mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
ops: simplify justfile, guard deploy-db, extract scripts, fix .gitignore
This commit is contained in:
Pontoporeia
111
README.md
111
README.md
@@ -1,59 +1,96 @@
|
||||
# PostERG - Monorepo
|
||||
# posterg
|
||||
|
||||
PostERG est un projet de l'ERG (École de Recherche Graphique) permettant aux étudiant.e.s sortant en cursus de Master de mettre à disposition leurs mémoires et travaux de fin d'études.
|
||||
Répertoire des travaux de fin d'études de l'[ERG](https://erg.be) (École de Recherche Graphique).
|
||||
|
||||
## Structure du projet
|
||||
## Requirements
|
||||
|
||||
Ce monorepo contient deux applications :
|
||||
- PHP 8.4
|
||||
- SQLite3 (`php8.4-sqlite3`)
|
||||
- nginx (production)
|
||||
|
||||
- **[formulaire/](./formulaire/)** - Formulaire d'ajout de mémoires pour les étudiant.e.s
|
||||
- **[front-backend/](./front-backend/)** - Site web public affichant les mémoires soumis
|
||||
## Project structure
|
||||
|
||||
## Prérequis
|
||||
|
||||
- PHP 7.4 ou supérieur
|
||||
- Composer (gestionnaire de dépendances PHP)
|
||||
|
||||
### Installation de Composer
|
||||
|
||||
```shell
|
||||
curl -sS https://getcomposer.org/installer | php
|
||||
```
|
||||
posterg/
|
||||
├── public/ # DocumentRoot — web-accessible only
|
||||
│ ├── admin/ # Admin panel (session-authenticated)
|
||||
│ ├── assets/ # CSS, fonts, icons
|
||||
│ ├── media.php # Controlled file serving (covers, PDFs)
|
||||
│ └── *.php # Public pages (index, search, tfe, apropos)
|
||||
├── src/ # PHP classes (not web-accessible)
|
||||
│ ├── AdminAuth.php
|
||||
│ ├── Database.php
|
||||
│ ├── RateLimit.php
|
||||
│ └── config.php
|
||||
├── templates/ # Shared PHP template partials
|
||||
├── config/ # Bootstrap and credentials (not web-accessible)
|
||||
├── storage/ # Database and uploaded files (not web-accessible)
|
||||
│ ├── schema.sql
|
||||
│ ├── test.db
|
||||
│ └── fixtures/
|
||||
├── tests/
|
||||
├── scripts/ # Dev and server management scripts
|
||||
│ ├── setup-dev.sh
|
||||
│ ├── deploy-server.sh # Run on server with sudo to apply nginx config
|
||||
│ └── manage-admin-users.sh # Run on server with sudo to manage htpasswd
|
||||
└── nginx/ # nginx config and reference files
|
||||
└── posterg.conf
|
||||
```
|
||||
|
||||
ou
|
||||
Uploaded files (PDFs, covers) live in `storage/` — outside the webroot — and are
|
||||
served exclusively through `public/media.php`, which validates paths and MIME types.
|
||||
|
||||
```shell
|
||||
php -r "readfile('https://getcomposer.org/installer');" | php
|
||||
## Development
|
||||
|
||||
```bash
|
||||
just setup # first-time: installs dev dependencies
|
||||
just serve # http://localhost:8000 (public) and /admin/
|
||||
just test # run test suite
|
||||
```
|
||||
|
||||
ou installer le paquet `composer` de votre distribution.
|
||||
Admin credentials in development are set via `config/admin_credentials.php`
|
||||
(see `config/admin_credentials.example.php`).
|
||||
|
||||
## Installation
|
||||
## Deployment
|
||||
|
||||
Chaque sous-projet a ses propres dépendances. Installez-les séparément :
|
||||
Files are pushed to the server with rsync — there is no repo on the remote.
|
||||
|
||||
```shell
|
||||
cd formulaire && composer install
|
||||
cd ../front-backend && composer install
|
||||
```bash
|
||||
just deploy # rsync app files → posterg:/var/www/posterg/
|
||||
just deploy-db # push local test.db → remote (only if remote DB is absent)
|
||||
```
|
||||
|
||||
## Lancement en local
|
||||
`deploy-db` refuses to run if a database already exists on the server, to avoid
|
||||
accidental overwrites of production data.
|
||||
|
||||
Pour chaque application, lancez un serveur PHP :
|
||||
### First-time server setup
|
||||
|
||||
```shell
|
||||
# Pour le formulaire (port 3000)
|
||||
cd formulaire && php -S 127.0.0.1:3000
|
||||
|
||||
# Pour le site web (port 3001)
|
||||
cd front-backend && php -S 127.0.0.1:3001
|
||||
```bash
|
||||
ssh posterg
|
||||
sudo mkdir -p /var/www/posterg
|
||||
sudo chown www-data:posterg /var/www/posterg
|
||||
sudo chmod 775 /var/www/posterg
|
||||
exit
|
||||
```
|
||||
|
||||
## Documentation
|
||||
Then deploy once, copy nginx config, and apply:
|
||||
|
||||
- [Documentation du formulaire](./formulaire/README.md)
|
||||
- [Documentation du site web](./front-backend/README.md)
|
||||
```bash
|
||||
just deploy
|
||||
rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf
|
||||
ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh"
|
||||
ssh posterg "sudo systemctl reload nginx"
|
||||
```
|
||||
|
||||
## Liens
|
||||
### Admin users (htpasswd)
|
||||
|
||||
- [Site web PostERG](https://codeberg.org/PostERG/posterg-website)
|
||||
```bash
|
||||
ssh posterg "sudo bash /var/www/posterg/scripts/manage-admin-users.sh"
|
||||
```
|
||||
|
||||
## Security notes
|
||||
|
||||
- Admin panel protected by nginx `auth_basic` + PHP session (`AdminAuth`)
|
||||
- Uploads stored outside webroot, served via controlled `media.php`
|
||||
- Rate limiting on public search (`src/RateLimit.php`)
|
||||
- See `docs/TODO.SECURITY.md` for outstanding items
|
||||
|
||||
Reference in New Issue
Block a user