• bug report? unknown
• feature request? unknown
• version: 2.4.3

Description

This is how code looks like:

https://api.nette.org/2.4/source-Bootstrap.Configurator.php.html#_detectDebugMode

	public static function detectDebugMode($list = NULL): bool
	{
		$addr = $_SERVER['REMOTE_ADDR'] ?? php_uname('n');
		$secret = is_string($_COOKIE[self::COOKIE_SECRET] ?? NULL)
			? $_COOKIE[self::COOKIE_SECRET]
			: NULL;
		$list = is_string($list)
			? preg_split('#[,\s]+#', $list)
			: (array) $list;
		if (!isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
			$list[] = '127.0.0.1';
			$list[] = '::1';
		}
		return in_array($addr, $list, TRUE) || in_array("$secret@$addr", $list, TRUE);
	}

Let's say we have a proxy in one docker container and webserver in second one.
$_SERVER['REMOTE_ADDR'] is IP of the docker proxy container, so it's impossible to use $configurator->setDebugMode(['ip1', 'ip2']), because it's never matched againts real guest IP address.

Am I doing something wrong or we should change the first line to:

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
   $addr = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $addr = $_SERVER['REMOTE_ADDR'] ?? php_uname('n');
}

Hi,
in Configurator.php in https://github.com/nette/bootstrap/blob/master/src/Bootstrap/Configurator.php#L36 use DatabaseExtension but nette/database package missing in composer.json (in require section).

If I use Configurator without database, only for tests my extensions I get a error Class 'Nette\Bridges\DatabaseDI\DatabaseExtension' not found

I'm not sure if this is the right repostiory for an issue like this, if not I'm sorry in advance.

💡 The idea

It would be really helpful if the developer could enable extension simply by

$ composer require 68publishers/application # or any other Nette extension

and some mechanism will do other manual work automatically. Like

• register the extension
• add default configuration if necessary
• update package.json if the extension has some frontend dependency
• add or run schema migrations if needed
• register styles and JS if available
• show some notice
• composer remove action
• composer update
• and so on

To achieve something like that, it would be necessary to create some recommendations (best practices) for extension structure, project configuration and so on.

There're at least three important questions

1. How to implement this - should it be the Composer extension or something else?
2. Where should be stored configuration files - within the extension or in some other repository?
3. What types of "actions" should be implemented? (see the previous list)

Any hints?

What is wrong?

Version: 2.9.0

Bug Description

I tried to enable tracy debug-mode by use of permission via IP (v6) AND cookie secret. I was not able to use the cookie as an additional security feature, but only IP authentication worked flawless.

Steps To Reproduce

start new nette app-project
composer create-project nette/web-project path/to/install cd path/to/install

in bootstrap.php

ensure you have set a sufficient cookie

		$addr = 'insert ipv6 address here';
		$cookie_secret = 'secret';

		$cookie_name = 'tracy-debug';
		$arr_cookie_options = array (
			'expires' => strtotime( '+2 days' ),
			'path' => '/',
			'domain' => '',
			'secure' => true,
			'httponly' => true,
			'samesite' => 'Lax'
			);
		setcookie($cookie_name, $cookie_secret, $arr_cookie_options);

uncomment setDebugMode and fill in your credentials

$configurator->setDebugMode($cookie_secret.'@'.$addr);

Expected Behavior

setDebugMode is enabled, when cookie is available

Possible Solution

don't know, but i was able to verify the cookie within bootstrap.php by using

		if (!empty($_COOKIE[$cookie_name]))
		{
			if (0 == strcmp($_COOKIE[$cookie_name], $cookie_secret))
			{
				//$configurator->setDebugMode('[email protected]'); // enable for your remote IP
				$configurator->setDebugMode($addr); // enable for your remote IP
			}
		}

Following code will echo number 2 which is very confusing.

require __DIR__ . '/vendor/autoload.php';

$configurator = new Nette\Configurator();
$configurator->setTempDirectory(__DIR__ . '/temp');

$configurator->addParameters(['test' => '1']);
$configurator->addConfig(__DIR__ . '/test.neon'); // parameters: test: 2
$configurator->addParameters(['test' => '3']);

$container = $configurator->createContainer();
echo $container->getParameters()['test'];

It was possible through specific parameters in Nette 2.3, why it was removed?
Is it possible somehow?

I have this piece of code implemented, which does what I need, but it is ugly hack. I would prefer a clean way.

    public function generateContainer(DI\Compiler $compiler)
    {
        $containerCode = parent::generateContainer($compiler);
        if (isset($this->containerParentClass)) {
            // Hack :-(
            $containerCode = str_replace('extends ' . DI\Container::class, 'extends ' . $this->containerParentClass, $containerCode);
        }

        return $containerCode;
    }

Hello, i was just trying to update nette to 3.0 and encountered this issue. Of course i am willing to upgrade tracy/tracy too, but i do not think this is expected behaviour :-).

