provide more descriptive reason for failure

[adamoutler]

The original message states the configuration file was not found. This provides a bit more context as to where it was not found.

Summary by CodeRabbit

• Bug Fixes
  • Improved the missing configuration error message to display the expected file path, providing clearer guidance for troubleshooting.
  • Behavior remains unchanged: the application stops if the configuration is absent, but users now see the full path derived from the server’s document root to help identify and resolve the issue more quickly.

[coderabbitai]

Walkthrough

Updated the error message in front/php/templates/security.php to include the expected configuration file path using $_SERVER['DOCUMENT_ROOT']."/../config/app.conf". No control flow or logic changes.

Changes

Cohort / File(s)	Summary
Security template front/php/templates/security.php	Revised missing configuration error string to include the resolved expected path; no logic changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I nibbled some code with a tidy hop,
Swapped a bland error for a path that pops.
Now when configs play hide-and-seek,
The message points—precise, not meek.
Thump-thump! says the dev-savvy bunny,
Clear trails make debugging sunny.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "provide more descriptive reason for failure" concisely states the primary intent of the change—making an error message more descriptive—and is directly related to the change in the PR (updating the missing configuration file message), so it conveys the main purpose to reviewers despite being somewhat generic.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

front/php/templates/security.php (1)

34-34: apache_request_headers() may be undefined; add a portable fallback.

This can fatal on Nginx/FPM where apache_request_headers is unavailable.

-$authHeader = apache_request_headers()['Authorization'] ?? '';
+$headers = function_exists('getallheaders')
+    ? getallheaders()
+    : (function_exists('apache_request_headers') ? apache_request_headers() : []);
+$authHeader = $headers['Authorization'] ?? '';

🧹 Nitpick comments (3)

front/php/templates/security.php (3)

35-41: Start session before accessing $_SESSION; remove unused variable.

$sessionLogin is read before session_start and never used.

-$sessionLogin = isset($_SESSION['login']) ? $_SESSION['login'] : 0;
-
-// Start session if not already started
-if (session_status() == PHP_SESSION_NONE) {
-    session_start();
-}
+// Start session before accessing $_SESSION
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}

---

45-46: Harden cookie deletion (path/flags must match set-time attributes).

Ensure deletion is effective and secure.

-    setcookie(COOKIE_SAVE_LOGIN_NAME, "", time() - 3600);
+    setcookie(COOKIE_SAVE_LOGIN_NAME, '', [
+        'expires'  => time() - 3600,
+        'path'     => '/',
+        'secure'   => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
+        'httponly' => true,
+        'samesite' => 'Lax',
+    ]);

---

79-80: Remove redundant exit after redirect.

redirect() already calls exit(); this line is unreachable.

-        redirect('/index.php');
-        exit; // exit is needed to prevent authentication bypass
+        redirect('/index.php'); // redirect() already exits

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aee93c0 and a478ab6.

📒 Files selected for processing (1)

• front/php/templates/security.php (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev

[coderabbitai]

⚠️ Potential issue

Don't expose filesystem paths; return 500 and log details instead.

The new message leaks server path info and duplicates the CONFIG_PATH logic. Log the exact path, send a generic error to clients, and also guard for unreadable files.

-if (!file_exists(CONFIG_PATH)) {
-    die("Configuration file not found in " . $_SERVER['DOCUMENT_ROOT'] . "/../config/app.conf");
-}
+if (!file_exists(CONFIG_PATH) || !is_readable(CONFIG_PATH)) {
+    http_response_code(500);
+    error_log("Config missing or unreadable: " . CONFIG_PATH);
+    die("Configuration file not found or unreadable. See server logs for details.");
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (!file_exists(CONFIG_PATH)) {
	die("Configuration file not found.");
	die("Configuration file not found in " . $_SERVER['DOCUMENT_ROOT'] . "/../config/app.conf");
	}
	if (!file_exists(CONFIG_PATH) || !is_readable(CONFIG_PATH)) {
	http_response_code(500);
	error_log("Config missing or unreadable: " . CONFIG_PATH);
	die("Configuration file not found or unreadable. See server logs for details.");
	}

🤖 Prompt for AI Agents

In front/php/templates/security.php around lines 50 to 52, the current die
message leaks server filesystem paths and repeats CONFIG_PATH logic; instead
check both file_exists and is_readable for CONFIG_PATH, log the exact
CONFIG_PATH (and any error) to server logs via error_log or the app logger, and
send a generic HTTP 500 response to the client (e.g., http_response_code(500)
with a non-descriptive message) before exiting; do not echo or include
$_SERVER['DOCUMENT_ROOT'] or full paths in the response.