cedricAbonnel/varlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sécurité et qualité : headers HTTP, permissions .env, lint PHPStan + PHP-CS-Fixer, réorganisation dossiers, scripts de déploiement

Browse Source
This commit is contained in:
Cedric Abonnel
2026-05-08 13:18:00 +02:00
parent 700329f156
commit 70304d3b31
44 changed files with 776 additions and 670 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1 -1
View File
@@ -1,4 +1,4 @@
# Credentials & config sensible
# Credentials
.env
# Composer dependencies
.php-cs-fixer.cache
+1
View File
@@ -0,0 +1 @@
{"php":"8.3.6","version":"3.89.1:v3.89.1#f34967da2866ace090a2b447de1f357356474573","indent":" ","lineEnding":"\n","rules":{"binary_operator_spaces":{"default":"at_least_single_space"},"blank_line_after_opening_tag":true,"blank_line_between_import_groups":true,"blank_lines_before_namespace":true,"braces_position":{"allow_single_line_empty_anonymous_classes":true},"class_definition":{"inline_constructor_arguments":false,"space_before_parenthesis":true},"compact_nullable_type_declaration":true,"declare_equal_normalize":true,"lowercase_cast":true,"lowercase_static_reference":true,"modifier_keywords":true,"new_with_parentheses":{"anonymous_class":true},"no_blank_lines_after_class_opening":true,"no_extra_blank_lines":{"tokens":["use"]},"no_leading_import_slash":true,"no_whitespace_in_blank_line":true,"ordered_class_elements":{"order":["use_trait"]},"ordered_imports":{"imports_order":["class","function","const"],"sort_algorithm":"none"},"return_type_declaration":true,"short_scalar_cast":true,"single_import_per_statement":{"group_to_single_imports":false},"single_space_around_construct":{"constructs_followed_by_a_single_space":["abstract","as","case","catch","class","const_import","do","else","elseif","final","finally","for","foreach","function","function_import","if","insteadof","interface","namespace","new","private","protected","public","static","switch","trait","try","use","use_lambda","while"],"constructs_preceded_by_a_single_space":["as","else","elseif","use_lambda"]},"single_trait_insert_per_statement":true,"ternary_operator_spaces":true,"unary_operator_spaces":{"only_dec_inc":true},"blank_line_after_namespace":true,"constant_case":true,"control_structure_braces":true,"control_structure_continuation_position":true,"elseif":true,"function_declaration":{"closure_fn_spacing":"one"},"indentation_type":true,"line_ending":true,"lowercase_keywords":true,"method_argument_space":{"after_heredoc":false,"attribute_placement":"ignore","on_multiline":"ensure_fully_multiline"},"no_break_comment":true,"no_closing_tag":true,"no_multiple_statements_per_line":true,"no_space_around_double_colon":true,"no_spaces_after_function_name":true,"no_trailing_whitespace":true,"no_trailing_whitespace_in_comment":true,"single_blank_line_at_eof":true,"single_class_element_per_statement":{"elements":["property"]},"single_line_after_imports":true,"spaces_inside_parentheses":true,"statement_indentation":true,"switch_case_semicolon_to_colon":true,"switch_case_space":true,"encoding":true,"full_opening_tag":true,"strict_param":true,"declare_strict_types":true,"no_unused_imports":true,"single_quote":true},"hashes":{"templates\/post_view.php":"3c83bdaa22dc0c01bb0b043e0c07784d","templates\/header.php":"f4b64c4ecb4dadec166cb7935309096a","templates\/post_list.php":"191d1349cc7b0972a0ebbb99149590d3","templates\/layout.php":"7fbb10d6a3693b543efb83eee52b049c","templates\/footer.php":"3111b4701ea698ba11c3423260657e28","templates\/post_form.php":"07c1208cb64a796bd8f24d7f2fd62ccd","public\/login\/oidc.php":"8ec86d6f3af33f64d586109ec17f817d","public\/login\/config.php":"5b7b3e2937b349c76a2fd239c3ae06f8","public\/login\/magic.php":"54ef6b7ef80e608905e64e4fa8539846","public\/login\/index.php":"063d7b997bf8292d2b3f8c34dae3252f","public\/route.php":"f35dadd27dbdea162b67c42002519be9","public\/oidc\/callback.php":"793ff84451299c9984ac4742f02ca842","public\/oidc\/start.php":"87ddb61a0ef796d7303709ffa741c9c7","public\/oidc\/me.php":"d0439342011bb0e58ef8738b3b81cc2f","public\/index.php":"73a917520ea547ae8a122bd90098bf46","src\/Infrastructure\/DbAdapter.php":"3899a835130c146e2d30dbcca88d8f33","src\/Infrastructure\/Database.php":"6f2848ed70b29d9c2e2d259be611b9b0","src\/Infrastructure\/Session.php":"3538a1147cc81678c470d45ea8574a95","src\/Domain\/User.php":"02213454f7edf43f4afae3f2f81aaf01","src\/Http\/Csrf.php":"55631812cab4b1192f8e30c5d35fd5eb","src\/FileManager.php":"a51dda44f293f238aea295fd56b2fa99","src\/PostManager.php":"25f0179c4d96e9aa04218d54bf45a029","src\/helpers.php":"3a83a4872b1e3e3c58898b54f51e72b4","src\/db.php":"8888b7fbc9740eb3c60dd2374d0cb5d6","src\/auth.php":"d237017d90091f5fb75a133d08d5e544","src\/ConfigRepo.php":"c2dcee160a272d27725d480a90e76dcf","src\/Parsedown.php":"85da2b47eca1a703fdfe44753bf912df","src\/Service\/MailQueue.php":"7e040056aec64cfd780e3c9e7d04748a","src\/Service\/Validator.php":"7c267b8b9f3f1bac0f2520dd10364831","src\/Service\/UiFormRenderer.php":"065617191c6d680ce97588f4fa159688","src\/Service\/AuthService.php":"51c714164c6bd453154c024d9aa814e9","src\/Service\/MailService.php":"e1ef847a70551ae8887b86b3fb4167d0","src\/mailer.php":"17e6b19103c880cc9a6c6634486506c2","src\/Repository\/DictionnaryRepository.php":"f937e98cf0f27b59ae00e430b52a586d","src\/Repository\/ProfileRepository.php":"b1cd483652500ee4e2aaaa9e0330ff1d","src\/Repository\/UserRepository.php":"d75fed70910d0e6450a5b6c8ce9608c2","versions.php":"51a72261e1a507d3435b4a24e5f5fc09","config\/config.php":"a8b7698b01ab9b40eea655e8fcc194fc"}}
CHANGELOG.md
+23
View File
@@ -0,0 +1,23 @@
# Changelog
Toutes les modifications notables sont documentées ici.
