Merge branch 'next' into feat-zms-2936-initial-setup-webcomponent

.coderabbit.yaml

@@ -5,3 +5,40 @@ reviews:
     base_branches:
       - next
     drafts: true
+  path_instructions:
+    - path: "**/*.php"
+      instructions: |
+        Flag any usage of error_log() as it should be replaced with proper logging mechanisms:
+        1. For error handling: Use a proper logging framework with error levels (PSR-3 LoggerInterface)
+        2. For debugging: Use a dedicated debug logger or remove debug statements
+        3. For CLI output: Use a CLI output handler or symfony/console
+        4. For application events: Use structured logging with proper log levels
+
+        Example replacement:
+        ```php
+        // Instead of:
+        error_log("Import failed - " . $e->getMessage());
+        
+        // Use:
+        $logger->error("Import failed", ['error' => $e->getMessage()]);
+        ```
+    - path: "**/*.{js,jsx,ts,tsx}"
+      instructions: |
+        Flag any usage of console.log() as it should be replaced with proper logging:
+        1. For development: Use proper debug tools or logging libraries
+        2. For production: Remove console.log() statements or use structured logging
+        3. For errors: Use error tracking services (e.g., Sentry)
+        4. For debugging: Consider using debug libraries that can be enabled/disabled
+
+        Example replacement:
+        ```javascript
+        // Instead of:
+        console.log('User data:', userData);
+        
+        // Use:
+        logger.debug('Processing user data', { userData });
+        // or for development only:
+        if (process.env.NODE_ENV === 'development') {
+          debug('User data:', userData);
+        }
+        ```

.ddev/.env.template

@@ -1,4 +1,4 @@
-# zms
+# ZMS Core
 ZMS_API_URL=https://zms.ddev.site/terminvereinbarung/api/2
 ZMS_CRONROOT=1
 ZMS_ENV=dev
@@ -8,5 +8,57 @@ MYSQL_DATABASE=db
 MYSQL_USER=db
 MYSQL_PASSWORD=db
 
-# xdebug
-PHP_IDE_CONFIG="serverName=zms.ddev.site"
+# Cache Configuration
+CACHE_DIR=/var/www/html/zmscitizenapi/cache
+SOURCE_CACHE_TTL=3600
+
+# Maintenance Mode
+MAINTENANCE_ENABLED=false
+
+# Logger Configuration
+LOGGER_MAX_REQUESTS=1000
+LOGGER_RESPONSE_LENGTH=1048576  # 1MB
+LOGGER_STACK_LINES=20
+LOGGER_MESSAGE_SIZE=8192  # 8KB
+LOGGER_CACHE_TTL=60
+LOGGER_MAX_RETRIES=3
+LOGGER_BACKOFF_MIN=100
+LOGGER_BACKOFF_MAX=1000
+LOGGER_LOCK_TIMEOUT=5
+
+# Captcha Configuration
+CAPTCHA_ENABLED=false
+FRIENDLY_CAPTCHA_SECRET_KEY=
+FRIENDLY_CAPTCHA_SITE_KEY=
+FRIENDLY_CAPTCHA_ENDPOINT=https://eu-api.friendlycaptcha.eu/api/v1/siteverify
+FRIENDLY_CAPTCHA_ENDPOINT_PUZZLE=https://eu-api.friendlycaptcha.eu/api/v1/puzzle
+ALTCHA_CAPTCHA_SECRET_KEY=
+ALTCHA_CAPTCHA_SITE_KEY=
+ALTCHA_CAPTCHA_ENDPOINT=https://eu.altcha.org/form/
+ALTCHA_CAPTCHA_ENDPOINT_PUZZLE=https://eu.altcha.org/
+
+# Rate Limiting
+RATE_LIMIT_MAX_REQUESTS=60
+RATE_LIMIT_CACHE_TTL=60
+RATE_LIMIT_MAX_RETRIES=3
+RATE_LIMIT_BACKOFF_MIN=10
+RATE_LIMIT_BACKOFF_MAX=50
+RATE_LIMIT_LOCK_TIMEOUT=1
+
+# Request Limits
+MAX_REQUEST_SIZE=10485760  # 10MB
+MAX_STRING_LENGTH=32768    # 32KB
+MAX_RECURSION_DEPTH=10
+
+# CSRF Configuration
+CSRF_TOKEN_LENGTH=32
+CSRF_SESSION_KEY=csrf_token
+
+# CORS Configuration
+CORS=http://localhost:8082,http://localhost:8080,http://localhost:8090,https://localhost:8091,http://localhost:3000,http://127.0.0.1:3000,https://zms.ddev.site,http://zms.ddev.site
+
+# IP Filter Configuration
+IP_BLACKLIST=
+
+# Debug Configuration
+PHP_IDE_CONFIG="serverName=zms.ddev.site"

