bert.hausmans
03ff1cdfce
Per RFC-WS-6 §Q1 v1.3 addition 4. Configurable deadline for FormBindingApplicator::apply(). Default 5 seconds catches the long tail of slow applies before they hang the public flow. Tunable per environment via FORM_BUILDER_APPLY_DEADLINE_SECONDS. Consumed by ApplyBindingsOnFormSubmit::handle's withDeadline() call (landed in Phase B). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
112 lines
3.6 KiB
PHP
112 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Form Builder — general configuration
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Tunable limits, webhook policy, captcha, retention and feature flags for
|
|
| the universal form builder. See ARCH-FORM-BUILDER.md §22.7 for rationale.
|
|
|
|
|
*/
|
|
|
|
return [
|
|
|
|
'limits' => [
|
|
'max_fields_per_schema' => 100,
|
|
'max_filterable_fields_per_schema' => 20,
|
|
'max_options_per_field' => 100,
|
|
'max_submissions_per_public_schema_per_ip_per_hour' => 5,
|
|
],
|
|
|
|
'webhooks' => [
|
|
'allowlist_domains' => [],
|
|
'blocklist_ips' => [
|
|
'127.0.0.0/8',
|
|
'10.0.0.0/8',
|
|
'172.16.0.0/12',
|
|
'192.168.0.0/16',
|
|
'169.254.169.254/32',
|
|
],
|
|
'timeout_seconds' => 10,
|
|
'max_attempts' => 5,
|
|
],
|
|
|
|
'file_uploads' => [
|
|
'default_allowed_mime_types' => ['image/jpeg', 'image/png', 'image/webp', 'application/pdf'],
|
|
'default_max_size_mb' => 5,
|
|
],
|
|
|
|
'search_index' => [
|
|
'max_chars' => 10000,
|
|
],
|
|
|
|
'captcha' => [
|
|
'provider' => 'turnstile',
|
|
'site_key' => env('TURNSTILE_SITE_KEY'),
|
|
'secret_key' => env('TURNSTILE_SECRET_KEY'),
|
|
'required_for_purposes' => ['public_complaint', 'public_press_request'],
|
|
],
|
|
|
|
'public_submitter_ip_retention_days' => 30,
|
|
|
|
'user_profile_settings_whitelist' => [
|
|
'ui.theme',
|
|
'ui.sidebar_collapsed',
|
|
'ui.time_format',
|
|
'notifications.email_digest',
|
|
'notifications.shift_reminders',
|
|
'notifications.event_updates',
|
|
],
|
|
|
|
'custom_field_types' => [],
|
|
|
|
'validation_callbacks' => [],
|
|
|
|
'features' => [
|
|
'webhooks' => false, // dispatcher arrives in S6
|
|
'i18n_runtime' => false, // runtime resolution later
|
|
'retention_job' => false, // scheduler task later
|
|
],
|
|
|
|
/**
|
|
* RFC-WS-6 §3 (Q10) — section-level binding apply runtime gate.
|
|
*
|
|
* REMOVAL TRIGGER: enable when ARTIST_ADVANCE feature work begins
|
|
* (post-S5). At enablement: set FORM_BUILDER_SECTION_APPLY=true,
|
|
* write section-scoped tests, activate the dispatch path in
|
|
* FormSubmissionService, remove this flag and the early-return
|
|
* guard from ApplyBindingsOnFormSectionSubmitted::handle().
|
|
*
|
|
* Tracking: BACKLOG.md → ARTIST-ADV-SECTION-APPLY
|
|
*/
|
|
'section_apply_enabled' => env('FORM_BUILDER_SECTION_APPLY', false),
|
|
|
|
/**
|
|
* FormBindingApplicator deadline in seconds.
|
|
*
|
|
* The wrapper around FormBindingApplicator::apply() throws
|
|
* FormBindingApplicatorTimeoutException if the call takes longer
|
|
* than this value. The exception is caught by
|
|
* ApplyBindingsOnFormSubmit's outer transaction handler and recorded
|
|
* as a form_submission_action_failures row with apply_status=FAILED,
|
|
* failure_response_code='temporary_error'.
|
|
*
|
|
* Default 5 seconds — typical apply() takes <100ms; the deadline
|
|
* catches the long tail (slow query against a massive person pool,
|
|
* lock-for-update wait that should have been resolved at the
|
|
* database level, etc.) before it hangs the public flow.
|
|
*
|
|
* Tune upward if a legitimate use-case surfaces (very large schemas
|
|
* with many bindings against multi-million-row entity tables). Tune
|
|
* downward if SLO requirements demand stricter response-time
|
|
* guarantees.
|
|
*
|
|
* Per RFC-WS-6 §Q1 v1.3 addition 4.
|
|
*/
|
|
'apply_deadline_seconds' => env('FORM_BUILDER_APPLY_DEADLINE_SECONDS', 5),
|
|
|
|
];
|