Format : [Keep a Changelog](https://keepachangelog.com/fr/1.0.0/)
## [Unreleased]
### Added
- Initialisation du dépôt git sur le serveur
- Réorganisation des dossiers (`includes/``src/` et `templates/`, `docs/`, `database/`)
- Scripts de déploiement (`sync.sh`, `commit.sh`, `deploy.sh`, `sync-server-config.sh`)
- Copie locale des configs serveur Apache et PHP-FPM
---
<!-- Format des entrées :
## [x.y.z] - YYYY-MM-DD
### Added — nouvelles fonctionnalités
### Changed — modifications de fonctionnalités existantes
### Fixed — corrections de bugs
### Removed — suppressions
### Security — corrections de failles
-->
config/config.php
+5 -4
View File
@@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
// config/config.php
require_once BASE_PATH . '/vendor/autoload.php';
@@ -11,7 +13,7 @@ $dotenv->load();
if (!$_ENV['APP_URL']) {
http_response_code(500);
echo "Configuration manquante : définis APP_URL ou APP_URL dans le .env";
echo 'Configuration manquante : définis APP_URL ou APP_URL dans le .env';
exit;
}
@@ -26,12 +28,11 @@ $_ENV['APP_URL'] = APP_URL;
* url('ressources/user/login.php')
* url('api/items', ['page'=>2])
*/
function url(string $path = '', array $qs = []): string {
function url(string $path = '', array $qs = []): string
{
$u = APP_URL . ltrim($path, '/');
if ($qs) {
$u .= (str_contains($u, '?') ? '&' : '?') . http_build_query($qs);
}
return $u;
}
tables_create.sql → database/tables_create.sql
View File
fichier non enregistré 1 → docs/architecture-notes.md
View File
notes.md → docs/notes-dev.md
View File
phpstan-baseline.neon
+71
View File
@@ -0,0 +1,71 @@
parameters:
ignoreErrors:
-
message: "#^Unreachable statement \\- code above always terminates\\.$#"
count: 1
path: src/Repository/ProfileRepository.php
-
message: "#^Call to method getCode\\(\\) on an unknown class App\\\\Repository\\\\PDOException\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Caught class App\\\\Repository\\\\PDOException not found\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Instantiated class App\\\\Repository\\\\InvalidArgumentException not found\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Method App\\\\Repository\\\\UserRepository\\:\\:nullIfEmpty\\(\\) is unused\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Throwing object of an unknown class App\\\\Repository\\\\InvalidArgumentException\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Throwing object of an unknown class App\\\\Repository\\\\PDOException\\.$#"
count: 1
path: src/Repository/UserRepository.php
-
message: "#^Class App\\\\Repository\\\\UserRepository constructor invoked with 0 parameters, 1 required\\.$#"
count: 1
path: src/Service/AuthService.php
-
message: "#^Call to an undefined method App\\\\Infrastructure\\\\Database\\:\\:getConnection\\(\\)\\.$#"
count: 1
path: src/Service/MailQueue.php
-
message: "#^Call to an undefined method App\\\\Infrastructure\\\\Database\\:\\:getConnection\\(\\)\\.$#"
count: 1
path: src/Service/MailService.php
-
message: "#^Comparison operation \"\\>\" between 200 and 0 is always true\\.$#"
count: 1
path: src/Service/MailService.php
-
message: "#^Constant BASE_PATH not found\\.$#"
count: 1
path: src/auth.php
-
message: "#^Parameter \\#1 \\$scope of method Jumbojett\\\\OpenIDConnectClient\\:\\:addScope\\(\\) expects array, string given\\.$#"
count: 1
path: src/auth.php
-
message: "#^Constant BASE_PATH not found\\.$#"
count: 1
path: src/db.php
phpstan.neon
+9
View File
@@ -0,0 +1,9 @@
includes:
- phpstan-baseline.neon
parameters:
level: 5
paths:
- src
excludePaths:
- src/Parsedown.php
public/create.php
-71
View File
@@ -1,71 +0,0 @@
<?php
require_once BASE_PATH . '/src/db.php';
require_once BASE_PATH . '/src/PostManager.php';
$postManager = new PostManager($db);
$errors = [];
$title = '';
$content = '';
$published = false;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$title = trim($_POST['title'] ?? '');
$content = trim($_POST['content'] ?? '');
$published = isset($_POST['published']);
if ($title === '') {
$errors[] = 'Le titre est obligatoire.';
}
if (empty($errors)) {
$postId = $postManager->create($title, $content, $published);
header("Location: index.php");
exit;
}
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Nouveau post</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body class="bg-light">
<div class="container py-4">
<h1 class="mb-4">Ajouter un nouveau post</h1>
<?php if (!empty($errors)): ?>
<div class="alert alert-danger">
<ul class="mb-0">
<?php foreach ($errors as $error): ?>
<li><?= htmlspecialchars($error) ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
<form method="POST">
<div class="mb-3">
<label for="title" class="form-label">Titre</label>
<input type="text" class="form-control" id="title" name="title" value="<?= htmlspecialchars($title) ?>" required>
</div>
<div class="mb-3">
<label for="content" class="form-label">Contenu</label>
<textarea class="form-control" id="content" name="content" rows="6"><?= htmlspecialchars($content) ?></textarea>
</div>
<div class="form-check mb-3">
<input class="form-check-input" type="checkbox" id="published" name="published" <?= $published ? 'checked' : '' ?>>
<label class="form-check-label" for="published">Publier immédiatement</label>
</div>
<button type="submit" class="btn btn-primary">Enregistrer</button>
<a href="index.php" class="btn btn-secondary">Annuler</a>
</form>
</div>
</body>
</html>
public/index.php
+2
View File
@@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
define('BASE_PATH', realpath(__DIR__ . '/../'));
require_once BASE_PATH . '/src/helpers.php';
public/login/config.php
+13 -7
View File
@@ -4,33 +4,39 @@ declare(strict_types=1);
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
if (!defined('BASE_PATH')) { require_once dirname(__DIR__, 2) . '/config/config.php'; }
if (!defined('BASE_PATH')) {
require_once dirname(__DIR__, 2) . '/config/config.php';
}
require_once BASE_PATH . '/includes/db.php';
require_once BASE_PATH . '/includes/csrf.php';
require_once BASE_PATH . '/includes/ConfigRepo.php';
require_once BASE_PATH . '/src/ConfigRepo.php';
Session::startSecure(getenv('SESSION_NAME') ?: 'SID_IDENT');
ensure_admin();
csrf_start();
$cfg = config_repo_get();
$msg = null; $err = null;
$msg = null;
$err = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!csrf_check($_POST['csrf'] ?? '')) { http_response_code(403); exit('CSRF'); }
if (!csrf_check($_POST['csrf'] ?? '')) {
http_response_code(403);
exit('CSRF');
}
$in = [
'oidc_issuer' => trim((string)($_POST['oidc_issuer'] ?? '')),
'oidc_name' => trim((string)($_POST['oidc_name'] ?? '')),
'oidc_client_id' => trim((string)($_POST['oidc_client_id'] ?? '')),
'oidc_client_secret'=> trim((string)($_POST['oidc_client_secret'] ?? '')),
'oidc_client_secret' => trim((string)($_POST['oidc_client_secret'] ?? '')),
'oidc_redirect_uri' => trim((string)($_POST['oidc_redirect_uri'] ?? '')),
];
// validations simples
if ($in['allow_oidc']) {
if ($in['oidc_issuer'] === '' || $in['oidc_client_id'] === '' || $in['oidc_client_secret'] === '' || $in['oidc_redirect_uri'] === '') {
$err = "OIDC activé mais champs incomplets.";
$err = 'OIDC activé mais champs incomplets.';
}
}
@@ -48,7 +54,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
env_set_pairs(BASE_PATH.'/.env', $envPairs);
$cfg = config_repo_get();
$msg = "Configuration enregistrée.";
$msg = 'Configuration enregistrée.';
}
}
?>
public/login/index.php
+28 -10
View File
@@ -8,18 +8,27 @@ use App\Http\Csrf;
// --- Helpers AVANT tout usage ---
if (!function_exists('env')) {
function env(string $key, ?string $default = null): ?string {
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') return (string)$_ENV[$key];
function env(string $key, ?string $default = null): ?string
{
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') {
return (string)$_ENV[$key];
}
$v = getenv($key);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $default;
}
}
if (!function_exists('db')) {
function db(): \PDO { return \App\Infrastructure\Database::get(); }
function db(): \PDO
{
return \App\Infrastructure\Database::get();
}
}
if (!function_exists('url')) {
function url(string $path = '/'): string {
function url(string $path = '/'): string
{
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
return $scheme . '://' . $host . $path;
@@ -40,7 +49,9 @@ $maxPerWin = (int) env('MAGIC_MAX_PER_WINDOW', '5');
$defaultReturn = '/';
$sanitize = static function (string $url) use ($defaultReturn): string {
$url = trim($url);
if ($url === '' || !str_starts_with($url, '/')) return $defaultReturn;
if ($url === '' || !str_starts_with($url, '/')) {
return $defaultReturn;
}
return $url;
};
$returnTo = $sanitize((string)($_GET['return_to'] ?? ($_SERVER['HTTP_REFERER'] ?? $defaultReturn)));
@@ -49,7 +60,10 @@ $returnTo = $sanitize((string)($_GET['return_to'] ?? ($_SERVER['HTTP_REFERER'] ?
