create-prisma-php-app 1.28.8 → 2.0.0-alpha.10

package/README.md

@@ -1,12 +1,24 @@
-# Create Prisma PHP App
+# 🚀 Create Prisma PHP App
 
-🚀 Launch Your Next-Level PHP Project with Prisma PHP
+**Prisma PHP**: The Next-Gen Framework Merging PHP’s Power with Prisma's ORM Mastery
 
-**Prisma PHP**: A Cutting-Edge Framework Merging PHP's Power with Prisma's ORM Excellence
+---
 
-## Introduction
+## **Introduction**
 
-`create-prisma-php-app` is a groundbreaking command-line tool designed to empower PHP developers with the modern ORM capabilities of Prisma. With this tool, you’ll be able to harness the full potential of PHP’s server-side robustness alongside Prisma’s cutting-edge database management. Whether you’re working on small-scale projects or building complex, enterprise-level applications, `create-prisma-php-app` offers unmatched flexibility and ease to elevate your development experience.
+`create-prisma-php-app` is a game-changing command-line tool tailored for modern PHP developers. It seamlessly merges the power of PHP with Prisma's ORM excellence, delivering an unparalleled development experience. From blazing-fast routing to dynamic component-based integration, Prisma PHP revolutionizes how you build web applications—just like Next.js and React, but with PHP's unmatched server-side power.
+
+### **Why Choose Prisma PHP?**
+
+- **Effortless Routing:** Manage complex routes with ease, supporting dynamic patterns and nested structures.
+- **Component-Based Architecture:** Integrate reusable components effortlessly, just like React.
+- **Flexible Integration:** Choose and integrate only the packages you need, such as:
+  - 🧁 **Tailwind CSS** for modern UI styling
+  - 📘 **Swagger Docs** for powerful API documentation
+  - 🔌 **WebSocket** for real-time interactions
+  - 🚀 **Prisma ORM** for robust database management
+- **Out-of-the-Box Authentication:** Role-based sign-in and sign-out mechanisms ready to go.
+- **Advanced Caching:** Supercharge performance with built-in caching options.
 
 ## Quick Start
 

package/composer.json

@@ -15,11 +15,13 @@
     }
   ],
   "require": {
-    "php": "^8.1",
-    "vlucas/phpdotenv": "^5.6@dev",
-    "firebase/php-jwt": "dev-main",
-    "phpmailer/phpmailer": "^6.9",
-    "guzzlehttp/guzzle": "7.8",
-    "ezyang/htmlpurifier": "^4.17"
+    "php": "^8.2",
+    "vlucas/phpdotenv": "^5.6.1",
+    "firebase/php-jwt": "^6.10.2",
+    "phpmailer/phpmailer": "^6.9.3",
+    "guzzlehttp/guzzle": "^7.9.2",
+    "ezyang/htmlpurifier": "^4.18.0",
+    "symfony/uid": "^7.2.0",
+    "brick/math": "^0.12.1"
   }
 }

package/dist/.htaccess

@@ -1,11 +1,11 @@
 # Turn on rewrite engine
 RewriteEngine On
 
-# Deny access to .env file for security
-<Files .env>
+# Prevent access to sensitive files
+<FilesMatch "(^\.htaccess|\.git|\.env|composer\.(json|lock)|package(-lock)?\.json|phpunit\.xml)$">
     Order allow,deny
     Deny from all
-</Files>
+</FilesMatch>
 
 # Allow cross-origin requests (CORS) for all routes
 <IfModule mod_headers.c>
@@ -14,11 +14,56 @@ RewriteEngine On
     Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
 </IfModule>
 
+# Set Content-Type with charset UTF-8 for HTML, CSS, and JS files
+<IfModule mod_headers.c>
+    # For HTML files
+    <FilesMatch "\.(html|htm)$">
+        Header set Content-Type "text/html; charset=UTF-8"
+    </FilesMatch>
+
+    # For CSS files
+    <FilesMatch "\.(css)$">
+        Header set Content-Type "text/css; charset=UTF-8"
+    </FilesMatch>
+
+    # For JavaScript files
+    <FilesMatch "\.(js)$">
+        Header set Content-Type "application/javascript; charset=UTF-8"
+    </FilesMatch>
+</IfModule>
+
+# Add important security headers
+<IfModule mod_headers.c>
+    # Enforce HTTPS and prevent protocol downgrade attacks
+    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+    # Protect against Cross-Site Scripting (XSS) attacks
+    Header set X-XSS-Protection "1; mode=block"
+
+    # Prevent MIME-type sniffing
+    Header set X-Content-Type-Options "nosniff"
+
+    # Clickjacking protection
+    Header always set X-Frame-Options "DENY"
+
+    # Implement a basic Content Security Policy (CSP)
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;"
+
+    # Restrict form submissions
+    Header set Content-Security-Policy "form-action 'self'"
+
+    # Set a strict Referrer Policy
+    Header set Referrer-Policy "strict-origin-when-cross-origin"
+
+    # Control browser permissions (optional but recommended)
+    Header set Permissions-Policy "geolocation=(), microphone=(), camera=(), autoplay=()"
+</IfModule>
+
 # Exclude static files from being redirected
 RewriteCond %{REQUEST_URI} !\.(css|js|png|jpe?g|gif|svg|webp|woff2?|ttf|eot|ico|pdf|mp4|webm|mp3|ogg)$ [NC]
 RewriteCond %{REQUEST_URI} !^/bootstrap.php
 RewriteRule ^(.*)$ bootstrap.php [QSA,L]
 
-# Add this to ensure OPTIONS requests are handled correctly
+# Ensure OPTIONS requests are handled correctly
 RewriteCond %{REQUEST_METHOD} OPTIONS
 RewriteRule ^ - [R=200,L]