NEW replace _ss_environment.php with .env and environment vars

[dhensby]

This PR replaces our idiosyncratic _ss_environment.php convention with support for first class environment variables with a .env poly-fill for easy testing/development.

I've also removed the dependency on the Host header ($_SERVER['HTTP_HOST']) from the bootstrap so we no longer require $_FILE_TO_URL_MAPPING global for CLI execution. Devs can now set SS_HOST environment variable or Director.alternate_host config var.

Docs and tests have been updated

[assertchris]

Brilliant change. I'd suggest creating an env($key, $default = null) function which proxies to the underlying env function, but allows for defaults. Then things like getenv('SS_PROTECTED_ASSETS_PATH') can have sensible defaults, like env('SS_PROTECTED_ASSETS_PATH', 'assets/secure').

[tractorcow]

Could we not support both getenv() and defined() vars using a core environment helper?

class Environment {
	public static function get($var) {
		if (defined($var)) return constant($var);
		return getenv($var);
	}
}

This allows certain vars to be fixed (and thus protected from modification). there are security concerns related to allowing core vars to be modified.

[dhensby]

@assertchris good idea - I guess I'll just copy laravel ;) - though there is more a favour towards putting these methods into utility classes.

@tractorcow whilst I don't really think there's a significant issue in allowing our pseudo environment vars to be modified I think your suggestion is sound in regards to providing BC support.

One issue there is to address is how we now handle $_FILE_TO_URL_MAPPING - though we could just define a new env var for this?

[assertchris]

I think it would be better to resolve .env variables before constants, but good suggestion @tractorcow.

[tractorcow]

I would prefer to see $_FILE_TO_URL_MAPPING become less important and opt-in, and instead have a better default.

[dhensby]

I would prefer to see $_FILE_TO_URL_MAPPING become less important and opt-in, and instead have a better default.

I agree - there's currently the ability to set default baseurl and we could easily move this to an env var itself. .env won't apply across sites, so there's less of a need for a path to domain map.

[tractorcow]

My view is that if you declare security-sensitive vars such as SS_TRUST_* values, attempts to re-declare them via getenv() could potentially be an error condition (i.e. only if defined in multiple places AND differ).

Other values could be safely overridden, however, e.g for testing purposes. :)

I'm very security paranoid though... so I am perhaps arguing for unnecessary strictness in this case.

[tractorcow]

there's currently the ability to set default baseurl

Maybe just have SS_DEFAULT_BASE_URL instead as a substitute? Does that better suit the new architecture? We have BASE_URL but that's a core constant not an environment-level option.

[SpiritLevel]

// Bootstrap environment.php ?

[SpiritLevel]

Isn't it more efficient to avoid calling getenv twice and instead do something like below?

if($protetedAssetsPath=getenv('SS_PROTECTED_ASSETS_PATH')) {
   return $protectedAssetsPath;
}

If so then there are a number of other places one reduce the calls to getenv :)

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[SpiritLevel]

Extra call to getenv ?

[dhensby]

Needs to link to more detailed docs, and an example on how to rewrite the old format to the new one.

I've added docs under environment management that show the new format. I've added to the changelog to link to this.

Should mention that devs need to check if their webservers are configured to deny requests to dot-prefixed files if the environment file is located in the webroot (or move it out of the webroot). This wasn't a problem before with PHP files, since they would execute on webserver requests, but not leak any information.

Added security issues section to environment management docs

Needs to point out conditional logic as bad practice (no longer possible), and suggest a better alternative

I'm not sure where to put this, it doesn't really make sense to put it in environment management docs ("Don't do this thing you can't do any more coz it's bad but if you have to do it this way").

Mention the removal of $_FILE_TO_URL_MAPPING (and how to achieve this now)

Added to change log

[chillu]

I'm not sure where to put this, it doesn't really make sense to put it in environment management docs ("Don't do this thing you can't do any more coz it's bad but if you have to do it this way").

In the 4.0.0.md upgrading guide - doesn't make sense as permanent documentation, but at the point of an upgrade it's relevant.

[chillu]

Spelling ("aleternate")

[dhensby]

What's wrong with my aleternate spelling :)

[sminnee]

A few more points. However, I'd be open to merging as-is and raising an alpha5 ticket for the subsequent changes if we want to just get the thing over the line.

[sminnee]

• Let's start saying "project root" rather than webroot. If, one blessed day, we allow a flexible webroot location, then these docs won't need updating.
• We should note in these docs that the .env

Eg: "By default, the .env file must be placed either in your project root folder (i.e. next to your composer.json), or in its parent folder"

[dhensby]

done

[sminnee]

This doesn't appear to let us force the generation of https:// URLs from CLI scripts. Perhaps we want to allow SS_HOST to be a URL fragment as well as a hostname?

[sminnee]

This could be a future PR.

[sminnee]

We've also lost the ability to indicate that a SilverStripe site is running in a non-root URL.

Was there a reason that we didn't make this setting SS_BASE_URL instead?

[dhensby]

hmm - good point

[sminnee]

This is out of date.

[dhensby]

fixed

[sminnee]

Not a blocker, but I feel that an if(file_exists()) check would be better than throwing and swallowing an exception.

[tractorcow]

Exception is a bit of overhead, we can fix in separate ticket.

[dhensby]

OK - I've addressed all the feedback apart from the URL issues

[sminnee]

I'm happy for us to merge as-is and pick up SS_HOST vs SS_BASE_URL as a separate ticket.

[dhensby]

:') Can't believe it - whoop

[dhensby]

I've opened the follow-up issue

[chillu]

Awesome to see this merged! Buuuuut: It broke all travis builds apart from framework, since that's the only one that no longer relies on travis-support: silverstripe/silverstripe-travis-support#41. And funnily enough, we're using conditional logic in the _ss_env there ;) @dhensby, do you have time to look at this?

[dhensby]

I'll look at it today.

[GrahamCampbell]

The current version of phpdotenv is robust and thread-safe. The following example will work in a multithreaded environment. This avoids using the adapter that would have called putenv and getenv, which are not threadsafe.

<?php

use Dotenv\Environment\Adapter\EnvConstAdapter;
use Dotenv\Environment\Adapter\ServerConstAdapter;
use Dotenv\Environment\DotenvFactory;
use Dotenv\Dotenv;

$factory = new DotenvFactory([new EnvConstAdapter(), new ServerConstAdapter()]);

Dotenv::create($path, null, $factory)->load();

[robbieaverill]

Thanks for the update @GrahamCampbell!

@silverstripe/core-team do we want to do an RFC to re-implement the latest version of phpdotenv for SS5?

[dhensby]

New issue / thread please :)

[maxime-rainville]

I second Dan. Going through dozen of messages from 2 years ago is not conductive to a useful discussion.

[GrahamCampbell]

See #8764. :)