This module offers some features to manage assets from outside the DOCROOT folder.
The main goal of this module is to allow theme creators to package and distribute their themes in one folder.
please refer to the Manual
The module provides 4 configuration files :
- config.php : main configuration file
- routes.php : routing patterns
- security.php : security rules
- types.php : list of mime types
For the moment, this file just references directory paths in which the asset locator will look for files.
During initialization, paths from the main theme configuration are added to this list.
You can retrieve those paths by calling\Config::get('assetserver.paths');
Please note that existing routes must not be altered !
Routes of this module are added to the main routes configuration.
Take care about what type you allow !
The default behaviour is to deny every type, so you need to allow those you authorize to be served.
To do so, you have to add an entry in the assetserver.security.types_allowed array.
The latter is an associative array whose keys are mime types or a global pattern, and values are booleans.
A type is allowed to be served only if its value or the value of the global class it depends, is set to true.
In every other cases it is prohibited.
A global pattern is composed by the type followed by a slash and a star, eq.text/*
To illustrate this, a global class likeimage/*, if set to true, will allow all kind of image (like png, jpeg, gif...) to be served.
A type is evaluated before its class. If it is defined, the global class is not evaluated for this type.
You can by this way, allow all types of a class except some of them.
By default, all text types except PHP, all images and javascript are set to be served.
It provides a list of file types which can be accessed by calling
\Config::get('assetserver.mime_types');
File types are indexed by their file extension.
The easyest way is to create a theme and deploy it in a sub directory of the APPPATH/themes directory and build a HMVC Request using the following format :
assetserver/assetmanager/get/%THEME%/%ASSET_NAME%[/%FILE_EXTENSION%]
Where :
- %THEME% : is the name of the theme in which looking for the asset
- %ASSET_NAME% : is the name of the asset file to look for
- %FILE_EXTENSION% : (OPTIONAL) is the asset file extension.
If not provided, the first file called %ASSET_NAME% found is returned.
- Once called, the asset manager will ask the asset locator for the asset file.
- The asset locator will look for the theme in the paths provided.
- Then it will look for the file requested, and will return its realpath.
- The asset manager will try to retrieve the file type and check if the latter is allowed.
- If all is good, it will serve the file.
- To allow a file type, add an entry in the mime_types array with the type as key and true as value, eq. to allow PNG's :
'image/png' => true, - To deny a file type, add an entry in the mime_types array with the type as key and false as value, eq. to deny PHP's :
'text/x-php' => false, - To allow all file types from the same main type, add an entry in the mime_types array with the class global pattern as key and true as value,
eq. to allow all images :
'image/*' => true
So if I want to allow all text files except PHP files (for evident security issues...) I have to add 'text/*' => true, and 'text/x-php' => false,
- the file does not exist or is not found ? a 404 HTTP error is sent
- the file type is not allowed ? a 403 HTTP error is sent