.ddev/config.yaml

@@ -143,13 +143,13 @@ timezone: Europe/Berlin
 # fail_on_hook_fail: False
 # Decide whether 'ddev start' should be interrupted by a failing hook
 
-# host_https_port: "59002"
+host_https_port: "8091"
 # The host port binding for https can be explicitly specified. It is
 # dynamic unless otherwise specified.
 # This is not used by most people, most people use the *router* instead
 # of the localhost port.
 
-# host_webserver_port: "59001"
+host_webserver_port: "8090"
 # The host port binding for the ddev-webserver can be explicitly specified. It is
 # dynamic unless otherwise specified.
 # This is not used by most people, most people use the *router* instead

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+### Pull Request Checklist (Feature Branch to `next`):
+
+- [ ] Ich habe die neuesten Änderungen aus dem `next` Branch in meinen Feature-Branch gemergt.
+- [ ] Das Code-Review wurde abgeschlossen.
+- [ ] Fachliche Tests wurden durchgeführt und sind abgeschlossen.

.github/workflows/build-api-docs.yaml

@@ -0,0 +1,78 @@
+name: Build API Documentation
+
+on:
+  workflow_call:
+    outputs:
+      result:
+        description: "Build result"
+        value: ${{ jobs.build.outputs.result }}
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      result: ${{ steps.set-result.outputs.result }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.0'
+          extensions: mbstring, json
+          tools: composer
+
+      - name: Install PHP dependencies
+        run: |
+          composer install --working-dir=zmsapi
+          composer install --working-dir=zmscitizenapi
+
+      - name: Run PHP post-install scripts
+        run: |
+          cd zmsapi && bin/configure && composer run-script post-install-cmd && cd ..
+          cd zmscitizenapi && bin/configure && composer run-script post-install-cmd && cd ..
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '16'
+
+      - name: Install Node.js dependencies
+        run: |
+          cd zmsapi && npm install && cd ..
+          cd zmscitizenapi && npm install && cd ..
+
+      - name: Build projects
+        run: |
+          cd zmsapi && npm run build && cd ..
+          cd zmscitizenapi && npm run build && cd ..
+
+      - name: Generate Swagger documentation
+        run: |
+          cd zmsapi
+          npm run doc
+          npx swagger-cli bundle -o public/doc/swagger.json public/doc/swagger.yaml
+          cd ..
+          
+          cd zmscitizenapi
+          npm run doc
+          npx swagger-cli bundle -o public/doc/swagger.json public/doc/swagger.yaml
+          cd ..
+
+      - name: Upload API docs artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: api-docs
+          retention-days: 7
+          path: |
+            zmsapi/public/doc/
+            zmscitizenapi/public/doc/
+
+      - name: Set job result
+        id: set-result
+        if: always()
+        run: echo "result=${{ job.status }}" >> $GITHUB_OUTPUT