Version: 3.0

Bug Description

Exception Class 'Tracy\Bridges\Nette\Bridge' not found occurs when trying to run application.

Steps To Reproduce

Install tracy 2.4.* and nette/boostrap 3.0

Expected Behavior

I would expect that composer does not allow me to install incompatible versions with each other.

Possible Solution

I suggest adding conflict of tracy < 2.5 to composer.json

generated container file with name Container_xxxxxxxxxx.php, but the class in this file is
class Container extends Nette\DI\Container ==> Fatal Error Class 'Container_xxxxxxxxxx' not found

Version: v3.0.2

Bug Description

Hello,

If Nette starts in CLI mode other than via index.php (for example via Composer), the default parameter values will be set incorrectly.

Sample config in composer.json (live example):

"scripts": {
	"post-autoload-dump": "Baraja\\PackageRegistrator\\PackageRegistrator::composerPostAutoloadDump"
}

The problem occurs in index.php detection via ReflectionClass and debug_backtrace() function:

Because first item in callstack is not index.php, but internal Composer script:

Booting logic is here.

Steps To Reproduce

Run Nette application via Composer post-autoload-dump script when index.php is not first called script.

Expected Behavior

Correct parameter values like in normal CLI mode.

Possible Solution

In CLI mode, when the Composer is called, the base path should be detected differently. For example, via ReflectionClass over the Booting class, or by searching the index.php file. In case of error, paths can also be estimated fromappDir, which is usually correct.

I was thinking about how to fix the error, but I didn't come up with any reasonable solution.

Thanks.

Hello,

this issue refence to nette/tracy#84. It only adds possibility to set error template via NetteExtension.

This approach is taken from symfony, but I like it and I it's helpful in scaling application in Docker containers and so.

Example apache configuration.

<VirtualHost *:80>
    DocumentRoot    "/srv/nette/www"
    DirectoryIndex  index.php 
    SetEnv          NETTE__DATABASE__USER user
    SetEnv          NETTE__DATABASE__PASSWORD secret
</VirtualHost>

Or just container environment.

export NETTE__DATABASE__USER=user
export NETTE__DATABASE__PASSWORD=secret

You can use it in config.neon such as:

parameters:

database:
    dsn: 'mysql:host=%database.host%;dbname=%database.dbname%'
    user: %database.user%
    password: %database.password%
    options:
        lazy: yes

What do we need to do?

This is symfony method:

    protected function getEnvParameters()
    {
        $parameters = array();
        foreach ($_SERVER as $key => $value) {
            if (0 === strpos($key, 'SYMFONY__')) {
                $parameters[strtolower(str_replace('__', '.', substr($key, 9)))] = $value;
            }
        }
        return $parameters;
    }

I can rewrite it for Nette\Configurator.

Do you think@dg it can be part of configurator? Maybe it is a special function and should be in 3rd part libraries.

The properties.debugMode is detected in the __construct() -> getDefaultParameters() -> detectDebugMode() call flow. Any attempt to set it later in the configuration fails because it is ignored. So for example being on localhost I am unable to disable the debug mode without altering the code (e.g. by calling $config->setDebugMode(false).

I would expect to be able to override this behavior through configuration, for example setting parameters.debugMode = false in a file added through addConfig().

This issue is known for over year now, see the BTW part of this post.

Setting $autowireExcludedClasses (

Otherwise, if I use nette/bootstrap without nette/application, container compilation fails on
https://github.com/nette/di/blob/d090dd3573ab8aeacc83d3eceb0cd1ada11ec657/src/DI/ContainerBuilder.php#L291 with E_WARNING: class_parents(): Class Nette\Application\UI\Control does not exist and could not be loaded.

Due to this change 549fae0 a new Container is generated for each test file. Cointaner has different parameters -> different caching key.

Using iterable static type for event properties leads to Cannot access an offset on iterable<callable> exception in PhpStan

see: https://phpstan.org/r/d30bcff2-9ead-47d8-9a90-1e2a5443f39e

• database @hrach
• cache @dg
• http @xificurk
• tracy @xificurk
• mail @xificurk
• application @dg
• routing @dg
• security
• forms
• latte @xificurk
• container

• $initialize->addBody('Nette\Utils\SafeStream::register();');
• setupMailer()

In comparsion with Nette 2.2.3, in generated class SystemContainer (inside temp/cache directory), this line of code is missing inside public function initialize():

Nette\Bridges\Framework\TracyBridge::initialize();

Maybe, this is the reason: 961b58a