Merge pull request #15 from jferdi24/feat/get-version-private

feat: make private /version by header custom

.github/workflows/ci.yml

@@ -0,0 +1,22 @@
+name: Github CI
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.1'
+      - uses: actions/checkout@v4
+      - name: Install Dependencies
+        run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+      - name: Check Code Style
+        run: composer php-cs-fixer
+      - name: Execute tests
+        run: vendor/bin/phpunit

changelog.md

@@ -0,0 +1,4 @@
+# Changelog
+
+## 2.8.0 (2024-03-07)
+- Add auth Basic to view version

composer.json

@@ -31,7 +31,8 @@
     }
   },
   "scripts": {
-    "php-cs-fixer": "vendor/bin/php-cs-fixer fix --config=.php_cs"
+    "php-cs-fixer": "vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.php",
+    "test": "vendor/bin/phpunit"
   },
   "minimum-stability": "stable",
   "extra": {

config/app-version.php

@@ -47,4 +47,10 @@
      * generated by `php artisan app-version:create ...` command
      */
     'version' => \PlacetoPay\AppVersion\VersionFile::read(),
+
+    /*
+     * The credentials to be able to see the deployed version.
+     */
+    'username' => env('APP_VERSION_USERNAME', 'admin'),
+    'password' => env('APP_VERSION_PASSWORD', 'Testing123!'),
 ];

readme.md

@@ -5,7 +5,8 @@
 The `placetopay/app-version` package provides a way to know which version of your app is currently deployed.
 
 * It can be used with [Envoyer](https://envoyer.io/) deployment hooks
-* It can be integrated with [Sentry](https://sentry.io) to help you keep track of Releases and Deploys in the Sentry Dashboard
+* It can be integrated with [Sentry](https://sentry.io) to help you keep track of Releases and Deploys in the Sentry
+  Dashboard
 * Also you can integrate with [NewRelic](https://newrelic.com) to track each deployment in your APM
 
 ## Installation
@@ -22,123 +23,133 @@ If you are using Sentry please follow this steps to configure the deployments an
 
 1. Publish the configuration file
 
-    ```bash
-    php artisan vendor:publish --provider="PlacetoPay\AppVersion\VersionServiceProvider"
-    ```
+ ```bash
+ php artisan vendor:publish --provider="PlacetoPay\AppVersion\VersionServiceProvider"
+ ```
 
 2. Set up your environment variables at `config/app-version.php`
 
-    ```php
-    return [
-        'sentry' => [
-            /*
-             * The sentry auth token used to authenticate with Sentry Api
-             * Create tokens here at account level https://sentry.io/settings/account/api/auth-tokens/
-             * Or here at organization level https://sentry.io/settings/your-organization/developer-settings/
-             */
-            'auth_token' => env('APP_VERSION_SENTRY_AUTH'),
-
-            /*
-             * The organization name this project belongs to, you can find out the
-             * organization at https://sentry.io/settings/
-             */
-            'organization' => env('APP_VERSION_SENTRY_ORGANIZATION', 'placetopay'),
-
-            /*
-             * The repository name of this project. Repositories are added in sentry as integrations.
-             * You must add your (Github|Bitbucket) integration at https://sentry.io/settings/your-organization/integrations/
-             * and then add the repositories you want to track commits
-             */
-            'repository' => env('APP_VERSION_SENTRY_REPOSITORY'),
-
-            /*
-             * The name of this project in Sentry Dashboard
-             * You can find out the project name at https://sentry.io/settings/your-organization/projects/
-             */
-            'project' => env('APP_VERSION_SENTRY_PROJECT'),
-        ],
-        'newrelic' => [
-            /*
-             * The NewRelic Rest API Key, you can found it on the following URL when you are logged in
-             * https://rpm.newrelic.com/api/explore/application_deployments/create
-             */
-            'api_key' => env('APP_VERSION_NEWRELIC_API_KEY'),
-   
-            /*
-             * The NewRelic application id, you can get it from the URL in the APM
-             */
-            'application_id' => env('APP_VERSION_NEWRELIC_APPLICATION_ID'),
-        ],
-    
+```php
+return [
+    'sentry' => [
+        /*
+        * The sentry auth token used to authenticate with Sentry Api
+        * Create tokens here at account level https://sentry.io/settings/account/api/auth-tokens/
+        * Or here at organization level https://sentry.io/settings/your-organization/developer-settings/
+        */
+        'auth_token' => env('APP_VERSION_SENTRY_AUTH'),
+
+        /*
+        * The organization name this project belongs to, you can find out the
+        * organization at https://sentry.io/settings/
+        */
+        'organization' => env('APP_VERSION_SENTRY_ORGANIZATION', 'placetopay'),
+
+        /*
+        * The repository name of this project. Repositories are added in sentry as integrations.
+        * You must add your (Github|Bitbucket) integration at https://sentry.io/settings/your-organization/integrations/
+        * and then add the repositories you want to track commits
+        */
+        'repository' => env('APP_VERSION_SENTRY_REPOSITORY'),
+
         /*
-         * The current deployed version, will be read from version file
-         * generated by `php artisan app-version:create ...` command
-         */
-        'version' => \PlacetoPay\AppVersion\VersionFile::readSha(),
-    ];
-    ```
+        * The name of this project in Sentry Dashboard
+        * You can find out the project name at https://sentry.io/settings/your-organization/projects/
+        */
+        'project' => env('APP_VERSION_SENTRY_PROJECT'),
+    ],
+    'newrelic' => [
+        /*
+        * The NewRelic Rest API Key, you can found it on the following URL when you are logged in
+        * https://rpm.newrelic.com/api/explore/application_deployments/create
+        */
+        'api_key' => env('APP_VERSION_NEWRELIC_API_KEY'),
+
+        /*
+        * The NewRelic application id, you can get it from the URL in the APM
+        */
+        'application_id' => env('APP_VERSION_NEWRELIC_APPLICATION_ID'),
+    ],
+
+    /*
+    * The current deployed version, will be read from version file
+    * generated by `php artisan app-version:create ...` command
+    */
+    'version' => \PlacetoPay\AppVersion\VersionFile::readSha(),
+
+    /*
+    * The credentials to be able to see the deployed version.
+    */
+    'username' => env('APP_VERSION_USERNAME', 'admin'),
+    'password' => env('APP_VERSION_PASSWORD', 'Testing123!'),
+];
+```
 