.github/workflows/combined-workflow-with-docs.yaml

@@ -0,0 +1,106 @@
+name: Combined Workflow with Documentation
+
+on:
+  push:
+    branches: [next]
+
+permissions:
+  contents: read
+  packages: write
+  pages: write
+  id-token: write
+
+jobs:
+  call-php-code-quality:
+    uses: ./.github/workflows/php-code-quality.yaml
+
+  call-php-unit-tests:
+    uses: ./.github/workflows/php-unit-tests.yaml
+
+  call-owasp-security-checks:
+    uses: ./.github/workflows/owasp-security-checks.yaml
+
+  aggregate-reports:
+    needs: [call-php-unit-tests, call-owasp-security-checks]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create directories
+        run: |
+          mkdir -p public/coverage
+          mkdir -p public/security
+
+      - name: Download coverage reports
+        uses: actions/download-artifact@v4
+        with:
+          pattern: 'coverage-*'
+          path: public/coverage-temp
+          merge-multiple: false
+
+      - name: Download security reports
+        uses: actions/download-artifact@v4
+        with:
+          pattern: 'security-report-*'
+          path: public/security-temp
+          merge-multiple: false
+
+      - name: Fix directory structure
+        run: |
+          # Fix coverage reports
+          for module in zmsadmin zmscalldisplay zmscitizenapi zmsdldb zmsentities zmsmessaging zmsslim zmsstatistic zmsticketprinter zmsapi zmsdb zmsclient; do
+            if [ -d "public/coverage-temp/coverage-$module" ]; then
+              mkdir -p "public/coverage/coverage-$module"
+              mv "public/coverage-temp/coverage-$module"/* "public/coverage/coverage-$module/"
+            fi
+          done
+          rm -rf public/coverage-temp
+
+          # Fix security reports
+          for module in zmsadmin zmscalldisplay zmscitizenapi zmsdldb zmsentities zmsmessaging zmsslim zmsstatistic zmsticketprinter zmsapi zmsdb zmsclient; do
+            if [ -f "public/security-temp/security-report-$module/dependency-check-report.html" ]; then
+              mkdir -p "public/security/security-report-$module"
+              mv "public/security-temp/security-report-$module/dependency-check-report.html" "public/security/security-report-$module/"
+            fi
+          done
+          rm -rf public/security-temp
+
+      - name: Debug - List final structure
+        run: |
+          echo "=== Final Coverage Structure ==="
+          ls -R public/coverage/
+          echo "=== Final Security Structure ==="
+          ls -R public/security/
+
+      - name: Upload aggregated reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: aggregated-reports
+          path: public/
+          retention-days: 7
+
+  call-build-api-docs:
+    uses: ./.github/workflows/build-api-docs.yaml
+
+  generate-schema-diagrams:
+    uses: ./.github/workflows/generate-schema-diagrams.yaml
+
+  deploy-to-pages:
+    needs: [aggregate-reports, call-build-api-docs, generate-schema-diagrams]
+    if: |
+      needs.call-build-api-docs.result == 'success' &&
+      needs.aggregate-reports.result == 'success' &&
+      needs.generate-schema-diagrams.result == 'success'
+    uses: ./.github/workflows/deploy-pages.yaml
+    with:
+      coverage_artifact: aggregated-reports
+      api_docs_artifact: api-docs
+      security_artifact: aggregated-reports
+      git_commit: ${{ github.sha }}
+      git_branch: ${{ github.ref_name }}
+
+  call-php-build-images:
+    needs: [call-php-code-quality, call-php-unit-tests]
+    if: |
+      always() &&
+      needs.call-php-code-quality.result == 'success' &&
+      needs.call-php-unit-tests.result == 'success'
+    uses: ./.github/workflows/php-build-images.yaml

.github/workflows/combined-workflow.yaml

@@ -1,11 +1,28 @@
 name: Combined Workflow
 
-on: [push]
+on:
+  push:
+    branches-ignore: [next]
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
 
 jobs:
-  call-unit-tests:
-    uses: ./.github/workflows/unit-tests.yaml
+  call-php-code-quality:
+    uses: ./.github/workflows/php-code-quality.yaml
+
+  call-php-unit-tests:
+    uses: ./.github/workflows/php-unit-tests.yaml
+
+  call-owasp-security-checks:
+    uses: ./.github/workflows/owasp-security-checks.yaml
 
-  call-build-images:
-    needs: call-unit-tests
-    uses: ./.github/workflows/build-images.yaml
+  call-php-build-images:
+    needs: [call-php-code-quality, call-php-unit-tests]
+    if: |
+      always() &&
+      needs.call-php-code-quality.result == 'success' &&
+      needs.call-php-unit-tests.result == 'success'
+    uses: ./.github/workflows/php-build-images.yaml