From da8bd27d5fd4b7e1d297a43991335214ae3b33f3 Mon Sep 17 00:00:00 2001
From: Andres Reyes Hernandez <soporte.tic@patasalada.mx>
Date: Sat, 3 Jan 2026 00:11:55 -0700
Subject: [PATCH] Configuracion Minima

---
 .gitignore                                    |   6 ++
 app/config/bootstrap.php                      |  63 +++++++++++
 app/config/routes.php                         |  30 ++++++
 app/config/services.php                       | 102 ++++++++++++++++++
 app/middlewares/SecurityHeadersMiddleware.php |  37 +++++++
 composer.json                                 |  50 +++++++++
 public/.htaccess                              |  10 ++
 public/index.php                              |  28 +++++
 8 files changed, 326 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 app/config/bootstrap.php
 create mode 100644 app/config/routes.php
 create mode 100644 app/config/services.php
 create mode 100644 app/middlewares/SecurityHeadersMiddleware.php
 create mode 100644 composer.json
 create mode 100644 public/.htaccess
 create mode 100644 public/index.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b9dbda1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+vendor/
+.vscode/
+app/config/config.php
+composer.lock
+.vagrant/
+.runway-creds.json
\ No newline at end of file
diff --git a/app/config/bootstrap.php b/app/config/bootstrap.php
new file mode 100644
index 0000000..5d7e223
--- /dev/null
+++ b/app/config/bootstrap.php
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * This is the file called bootstrap who's job is to make sure that all the
+ * required services, plugins, connections, etc. are loaded and ready to go
+ * for every request made to the application.
+ */
+$ds = DIRECTORY_SEPARATOR;
+require(__DIR__ . $ds . '..' . $ds . '..' . $ds . 'vendor' . $ds . 'autoload.php');
+if(file_exists(__DIR__. $ds . 'config.php') === false) {
+	Flight::halt(500, 'Config file not found. Please create a config.php file in the app/config directory to get started.');
+}
+
+// It is better practice to not use static methods for everything. It makes your
+// app much more difficult to unit test easily.
+// This is important as it connects any static calls to the same $app object
+$app = Flight::app();
+
+/*
+ * Load the config file
+ * P.S. When you require a php file and that file returns an array, the array
+ * will be returned by the require statement where you can assign it to a var.
+ */
+$config = require('config.php');
+
+/*
+ * Load the services file.
+ * A "service" is basically something special that you want to use in your app.
+ * For instance, need a database connection? You can set up a database service.
+ * Need caching? You can setup a Redis service
+ * Need to send email? You can setup a mailgun/sendgrid/whatever service to send emails.
+ * Need to send SMS? You can setup a Twilio service.
+ * 
+ * All the services and how they are configured are setup in the services file.
+ * In many cases, services are all attached to something called a "services container"
+ * or more simply, a "container". The container manages if you should share the same
+ * service, or if you should create a new instance of the service every time you need it.
+ * That's a discussion for another day. Suffice to say, that Flight has a basic concept
+ * of a services container by registering classes to the Engine class.
+ */ 
+require('services.php');
+
+// Whip out the ol' router and we'll pass that to the routes file
+$router = $app->router();
+
+/*
+ * Load the routes file. the $router variable above is passed into the routes.php
+ * file below so that you can define routes in that file.
+ * A route is really just a URL, but saying route makes you sound cooler.
+ * When someone hits that URL, you point them to a function or method 
+ * that will handle the request.
+ */
+require('routes.php');
+
+// At this point, your app should have all the instructions it needs and it'll
+// "start" processing everything. This is where the magic happens.
+$app->start();
+/*
+ .----..---.  .--.  .----.  .---.     .---. .-. .-.  .--.  .---.    .----. .-. .-..----. .----..-.  .-.
