PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: file browser + relink for orphaned files + htmx fix + header cleanup + fix relinked FilePond integration + resolve acces.php conflict markers

Browse Source
This commit is contained in:
Pontoporeia
2026-05-18 17:39:01 +02:00
parent 79eddf5d5a
commit 27e6abc7e4
10 changed files with 268 additions and 205866 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
app/public/admin/actions/filepond/relink.php
View File

@@ -14,23 +14,29 @@ require_once __DIR__ . '/../../../../bootstrap.php';
require_once __DIR__ . '/../../../../src/AdminAuth.php';
AdminAuth::requireLogin();
// Always return JSON, even on errors
function relinkError(int $code, string $message): never {
http_response_code($code);
header('Content-Type: application/json');
echo json_encode(['ok' => false, 'error' => $message]);
exit;
}
// CSRF via header
$csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
error_log('[relink] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | csrf=' . (isset($_SESSION['csrf_token']) ? 'set' : 'missing') . ' | header=' . (strlen($csrfHeader) > 0 ? substr($csrfHeader, 0, 8) . '...' : 'empty') . ' | body_len=' . strlen(file_get_contents('php://input')));
if (!isset($_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $csrfHeader)) {
http_response_code(403);
die('Token CSRF invalide.');
relinkError(403, 'Token CSRF invalide.');
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
die('Méthode non autorisée.');
relinkError(405, 'Méthode non autorisée.');
}
$body = json_decode(file_get_contents('php://input'), true);
if (!is_array($body)) {
http_response_code(400);
die('JSON invalide.');
relinkError(400, 'JSON invalide.');
}
$thesisId = filter_var($body['thesis_id'] ?? '', FILTER_VALIDATE_INT);
@@ -42,14 +48,12 @@ $queueType = trim($body['queue_type'] ?? '');
$mimeType = trim($body['mime_type'] ?? 'application/octet-stream');
if (!$thesisId || $filePath === '') {
http_response_code(400);
die('Paramètres invalides (thesis_id + file_path requis).');
relinkError(400, 'Paramètres invalides (thesis_id + file_path requis).');
}
// Security: only allow paths under documents/ or theses/
if (!preg_match('#^(documents|theses)/#', $filePath)) {
http_response_code(403);
die('Chemin de fichier non autorisé.');
relinkError(403, 'Chemin de fichier non autorisé.');
}
$absPath = STORAGE_ROOT . '/' . $filePath;
@@ -57,19 +61,21 @@ $realPath = realpath($absPath);
$realStorage = realpath(STORAGE_ROOT);
if ($realPath === false || !str_starts_with($realPath, $realStorage)) {
http_response_code(404);
die('Fichier introuvable ou chemin interdit.');
error_log('[relink] FILE NOT FOUND | absPath=' . $absPath . ' | realPath=' . var_export($realPath, true) . ' | realStorage=' . $realStorage);
relinkError(404, 'Fichier introuvable ou chemin interdit.');
}
if (!is_file($realPath)) {
http_response_code(404);
die('Le chemin ne pointe pas vers un fichier.');
relinkError(404, 'Le chemin ne pointe pas vers un fichier.');
}
// Detect MIME if not provided
if ($mimeType === 'application/octet-stream') {
if ($mimeType === 'application/octet-stream' && class_exists('finfo')) {
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->file($realPath);
$detected = $finfo->file($realPath);
if ($detected !== false && $detected !== '') {
$mimeType = $detected;
}
}
// Map queue_type to file_type if not explicitly given
@@ -91,8 +97,7 @@ $pdo = $db->getConnection();
$stmt = $pdo->prepare('SELECT id FROM thesis_files WHERE thesis_id = ? AND file_path = ?');
$stmt->execute([$thesisId, $filePath]);
if ($stmt->fetch()) {
http_response_code(409);
die('Ce fichier est déjà lié à ce TFE.');
relinkError(409, 'Ce fichier est déjà lié à ce TFE.');
}
$db->insertThesisFile(