 3. Set up the `config/sentry.php` file with the following settings
-    ```php
-    return [
+```php
+return [
+    'dsn' => env('SENTRY_LARAVEL_DSN', env('SENTRY_DSN')),
 
-        'dsn' => env('SENTRY_LARAVEL_DSN', env('SENTRY_DSN')),
+    // capture release as git sha
+    'release' => \PlacetoPay\AppVersion\VersionFile::readSha(),
 
-        // capture release as git sha
-        'release' => \PlacetoPay\AppVersion\VersionFile::readSha(),
+    'breadcrumbs' => [
+        // Capture Laravel logs in breadcrumbs
+        'logs' => true,
 
-        'breadcrumbs' => [
-            // Capture Laravel logs in breadcrumbs
-            'logs' => true,
+        // Capture SQL queries in breadcrumbs
+        'sql_queries' => true,
 
-            // Capture SQL queries in breadcrumbs
-            'sql_queries' => true,
+        // Capture bindings on SQL queries logged in breadcrumbs
+        'sql_bindings' => true,
 
-            // Capture bindings on SQL queries logged in breadcrumbs
-            'sql_bindings' => true,
+        // Capture queue job information in breadcrumbs
+        'queue_info' => true,
+    ],
 
-            // Capture queue job information in breadcrumbs
-            'queue_info' => true,
-        ],
-
-    ];
-    ```
+];
+```
 
 ## Usage
 
 You can visit `https://yourapp.com/version`
 
 ### Envoyer Hooks
 
-Using tools to deploy like [Envoyer](https://envoyer.io) there is no git source available once deployed so using the sha, project and branch available information we create a file containing this information
+Using tools to deploy like [Envoyer](https://envoyer.io) there is no git source available once deployed so using the
+sha, project and branch available information we create a file containing this information
 
-1. Create a deployment hook in the action "Activate New Release", it is vital that this hook runs **BEFORE running config:cache or optimize commands**
+1. Create a deployment hook in the action "Activate New Release", it is vital that this hook runs **BEFORE running
+   config:cache or optimize commands**
 
-    ```shell
-    cd {{ release }}
-    php artisan app-version:create --sha={{ sha }} --time={{ time }} --project={{ project }} --branch={{ branch }}
-    ```
+```shell
+cd {{ release }}
+php artisan app-version:create --sha={{ sha }} --time={{ time }} --project={{ project }} --branch={{ branch }}
+```
 
-    This will generate your version file at `storage/app/app-version.json` 
+This will generate your version file at `storage/app/app-version.json`
 
-2. If you are integrating with Sentry or NewRelic Releases/Deployments/Issues, Add these hooks so Sentry and NewRelic can track your deployments. It should be run AFTER running the optimization or configuration cache.
+2. If you are integrating with Sentry or NewRelic Releases/Deployments/Issues, Add these hooks so Sentry and NewRelic
+   can track your deployments. It should be run AFTER running the optimization or configuration cache.
 
-    ```shell
-    cd {{ release }}
-    php artisan app-version:create-release
-    php artisan app-version:create-deploy
-    ``` 
+```shell
+cd {{ release }}
+php artisan app-version:create-release
+php artisan app-version:create-deploy
+``` 
 
