PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename database → storage

Browse Source 
More semantically accurate: contains SQLite files, schema, fixtures, test data.
Updated all references in code, scripts, docs.
This commit is contained in:
Théophile Gervreau-Mercier
2026-02-12 12:12:58 +01:00
parent 0e4921583e
commit 7fca85d1c1
38 changed files with 131 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/COMPLETE_DEPLOYMENT_GUIDE.md
View File

@@ -188,7 +188,7 @@ curl -I https://posterg.erg.be/
curl -I https://posterg.erg.be/admin/
# Should be 404 (SECURITY - private files):
curl -I https://posterg.erg.be/database/test.db
curl -I https://posterg.erg.be/storage/test.db
curl -I https://posterg.erg.be/config/bootstrap.php
curl -I https://posterg.erg.be/includes/header.php
curl -I https://posterg.erg.be/lib/Database.php
@@ -320,8 +320,8 @@ sudo systemctl reload nginx
**Fix:**
```bash
ssh posterg
sudo chown www-data:posterg /var/www/posterg/database/test.db
sudo chmod 660 /var/www/posterg/database/test.db
sudo chown www-data:posterg /var/www/posterg/storage/test.db
sudo chmod 660 /var/www/posterg/storage/test.db
```
### Admin upload errors

10
docs/DATABASE_CONFIG.md
View File

@@ -23,10 +23,10 @@ The `shared/config.php` file defines:
```php
// Test database (development)
DB_TEST_PATH = '/path/to/database/test.db'
DB_TEST_PATH = '/path/to/storage/test.db'
// Production database (server)
DB_PROD_PATH = '/path/to/database/posterg.db'
DB_PROD_PATH = '/path/to/storage/posterg.db'
```
## How It Works
@@ -35,7 +35,7 @@ DB_PROD_PATH = '/path/to/database/posterg.db'
By default, the system automatically determines which database to use:
1. **If `database/test.db` exists** → Use test database (development mode)
1. **If `storage/test.db` exists** → Use test database (development mode)
2. **Otherwise** → Use production database (production mode)
This means:
@@ -123,7 +123,7 @@ just deploy-database
To test with production data locally:
```bash
# Download production database (optional)
scp posterg:/var/www/html/database/posterg.db database/
scp posterg:/var/www/html/storage/posterg.db database/
# Remove test database to force production mode
rm database/test.db
@@ -177,5 +177,5 @@ if (isTestMode()) {
- **Explicit test deploy**: Use `just test-deploy` to explicitly deploy test.db when needed
- **Git ignored**: Test database is in `.gitignore` and never committed
- **Backups**: Production database should be backed up regularly
- **Schema**: Both databases use the same schema (`database/schema.sql`)
- **Schema**: Both databases use the same schema (`storage/schema.sql`)
- **Verification**: Run `rsync --dry-run` to preview what will be deployed before deploying

22
docs/DEPLOYMENT_MIGRATION.md
View File

@@ -14,7 +14,7 @@ php -S 127.0.0.1:8000
**Problems:**
- Serves from project root (all files accessible via web)
- Exposes sensitive files: `database/`, `tests/`, `vendor/`, config files
- Exposes sensitive files: `storage/`, `tests/`, `vendor/`, config files
- Doesn't match production DocumentRoot configuration
- Security risk: `.env`, database files, source code all accessible
@@ -216,7 +216,7 @@ deploy-code:
```just
test-deploy:
ssh posterg "mkdir -p /var/www/html/database"
rsync -vur --progress ./database/test.db posterg:/var/www/html/database/test.db
rsync -vur --progress ./storage/test.db posterg:/var/www/html/storage/test.db
```
**New:**
@@ -229,9 +229,9 @@ deploy-database:
echo; \
if [[ $$REPLY =~ ^[Yy]$$ ]]; then \
ssh posterg "mkdir -p /var/www/posterg/database" && \