30
app/public/admin/fragments/file-browser.php
View File

@@ -13,9 +13,11 @@ AdminAuth::requireLogin();
$storageRoot = STORAGE_ROOT;
error_log('[file-browser] ENTRY | dir=' . ($_GET['dir'] ?? '(root)') . ' | storageRoot=' . $storageRoot);
// Determine which directory to browse
$relDir = trim($_GET['dir'] ?? '', '/');
if ($relDir !== '' && !preg_match('#^(documents|theses)/#', $relDir)) {
if ($relDir !== '' && !preg_match('#^(documents|theses)(/|$)#', $relDir)) {
$relDir = '';
}
@@ -83,6 +85,24 @@ if ($relDir !== '') {
}
$rootDirs = ['documents', 'theses'];
// SVG icon for a given extension
function fileIcon(string $ext): string {
$ext = strtolower($ext);
if ($ext === 'pdf') {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M224,152a8,8,0,0,1-8,8H192v16h16a8,8,0,0,1,0,16H192v16a8,8,0,0,1-16,0V152a8,8,0,0,1,8-8h32A8,8,0,0,1,224,152ZM92,172a28,28,0,0,1-28,28H56v8a8,8,0,0,1-16,0V152a8,8,0,0,1,8-8H64A28,28,0,0,1,92,172Zm-16,0a12,12,0,0,0-12-12H56v24h8A12,12,0,0,0,76,172Zm88,8a36,36,0,0,1-36,36H112a8,8,0,0,1-8-8V152a8,8,0,0,1,8-8h16A36,36,0,0,1,164,180Zm-16,0a20,20,0,0,0-20-20h-8v40h8A20,20,0,0,0,148,180ZM40,112V40A16,16,0,0,1,56,24h96a8,8,0,0,1,5.66,2.34l56,56A8,8,0,0,1,216,88v24a8,8,0,0,1-16,0V96H152a8,8,0,0,1-8-8V40H56v72a8,8,0,0,1-16,0ZM160,80h28.69L160,51.31Z"></path></svg>';
}
if (in_array($ext, ['zip', 'tar', 'gz', 'bz2', 'xz', '7z', 'rar'], true)) {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M213.66,82.34l-56-56A8,8,0,0,0,152,24H56A16,16,0,0,0,40,40V216a16,16,0,0,0,16,16H200a16,16,0,0,0,16-16V88A8,8,0,0,0,213.66,82.34ZM160,51.31,188.69,80H160ZM200,216H112V200h8a8,8,0,0,0,0-16h-8V168h8a8,8,0,0,0,0-16h-8V136h8a8,8,0,0,0,0-16h-8v-8a8,8,0,0,0-16,0v8H88a8,8,0,0,0,0,16h8v16H88a8,8,0,0,0,0,16h8v16H88a8,8,0,0,0,0,16h8v16H56V40h88V88a8,8,0,0,0,8,8h48V216Z"></path></svg>';
}
// Default text-file icon for all other extensions
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M213.66,82.34l-56-56A8,8,0,0,0,152,24H56A16,16,0,0,0,40,40V216a16,16,0,0,0,16,16H200a16,16,0,0,0,16-16V88A8,8,0,0,0,213.66,82.34ZM160,51.31,188.69,80H160ZM200,216H56V40h88V88a8,8,0,0,0,8,8h48V216Zm-32-80a8,8,0,0,1-8,8H96a8,8,0,0,1,0-16h64A8,8,0,0,1,168,136Zm0,32a8,8,0,0,1-8,8H96a8,8,0,0,1,0-16h64A8,8,0,0,1,168,168Z"></path></svg>';
}
// SVG folder icon (same for all directories)
function folderIcon(): string {
return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M216,72H131.31L104,44.69A15.86,15.86,0,0,0,92.69,40H40A16,16,0,0,0,24,56V200.62A15.4,15.4,0,0,0,39.38,216H216.89A15.13,15.13,0,0,0,232,200.89V88A16,16,0,0,0,216,72ZM40,56H92.69l16,16H40ZM216,200H40V88H216Z"></path></svg>';
}
?>
<div id="file-browser-container" class="file-browser">
<?php if ($relDir === ''): ?>
@@ -94,7 +114,7 @@ $rootDirs = ['documents', 'theses'];
<li class="file-browser-entry file-browser-dir">
<a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($rd) ?>"
hx-target="#file-browser-container" hx-swap="outerHTML">
<span class="file-browser-icon">📁</span>
<span class="file-browser-icon"><?= folderIcon() ?></span>
<span class="file-browser-name"><?= htmlspecialchars($rd) ?>/</span>
</a>
</li>
@@ -104,7 +124,7 @@ $rootDirs = ['documents', 'theses'];
<!-- Subdirectory: breadcrumb + entries -->
<nav class="file-browser-breadcrumb">
<a href="#" hx-get="/admin/fragments/file-browser.php"
hx-target="#file-browser-container" hx-swap="outerHTML">📂 racine</a>
hx-target="#file-browser-container" hx-swap="outerHTML"><?= folderIcon() ?> racine</a>
<?php foreach ($breadcrumb as $i => $bc): ?>
<span class="file-browser-sep">/</span>
<a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($bc['dir']) ?>"
@@ -121,7 +141,7 @@ $rootDirs = ['documents', 'theses'];
<li class="file-browser-entry file-browser-dir">
<a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($relDir . '/' . $e['name']) ?>"
hx-target="#file-browser-container" hx-swap="outerHTML">
<span class="file-browser-icon">📁</span>
<span class="file-browser-icon"><?= folderIcon() ?></span>
<span class="file-browser-name"><?= htmlspecialchars($e['name']) ?>/</span>
</a>
</li>
@@ -133,7 +153,7 @@ $rootDirs = ['documents', 'theses'];
data-file-size="<?= (int)($e['size'] ?? 0) ?>">
<button type="button" class="file-browser-select-btn"
onclick="XamxamRelinkFile(this)">
<span class="file-browser-icon">📄</span>
<span class="file-browser-icon"><?= fileIcon($e['ext'] ?? '') ?></span>
<span class="file-browser-name"><?= htmlspecialchars($e['name']) ?></span>
<span class="file-browser-size"><?= htmlspecialchars(fmtSize($e['size'])) ?></span>
</button>

