Reorganize PHP internals and static assets

Move shared PHP code into private/, move JavaScript files into js/, and block direct access to private/. Remove unused API key and cache artifacts from the working tree.

.gitignore

@@ -43,6 +43,4 @@ compiled/
 /vendors/*
 
 
-.rktsndbx-cache
 data
-pkg-cache

.htaccess

@@ -5,6 +5,8 @@ DirectoryIndex index.php
 Options -MultiViews -Indexes
 RewriteEngine On
 
+RewriteRule ^private(?:/|$) - [F,L]
+
 RewriteRule ^bootstrap-racket$ rkt.php [L,QSA]
 RewriteRule ^bootstrap-racket-part$ rkt.php [L,QSA]
 RewriteRule ^racket-pkg-index$ rktpkgs.php [L,QSA]

config.php

@@ -5,13 +5,13 @@
  * Admin application configuration.
  */
 
-require_once __DIR__ . '/auth.php';
-require_once __DIR__ . '/header.php';
-require_once __DIR__ . '/languagestore.php';
-require_once __DIR__ . '/nexttoken.php';
-require_once __DIR__ . '/usersettings.php';
-require_once __DIR__ . '/base64config.php';
-require_once __DIR__ . '/racketzip.php';
+require_once __DIR__ . '/private/auth.php';
+require_once __DIR__ . '/private/header.php';
+require_once __DIR__ . '/private/languagestore.php';
+require_once __DIR__ . '/private/nexttoken.php';
+require_once __DIR__ . '/private/usersettings.php';
+require_once __DIR__ . '/private/base64config.php';
+require_once __DIR__ . '/private/racketzip.php';
 
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');

config/apikey.cfg

@@ -1 +0,0 @@
-flfadrdeyc.yvtpmoyjm.gthfkqbrf.kyhhvikcv

index.php

@@ -18,12 +18,12 @@
  *   - gebruiker verwijderen
  */
 
-require_once __DIR__ . '/auth.php';
-require_once __DIR__ . '/header.php';
-require_once __DIR__ . '/languagestore.php';
-require_once __DIR__ . '/nexttoken.php';
-require_once __DIR__ . '/promptstore.php';
-require_once __DIR__ . '/usersettings.php';
+require_once __DIR__ . '/private/auth.php';
+require_once __DIR__ . '/private/header.php';
+require_once __DIR__ . '/private/languagestore.php';
+require_once __DIR__ . '/private/nexttoken.php';
+require_once __DIR__ . '/private/promptstore.php';
+require_once __DIR__ . '/private/usersettings.php';
 
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
@@ -464,7 +464,7 @@ render_app_header(array(
 
 </div>
 
-<script src="/clipboard.js" defer></script>
-<script src="/bootstrap-prompt.js" defer></script>
+<script src="/js/clipboard.js" defer></script>
+<script src="/js/bootstrap-prompt.js" defer></script>
 </body>
 </html>

login.php

@@ -3,7 +3,7 @@
  * login.php
  */
 
-require_once __DIR__ . '/auth.php';
+require_once __DIR__ . '/private/auth.php';
 
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');

package.php

@@ -28,18 +28,18 @@ ini_set('display_startup_errors', '1');
 ini_set('log_errors', '1');
 error_reporting(E_ALL);
 
-require_once __DIR__ . '/nexttoken.php';
+require_once __DIR__ . '/private/nexttoken.php';
 
 $TOKENS = new NextTokenStore(__DIR__ . '/data/racket-sandbox.sqlite');
 
 @set_time_limit(300);
 ignore_user_abort(false);
 
-require_once __DIR__ . '/gitfetcher.php';
-require_once __DIR__ . '/b64parts.php';
-require_once __DIR__ . '/base64config.php';
-require_once __DIR__ . '/lib/catalog-http.php';
-require_once __DIR__ . '/lib/racket-data.php';
+require_once __DIR__ . '/private/gitfetcher.php';
+require_once __DIR__ . '/private/b64parts.php';
+require_once __DIR__ . '/private/base64config.php';
+require_once __DIR__ . '/private/lib/catalog-http.php';
+require_once __DIR__ . '/private/lib/racket-data.php';
 
 define('DATA_DIR', __DIR__ . '/data');
 define('CATALOG_PACKAGE_BASE', 'https://pkgs.racket-lang.org/pkg/');

private/.htaccess

@@ -0,0 +1 @@
+Require all denied

private/gitfetcher.php

@@ -42,7 +42,7 @@ class GitFetcher
     {
         $this->dataDir = isset($options['data_dir'])
             ? rtrim((string)$options['data_dir'], '/')
-            : __DIR__ . '/data';
+            : dirname(__DIR__) . '/data';
 