rsync -vur --progress ./database/test.db posterg:/var/www/posterg/database/ && \
ssh posterg "chown www-data:posterg /var/www/posterg/database/test.db && \
chmod 660 /var/www/posterg/database/test.db" && \
rsync -vur --progress ./storage/test.db posterg:/var/www/posterg/storage/ && \
ssh posterg "chown www-data:posterg /var/www/posterg/storage/test.db && \
chmod 660 /var/www/posterg/storage/test.db" && \
echo "✅ Database deployed"; \
else \
echo "❌ Cancelled"; \
@@ -241,7 +241,7 @@ deploy-database:
[group('deploy')]
backup-remote-db:
@echo "💾 Backing up remote database..."
@ssh posterg "sqlite3 /var/www/posterg/database/test.db .dump" > database/remote_backup_$(date +%Y%m%d_%H%M%S).sql
@ssh posterg "sqlite3 /var/www/posterg/storage/test.db .dump" > database/remote_backup_$(date +%Y%m%d_%H%M%S).sql
@echo "✅ Remote database backed up locally"
```
@@ -338,7 +338,7 @@ server {
deny all;
}
location ~ /database/ {
location ~ /storage/ {
deny all;
}
@@ -400,7 +400,7 @@ mv lib src/lib
just serve
# Opens http://localhost:8000
# Verify that sensitive files return 404:
# http://localhost:8000/database/test.db → 404
# http://localhost:8000/storage/test.db → 404
# http://localhost:8000/config/ → 404
# http://localhost:8000/src/ → 404
```
@@ -461,7 +461,7 @@ just server-status
- [ ] File uploads work (if applicable)
- [ ] Logs written to `/var/www/posterg/var/logs/`
- [ ] Sensitive URLs return 404:
- https://posterg.erg.be/database/test.db
- https://posterg.erg.be/storage/test.db
- https://posterg.erg.be/config/
- https://posterg.erg.be/src/
- https://posterg.erg.be/vendor/
@@ -477,7 +477,7 @@ just server-status
| Assets | `/assets/` | `/public/assets/` |
| Config | `/inc/` | `/config/` or `/src/` |
| Libraries | `/lib/` | `/src/lib/` |
| Database | `/database/` | `/database/` (stays) |
| Database | `/storage/` | `/storage/` (stays) |
| Vendor | `/vendor/` | `/vendor/` (stays) |
| Tests | `/tests/` | `/tests/` (stays) |
@@ -554,7 +554,7 @@ require_once APP_ROOT . '/config/app.php';
### Issue: Database connection fails
**Cause:** Path to database file wrong
**Fix:** Update path from `database/test.db` to `../database/test.db` (from public/)
**Fix:** Update path from `storage/test.db` to `../storage/test.db` (from public/)
### Issue: Can't write to cache/logs
**Cause:** Wrong permissions on var/ directory

8
docs/DEPLOYMENT_STEPS.md
View File

@@ -24,7 +24,7 @@ This deploys all files to `/var/www/posterg/`:
- `public/``/var/www/posterg/public/`
- `includes/``/var/www/posterg/includes/`
- `config/``/var/www/posterg/config/`
- `database/``/var/www/posterg/database/`
- `storage/``/var/www/posterg/storage/`
- `src/``/var/www/posterg/lib/`
### 3. Update Nginx Configuration
@@ -59,7 +59,7 @@ just server-status
Check:
- https://posterg.erg.be/ (should work)
- https://posterg.erg.be/admin/ (should work)
- https://posterg.erg.be/database/test.db (should 404 ✅)
- https://posterg.erg.be/storage/test.db (should 404 ✅)
---
@@ -84,7 +84,7 @@ just deploy-database
```
This will:
1. Upload `database/test.db` to server
1. Upload `storage/test.db` to server
2. Set correct permissions
3. Warn before overwriting
@@ -174,7 +174,7 @@ jj edit <previous-change-id>
- [ ] SSH to server and apply nginx config
- [ ] `sudo systemctl reload nginx`
- [ ] Verify site works: https://posterg.erg.be/
- [ ] Verify security: https://posterg.erg.be/database/test.db → 404
- [ ] Verify security: https://posterg.erg.be/storage/test.db → 404
- [ ] Test admin: https://posterg.erg.be/admin/
- [ ] Deploy database (if needed): `just deploy-database`