88
app/public/assets/js/app/file-upload-filepond.js
View File

@@ -524,12 +524,21 @@
FilePond.registerPlugin(FilePondPluginImageExifOrientation);
}
if (window.htmx) {
// ── HTMX integration (register later once htmx is loaded) ───────────
// Note: htmx.min.js loads at the end of <body> (admin/footer.php),
// after this script. Use DOM polling or a listener to wire up.
function tryRegisterHtmx() {
if (!window.htmx) {
setTimeout(tryRegisterHtmx, 50);
return;
}
console.log('[filepond] htmx detected, registering swap listeners');
window.htmx.on("htmx:beforeSwap", onHtmxBeforeSwap);
window.htmx.on("htmx:afterSwap", () => {
window.XamxamInitFilePonds();
});
}
tryRegisterHtmx();
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", () => {
@@ -553,51 +562,14 @@
// ── Relink file browser ──────────────────────────────────────────
/**
* Open the file browser modal for a specific queue type.
* Triggered by the "📂 Relier un fichier" button.
*/
window.XamxamOpenFileBrowser = (btn) => {
var queueType = btn.dataset.queueType;
var thesisId = btn.dataset.thesisId;
// Store context for the relink callback
window.__xamxamRelinkCtx = {
queueType: queueType,
thesisId: thesisId,
};
var modal = document.getElementById('relink-modal');
if (!modal) {
console.error('[relink] modal #relink-modal not found');
return;
}
var body = document.getElementById('relink-modal-body');
body.innerHTML = '<p class="file-browser-loading">Chargement…</p>';
modal.showModal();
// Load the file browser via HTMX (or fetch if htmx not available)
if (window.htmx) {
window.htmx.ajax('GET', '/admin/fragments/file-browser.php', {
target: '#relink-modal-body',
swap: 'innerHTML',
});
} else {
fetch('/admin/fragments/file-browser.php')
.then(r => r.text())
.then(html => { body.innerHTML = html; })
.catch(() => { body.innerHTML = '<p class="file-browser-error">Erreur de chargement.</p>'; });
}
};
/**
* Relink a selected file to the thesis.
* Triggered when a file is clicked in the file browser.
* Called from the onclick handler on file-browser entries.
* The file browser is loaded inside #relink-modal-body via HTMX.
*/
window.XamxamRelinkFile = (el) => {
var li = el.closest('.file-browser-entry');
console.log('[relink] XamxamRelinkFile called | el=', el, '| li=', li);
if (!li) return;
var ctx = window.__xamxamRelinkCtx || {};
@@ -609,6 +581,8 @@
var fileSize = parseInt(li.dataset.fileSize, 10) || 0;
var ext = li.dataset.fileExt || '';
console.log('[relink] data | thesisId=' + thesisId + ' | queueType=' + queueType + ' | filePath=' + filePath + ' | fileName=' + fileName + ' | ext=' + ext);
if (!filePath || !thesisId || !queueType) {
console.error('[relink] missing data', { filePath, thesisId, queueType });
return;
@@ -626,6 +600,7 @@
var mimeType = mimeMap[ext] || 'application/octet-stream';
var csrfToken = document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') || '';
console.log('[relink] csrfToken=' + (csrfToken ? csrfToken.substring(0, 8) + '...' : 'MISSING'));
var bodyEl = document.getElementById('relink-modal-body');
if (bodyEl) bodyEl.innerHTML = '<p class="file-browser-loading">Reliage en cours…</p>';
@@ -647,22 +622,41 @@
})
.then(r => r.json().then(data => ({ ok: r.ok, status: r.status, data })))
.then(({ ok, status, data }) => {
if (!ok) {
if (bodyEl) bodyEl.innerHTML = `<p class="file-browser-error">Erreur : ${data}</p>`;
if (!ok || (data && data.ok === false)) {
var msg = (data && data.error) ? data.error : (typeof data === 'string' ? data : 'Erreur ' + status);
if (bodyEl) bodyEl.innerHTML = `<p class="file-browser-error">Erreur : ${msg}</p>`;
return;
}
console.log('[relink] success | new_id=' + data.id);
// Add the new file to the FilePond pool
var input = document.querySelector(`.tfe-file-picker[data-queue-type="${queueType}"]`);
console.log('[relink] looking for input | selector=' + `.tfe-file-picker[data-queue-type="${queueType}"]` + ' | found=' + !!input);
if (input) {
var pond = FilePond.find(input);
console.log('[relink] looking for pond | found=' + !!pond);
if (pond) {
pond.addFile({
source: String(data.id),
options: { type: 'local' },
});
try {
pond.addFile({
source: String(data.id),
options: {
type: 'local',
file: {
name: fileName,
size: fileSize,
type: mimeType
}
},
});
console.log('[relink] addFile called successfully | source=' + String(data.id) + ' | queueType=' + queueType);
} catch (e) {
console.error('[relink] addFile error', e);
}
} else {
console.error('[relink] FilePond.find returned null for input', input);
}
} else {
console.error('[relink] input not found | queueType=' + queueType);
}
// Close modal