$oidcEnabled = (bool) (env('OIDC_ISSUER') && env('OIDC_CLIENT_ID'));
$oidcLoginUrl = '/login/oidc' . ($returnTo ? ('?return_to=' . urlencode($returnTo)) : '');
$oidcAuto = (isset($_GET['sso']) && $_GET['sso'] === '1') || (env('OIDC_AUTO', '0') === '1');
if ($oidcEnabled && $oidcAuto) { header('Location: ' . $oidcLoginUrl, true, 302); exit; }
if ($oidcEnabled && $oidcAuto) {
header('Location: ' . $oidcLoginUrl, true, 302);
exit;
}
// --- form: demande de lien magique ---
$errors = [];
@@ -65,13 +79,15 @@ if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') {
} else {
// rate limit simple par email et IP
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? ($_SERVER['REMOTE_ADDR'] ?? '0.0.0.0');
if (strpos($ip, ',') !== false) $ip = trim(explode(',', $ip, 2)[0]);
if (strpos($ip, ',') !== false) {
$ip = trim(explode(',', $ip, 2)[0]);
}
$pdo = db();
$pdo->beginTransaction();
try {
// purge expirés / consommés
$pdo->prepare("DELETE FROM auth_magic_links WHERE email = :e AND (expires_at < NOW() OR consumed_at IS NOT NULL)")
$pdo->prepare('DELETE FROM auth_magic_links WHERE email = :e AND (expires_at < NOW() OR consumed_at IS NOT NULL)')
->execute([':e' => $email]);
// 1) cooldown: refuser si un envoi récent < coolMin
@@ -130,7 +146,9 @@ if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'POST') {
$okMsg = "Un lien vient d'être envoyé. Vérifiez votre boîte de réception et le dossier spam/indésirables.";
} catch (\Throwable $ex) {
if ($pdo->inTransaction()) $pdo->rollBack();
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
$errors[] = $ex->getMessage();
}
}
public/login/magic.php
+29 -12
View File
@@ -1,4 +1,5 @@
<?php
// projet : mug.a5l.fr
// fichier : pages/login/magic.php
// version : 20251011
@@ -8,13 +9,17 @@ require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
use App\Service\AuthService; // si tu as un service pour ouvrir une session
// si tu as un service pour ouvrir une session
if (!function_exists('db')) {
function db(): PDO { return \App\Infrastructure\Database::get(); }
function db(): PDO
{
return \App\Infrastructure\Database::get();
}
}
if (!function_exists('url')) {
function url(string $path = '/'): string {
function url(string $path = '/'): string
{
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
return $scheme . '://' . $host . $path;
@@ -31,24 +36,32 @@ $pdo = db();
$pdo->beginTransaction();
try {
// récupère lien non consommé et non expiré
$sql = "SELECT id, email, token, created_at, expires_at, consumed_at, return_to
$sql = 'SELECT id, email, token, created_at, expires_at, consumed_at, return_to
FROM auth_magic_links
WHERE token = :t
FOR UPDATE";
FOR UPDATE';
$stmt = $pdo->prepare($sql);
$stmt->execute([':t' => $token]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$row) throw new RuntimeException('Lien inconnu.');
if ($row['consumed_at'] !== null) throw new RuntimeException('Lien déjà utilisé.');
if (strtotime((string)$row['expires_at']) < time()) throw new RuntimeException('Lien expiré.');
if (!$row) {
throw new RuntimeException('Lien inconnu.');
}
if ($row['consumed_at'] !== null) {
throw new RuntimeException('Lien déjà utilisé.');
}
if (strtotime((string)$row['expires_at']) < time()) {
throw new RuntimeException('Lien expiré.');
}
// consomme le lien
$pdo->prepare("UPDATE auth_magic_links SET consumed_at = NOW() WHERE id = :id")->execute([':id' => $row['id']]);
$pdo->prepare('UPDATE auth_magic_links SET consumed_at = NOW() WHERE id = :id')->execute([':id' => $row['id']]);
$pdo->commit();
// ouvre une session applicative « anonyme authentifiée par email »
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
$_SESSION['auth'] = [
'method' => 'magic',
'email' => (string)$row['email'],
@@ -58,11 +71,15 @@ try {
$dest = $row['return_to'] ?? '/';
// sécurité: ne renvoyer que des chemins relatifs
if (!is_string($dest) || !str_starts_with($dest, '/')) $dest = '/';
if (!is_string($dest) || !str_starts_with($dest, '/')) {
$dest = '/';
}
header('Location: ' . $dest, true, 303);
exit;
} catch (\Throwable $e) {
if ($pdo->inTransaction()) $pdo->rollBack();
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
http_response_code(400);
echo htmlspecialchars($e->getMessage(), ENT_QUOTES);
}
public/login/oidc.php
+2
View File
@@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
// proxy vers pages/oidc/start.php avec flow=login
$_GET['flow'] = 'login';
require_once dirname(__DIR__) . '/oidc/start.php';
public/oidc/callback.php
+21 -7
View File
@@ -1,19 +1,27 @@
<?php
declare(strict_types=1);
use App\Infrastructure\Database;
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
if (!function_exists('env')) {
function env(string $key, ?string $default = null): ?string {
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') return (string)$_ENV[$key];
function env(string $key, ?string $default = null): ?string
{
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') {
return (string)$_ENV[$key];
}
$v = getenv($key);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $default;
}
}
@@ -68,7 +76,9 @@ $post = [
'client_id' => $OIDC_CLIENT_ID,
'code_verifier' => $codeVerifier,
];
if ($OIDC_CLIENT_SECRET !== '') $post['client_secret'] = $OIDC_CLIENT_SECRET;
if ($OIDC_CLIENT_SECRET !== '') {
$post['client_secret'] = $OIDC_CLIENT_SECRET;
}
$ch = curl_init($tokenEndpoint);
curl_setopt_array($ch, [
@@ -127,7 +137,9 @@ if (!$email && $idToken && substr_count($idToken, '.') === 2) {
[, $p, ] = explode('.', $idToken, 3);
$payloadJson = base64_decode(strtr($p, '-_', '+/'), true);
$payload = $payloadJson ? json_decode($payloadJson, true) : null;
if (is_array($payload) && !empty($payload['email'])) $email = $payload['email'];
if (is_array($payload) && !empty($payload['email'])) {
$email = $payload['email'];
}
}
if (!$email) {
@@ -159,7 +171,9 @@ if ($flow === 'login' && $existingId) {
];
$target = $_SESSION['oidc_return_to'] ?? '/';
unset($_SESSION['oidc_return_to'], $_SESSION['oidc_flow']);
if (!is_string($target) || $target === '' || $target[0] !== '/') $target = '/';
if (!is_string($target) || $target === '' || $target[0] !== '/') {
$target = '/';
}
header('Location: ' . $target, true, 303);
exit;
}
public/oidc/me.php
+31 -12
View File
@@ -12,31 +12,48 @@ require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
function maskToken(?string $t): string {
if (!$t) return '';
function maskToken(?string $t): string
{
if (!$t) {
return '';
}
$len = strlen($t);
if ($len <= 12) return str_repeat('•', $len);
if ($len <= 12) {
return str_repeat('•', $len);
}
return substr($t, 0, 6) . str_repeat('•', max(0, $len - 12)) . substr($t, -6);
}
function b64url_decode_str(string $s): string|false {
function b64url_decode_str(string $s): string|false
