make path of data dir configurable

Closes #109

README.md

@@ -44,9 +44,13 @@ ember build --prod
 
 Afterwards copy all files in /dist folder to your werbserver.
 
+### Configuration
+Api could be configured by creating a `config.php` inside `api/` folder which returns an associative array.
+Have a look at `api/config.default.php` for available options.
+
 ### Webserver configuration
 
-* `data/` folder has to be writeable by web server, but **must not** be accessible publicy. That means protect it in your webserver configuration!
+* `data/` folder has to be writeable by web server, but **must not** be accessible publicy. Protect it in your webserver configuration or move it out of webroot by changing `dataDir` api option.
 * Croodle uses [subresource integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) (SRI) for assets. Therefore you **must not** tamper with build output (e.g. you have to disable cloudflare [*Auto Minify*](https://support.cloudflare.com/hc/en-us/articles/200167996-Does-CloudFlare-have-HTML-JavaScript-and-CSS-compression-features-) feature). If that's not an option for you, you have to [disable SRI](https://github.com/jonathanKingston/ember-cli-sri#options) and build yourself.
 * HTTPS connection should be forced. You should consider using [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security) (HSTS) and [HTTP Public Key Pinning](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning) (HPKP).
 * [Content-Security-Policy](http://content-security-policy.com/) (CSP) should be used. Default CSP headers are provided in `.htaccess` file but commented out.

api/config.default.php

@@ -0,0 +1,9 @@
+<?php
+
+return array(
+  /*
+   * dataDir (String)
+   * relative or absolute path to folder where polls are stored
+   */
+  'dataDir' => '../data/'
+);

api/cron.php

@@ -11,13 +11,15 @@ if (php_sapi_name() !== 'cli') {
 }
 
 require_once 'classes/poll.php';
+require_once 'utils/get-config.php';
+
+$path = substr($argv[0], 0, -8);
+$config = getConfig($path);
+define('DATA_FOLDER', isset($argv[1]) ? $argv[1] : $path . $config['dataDir']);
 
 $startTime = time();
 $pollsProcessed = 0;
 
-$path = isset($argv[1]) ? $argv[1] : substr($argv[0], 0, -8);
-
-define('DATA_FOLDER', $path . '../data/');
 $dataDirHandler = opendir(DATA_FOLDER);
 if(!$dataDirHandler) {
   throw new Exception('could not open data dir');

api/index.php

@@ -6,18 +6,20 @@
 use \Psr\Http\Message\ServerRequestInterface as Request;
 use \Psr\Http\Message\ResponseInterface as Response;
 
+require 'vendor/autoload.php';
+require_once 'classes/poll.php';
+require_once 'classes/user.php';
+require_once 'utils/get-config.php';
+
+$config = getConfig();
 if (php_sapi_name() == 'cli-server') {
   // assume that cli-server is only used for testing
   define('DATA_FOLDER', 'tests/_tmp/data/');
 }
 else {
-  define('DATA_FOLDER', '../data/');
+  define('DATA_FOLDER', $config['dataDir']);
 }
 
-require 'vendor/autoload.php';
-require_once 'classes/poll.php';
-require_once 'classes/user.php';
-
 function pollIdIsValid($pollId) {
   return preg_match('/[^A-Za-z0-9]/', $pollId) === 0;
 }

api/utils/get-config.php

@@ -0,0 +1,13 @@
+<?php
+
+// returns config as associative array
+function getConfig($path = '') {
+  $defaultConfig = include $path . 'config.default.php';
+
+  if (!is_file($path . 'config.php')) {
+    return $defaultConfig;
+  }
+
+  $userConfig = include $path . 'config.php';
+  return array_merge($defaultConfig, $userConfig);
+}

ember-cli-build.js

@@ -52,7 +52,7 @@ module.exports = function() {
     new Funnel(unwatchedTree('api'), {
       srcDir: '/',
       destDir: '/api',
-      include: ['index.php', 'cron.php', 'classes/*', 'vendor/**']
+      include: ['index.php', 'cron.php', 'config.default.php', 'classes/*', 'utils/**', 'vendor/**']
     })
   );