 ### Know your version from CLI
 
 If you're using tinker you can get the version information with the following commands
 
 To access the version information generated with the step 1 of the usage
+
 ```php 
 config('app-version.version.sha'); 
 ```
 
 To access the sha
+
 ```php 
 PlacetoPay\AppVersion\VersionFile::readSha()
 ```

src/Console/Commands/CreateVersionFile.php

@@ -40,7 +40,7 @@ public function handle(Factory $validator): int
 
         VersionFile::generate([
             'sha' => $options['sha'] ?? exec('git rev-parse HEAD'),
-            'time' => $options['time'] ??  date('c'),
+            'time' => $options['time'] ?? date('c'),
             'branch' => $options['branch'] ?? exec('git symbolic-ref -q --short HEAD'),
             'version' => $options['tag'] ?? exec('git describe --tags'),
         ]);

src/Http/Controllers/VersionController.php

@@ -1,13 +1,16 @@
 <?php
 
+declare(strict_types=1);
+
 namespace PlacetoPay\AppVersion\Http\Controllers;
 
+use Illuminate\Http\JsonResponse;
 use Illuminate\Routing\Controller;
 use PlacetoPay\AppVersion\VersionFile;
 
 class VersionController extends Controller
 {
-    public function version()
+    public function version(): JsonResponse
     {
         if (VersionFile::exists()) {
             return response()

src/Http/Middlewares/AuthenticateOnceWithBasicAuth.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PlacetoPay\AppVersion\Http\Middlewares;
+
+class AuthenticateOnceWithBasicAuth
+{
+    public function handle($request, \Closure $next)
+    {
+        $user = config('app-version.username');
+        $password = config('app-version.password');
+
+        if ($request->getUser() !== $user || $request->getPassword() !== $password) {
+            return response('Unauthorized.', 401, ['WWW-Authenticate' => 'Basic']);
+        }
+
+        return $next($request);
+    }
+}

src/VersionServiceProvider.php

@@ -8,6 +8,7 @@
 use PlacetoPay\AppVersion\Console\Commands\CreateRelease;
 use PlacetoPay\AppVersion\Console\Commands\CreateVersionFile;
 use PlacetoPay\AppVersion\Http\Controllers\VersionController;
+use PlacetoPay\AppVersion\Http\Middlewares\AuthenticateOnceWithBasicAuth;
 use PlacetoPay\AppVersion\NewRelic\NewRelicApi;
 use PlacetoPay\AppVersion\Sentry\SentryApi;
 
@@ -20,7 +21,13 @@ class VersionServiceProvider extends ServiceProvider
      */
     public function boot(): void
     {
-        $this->app['router']->get('/version', ['uses' => VersionController::class . '@version', 'as' => 'app.version']);
+        $this->app['router']->aliasMiddleware('auth.basic.once', AuthenticateOnceWithBasicAuth::class);
+
+        $this->app['router']->get('/version', [
+            'uses' => VersionController::class . '@version',
+            'as' => 'app.version',
+            'middleware' => ['auth.basic.once'],
+        ]);
 
         if ($this->app->runningInConsole()) {
             $this->commands([
@@ -33,6 +40,8 @@ public function boot(): void
         $this->publishes([
             __DIR__ . '/../config/app-version.php' => config_path('app-version.php'),
         ]);
+
+        $this->mergeConfigFrom(__DIR__ . '/../config/app-version.php', 'app-version');
     }
 
     public function register()

tests/VersionTest.php

@@ -9,7 +9,10 @@ class VersionTest extends TestCase
     /** @test */
     public function testItVisitsTheInformationEndpoint()
     {
-        $response = $this->get('/version');
+        $response = $this
+            ->get('/version', [
+                'Authorization' => 'Basic ' . base64_encode(config('app-version.username') . ':' . config('app-version.password')),
+            ]);
 
         $this->assertEquals(200, $response->status());
 
@@ -33,8 +36,18 @@ public function it_returns_version_file_content()
 
         VersionFile::generate($input);
 
-        $this->get('/version')
+        $this->get('/version', [
+            'Authorization' => 'Basic ' . base64_encode(config('app-version.username') . ':' . config('app-version.password')),
+        ])
             ->assertSuccessful()
             ->assertJson($input);
     }
+
+    /** @test */
+    public function testItVisitsTheInformationEndpointWithoutAuth()
+    {
+        $response = $this->get('/version');
+
+        $this->assertEquals(401, $response->status());
+    }
 }