Keep sensitive files out of the document root

[Ayesh]

Thank you so much for the awesome work in this project. I was in search for a simple blogging platform, and this fits right well! Thanks again for this cool project. I will try to do my part with contributions as we see fit.

One of the major concerns I have is that this project seems to use the Git repo root as the document root. While this can be immensely helpful for the end users, it is less appealing to those who are looking to use a more sensible approach that config files, vendor directories, migration files, etc stay outside the document root.

If the project maintainers agree, I am willing to work more on this, so I hope you wouldn't see this as a feature request alone.

I would like to suggest a composer project (lets call it anchor-project), that the composer.json file requires anchor/anchor-core package, which contains the core of this project. This basically would include the system and tests directories.

In the anchor-project repo, we can include a web directory that is supposed to be the document root configured at the web server. In addition, this repo will contain config directory where db credentials, aliases, etc all go in.

anchor-project

 ./
 ├──  web/
 │       ├── index.php
 │       ├── .htaccess
 │       ├── themes/default
 │       └── content
 ├──  composer.json
 ├──  tests (integration/functional tests)
 ├──  readme, license, etc
 └──  config

We can approach this easily as long as we do not assume a directory hierarchy at the bootstrapping phrase. The index.php file can define where it resides, and the start.php or wherever the URLs are build can listen to this path and build paths accordingly.

[CraigChilds94]

I like the idea of updating the folder structure, we'll have a discussion re this and potentially put something in place following your suggestions!