{
$s = strtr($s, '-_', '+/');
$pad = strlen($s) % 4;
if ($pad) $s .= str_repeat('=', 4 - $pad);
if ($pad) {
$s .= str_repeat('=', 4 - $pad);
}
return base64_decode($s, true);
}
function decode_jwt(string $jwt): array {
if (substr_count($jwt, '.') !== 2) return [];
function decode_jwt(string $jwt): array
{
if (substr_count($jwt, '.') !== 2) {
return [];
}
[, $payload, ] = explode('.', $jwt, 3);
$json = b64url_decode_str($payload);
if ($json === false) return [];
if ($json === false) {
return [];
}
$arr = json_decode($json, true);
return is_array($arr) ? $arr : [];
}
$env = static function(string $k, ?string $d = null): ?string {
if (array_key_exists($k, $_ENV) && $_ENV[$k] !== '') return (string)$_ENV[$k];
$env = static function (string $k, ?string $d = null): ?string {
if (array_key_exists($k, $_ENV) && $_ENV[$k] !== '') {
return (string)$_ENV[$k];
}
$v = getenv($k);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $d;
};
@@ -72,7 +89,9 @@ if ($debugEnabled && $claims === [] && $accTok && $issuer) {
curl_close($ch);
if ($resp !== false && $code === 200) {
$tmp = json_decode((string)$resp, true);
if (is_array($tmp)) $claims = $tmp;
if (is_array($tmp)) {
$claims = $tmp;
}
}
}
public/oidc/start.php
+17 -7
View File
@@ -1,23 +1,33 @@
<?php
declare(strict_types=1);
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
if (!function_exists('env')) {
function env(string $key, ?string $default = null): ?string {
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') return (string)$_ENV[$key];
function env(string $key, ?string $default = null): ?string
{
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') {
return (string)$_ENV[$key];
}
$v = getenv($key);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $default;
}
}
$flow = $_GET['flow'] ?? 'login'; // 'login' ou 'register'
if (!in_array($flow, ['login','register'], true)) $flow = 'login';
if (!in_array($flow, ['login','register'], true)) {
$flow = 'login';
}
// return_to (URL relative uniquement)
$defaultReturn = '/';
@@ -29,8 +39,8 @@ $_SESSION['oidc_flow'] = $flow;
$_SESSION['oidc_return_to'] = $returnTo;
// --- OIDC conf ---
$issuer = rtrim((string)env('OIDC_ISSUER',''), '/');
$clientId = (string)env('OIDC_CLIENT_ID','');
$issuer = rtrim((string)env('OIDC_ISSUER', ''), '/');
$clientId = (string)env('OIDC_CLIENT_ID', '');
$redirectUri = (string)(env('OIDC_REDIRECT_URI') ?: url('oidc/callback'));
if (!$issuer || !$clientId || !$redirectUri) {
http_response_code(500);
public/route.php
+50 -48
View File
@@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
define('BASE_PATH', realpath(__DIR__ . '/../'));
require_once BASE_PATH . '/src/db.php';
@@ -50,7 +52,7 @@ switch ($action) {
}
}
header("Location: route.php");
header('Location: route.php');
exit;
}
}
@@ -62,13 +64,13 @@ switch ($action) {
case 'view':
if (!$id) {
echo "ID manquant.";
echo 'ID manquant.';
exit;
}
$post = $postManager->get($id);
if (!$post) {
echo "Post introuvable.";
echo 'Post introuvable.';
exit;
}
@@ -79,60 +81,60 @@ switch ($action) {
if ($id) {
$postManager->delete($id);
}
header("Location: route.php");
header('Location: route.php');
exit;
case 'edit':
if (!$id) {
echo "ID manquant.";
exit;
case 'edit':
if (!$id) {
echo 'ID manquant.';
exit;
}
$post = $postManager->get($id);
if (!$post) {
echo 'Post introuvable.';
exit;
}
$title = $_POST['title'] ?? $post['title'];
$content = $_POST['content'] ?? $post['content'];
$published_at = $_POST['published_at'] ?? date('Y-m-d\TH:i', strtotime($post['created_at']));
$published = isset($_POST['published']) ? true : $post['is_published'];
$errors = [];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (trim($title) === '') {
$errors[] = 'Le titre est obligatoire.';
}
$post = $postManager->get($id);
if (!$post) {
echo "Post introuvable.";
exit;
}
if (empty($errors)) {
$published_at_sql = str_replace('T', ' ', $_POST['published_at']);
$postManager->update($id, $title, $content, $published_at_sql, $published);
$title = $_POST['title'] ?? $post['title'];
$content = $_POST['content'] ?? $post['content'];
$published_at = $_POST['published_at'] ?? date('Y-m-d\TH:i', strtotime($post['created_at']));
$published = isset($_POST['published']) ? true : $post['is_published'];
$errors = [];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (trim($title) === '') {
$errors[] = 'Le titre est obligatoire.';
}
if (empty($errors)) {
$published_at_sql = str_replace('T', ' ', $_POST['published_at']);
$postManager->update($id, $title, $content, $published_at_sql, $published);
if (!empty($_FILES['files']['name'][0])) {
foreach ($_FILES['files']['tmp_name'] as $i => $tmpName) {
if ($_FILES['files']['error'][$i] === UPLOAD_ERR_OK) {
$file = [
'name' => $_FILES['files']['name'][$i],
'type' => $_FILES['files']['type'][$i],
'tmp_name' => $_FILES['files']['tmp_name'][$i],
'error' => $_FILES['files']['error'][$i],
'size' => $_FILES['files']['size'][$i],
];
$fileManager->upload($id, $file);
}
if (!empty($_FILES['files']['name'][0])) {
foreach ($_FILES['files']['tmp_name'] as $i => $tmpName) {
if ($_FILES['files']['error'][$i] === UPLOAD_ERR_OK) {
$file = [
'name' => $_FILES['files']['name'][$i],
'type' => $_FILES['files']['type'][$i],
'tmp_name' => $_FILES['files']['tmp_name'][$i],
'error' => $_FILES['files']['error'][$i],
'size' => $_FILES['files']['size'][$i],
];
$fileManager->upload($id, $file);
}
}
header("Location: route.php?action=view&id=$id");
exit;
}
}
$formAction = "route.php?action=edit&id=$id";
$action = 'edit';
include BASE_PATH . '/templates/post_form.php';
break;
header("Location: route.php?action=view&id=$id");
exit;
}
}
$formAction = "route.php?action=edit&id=$id";
$action = 'edit';
include BASE_PATH . '/templates/post_form.php';
break;
case 'list':
default:
includes/ConfigRepo.php → src/ConfigRepo.php
+53 -24
View File
@@ -1,25 +1,31 @@
<?php // includes/ConfigRepo.php
<?php
// includes/ConfigRepo.php
declare(strict_types=1);
function config_repo_get(): array {
function config_repo_get(): array
{
$pdo = db();
$row = $pdo->query("SELECT * FROM app_config WHERE id=1")->fetch(PDO::FETCH_ASSOC);
if (!$row) { return [
'allow_password'=>true,'allow_oidc'=>false,'registrations_open'=>true,
'oidc_issuer'=>null,'oidc_name'=>null,'oidc_client_id'=>null,'oidc_client_secret'=>null,'oidc_redirect_uri'=>null
]; }
$row = $pdo->query('SELECT * FROM app_config WHERE id=1')->fetch(PDO::FETCH_ASSOC);
if (!$row) {
return [
'allow_password' => true,'allow_oidc' => false,'registrations_open' => true,
'oidc_issuer' => null,'oidc_name' => null,'oidc_client_id' => null,'oidc_client_secret' => null,'oidc_redirect_uri' => null
];
}
return $row;
}
function config_repo_save(array $in): void {
