feat: file browser + relink for orphaned files + htmx fix + header cleanup + fix relinked FilePond integration + resolve acces.php conflict markers

2026-06-25 16:19:19 +02:00 · 2026-05-18 17:39:01 +02:00
parent 79eddf5d5a
commit 27e6abc7e4
10 changed files with 268 additions and 205866 deletions
--- a/app/public/admin/actions/filepond/relink.php
+++ b/app/public/admin/actions/filepond/relink.php
@@ -14,23 +14,29 @@ require_once __DIR__ . '/../../../../bootstrap.php';
 require_once __DIR__ . '/../../../../src/AdminAuth.php';
 AdminAuth::requireLogin();

+// Always return JSON, even on errors
+function relinkError(int $code, string $message): never {
+    http_response_code($code);
+    header('Content-Type: application/json');
+    echo json_encode(['ok' => false, 'error' => $message]);
+    exit;
+}
+
 // CSRF via header
 $csrfHeader = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
+error_log('[relink] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | csrf=' . (isset($_SESSION['csrf_token']) ? 'set' : 'missing') . ' | header=' . (strlen($csrfHeader) > 0 ? substr($csrfHeader, 0, 8) . '...' : 'empty') . ' | body_len=' . strlen(file_get_contents('php://input')));
 if (!isset($_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $csrfHeader)) {
-    http_response_code(403);
-    die('Token CSRF invalide.');
+    relinkError(403, 'Token CSRF invalide.');
 }

 if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    http_response_code(405);
-    die('Méthode non autorisée.');
+    relinkError(405, 'Méthode non autorisée.');
 }

 $body = json_decode(file_get_contents('php://input'), true);
 if (!is_array($body)) {
-    http_response_code(400);
-    die('JSON invalide.');
+    relinkError(400, 'JSON invalide.');
 }

 $thesisId  = filter_var($body['thesis_id'] ?? '', FILTER_VALIDATE_INT);
@@ -42,14 +48,12 @@ $queueType = trim($body['queue_type'] ?? '');
 $mimeType  = trim($body['mime_type'] ?? 'application/octet-stream');

 if (!$thesisId || $filePath === '') {
-    http_response_code(400);
-    die('Paramètres invalides (thesis_id + file_path requis).');
+    relinkError(400, 'Paramètres invalides (thesis_id + file_path requis).');
 }

 // Security: only allow paths under documents/ or theses/
 if (!preg_match('#^(documents|theses)/#', $filePath)) {
-    http_response_code(403);
-    die('Chemin de fichier non autorisé.');
+    relinkError(403, 'Chemin de fichier non autorisé.');
 }

 $absPath = STORAGE_ROOT . '/' . $filePath;
@@ -57,19 +61,21 @@ $realPath = realpath($absPath);
 $realStorage = realpath(STORAGE_ROOT);

 if ($realPath === false || !str_starts_with($realPath, $realStorage)) {
-    http_response_code(404);
-    die('Fichier introuvable ou chemin interdit.');
+    error_log('[relink] FILE NOT FOUND | absPath=' . $absPath . ' | realPath=' . var_export($realPath, true) . ' | realStorage=' . $realStorage);
+    relinkError(404, 'Fichier introuvable ou chemin interdit.');
 }

 if (!is_file($realPath)) {
-    http_response_code(404);
-    die('Le chemin ne pointe pas vers un fichier.');
+    relinkError(404, 'Le chemin ne pointe pas vers un fichier.');
 }

 // Detect MIME if not provided
-if ($mimeType === 'application/octet-stream') {
+if ($mimeType === 'application/octet-stream' && class_exists('finfo')) {
    $finfo = new finfo(FILEINFO_MIME_TYPE);
-    $mimeType = $finfo->file($realPath);
+    $detected = $finfo->file($realPath);
+    if ($detected !== false && $detected !== '') {
+        $mimeType = $detected;
+    }
 }

 // Map queue_type to file_type if not explicitly given
@@ -91,8 +97,7 @@ $pdo = $db->getConnection();
 $stmt = $pdo->prepare('SELECT id FROM thesis_files WHERE thesis_id = ? AND file_path = ?');
 $stmt->execute([$thesisId, $filePath]);
 if ($stmt->fetch()) {
-    http_response_code(409);
-    die('Ce fichier est déjà lié à ce TFE.');
+    relinkError(409, 'Ce fichier est déjà lié à ce TFE.');
 }

 $db->insertThesisFile(
--- a/app/public/admin/fragments/file-browser.php
+++ b/app/public/admin/fragments/file-browser.php
@@ -13,9 +13,11 @@ AdminAuth::requireLogin();

 $storageRoot = STORAGE_ROOT;

+error_log('[file-browser] ENTRY | dir=' . ($_GET['dir'] ?? '(root)') . ' | storageRoot=' . $storageRoot);
+
 // Determine which directory to browse
 $relDir = trim($_GET['dir'] ?? '', '/');
-if ($relDir !== '' && !preg_match('#^(documents|theses)/#', $relDir)) {
+if ($relDir !== '' && !preg_match('#^(documents|theses)(/|$)#', $relDir)) {
    $relDir = '';
 }