         $this->timeout = isset($options['timeout']) ? (int)$options['timeout'] : 180;
         $this->connectTimeout = isset($options['connect_timeout']) ? (int)$options['connect_timeout'] : 20;
@@ -575,4 +575,4 @@ class GitFetcher
 
         return $body;
     }
-}
+}

private/make-user.php

@@ -34,7 +34,7 @@ $password = $argv[3];
 $isAdmin = $argv[4] === '1';
 
 try {
-    $auth = new RacketSandboxAuth(__DIR__ . '/data/racket-sandbox.sqlite');
+    $auth = new RacketSandboxAuth(dirname(__DIR__) . '/data/racket-sandbox.sqlite');
 
     $user = $auth->createUser($email, $fullName, $password, $isAdmin, true);
 
@@ -49,4 +49,4 @@ try {
 } catch (Throwable $e) {
     echo "Error: " . $e->getMessage() . "\n";
     exit(1);
-}
+}

private/racketzip.php

@@ -3,8 +3,8 @@
  * Shared handling for the Racket installation zip and its binary parts.
  */
 
-define('RACKET_ZIP_FILE', __DIR__ . '/config/racket.zip');
-define('RACKET_ZIP_DATA_DIR', __DIR__ . '/data');
+define('RACKET_ZIP_FILE', dirname(__DIR__) . '/config/racket.zip');
+define('RACKET_ZIP_DATA_DIR', dirname(__DIR__) . '/data');
 define('RACKET_ZIP_PART_PREFIX', 'racket-part-');
 define('RACKET_ZIP_MANIFEST_FILE', RACKET_ZIP_DATA_DIR . '/racket-parts.json');
 

prompts.php

@@ -13,11 +13,11 @@
  *   - manage global default prompts
  */
 
-require_once __DIR__ . '/auth.php';
-require_once __DIR__ . '/header.php';
-require_once __DIR__ . '/languagestore.php';
-require_once __DIR__ . '/promptstore.php';
-require_once __DIR__ . '/usersettings.php';
+require_once __DIR__ . '/private/auth.php';
+require_once __DIR__ . '/private/header.php';
+require_once __DIR__ . '/private/languagestore.php';
+require_once __DIR__ . '/private/promptstore.php';
+require_once __DIR__ . '/private/usersettings.php';
 
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
@@ -395,7 +395,7 @@ if ($user->isAdmin()) {
 }
 
 $styleVersion = @filemtime(__DIR__ . '/styles.css') ?: time();
-$promptEditorVersion = @filemtime(__DIR__ . '/prompt-editor.js') ?: time();
+$promptEditorVersion = @filemtime(__DIR__ . '/js/prompt-editor.js') ?: time();
 
 header('Content-Type: text/html; charset=utf-8');
 ?>
@@ -714,7 +714,7 @@ render_app_header(array(
     'new' => t('prompts.new', 'new'),
 ), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) ?>
 </script>
-<script src="/prompt-editor.js?v=<?= h($promptEditorVersion) ?>" defer></script>
+<script src="/js/prompt-editor.js?v=<?= h($promptEditorVersion) ?>" defer></script>
 
 </body>
 </html>

rkt.php

@@ -36,9 +36,9 @@ ini_set('display_startup_errors', '1');
 ini_set('log_errors', '1');
 error_reporting(E_ALL);
 
-require_once __DIR__ . '/nexttoken.php';
-require_once __DIR__ . '/base64config.php';
-require_once __DIR__ . '/racketzip.php';
+require_once __DIR__ . '/private/nexttoken.php';
+require_once __DIR__ . '/private/base64config.php';
+require_once __DIR__ . '/private/racketzip.php';
 
 $TOKENS = new NextTokenStore(__DIR__ . '/data/racket-sandbox.sqlite');
 

rktpkgs.php

@@ -33,9 +33,9 @@ ini_set('display_startup_errors', '1');
 ini_set('log_errors', '1');
 error_reporting(E_ALL);
 
-require_once __DIR__ . '/nexttoken.php';
-require_once __DIR__ . '/lib/catalog-http.php';
-require_once __DIR__ . '/lib/racket-data.php';
+require_once __DIR__ . '/private/nexttoken.php';
+require_once __DIR__ . '/private/lib/catalog-http.php';
+require_once __DIR__ . '/private/lib/racket-data.php';
 
 $TOKENS = new NextTokenStore(__DIR__ . '/data/racket-sandbox.sqlite');
 

users.php

@@ -5,10 +5,10 @@
  * Admin user management.
  */
 
-require_once __DIR__ . '/auth.php';
-require_once __DIR__ . '/header.php';
-require_once __DIR__ . '/languagestore.php';
-require_once __DIR__ . '/usersettings.php';
+require_once __DIR__ . '/private/auth.php';
+require_once __DIR__ . '/private/header.php';
+require_once __DIR__ . '/private/languagestore.php';
+require_once __DIR__ . '/private/usersettings.php';
 
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');