6
docs/DEVELOPMENT_GUIDE.md
View File

@@ -186,7 +186,7 @@ include 'inc/header.php';
### Test Database
Development uses `database/test.db` (gitignored).
Development uses `storage/test.db` (gitignored).
**Create test database:**
```bash
@@ -360,7 +360,7 @@ All will auto-refresh when you save files! ✨
### Using a Real Test Database
The test database (`database/test.db`) is gitignored. To share test data:
The test database (`storage/test.db`) is gitignored. To share test data:
```bash
# Create fixtures
@@ -479,7 +479,7 @@ just test
## 📚 Further Reading
- [Test Documentation](../tests/README.md)
- [Database Specification](../database/DATABASE_SPECIFICATION.md)
- [Database Specification](../storage/DATABASE_SPECIFICATION.md)
- [Migration Guide](../MIGRATION_GUIDE.md)
- [Deployment Guide](../nginx/DEPLOYMENT_COMPLETE.md)

22
docs/MIGRATION_CHECKLIST.md
View File

@@ -52,7 +52,7 @@ sed -i 's/@php -S 127.0.0.1:8000/@php -S 127.0.0.1:8000 -t public\//' justfile
# 2. Test new dev server
just serve
# Visit http://localhost:8000
# Verify http://localhost:8000/database/test.db returns 404
# Verify http://localhost:8000/storage/test.db returns 404
# 3. If it works, you're ready for production migration
```
@@ -118,13 +118,13 @@ location ^~ /admin/ {
3. **Remove/update deny rules** (lines 48-60) - These become redundant!
```nginx
# BEFORE - needed because everything in DocumentRoot
location ^~ /database/ { deny all; }
location ^~ /storage/ { deny all; }
location ^~ /shared/ { deny all; }
location ^~ /data/ { deny all; }
# AFTER - can remove! They're already outside public/
# But keep as defense-in-depth:
location ^~ /database/ { deny all; } # Will never match, but safe
location ^~ /storage/ { deny all; } # Will never match, but safe
```
### In justfile:
@@ -191,9 +191,9 @@ deploy:
test-deploy:
@echo "⚠️ Deploying test database"
ssh posterg "mkdir -p /var/www/posterg/database"
rsync -vur --progress ./database/test.db posterg:/var/www/posterg/database/
ssh posterg "chown www-data:posterg /var/www/posterg/database/test.db && \
chmod 660 /var/www/posterg/database/test.db"
rsync -vur --progress ./storage/test.db posterg:/var/www/posterg/storage/
ssh posterg "chown www-data:posterg /var/www/posterg/storage/test.db && \
chmod 660 /var/www/posterg/storage/test.db"
@echo "✅ Test database deployed"
```
@@ -209,7 +209,7 @@ just serve
# In another terminal:
curl http://localhost:8000/ # ✅ Should work
curl http://localhost:8000/admin/ # ✅ Should work (after moving)
curl http://localhost:8000/database/test.db # ❌ Should 404
curl http://localhost:8000/storage/test.db # ❌ Should 404
curl http://localhost:8000/config/ # ❌ Should 404
curl http://localhost:8000/vendor/ # ❌ Should 404
```
@@ -226,7 +226,7 @@ curl http://localhost:8000/admin/ # ✅ works
curl http://localhost:8000/assets/css/style.css # ✅ works
# Verify old paths don't work
curl http://localhost:8000/../database/test.db # ❌ 404
curl http://localhost:8000/../storage/test.db # ❌ 404
curl http://localhost:8000/../config/ # ❌ 404
```
@@ -238,7 +238,7 @@ just server-status
# Manual checks
curl -I https://posterg.erg.be/
curl -I https://posterg.erg.be/admin/
curl -I https://posterg.erg.be/database/test.db # Must be 404!