function config_repo_save(array $in): void
{
$pdo = db();
$sql = "INSERT INTO app_config
$sql = 'INSERT INTO app_config
(id, allow_password, allow_oidc, registrations_open, oidc_issuer, oidc_name, oidc_client_id, oidc_client_secret, oidc_redirect_uri, updated_at)
VALUES (1,:pw,:oidc,:open,:iss,:name,:cid,:sec,:redir, now())
ON CONFLICT (id) DO UPDATE SET
allow_password=:pw, allow_oidc=:oidc, registrations_open=:open,
oidc_issuer=:iss, oidc_name=:name, oidc_client_id=:cid, oidc_client_secret=:sec, oidc_redirect_uri=:redir,
updated_at=now()";
updated_at=now()';
$stmt = $pdo->prepare($sql);
$stmt->execute([
':pw' => (bool)$in['allow_password'],
@@ -29,7 +35,7 @@ function config_repo_save(array $in): void {
':name' => trim((string)($in['oidc_name'] ?? '')) ?: null,
':cid' => trim((string)($in['oidc_client_id'] ?? '')) ?: null,
':sec' => trim((string)($in['oidc_client_secret'] ?? '')) ?: null,
':redir'=> trim((string)($in['oidc_redirect_uri'] ?? '')) ?: null,
':redir' => trim((string)($in['oidc_redirect_uri'] ?? '')) ?: null,
]);
}
@@ -37,36 +43,59 @@ function config_repo_save(array $in): void {
* Met à jour le fichier .env en conservant les autres lignes.
* $pairs = ['KEY'=>'value', ...] ; value null => supprime la clé.
*/
function env_set_pairs(string $envPath, array $pairs): void {
if (!is_file($envPath)) { file_put_contents($envPath, ""); }
function env_set_pairs(string $envPath, array $pairs): void
{
if (!is_file($envPath)) {
file_put_contents($envPath, '');
}
$lines = file($envPath, FILE_IGNORE_NEW_LINES);
$map = [];
foreach ($lines as $i => $line) {
if (preg_match('/^\s*#/', $line) || trim($line)==='') { $map[$i] = $line; continue; }
if (!str_contains($line, '=')) { $map[$i] = $line; continue; }
if (preg_match('/^\s*#/', $line) || trim($line) === '') {
$map[$i] = $line;
continue;
}
if (!str_contains($line, '=')) {
$map[$i] = $line;
continue;
}
[$k,$v] = explode('=', $line, 2);
$k = trim($k);
if ($k==='') { $map[$i] = $line; continue; }
if ($k === '') {
$map[$i] = $line;
continue;
}
if (array_key_exists($k, $pairs)) {
if ($pairs[$k] === null) { $map[$i] = null; } // supprimé
else { $map[$i] = $k.'='.env_quote((string)$pairs[$k]); }
if ($pairs[$k] === null) {
$map[$i] = null;
} // supprimé
else {
$map[$i] = $k.'='.env_quote((string)$pairs[$k]);
}
unset($pairs[$k]);
} else {
$map[$i] = $line;
}
}
// append keys restantes
foreach ($pairs as $k=>$v) {
if ($v === null) continue;
foreach ($pairs as $k => $v) {
if ($v === null) {
continue;
}
$map[] = $k.'='.env_quote((string)$v);
}
// re-écriture
$out = [];
foreach ($map as $line) { if ($line === null) continue; $out[] = $line; }
foreach ($map as $line) {
if ($line === null) {
continue;
} $out[] = $line;
}
file_put_contents($envPath, implode(PHP_EOL, $out).PHP_EOL);
}
function env_quote(string $v): string {
function env_quote(string $v): string
{
if ($v === '' || preg_match('/\s|[#"\'=]/', $v)) {
// met entre guillemets et échappe
$v = str_replace(['\\','"'], ['\\\\','\\"'], $v);
@@ -75,11 +104,11 @@ function env_quote(string $v): string {
return $v;
}
function ensure_admin(): void {
function ensure_admin(): void
{
// adapte à ton système
if (empty($_SESSION['user']['is_admin'])) {
http_response_code(403);
exit('Forbidden');
}
}
src/Domain/User.php
+3 -1
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Domain;
@@ -10,5 +11,6 @@ final class User
public string $email,
public string $passwordHash,
public bool $isActive = true,
) {}
) {
}
}
src/FileManager.php
+16 -8
View File
@@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
class FileManager
{
private PDO $db;
@@ -27,10 +29,10 @@ class FileManager
return null;
}
$stmt = $this->db->prepare("
$stmt = $this->db->prepare('
INSERT INTO post_files (post_id, file_type, file_path, original_name)
VALUES (:post_id, :file_type, :file_path, :original_name)
");
');
$stmt->execute([
'post_id' => $postId,
'file_type' => $type,
@@ -43,14 +45,14 @@ class FileManager
public function getFilesForPost(int $postId): array
{
$stmt = $this->db->prepare("SELECT * FROM post_files WHERE post_id = :post_id ORDER BY uploaded_at");
$stmt = $this->db->prepare('SELECT * FROM post_files WHERE post_id = :post_id ORDER BY uploaded_at');
$stmt->execute(['post_id' => $postId]);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
public function delete(int $fileId): bool
{
$stmt = $this->db->prepare("SELECT file_path FROM post_files WHERE id = :id");
$stmt = $this->db->prepare('SELECT file_path FROM post_files WHERE id = :id');
$stmt->execute(['id' => $fileId]);
$file = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -63,15 +65,21 @@ class FileManager
unlink($fullPath);
}
$stmt = $this->db->prepare("DELETE FROM post_files WHERE id = :id");
$stmt = $this->db->prepare('DELETE FROM post_files WHERE id = :id');
return $stmt->execute(['id' => $fileId]);
}
private function guessType(string $mime): string
{
if (str_starts_with($mime, 'image/')) return 'image';
if (str_starts_with($mime, 'video/')) return 'video';
if (str_starts_with($mime, 'audio/')) return 'audio';
if (str_starts_with($mime, 'image/')) {
return 'image';
}
if (str_starts_with($mime, 'video/')) {
return 'video';
}
if (str_starts_with($mime, 'audio/')) {
return 'audio';
}
return 'file';
}
}
src/Http/Csrf.php
+1
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Http;
src/Infrastructure/Database.php
+11 -4
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Infrastructure;
@@ -17,9 +18,11 @@ final class Database
return self::$pdo;
}
$get = static function (string $k, ?string $default=null): ?string {
$get = static function (string $k, ?string $default = null): ?string {
$v = getenv($k);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $_ENV[$k] ?? $default;
};
@@ -31,7 +34,9 @@ final class Database
$host = $get('DB_HOST', 'localhost');
$port = $get('DB_PORT', '5432');
$name = $get('DB_NAME');
if ($name) $dsn = sprintf('pgsql:host=%s;port=%s;dbname=%s', $host, $port, $name);
if ($name) {
$dsn = sprintf('pgsql:host=%s;port=%s;dbname=%s', $host, $port, $name);
}
}
if (!$dsn) {
@@ -80,7 +85,9 @@ final class Database
$pdo->commit();
return $ret;
} catch (\Throwable $e) {
if ($pdo->inTransaction()) $pdo->rollBack();
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
throw $e;
}
}
src/Infrastructure/DbAdapter.php
+7 -2
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Infrastructure;
@@ -19,9 +20,13 @@ final class DbAdapter
$host = getenv('DB_HOST') ?: ($_ENV['DB_HOST'] ?? 'localhost');
$port = getenv('DB_PORT') ?: ($_ENV['DB_PORT'] ?? '5432');
$name = getenv('DB_NAME') ?: ($_ENV['DB_NAME'] ?? null);
if ($name) $dsn = sprintf('pgsql:host=%s;port=%s;dbname=%s', $host, $port, $name);
if ($name) {
