mirror of
https://gh.wpcy.net/https://github.com/aspirepress/AspireCloud.git
synced 2026-07-16 11:26:56 +08:00
94 lines
3.1 KiB
Markdown
94 lines
3.1 KiB
Markdown
[//]: # (@formatter:off)
|
|
# AspireCloud
|
|
|
|
This project is designed to function as a CDN/API endpoint system for distributing WordPress assets (themes, plugins, core) to users of the [AspirePress Updater](https://github.com/aspirepress/updater-plugin).
|
|
|
|
# 🪧 CloudFest Hackathon 2025: see [/docs/readme.hackathon.md](./docs/readme.hackathon.md)
|
|
|
|
## Setup
|
|
|
|
### Quick Start
|
|
|
|
```
|
|
make init
|
|
```
|
|
|
|
Next configure WordPress to use your local version of AspireCloud, and you're good to go!
|
|
|
|
## Using https://api.aspiredev.org instead of localhost
|
|
|
|
The local dev instance can be reached this way by enabling a [Traefik](https://hub.docker.com/_/traefik) proxy server:
|
|
|
|
make traefik-up
|
|
|
|
You will then be able to reach the instance at https://api.aspiredev.org
|
|
|
|
## CVE Labeller Integration
|
|
|
|
AspireCloud includes automated vulnerability scanning for FAIR packages using the CVE Labeller API.
|
|
|
|
### Features
|
|
|
|
- **Automated Scanning**: Checks all latest package releases for vulnerabilities
|
|
- **Dynamic Frequency**: Adjusts check frequency based on vulnerability severity
|
|
- HIGH severity detected → Scans every 10 minutes
|
|
- MEDIUM severity detected → Scans every 30 minutes
|
|
- LOW severity detected → Scans every hour
|
|
- No vulnerabilities → Scans every 2 hours
|
|
- **Efficient**: Only checks the latest release of each package
|
|
- **Production Ready**: Includes retry logic, error handling, and detailed logging
|
|
|
|
### Setup
|
|
|
|
1. **Run the migration**:
|
|
```bash
|
|
php artisan migrate
|
|
```
|
|
|
|
2. **Configure the API URL** in `.env`:
|
|
```env
|
|
CVE_LABELLER_API_URL=http://api.cve-labeller.local/api/query
|
|
```
|
|
|
|
3. **Test the command**:
|
|
```bash
|
|
php artisan cve:query -v
|
|
```
|
|
|
|
4. **Configure cron** for production:
|
|
```bash
|
|
* * * * * cd /path-to-project && php artisan schedule:run >> /dev/null 2>&1
|
|
```
|
|
|
|
### Documentation
|
|
|
|
Complete documentation is available in the `/docs/cve-labeller/` directory:
|
|
|
|
- **START_HERE.md** - Quick installation guide
|
|
- **QUICK_REFERENCE.md** - One-page cheat sheet
|
|
- **FINAL_GUIDE.md** - Complete documentation
|
|
- **FILE_INDEX.md** - Index of all implementation files
|
|
|
|
### Configuration
|
|
|
|
All CVE settings are configurable via environment variables. See `.env.example` for the complete list of available options.
|
|
|
|
Key settings:
|
|
```env
|
|
CVE_LABELLER_API_URL=http://api.cve-labeller.local/api/query
|
|
CVE_LABELLER_ENABLED=true
|
|
CVE_LABELLER_BATCH_SIZE=50
|
|
CVE_LOG_API_REQUESTS=false
|
|
```
|
|
|
|
## Notes
|
|
|
|
AspireCloud operates as an API and a pseudo pull-through cache against WordPress.org. This means that if AspireCloud provides the requested endpoint, it attempts to deliver the resource; otherwise, it passes the request through to WordPress.org and returns their response to the end user.
|
|
|
|
The long-term goal is to gradually implement WordPress.org APIs to reduce reliance on their website and endpoints.
|
|
|
|
**Important**: Please do not use this project to flood or harass the WordPress.org website. We don't want to get banned from using their resources!
|
|
|
|
## License
|
|
|
|
This project is licensed under the [MIT License](https://opensource.org/license/mit). You may exercise all rights granted by the MIT license, including using this project for commercial purposes.
|