Archive for the ‘Contributions’ Category


CFWheels DotEnvSettings Plugin published

A new plugin was published to provide support for .env settings files in a production environment. This plugin is based on Eric Peterson’s CommandBox module and allows the use of .env or similarly named files to store your application secrets so they can be kept out of source control.

LICENSE

Apache License, Version 2.0.

SYSTEM REQUIREMENTS

  • Lucee 5+
  • ColdFusion 9+
  • CFWheels 2+

Instructions

Just drop the zip file into your plugins folder and restart your application or use CommandBox cli to install. Simply type the following at the root of your project:

box install cfwheels-dotenvsettings

Usage

Create a .env file in your project root and add to .gitignore or your version control’s equivalent (don’t commit secrets to your repo!) The file can contain JSON or Java properties style key value pairs:

// property style
MY_SECRET_KEY=somevalue
MY_OTHER_SECRET=shh

// json style
{
  "MY_SECRET_KEY"="somevalue"
 ,"MY_OTHER_SECRET"="shh"
};

The default file name supported is .env but you can use any file name you want. You could even have multiple files for various environment.

In your CFWheels app you can read in your secrets by adding readDotEnvSettings() to your application. The most logical point to do this would be in your events\onApplicationStart.cfm file, but you could do it in your environment specific settings.cfm files as well. You can then access the secrets contained in the file processed using get("MY_SECRET_KEY").

If you want to customize the secrets file to use, you can specify the file name by passing in the file name like so readDotEnvSettings(".env-second").

CFWheels Announces a Bug Bounty

We are happy to launch a new program that we hope will lead to a more stable framework for all of us. Effective immediately we are launching our Bug Bounty program. When we first conceived of the bounty program we were looking at programs from IssueHunt and BountySource and the main goal was to widen the field of contributors to the CFWheels project as well as crush some of the long standing bugs in the framework.

Most of these bugs are edge cases that don’t effect the core functionality of the framework and for the most part users have found work arounds for. In the past it’s been difficult to dedicate our limited resources towards some of these bugs but now that we have a growing list of monthly sponsors we would like to launch out bounty program to compensate contributors who are willing to tackle some of these.

The easiest way to get started participating in this program is to visit the issues list and look for the $50 Bounty tag. Pick an issue that interests you, clone the repo, and start working on your solution. When you think you have a working solution create a PR and submit it for review. Please read the Contributing to CFWheels chapter in the guides or the contributing guidelines in the repository for details on how to contribute to the CFWheels project.

We look forward to see how the community responds to this bounty program. Depending on how things go, we can envision expanding this program to include enhancements as well as sponsorship of individual enhancements.