorCode: SecurityErrorCode::SQL_INJECTION_DETECTED
);
}

4
src/Framework/Exception/Security/XssAttemptException.php
View File

@@ -4,7 +4,7 @@ declare(strict_types=1);
namespace App\Framework\Exception\Security;
use App\Framework\Exception\ErrorCode;
use App\Framework\Exception\Core\SecurityErrorCode;
use App\Framework\Exception\ExceptionContext;
use App\Framework\Exception\FrameworkException;
@@ -61,7 +61,7 @@ final class XssAttemptException extends FrameworkException
context: $context,
code: 400, // Bad Request
previous: $previous,
errorCode: ErrorCode::SECURITY_XSS_ATTEMPT
errorCode: SecurityErrorCode::XSS_DETECTED
);
}