$dsn = sprintf('pgsql:host=%s;port=%s;dbname=%s', $host, $port, $name);
}
}
if (!$dsn) {
throw new \RuntimeException('Aucun DSN pour initialiser PDO');
}
if (!$dsn) throw new \RuntimeException('Aucun DSN pour initialiser PDO');
return new PDO($dsn, (string)$user, (string)$pass, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
src/Infrastructure/Session.php
+4 -1
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Infrastructure;
@@ -7,7 +8,9 @@ final class Session
{
public static function startSecure(string $name): void
{
if (session_status() === PHP_SESSION_ACTIVE) return;
if (session_status() === PHP_SESSION_ACTIVE) {
return;
}
session_name($name);
session_set_cookie_params([
src/Parsedown.php
+190 -356
View File
File diff suppressed because it is too large Load Diff
src/PostManager.php
+9 -7
View File
@@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
class PostManager
{
private PDO $db;
@@ -11,13 +13,13 @@ class PostManager
public function getAll(): array
{
$stmt = $this->db->query("SELECT * FROM posts ORDER BY created_at DESC");
$stmt = $this->db->query('SELECT * FROM posts ORDER BY created_at DESC');
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
public function get(int $id): ?array
{
$stmt = $this->db->prepare("SELECT * FROM posts WHERE id = :id");
$stmt = $this->db->prepare('SELECT * FROM posts WHERE id = :id');
$stmt->execute(['id' => $id]);
$post = $stmt->fetch(PDO::FETCH_ASSOC);
return $post ?: null;
@@ -25,10 +27,10 @@ class PostManager
public function create(string $title, string $content, string $published_at): int
{
$stmt = $this->db->prepare("
$stmt = $this->db->prepare('
INSERT INTO posts (title, content, created_at, is_published)
VALUES (:title, :content, :published_at, true)
");
');
$stmt->execute([
'title' => $title,
'content' => $content,
@@ -40,7 +42,7 @@ class PostManager
public function update(int $id, string $title, string $content, string $published_at, bool $published): bool
{
$stmt = $this->db->prepare("
$stmt = $this->db->prepare('
UPDATE posts
SET title = :title,
content = :content,
@@ -48,7 +50,7 @@ class PostManager
is_published = :published,
updated_at = NOW()
WHERE id = :id
");
');
return $stmt->execute([
'id' => $id,
'title' => $title,
@@ -61,7 +63,7 @@ class PostManager
public function delete(int $id): bool
{
$stmt = $this->db->prepare("DELETE FROM posts WHERE id = :id");
$stmt = $this->db->prepare('DELETE FROM posts WHERE id = :id');
return $stmt->execute(['id' => $id]);
}
}
src/Repository/DictionnaryRepository.php
+19 -10
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Repository;
@@ -7,39 +8,47 @@ use PDO;
final class DictionaryRepository
{
public function __construct(private PDO $pdo) {}
public function __construct(private PDO $pdo)
{
}
public function getEntityByCode(string $code): ?array {
public function getEntityByCode(string $code): ?array
{
$st = $this->pdo->prepare('SELECT * FROM dd_entities WHERE code = :c AND is_active IS TRUE');
$st->execute([':c'=>$code]);
$st->execute([':c' => $code]);
$e = $st->fetch(PDO::FETCH_ASSOC);
if (!$e) return null;
if (!$e) {
return null;
}
$e['fields'] = $this->getFields((int)$e['id']);
$e['rules'] = $this->getRules((int)$e['id']);
return $e;
}
public function getFields(int $entityId): array {
public function getFields(int $entityId): array
{
$st = $this->pdo->prepare('SELECT * FROM dd_fields WHERE entity_id = :id ORDER BY ui_order NULLS LAST, id');
$st->execute([':id'=>$entityId]);
$st->execute([':id' => $entityId]);
return $st->fetchAll(PDO::FETCH_ASSOC);
}
public function getRules(int $entityId): array {
public function getRules(int $entityId): array
{
$st = $this->pdo->prepare('SELECT * FROM dd_rules WHERE entity_id = :id AND active IS TRUE');
$st->execute([':id'=>$entityId]);
$st->execute([':id' => $entityId]);
return $st->fetchAll(PDO::FETCH_ASSOC);
}
public function getEnum(string $name): array {
public function getEnum(string $name): array
{
$st = $this->pdo->prepare('
SELECT ev.code, ev.label
FROM dd_enums e JOIN dd_enum_values ev ON ev.enum_id = e.id
WHERE e.name = :n AND ev.active IS TRUE
ORDER BY ev.sort_order, ev.id
');
$st->execute([':n'=>$name]);
$st->execute([':n' => $name]);
return $st->fetchAll(PDO::FETCH_ASSOC);
}
}
src/Repository/ProfileRepository.php
+27 -8
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Repository;
@@ -13,24 +14,39 @@ final class ProfileRepository
public function __construct(?PDO $pdo = null)
{
// 0) DI directe
if ($pdo instanceof PDO) { $this->pdo = $pdo; return; }
if ($pdo instanceof PDO) {
$this->pdo = $pdo;
return;
}
// 1) App\Infrastructure\Database (si elle expose quelque chose)
if (class_exists(Database::class)) {
if (method_exists(Database::class, 'pdo')) {
$try = Database::pdo();
if ($try instanceof PDO) { $this->pdo = $try; return; }
if ($try instanceof PDO) {
$this->pdo = $try;
return;
}
}
if (method_exists(Database::class, 'getPdo')) {
$try = Database::getPdo();
if ($try instanceof PDO) { $this->pdo = $try; return; }
if ($try instanceof PDO) {
$this->pdo = $try;
return;
}
}
if (method_exists(Database::class, 'getInstance')) {
$db = Database::getInstance();
if ($db instanceof PDO) { $this->pdo = $db; return; }
if ($db instanceof PDO) {
$this->pdo = $db;
return;
}
if (is_object($db) && method_exists($db, 'pdo')) {
$try = $db->pdo();
if ($try instanceof PDO) { $this->pdo = $try; return; }
if ($try instanceof PDO) {
$this->pdo = $try;
return;
}
}
}
}
@@ -38,7 +54,10 @@ final class ProfileRepository
// 2) Fonction globale éventuelle
if (function_exists('db')) {
$try = db();
if ($try instanceof PDO) { $this->pdo = $try; return; }
if ($try instanceof PDO) {
$this->pdo = $try;
return;
}
}
// 3) Variable globale éventuelle
@@ -110,7 +129,7 @@ final class ProfileRepository
':slug' => $slug,
':label' => $label,
':desc' => $description,
':perms' => json_encode($permissions, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES),
':perms' => json_encode($permissions, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
':sys' => $isSystem,
':act' => $isActive,
]);
@@ -125,7 +144,7 @@ final class ProfileRepository
':slug' => $slug,
':label' => $label,
':desc' => $description,
':perms' => json_encode($permissions, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES),
':perms' => json_encode($permissions, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
':sys' => $isSystem,
':act' => $isActive,
]);
src/Repository/UserRepository.php
+4 -1
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Repository;
@@ -8,7 +9,9 @@ use PDO;
final class UserRepository
{
public function __construct(private PDO $pdo) {}
public function __construct(private PDO $pdo)
{
}
/**
* Crée (si besoin) un utilisateur OIDC.
