DEPLOYMENT_FIXES.md

Production Deployment Fixes

Issues Identified and Fixed

1. TypeError in Middleware (FIXED)

Error: Closure::{closure}(): Argument #2 ($handler) must be of type callable, Psr\Http\Server\RequestHandlerInterface@anonymous given

Root Cause: The rate limiting middleware was using an unnecessary anonymous class wrapper that was causing type conflicts.

Fix Applied: Simplified the middleware call in api/index.php line 72 to directly pass the handler instead of wrapping it.

Before:

return $limitMw->process($request, new class($handler) implements \Psr\Http\Server\RequestHandlerInterface {
    public function __construct(private $handler) {}
    public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
        return ($this->handler)($request);
    }
});

After:

return $limitMw->process($request, $handler);

2. Missing vendor/autoload.php (DEPLOYMENT ISSUE)

Error: Failed opening required '/home/appfast-new/htdocs/new.appfast.net/api/../vendor/autoload.php'

Root Cause: Composer dependencies were not installed in the production environment.

Solution: Run the deployment script to install dependencies.

Deployment Instructions

For Linux/Unix Servers:

# Navigate to your project directory
cd /path/to/your/project

# Run the deployment script
chmod +x scripts/deploy.sh
./scripts/deploy.sh

For Windows Servers:

REM Navigate to your project directory
cd C:\path\to\your\project

REM Run the deployment script
scripts\deploy.bat

Manual Deployment Steps:

1. Install Composer Dependencies:

   composer install --no-dev --optimize-autoloader

2. Create Required Directories:

   mkdir -p storage cache uploads storage/ratelimit
   chmod 755 storage cache uploads storage/ratelimit

3. Set Up Environment:

   • Copy .env.example to .env (if available)
   • Configure database connection
   • Set JWT secrets
   • Configure CORS settings

4. Run Installation (if not done):

   • Visit /install/ in your browser
   • Follow the installation wizard
   • Delete /install/ directory after completion

5. Verify Installation:

   • Check that install.lock file exists
   • Test the /healthz endpoint
   • Verify database connection

Required PHP Extensions

Ensure these PHP extensions are installed:

• mysqli or pdo_mysql
• pdo
• openssl
• mbstring
• json
• curl

Web Server Configuration

Apache (.htaccess)

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ api/index.php [QSA,L]

Nginx

location / {
    try_files $uri $uri/ /api/index.php?$query_string;
}

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

Troubleshooting

If you still get the TypeError:

1. Clear any PHP opcache: php -r "opcache_reset();"
2. Restart your web server
3. Check that the updated api/index.php file is deployed

If you get autoload errors:

1. Verify vendor/autoload.php exists
2. Check file permissions on the vendor directory
3. Re-run composer install --no-dev --optimize-autoloader

If installation fails:

1. Check database credentials in .env
2. Verify database server is running
3. Ensure database user has CREATE privileges
4. Check PHP error logs for specific errors

Security Checklist

After deployment:

• Delete /install/ directory
• Verify install.lock exists
• Check file permissions (755 for directories, 644 for files)
• Configure proper CORS origins
• Set up SSL/TLS certificates
• Configure firewall rules
• Set up regular backups

Monitoring

Monitor these endpoints for health:

• GET /healthz - Application health check
• GET /csrf/token - CSRF token generation (should return 200)

Support

If you continue to experience issues:

1. Check PHP error logs
2. Verify all required PHP extensions are installed
3. Test database connectivity
4. Review web server configuration
5. Run the test suite: php vendor/bin/pest --testsuite=unit