+{ {__ {_   _}/ {} \ | {}  }{_   _}   {_   _}| {_} | / {} \{_   _}   | {}  }| { } || {}  }| {}  }\ \/ / 
+.-._} } | | /  /\  \| .-. \  | |       | |  | { } |/  /\  \ | |     | .--' | {_} || .--' | .--'  }  {  
+`----'  `-' `-'  `-'`-' `-'  `-'       `-'  `-' `-'`-'  `-' `-'     `-'    `-----'`-'    `-'     `--'  
+*/
\ No newline at end of file
diff --git a/app/config/routes.php b/app/config/routes.php
new file mode 100644
index 0000000..1a5988b
--- /dev/null
+++ b/app/config/routes.php
@@ -0,0 +1,30 @@
+<?php
+
+use app\controllers\ApiExampleController;
+use app\middlewares\SecurityHeadersMiddleware;
+use flight\Engine;
+use flight\net\Router;
+
+/** 
+ * @var Router $router 
+ * @var Engine $app
+ */
+
+// This wraps all routes in the group with the SecurityHeadersMiddleware
+$router->group('', function(Router $router) use ($app) {
+
+	$router->get('/', function() use ($app) {
+		$app->render('welcome', [ 'message' => 'You are gonna do great things!' ]);
+	});
+
+	$router->get('/hello-world/@name', function($name) {
+		echo '<h1>Hello world! Oh hey '.$name.'!</h1>';
+	});
+
+	$router->group('/api', function() use ($router) {
+		$router->get('/users', [ ApiExampleController::class, 'getUsers' ]);
+		$router->get('/users/@id:[0-9]', [ ApiExampleController::class, 'getUser' ]);
+		$router->post('/users/@id:[0-9]', [ ApiExampleController::class, 'updateUser' ]);
+	});
+	
+}, [ SecurityHeadersMiddleware::class ]);
\ No newline at end of file
diff --git a/app/config/services.php b/app/config/services.php
new file mode 100644
index 0000000..0f2c634
--- /dev/null
+++ b/app/config/services.php
@@ -0,0 +1,102 @@
+<?php
+
+use flight\Engine;
+use flight\database\PdoWrapper;
+use flight\debug\database\PdoQueryCapture;
+use flight\debug\tracy\TracyExtensionLoader;
+use Tracy\Debugger;
+
+/*********************************************
+ *         FlightPHP Service Setup           *
+ *********************************************
+ * This file registers services and integrations
+ * for your FlightPHP application. Edit as needed.
+ *
+ * @var array  $config  From config.php
+ * @var Engine $app     FlightPHP app instance
+ **********************************************/
+
+
+
+/*********************************************
+ *           Session Service Setup           *
+ *********************************************
+ * To enable sessions in FlightPHP, register the session service.
+ * Docs: https://docs.flightphp.com/awesome-plugins/session
+ *
+ * Example:
+ *   $app->register('session', \flight\Session::class, [
+ *       [
+ *           'prefix' 		=> 'flight_session_', 	  // Prefix for the session cookie
+ *           'save_path'    => 'path/to/my/sessions', // Path to save session files
+ *           // ...other options...
+ *       ]
+ *   ]);
+ *
+ * For advanced options, see the plugin documentation above.
+ **********************************************/
+
+/*********************************************
+ *           Tracy Debugger Setup            *
+ *********************************************
+ * Tracy is a powerful error handler and debugger for PHP.