src/Service/AuthService.php
+13 -8
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Service;
@@ -7,7 +8,9 @@ use App\Repository\UserRepository;
final class AuthService
{
public function __construct(private UserRepository $users) {}
public function __construct(private UserRepository $users)
{
}
public function canAttempt(string $email, string $ip): bool
{
@@ -30,12 +33,12 @@ final class AuthService
$user = $this->users->findByEmail($email);
$ok = $user && $user->isActive && password_verify($password, $user->passwordHash);
$pdo = \App\Infrastructure\Database::pdo();
$st = $pdo->prepare('insert into login_attempts(email, ip, success) values(:e, :ip, :s)');
$st->bindValue(':e', $email, \PDO::PARAM_STR);
$st->bindValue(':ip', $ip, \PDO::PARAM_STR);
$st->bindValue(':s', $ok, \PDO::PARAM_BOOL);
$st->execute();
$pdo = \App\Infrastructure\Database::pdo();
$st = $pdo->prepare('insert into login_attempts(email, ip, success) values(:e, :ip, :s)');
$st->bindValue(':e', $email, \PDO::PARAM_STR);
$st->bindValue(':ip', $ip, \PDO::PARAM_STR);
$st->bindValue(':s', $ok, \PDO::PARAM_BOOL);
$st->execute();
if ($ok) {
\App\Infrastructure\Session::regenerate();
@@ -53,7 +56,9 @@ final class AuthService
$st = $pdo->prepare('select id, email, password_hash, is_active from users where id = :id');
$st->execute([':id' => $userId]);
$row = $st->fetch(\PDO::FETCH_ASSOC);
if (!$row || !(bool)$row['is_active']) return false;
if (!$row || !(bool)$row['is_active']) {
return false;
}
// Vérifier lancien mot de passe
if (!password_verify($currentPassword, (string)$row['password_hash'])) {
src/Service/MailQueue.php
+1 -1
View File
@@ -144,7 +144,7 @@ final class MailQueue
if ($rows) {
// 2) Marquer locked_at + sending
$ids = array_map(static fn($r) => (int)$r['id'], $rows);
$ids = array_map(static fn ($r) => (int)$r['id'], $rows);
$in = implode(',', array_fill(0, count($ids), '?'));
$up = $this->pdo->prepare(
src/Service/MailService.php
-1
View File
@@ -8,7 +8,6 @@ use App\Infrastructure\Database;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception as MailException;
use PDO;
use DateInterval;
use DateTimeImmutable;
/**
src/Service/UiFormRenderer.php
+17 -7
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Service;
@@ -7,21 +8,30 @@ use App\Repository\DictionaryRepository;
final class UiFormRenderer
{
public function __construct(private DictionaryRepository $dict) {}
public function __construct(private DictionaryRepository $dict)
{
}
public function renderControls(string $entityCode, array $values = []): string {
public function renderControls(string $entityCode, array $values = []): string
{
$e = $this->dict->getEntityByCode($entityCode);
if (!$e) return '<div class="alert alert-danger">Entité inconnue</div>';
if (!$e) {
return '<div class="alert alert-danger">Entité inconnue</div>';
}
$html = '';
foreach ($e['fields'] as $f) {
if (!$f['form_visible']) continue;
if ($f['read_only']) continue;
if (!$f['form_visible']) {
continue;
}
if ($f['read_only']) {
continue;
}
$name = $f['code'];
$label = $f['label'];
$help = $f['help_text'] ?? '';
$widget= $f['ui_widget'] ?? 'text';
$widget = $f['ui_widget'] ?? 'text';
$val = $values[$name] ?? '';
$html .= '<div class="mb-3">';
@@ -41,7 +51,7 @@ final class UiFormRenderer
'email' => 'email',
'number' => 'number',
'date' => 'date',
'checkbox'=> 'checkbox',
'checkbox' => 'checkbox',
default => 'text',
};
if ($type === 'checkbox') {
src/Service/Validator.php
+21 -7
View File
@@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
namespace App\Service;
@@ -7,12 +8,17 @@ use App\Repository\DictionaryRepository;
final class Validator
{
public function __construct(private DictionaryRepository $dict) {}
public function __construct(private DictionaryRepository $dict)
{
}
public function validate(string $entityCode, array $payload): array {
public function validate(string $entityCode, array $payload): array
{
$errors = [];
$e = $this->dict->getEntityByCode($entityCode);
if (!$e) return ['_global' => ['Entité inconnue']];
if (!$e) {
return ['_global' => ['Entité inconnue']];
}
// Index les champs
$fields = [];
@@ -30,7 +36,9 @@ final class Validator
switch ($type) {
case 'required':
if ($code && ($v === null || $v === '')) $errors[$code][] = $msg;
if ($code && ($v === null || $v === '')) {
$errors[$code][] = $msg;
}
break;
case 'regex':
if ($code && $v !== null && $v !== '' && !preg_match('#'.$val.'#u', (string)$v)) {
@@ -38,16 +46,22 @@ final class Validator
}
break;
case 'min':
if ($code && is_numeric($v) && (float)$v < (float)$val) $errors[$code][] = $msg;
if ($code && is_numeric($v) && (float)$v < (float)$val) {
$errors[$code][] = $msg;
}
break;
case 'max':
if ($code && is_numeric($v) && (float)$v > (float)$val) $errors[$code][] = $msg;
if ($code && is_numeric($v) && (float)$v > (float)$val) {
$errors[$code][] = $msg;
}
break;
case 'between':
if ($code && is_numeric($v)) {
[$a,$b] = array_map('floatval', explode(',', $val));
$fv = (float)$v;
if ($fv < $a || $fv > $b) $errors[$code][] = $msg;
if ($fv < $a || $fv > $b) {
$errors[$code][] = $msg;
}
}
break;
case 'unique':
src/auth.php
+6 -2
View File
@@ -1,10 +1,13 @@
<?php
declare(strict_types=1);
use Jumbojett\OpenIDConnectClient;
require_once BASE_PATH . '/vendor/autoload.php';
session_start();
function require_auth() {
function require_auth()
{
if (!isset($_SESSION['user'])) {
// Redirige vers la page de login
header('Location: /auth/login.php');
@@ -12,7 +15,8 @@ function require_auth() {
}
}
function get_oidc_client(): OpenIDConnectClient {
function get_oidc_client(): OpenIDConnectClient
{
$oidc = new OpenIDConnectClient(
'https://idp.a5l.fr/realms/master',
'varlog-client-id',
src/db.php
+2
View File
@@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
require_once BASE_PATH . '/config/config.php';
// Comment récupérer les valeurs de .env
src/helpers.php
+4 -1
View File
@@ -1,6 +1,9 @@
<?php
function vd($var, ...$moreVars) {
declare(strict_types=1);
function vd($var, ...$moreVars)
{
ob_start();
var_dump($var, ...$moreVars);
$output = ob_get_clean();
includes/mailer.php → src/mailer.php
+42 -19
View File
@@ -1,4 +1,5 @@
<?php
// projet : mug.a5l.fr
// fichier : includes/mailer.php
// version : 20251011
@@ -10,24 +11,35 @@ use PHPMailer\PHPMailer\Exception;
require_once dirname(__DIR__) . '/vendor/autoload.php';
if (!function_exists('env')) {
function env(string $key, ?string $default = null): ?string {
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') return (string)$_ENV[$key];
function env(string $key, ?string $default = null): ?string
{
if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') {
return (string)$_ENV[$key];
}
$v = getenv($key);
if ($v !== false && $v !== '') return (string)$v;
if ($v !== false && $v !== '') {
return (string)$v;
}
return $default;
}
}
if (!function_exists('db')) {
function db(): \PDO { return \App\Infrastructure\Database::get(); }
function db(): \PDO
{
return \App\Infrastructure\Database::get();
}
}
/**
* Anti-abus simple : 1 envoi / 5 min et 5 en 12 h par destinataire (status in ('sent','queued')).
