Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/simonhamp/ensemble-plugin
The client plugin for Ensemble
https://github.com/simonhamp/ensemble-plugin
Last synced: about 1 month ago
JSON representation
The client plugin for Ensemble
- Host: GitHub
- URL: https://github.com/simonhamp/ensemble-plugin
- Owner: simonhamp
- License: mit
- Created: 2018-06-05T09:53:09.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-05-03T23:47:00.000Z (over 4 years ago)
- Last Synced: 2024-06-02T12:47:25.638Z (7 months ago)
- Language: PHP
- Homepage: https://ens.emble.app
- Size: 28.3 KB
- Stars: 4
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Ensemble Plugin
Adds a public endpoint to your application that [Ensemble](https://ens.emble.app)
can periodically request for information about your Composer packages.🙏 Please consider [sponsoring](https://github.com/sponsors/simonhamp) the development of Ensemble 💚
## Requirements
- An Ensemble account (completely free!)
- Laravel 7+
- PHP 7+#### Security, Privacy & Performance
To protect your application, we encrypt the information about your packages
using a unique, private key that is given to you when you set up your app in Ensemble.This means, even if your app is only accessible via HTTP, it will be very hard for
a third party to discover what packages it depends on.**!!! DON'T SHARE YOUR PRIVATE KEY !!!**
If you feel that the key is compromised, you will be able to generate a new one
easily.Also, even though the endpoint is public, it requires a special kind of `POST`
containing an encrypted payload (also using the pre-shared private key), to make sure
only Ensemble can request the encrypted data about your packages.And if someone does discover the payload, it has a time limit so it can only be used
for a short time (usually less than a minute).Further, to stop even Ensemble causing you problems, this plugin caches the response
before sending it back. This cache lasts for 60 minutes by default (configurable, see below).
This helps prevent Ensemble from abusing your app/server resources, either inadvertently
or in the unlikely event of a security breach.If you disable Ensemble or we have any problems communicating with your app multiple times
in a row, we'll stop trying until you tell us otherwise.## Installation
```
$ composer require simonhamp/ensemble-plugin
```This will install the latest version of the plugin. You can install earlier versions that will support Laravel 5.5+, but I highly recommend that you upgrade your app to the latest version of Laravel.
**NB: This package currently only supports Laravel.**
If you'd like to use Ensemble with another framework, please
[raise an issue](https://github.com/simonhamp/ensemble-plugin/issues/new?template=integration.md)##### Configure
Add the following to your `.env`:```
# Required config
ENSEMBLE_ENABLED=true
ENSEMBLE_PRIVATE_KEY=#The key provided when creating your app in Ensemble## Optional config
ENSEMBLE_ENDPOINT=#The URL we'll use to communicate with your app. Default: /ensemble#
ENSEMBLE_CACHE_TTL=#The cache life in minute. Default: 60#
```