+ * Docs: https://tracy.nette.org/
+ *
+ * Key Tracy configuration options:
+ *   - Debugger::enable([mode], [ip]);
+ *       - mode: Debugger::Development or Debugger::Production
+ *       - ip: restrict debug bar to specific IP(s)
+ *   - Debugger::$logDirectory: where error logs are stored
+ *   - Debugger::$strictMode: show all errors (true/E_ALL), or filter out deprecated notices
+ *   - Debugger::$showBar: show/hide debug bar (auto-detected, can be forced)
+ *   - Debugger::$maxLen: max length of dumped variables
+ *   - Debugger::$maxDepth: max depth of dumped structures
+ *   - Debugger::$editor: configure clickable file links (see docs)
+ *   - Debugger::$email: send error notifications to email
+ *
+ * Example Tracy setups:
+ *   Debugger::enable(); // Auto-detects environment
+ *   Debugger::enable(Debugger::Development); // Explicitly set environment
+ *   Debugger::enable('23.75.345.200'); // Restrict debug bar to specific IPs
+ *
+ * For more options, see https://tracy.nette.org/en/configuration
+ **********************************************/
+Debugger::enable(); // Auto-detects environment
+// Debugger::enable(Debugger::Development); // Explicitly set environment
+// Debugger::enable('23.75.345.200'); // Restrict debug bar to specific IPs
+Debugger::$logDirectory = __DIR__ . $ds . '..' . $ds . 'log'; // Log directory
+Debugger::$strictMode = true; // Show all errors (set to E_ALL & ~E_DEPRECATED for less noise)
+// Debugger::$maxLen = 1000; // Max length of dumped variables (default: 150)
+// Debugger::$maxDepth = 5; // Max depth of dumped structures (default: 3)
+// Debugger::$editor = 'vscode'; // Enable clickable file links in debug bar
+// Debugger::$email = 'your@email.com'; // Send error notifications
+if (Debugger::$showBar === true && php_sapi_name() !== 'cli') {
+	(new TracyExtensionLoader($app)); // Load FlightPHP Tracy extensions
+}
+
+/**********************************************
+ *           Database Service Setup           *
+ **********************************************/
+// Uncomment and configure the following for your database:
+
+// MySQL Example:
+// $dsn = 'mysql:host=' . $config['database']['host'] . ';dbname=' . $config['database']['dbname'] . ';charset=utf8mb4';
+
+// SQLite Example:
+// $dsn = 'sqlite:' . $config['database']['file_path'];
+
+// Register Flight::db() service
+// In development, use PdoQueryCapture to log queries; in production, use PdoWrapper for performance.
+// $pdoClass = Debugger::$showBar === true ? PdoQueryCapture::class : PdoWrapper::class;
+// $app->register('db', $pdoClass, [ $dsn, $config['database']['user'] ?? null, $config['database']['password'] ?? null ]);
+
+/**********************************************
+ *         Third-Party Integrations           *
+ **********************************************/
+// Google OAuth Example:
+// $app->register('google_oauth', Google_Client::class, [ $config['google_oauth'] ]);
+
+// Redis Example:
+// $app->register('redis', Redis::class, [ $config['redis']['host'], $config['redis']['port'] ]);
+
+// Add more service registrations below as needed
diff --git a/app/middlewares/SecurityHeadersMiddleware.php b/app/middlewares/SecurityHeadersMiddleware.php
new file mode 100644
index 0000000..939500e
--- /dev/null
+++ b/app/middlewares/SecurityHeadersMiddleware.php
@@ -0,0 +1,37 @@
+<?php
+declare(strict_types=1);
+
+namespace app\middlewares;
+
+use flight\Engine;
+use Tracy\Debugger;
+
+class SecurityHeadersMiddleware
+{
+	protected Engine $app;
+
+	public function __construct(Engine $app)
+	{
+		$this->app = $app;
+	}
+	
+	public function before(array $params): void
+	{
+		$nonce = $this->app->get('csp_nonce');
+
+		// development mode to execute Tracy debug bar CSS
+		$tracyCssBypass = "'nonce-{$nonce}'";
+		if(Debugger::$showBar === true) {
+			$tracyCssBypass = ' \'unsafe-inline\'';
+		}
+
+		$csp = "default-src 'self'; script-src 'self' 'nonce-{$nonce}' 'strict-dynamic'; style-src 'self' {$tracyCssBypass}; img-src 'self' data:;";