@@ -83,6 +85,24 @@ if ($relDir !== '') {
 }

 $rootDirs = ['documents', 'theses'];
+
+// SVG icon for a given extension
+function fileIcon(string $ext): string {
+    $ext = strtolower($ext);
+    if ($ext === 'pdf') {
+        return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M224,152a8,8,0,0,1-8,8H192v16h16a8,8,0,0,1,0,16H192v16a8,8,0,0,1-16,0V152a8,8,0,0,1,8-8h32A8,8,0,0,1,224,152ZM92,172a28,28,0,0,1-28,28H56v8a8,8,0,0,1-16,0V152a8,8,0,0,1,8-8H64A28,28,0,0,1,92,172Zm-16,0a12,12,0,0,0-12-12H56v24h8A12,12,0,0,0,76,172Zm88,8a36,36,0,0,1-36,36H112a8,8,0,0,1-8-8V152a8,8,0,0,1,8-8h16A36,36,0,0,1,164,180Zm-16,0a20,20,0,0,0-20-20h-8v40h8A20,20,0,0,0,148,180ZM40,112V40A16,16,0,0,1,56,24h96a8,8,0,0,1,5.66,2.34l56,56A8,8,0,0,1,216,88v24a8,8,0,0,1-16,0V96H152a8,8,0,0,1-8-8V40H56v72a8,8,0,0,1-16,0ZM160,80h28.69L160,51.31Z"></path></svg>';
+    }
+    if (in_array($ext, ['zip', 'tar', 'gz', 'bz2', 'xz', '7z', 'rar'], true)) {
+        return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M213.66,82.34l-56-56A8,8,0,0,0,152,24H56A16,16,0,0,0,40,40V216a16,16,0,0,0,16,16H200a16,16,0,0,0,16-16V88A8,8,0,0,0,213.66,82.34ZM160,51.31,188.69,80H160ZM200,216H112V200h8a8,8,0,0,0,0-16h-8V168h8a8,8,0,0,0,0-16h-8V136h8a8,8,0,0,0,0-16h-8v-8a8,8,0,0,0-16,0v8H88a8,8,0,0,0,0,16h8v16H88a8,8,0,0,0,0,16h8v16H88a8,8,0,0,0,0,16h8v16H56V40h88V88a8,8,0,0,0,8,8h48V216Z"></path></svg>';
+    }
+    // Default text-file icon for all other extensions
+    return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M213.66,82.34l-56-56A8,8,0,0,0,152,24H56A16,16,0,0,0,40,40V216a16,16,0,0,0,16,16H200a16,16,0,0,0,16-16V88A8,8,0,0,0,213.66,82.34ZM160,51.31,188.69,80H160ZM200,216H56V40h88V88a8,8,0,0,0,8,8h48V216Zm-32-80a8,8,0,0,1-8,8H96a8,8,0,0,1,0-16h64A8,8,0,0,1,168,136Zm0,32a8,8,0,0,1-8,8H96a8,8,0,0,1,0-16h64A8,8,0,0,1,168,168Z"></path></svg>';
+}
+
+// SVG folder icon (same for all directories)
+function folderIcon(): string {
+    return '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" viewBox="0 0 256 256"><path d="M216,72H131.31L104,44.69A15.86,15.86,0,0,0,92.69,40H40A16,16,0,0,0,24,56V200.62A15.4,15.4,0,0,0,39.38,216H216.89A15.13,15.13,0,0,0,232,200.89V88A16,16,0,0,0,216,72ZM40,56H92.69l16,16H40ZM216,200H40V88H216Z"></path></svg>';
+}
 ?>
 <div id="file-browser-container" class="file-browser">
    <?php if ($relDir === ''): ?>
@@ -94,7 +114,7 @@ $rootDirs = ['documents', 'theses'];
                <li class="file-browser-entry file-browser-dir">
                    <a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($rd) ?>"
                       hx-target="#file-browser-container" hx-swap="outerHTML">
-                        <span class="file-browser-icon">📁</span>
+                        <span class="file-browser-icon"><?= folderIcon() ?></span>
                        <span class="file-browser-name"><?= htmlspecialchars($rd) ?>/</span>
                    </a>
                </li>
@@ -104,7 +124,7 @@ $rootDirs = ['documents', 'theses'];
        <!-- Subdirectory: breadcrumb + entries -->
        <nav class="file-browser-breadcrumb">
            <a href="#" hx-get="/admin/fragments/file-browser.php"
-               hx-target="#file-browser-container" hx-swap="outerHTML">📂 racine</a>
+               hx-target="#file-browser-container" hx-swap="outerHTML"><?= folderIcon() ?> racine</a>
            <?php foreach ($breadcrumb as $i => $bc): ?>
                <span class="file-browser-sep">/</span>
                <a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($bc['dir']) ?>"
@@ -121,7 +141,7 @@ $rootDirs = ['documents', 'theses'];
                        <li class="file-browser-entry file-browser-dir">
                            <a href="#" hx-get="/admin/fragments/file-browser.php?dir=<?= urlencode($relDir . '/' . $e['name']) ?>"
                               hx-target="#file-browser-container" hx-swap="outerHTML">
-                                <span class="file-browser-icon">📁</span>
+                                <span class="file-browser-icon"><?= folderIcon() ?></span>
                                <span class="file-browser-name"><?= htmlspecialchars($e['name']) ?>/</span>
                            </a>
                        </li>
@@ -133,7 +153,7 @@ $rootDirs = ['documents', 'theses'];
                            data-file-size="<?= (int)($e['size'] ?? 0) ?>">
                            <button type="button" class="file-browser-select-btn"
                                    onclick="XamxamRelinkFile(this)">
-                                <span class="file-browser-icon">📄</span>
+                                <span class="file-browser-icon"><?= fileIcon($e['ext'] ?? '') ?></span>
                                <span class="file-browser-name"><?= htmlspecialchars($e['name']) ?></span>
                                <span class="file-browser-size"><?= htmlspecialchars(fmtSize($e['size'])) ?></span>
                            </button>