From deafb49e986e251af140cb8f38916f489f202eac Mon Sep 17 00:00:00 2001
From: lubiana <lubiana@hannover.ccc.de>
Date: Sat, 28 Jun 2025 16:52:26 +0200
Subject: [PATCH] improve security

---
 Containerfile             | 6 ++++++
 src/PlaintextResponse.php | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/Containerfile b/Containerfile
index f0ffe77..4aec81d 100644
--- a/Containerfile
+++ b/Containerfile
@@ -6,7 +6,12 @@ RUN composer install --no-dev --optimize-autoloader
 FROM dunglas/frankenphp
 WORKDIR /app
 COPY public/ ./public
+COPY src/ ./src
 COPY --from=composer_builder /app/vendor ./vendor
+
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/^\s*expose_php\s*=.*/expose_php = Off/' "$PHP_INI_DIR/php.ini"
+
 ARG USER=appuser
 RUN \
 	# Use "adduser -D ${USER}" for alpine based distros
@@ -17,6 +22,7 @@ RUN \
 	chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy
 USER ${USER}
 
+
 LABEL "org.opencontainers.image.description"="Cool und Lässig uuid"
 LABEL "org.opencontainers.image.source"="https://git.hannover.ccc.de/lubiana/uuid"
 LABEL "org.opencontainers.image.title"="UUID Service"
diff --git a/src/PlaintextResponse.php b/src/PlaintextResponse.php
index 6277ccf..7f37eb2 100644
--- a/src/PlaintextResponse.php
+++ b/src/PlaintextResponse.php
@@ -12,6 +12,8 @@ final class PlaintextResponse extends Response
     public function __construct(?string $content, int $status = 200, array $headers = [])
     {
         $headers['Content-Type'] ??= 'text/plain';
+        $random = fn () => random_int(1,9);
+        $headers['X-Powered-By'] ??= ["PHP/{$random()}.{$random()}.{$random()}"];
         parent::__construct(
             content: $content,
             status: $status,