*/
function mailer_can_send(string $email, int $coolMin = 5, int $maxPer12h = 5): array {
function mailer_can_send(string $email, int $coolMin = 5, int $maxPer12h = 5): array
{
// bypass complet si désactivé
$enabled = (int) (env('SMTP_RATE_LIMIT_ENABLE', '1'));
if ($enabled === 0) return [true, ''];
if ($enabled === 0) {
return [true, ''];
}
$pdo = db();
@@ -38,8 +50,10 @@ function mailer_can_send(string $email, int $coolMin = 5, int $maxPer12h = 5): a
AND status IN ('sent','queued')
LIMIT 1";
$stmt = $pdo->prepare($q1);
$stmt->execute([':e'=>$email, ':cool'=>sprintf('%d minutes', $coolMin)]);
if ($stmt->fetchColumn()) return [false, "Un email vient d’être envoyé. Réessayez dans {$coolMin} min."];
$stmt->execute([':e' => $email, ':cool' => sprintf('%d minutes', $coolMin)]);
if ($stmt->fetchColumn()) {
return [false, "Un email vient d’être envoyé. Réessayez dans {$coolMin} min."];
}
}
// Plafond 12h (actif seulement si >0)
@@ -48,8 +62,10 @@ function mailer_can_send(string $email, int $coolMin = 5, int $maxPer12h = 5): a
WHERE to_email = :e AND created_at >= NOW() - INTERVAL '12 hours'
AND status IN ('sent','queued')";
$stmt = $pdo->prepare($q2);
$stmt->execute([':e'=>$email]);
if ((int)$stmt->fetchColumn() >= $maxPer12h) return [false, 'Quota atteint. Réessayez plus tard.'];
$stmt->execute([':e' => $email]);
if ((int)$stmt->fetchColumn() >= $maxPer12h) {
return [false, 'Quota atteint. Réessayez plus tard.'];
}
}
return [true, ''];
@@ -64,9 +80,12 @@ function mailer_can_send(string $email, int $coolMin = 5, int $maxPer12h = 5): a
* @param string|null $text corps texte brut (optionnel, auto-généré si null)
* @param array $opts ['reply_to'=>['email','name']]
*/
function envoyer_mail_smtp(string $to, string $subject, string $html, ?string $text = null, array $opts = []): bool {
function envoyer_mail_smtp(string $to, string $subject, string $html, ?string $text = null, array $opts = []): bool
{
[$ok, $msg] = mailer_can_send($to, (int)env('SMTP_COOLDOWN_MINUTES', '5'), (int)env('SMTP_MAX_PER_12H', '5'));
if (!$ok) throw new RuntimeException($msg);
if (!$ok) {
throw new RuntimeException($msg);
}
$pdo = db();
$pdo->beginTransaction();
@@ -87,7 +106,9 @@ function envoyer_mail_smtp(string $to, string $subject, string $html, ?string $t
$rowId = (int)$stmt->fetchColumn();
$pdo->commit();
} catch (\Throwable $e) {
if ($pdo->inTransaction()) $pdo->rollBack();
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
throw $e;
}
@@ -100,12 +121,15 @@ function envoyer_mail_smtp(string $to, string $subject, string $html, ?string $t
$mail->Username = (string)env('SMTP_USER', '');
$mail->Password = (string)env('SMTP_PASS', '');
$secure = strtolower((string)env('SMTP_SECURE', 'tls'));
if ($secure === 'ssl') $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
elseif ($secure === 'tls') $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
if ($secure === 'ssl') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
} elseif ($secure === 'tls') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
}
$mail->SMTPKeepAlive = true; // réutilise la connexion
$mail->Timeout = 30; // évite les blocages longs
$mail->SMTPOptions = ['ssl'=>['verify_peer'=>true,'verify_peer_name'=>true,'allow_self_signed'=>false]];
$mail->SMTPOptions = ['ssl' => ['verify_peer' => true,'verify_peer_name' => true,'allow_self_signed' => false]];
$mail->CharSet = 'UTF-8';
$mail->isHTML(true);
@@ -138,12 +162,11 @@ function envoyer_mail_smtp(string $to, string $subject, string $html, ?string $t
$mail->send();
$pdo->prepare("UPDATE journal_smtp SET status='sent', sent_at=NOW() WHERE id=:id")->execute([':id'=>$rowId]);
$pdo->prepare("UPDATE journal_smtp SET status='sent', sent_at=NOW() WHERE id=:id")->execute([':id' => $rowId]);
return true;
} catch (Exception $e) {
$pdo->prepare("UPDATE journal_smtp SET status='error', error_message=:err, sent_at=NOW() WHERE id=:id")
->execute([':id'=>$rowId, ':err'=>substr($e->getMessage(),0,1000)]);
->execute([':id' => $rowId, ':err' => substr($e->getMessage(), 0, 1000)]);
throw new RuntimeException('Envoi email impossible: '.$e->getMessage());
}
}
includes/footer.php → templates/footer.php
View File
includes/header.php → templates/header.php
+3 -3
View File
@@ -16,8 +16,8 @@
// Créer une instance de MessageManager avec le fichier de base de données SQLite
$messageManager = new ace\MessageManager('database.db');
if ($messageManager->sessionAlready()) {
?>
if ($messageManager->sessionAlready()) {
?>
<div class="dropdown text-end">
<a href="#" class="d-block link-dark text-decoration-none dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false">
@@ -41,7 +41,7 @@
<?php
}
}
?>
</header>
</div>
templates/post_list.php
+4 -4
View File
@@ -22,9 +22,9 @@ ob_start();
<div class="card-text text-body">
<?php
$html = $Parsedown->text($post['content']);
$preview = mb_strimwidth(strip_tags($html), 0, 300, '…');
echo '<p>' . $preview . '</p>';
?>
$preview = mb_strimwidth(strip_tags($html), 0, 300, '…');
echo '<p>' . $preview . '</p>';
?>
</div>
<p class="text-muted small mt-auto mb-2">📅 Publié le <?= date('d/m/Y', strtotime($post['created_at'])) ?></p>
@@ -42,5 +42,5 @@ ob_start();
<?php
$content = ob_get_clean();
$title = "Liste des posts";
$title = 'Liste des posts';
include __DIR__ . '/layout.php';
templates/post_view.php
+2 -2
View File
@@ -36,8 +36,8 @@ $files = $fileManager->getFilesForPost($post['id']);
<div class="card-body">
<?php
$fileUrl = $publicDir . '/' . $file['file_path'];
$type = $file['file_type'];
?>
$type = $file['file_type'];
?>
<?php if ($type === 'image'): ?>
<img src="<?= $fileUrl ?>" class="img-fluid" alt="<?= htmlspecialchars($file['original_name']) ?>">