You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+36-3Lines changed: 36 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,7 @@ Other related repositories:
11
11
-[Features](#features)
12
12
-[REST API endpoints](#endpoints)
13
13
-[Architecture and project structure](#architecture)
14
+
-[Security and deploy](#deploy)
14
15
-[Database](#database)
15
16
-[Push Notifications](#push)
16
17
-[E-mail verification](#emailcheck)
@@ -95,7 +96,8 @@ A DAO (Data Access Object), as the name implies, it's an object which allows acc
95
96
96
97
DTOs (Data Transfer Object) represent the data structure of all inputs and outputs of the endpoints.
97
98
98
-
The main entry point is the `index.php` file. It is responsible for doing all the wrap up logic. It finds the most appropriate Controller, invokes the specific method and sends the response out.
99
+
The main entry point is the [index.php file](https://github.com/simonesestito/shops-queue-php/blob/master/src/index.php).
100
+
It is responsible for doing all the wrap up logic. It finds the most appropriate Controller, invokes the specific method and sends the response out.
99
101
100
102
A custom-made Dependency Injection system has also been included, which uses PHP reflection, to instantiate classes quickly and easily.
101
103
@@ -114,6 +116,37 @@ Some files or folders may have been omitted
114
116
-**service** (Services)
115
117
-**env.php** (Environment variables)
116
118
119
+
<aname="deploy"></a>
120
+
## Security and deploy
121
+
122
+
The following diagram illustrates how the network has been architected:
A user who wants to reach the server, will send the request to the **Cloudflare Proxy** first. In turn, it'll send the request to the actual server.
127
+
This extra step prevents the user from knowing the real IP address of the server, since the DNS A record points to Cloudflare, not to the Azure server.
128
+
Also, Cloudflare is often used to mitigate DDoS attacks.
129
+
It also acts as a firewall, dropping SSH connection requests and other things apart from HTTPS requests.
130
+
131
+
Then, we have the **Azure Firewall**.
132
+
It's configured to allow incoming HTTPS requests from Cloudflare IPs only, and SSH requests from every IP.
133
+
SSH is secured up in other ways. First, you need to discover what the IP of the server is, since Cloudflare blocks SSH requests, and
134
+
you can't discover its IP address from a DNS request.
135
+
136
+
Most importantly, SSH doesn't allow you authenticating as root.
137
+
You can log in as another user, which requires to use a **4096 bits RSA key** (password authentication has been disabled).
138
+
139
+
In the diagram you can see **3 different keys and padlocks**.
140
+
141
+
The **green padlock** is the HTTPS connection to Cloudflare servers. A Cloudflare's provided certificate is used.
142
+
143
+
The **blue padlock** is the HTTPS connection between Cloudflare servers and the Azure server.
144
+
It uses a valid SSL certificate signed by Let's Encrypt CA.
145
+
146
+
Finally, the **red key** is used to log in via SSH. It's the RSA key we discussed earlier.
147
+
148
+
For what concerns Nginx, you can find [its configuration here](https://github.com/simonesestito/shops-queue-php/blob/master/nginx-setup.conf).
149
+
117
150
<aname="database"></a>
118
151
## Database
119
152
@@ -124,7 +157,7 @@ Some files or folders may have been omitted
124
157
125
158
Push Notifications are used to warn the user about the status of its booking. 2 types of notifications are provided: one about the number of people ahead in the queue, the other one it's about the cancellation of the booking by the shop ownwer.
126
159
127
-
Technically speaking, push notifications are implemented taking advantage of **FCM (Firebase Cloud Messaging)**.
160
+
Technically speaking, push notifications have been implemented taking advantage of **FCM (Firebase Cloud Messaging)**.
128
161
129
162
The client app sends to the server its FCM token. It'll be associated to the currently logged in user. If a user has the same token, it is removed from the old user and assigned to the new one.
130
163
@@ -139,7 +172,7 @@ When a user signs up, its account is in a "deactivated" state. A new verificatio
139
172
140
173
After that, an email containing the previously generated token is sent to the user's e-mail address. Only when the user clicks on the link in the e-mail, its account will be activated.
141
174
142
-
To send e-mails, SendGrid is used, which offers a practical REST API.
175
+
To send e-mails, SendGrid has been used, which offers a practical REST API.
143
176
144
177
**The sending of e-mails is managed by**[EmailService.php](https://github.com/simonesestito/shops-queue-php/blob/master/src/service/EmailService.php)
0 commit comments