+		$this->app->response()->header('X-Frame-Options', 'SAMEORIGIN');
+		$this->app->response()->header("Content-Security-Policy", $csp);
+		$this->app->response()->header('X-XSS-Protection', '1; mode=block');
+		$this->app->response()->header('X-Content-Type-Options', 'nosniff');
+		$this->app->response()->header('Referrer-Policy', 'no-referrer-when-downgrade');
+		$this->app->response()->header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
+		$this->app->response()->header('Permissions-Policy', 'geolocation=()');
+	}
+}
\ No newline at end of file
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..c95b804
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,50 @@
+{
+    "name": "flightphp/skeleton",
+    "description": "A Flight PHP framework skeleton app to get your new projects up and running ASAP",
+    "keywords": [
+        "microframework",
+        "rest",
+        "restapi",
+        "simple",
+        "easy",
+        "lite",
+		"boilerplate",
+		"skeleton"
+    ],
+    "homepage": "https://docs.flightphp.com",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "n0nag0n",
+            "email": "n0nag0n@sky-9.com",
+			"role": "lead"
+        }
+    ],
+    "require": {
+        "php": "^7.4 || ^8.0",
+        "ext-json": "*",
+        "flightphp/core": "^3.17.4",
+        "flightphp/runway": "^0.2 || ^1.2.5",
+        "tracy/tracy": "^2.11"
+    },
+    "config": {
+        "process-timeout": 0,
+        "sort-packages": true,
+        "allow-plugins": {
+        }
+    },
+    "scripts": {
+        "start": "php -S localhost:8000 -t public",
+		"post-create-project-cmd": [ 
+			"@php -r \"copy('app/config/config_sample.php', 'app/config/config.php');\"",
+			"@php -r \"mkdir('app/models/');\"",
+			"@php -r \"mkdir('app/utils/');\"",
+			"@php -r \"mkdir('app/cache/');\"",
+			"@php -r \"mkdir('app/log/');\""
+		]
+    },
+    "require-dev": {
+        "flightphp/tracy-extensions": "^0.1 || ^0.2.7",
+        "phpstan/phpstan": "^2.1"
+    }
+}
diff --git a/public/.htaccess b/public/.htaccess
new file mode 100644
index 0000000..2690da8
--- /dev/null
+++ b/public/.htaccess
@@ -0,0 +1,10 @@
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php [QSA,L]
+
+# BEGIN GZIP
+<ifmodule mod_deflate.c>
+AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
+</ifmodule>
+# END GZIP
\ No newline at end of file
diff --git a/public/index.php b/public/index.php
new file mode 100644
index 0000000..ebd4b42
--- /dev/null
+++ b/public/index.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * FlightPHP Framework
+ * @copyright   Copyright (c) 2024, Mike Cao <mike@mikecao.com>, n0nag0n <n0nag0n@sky-9.com>
+ * @license     MIT, http://flightphp.com/license
+                                                                  .____   __ _
+     __o__   _______ _ _  _                                     /     /
+     \    ~\                                                  /      /
+       \     '\                                         ..../      .'
+        . ' ' . ~\                                      ' /       /
+       .  _    .  ~ \  .+~\~ ~ ' ' " " ' ' ~ - - - - - -''_      /
+      .  <#  .  - - -/' . ' \  __                          '~ - \
+       .. -           ~-.._ / |__|  ( )  ( )  ( )  0  o    _ _    ~ .
+     .-'                                               .- ~    '-.    -.
+    <                      . ~ ' ' .             . - ~             ~ -.__~_. _ _
+      ~- .       N121PP  .          . . . . ,- ~
+            ' ~ - - - - =.   <#>    .         \.._
+                        .     ~      ____ _ .. ..  .- .
+                         .         '        ~ -.        ~ -.
+                           ' . . '               ~ - .       ~-.
+                                                       ~ - .      ~ .
+                                                              ~ -...0..~. ____
+   Cessna 402  (Wings)
+   by Dick Williams, rjw1@tyrell.net
+*/
+$ds = DIRECTORY_SEPARATOR;
+require(__DIR__. $ds . '..' . $ds . 'app' . $ds . 'config' . $ds . 'bootstrap.php');
\ No newline at end of file