curl -I https://posterg.erg.be/storage/test.db # Must be 404!
```
---
@@ -260,7 +260,7 @@ require_once 'database/test.db';
<?php
require_once __DIR__ . '/../config/config.php';
require_once __DIR__ . '/../src/lib/Database.php';
$db = new PDO('sqlite:' . __DIR__ . '/../database/test.db');
$db = new PDO('sqlite:' . __DIR__ . '/../storage/test.db');
```
**Or use a bootstrap:**
@@ -272,7 +272,7 @@ require_once __DIR__ . '/../config/bootstrap.php';
// config/bootstrap.php
define('APP_ROOT', dirname(__DIR__));
define('PUBLIC_ROOT', APP_ROOT . '/public');
define('DATABASE_PATH', APP_ROOT . '/database/test.db');
define('DATABASE_PATH', APP_ROOT . '/storage/test.db');
require_once APP_ROOT . '/vendor/autoload.php';
```

14
docs/MIGRATION_COMPLETE.md
View File

@@ -66,7 +66,7 @@ posterg-website/
**Before:**
- ❌ All files in DocumentRoot (/var/www/html/)
- ❌ Database accessible at /database/test.db
- ❌ Database accessible at /storage/test.db
- ❌ Config files accessible
- ❌ Dev server exposed everything
- ❌ Relied on nginx deny rules
@@ -88,18 +88,18 @@ just serve
# Test in browser:
# - http://localhost:8000/ → Should work
# - http://localhost:8000/admin/ → Should work
# - http://localhost:8000/database/test.db → Should 404 ✅
# - http://localhost:8000/storage/test.db → Should 404 ✅
# - http://localhost:8000/config/ → Should 404 ✅
# - http://localhost:8000/../database/test.db → Should 404 ✅
# - http://localhost:8000/../storage/test.db → Should 404 ✅
```
### Security Verification
```bash
# These should all return 404:
curl http://localhost:8000/database/test.db
curl http://localhost:8000/storage/test.db
curl http://localhost:8000/config/bootstrap.php
curl http://localhost:8000/vendor/autoload.php
curl http://localhost:8000/../database/test.db
curl http://localhost:8000/../storage/test.db
curl http://localhost:8000/lib/Database.php
```
@@ -138,7 +138,7 @@ curl http://localhost:8000/lib/Database.php
just server-status
curl -I https://posterg.erg.be/
curl -I https://posterg.erg.be/admin/
curl -I https://posterg.erg.be/database/test.db # Must 404!
curl -I https://posterg.erg.be/storage/test.db # Must 404!
```
## 📝 Path Reference
@@ -164,7 +164,7 @@ require_once LIB_ROOT . '/Database.php'; // Library
- `PUBLIC_ROOT` - /path/to/posterg-website/public
- `CONFIG_ROOT` - /path/to/posterg-website/config
- `DATABASE_ROOT` - /path/to/posterg-website/database
- `DATABASE_PATH` - /path/to/posterg-website/database/test.db
- `DATABASE_PATH` - /path/to/posterg-website/storage/test.db
- `RESOURCES_ROOT` - /path/to/posterg-website/resources
- `LIB_ROOT` - /path/to/posterg-website/lib
- `VAR_ROOT` - /path/to/posterg-website/var

8
docs/REPOSITORY_STRUCTURE_ANALYSIS.md
View File

@@ -357,10 +357,10 @@ posterg-website/
private function getDatabasePath() {
// Check environment
if (file_exists(__DIR__ . '/../database/test.db')) {
return __DIR__ . '/../database/test.db';
if (file_exists(__DIR__ . '/../storage/test.db')) {
return __DIR__ . '/../storage/test.db';
}
return __DIR__ . '/../database/posterg.db';
return __DIR__ . '/../storage/posterg.db';
}
}
```
@@ -387,7 +387,7 @@ posterg-website/
9. **Update .gitignore**:
```
/database/*.db
/storage/*.db
/apps/*/cache/
/shared/cache/
*.log

2
docs/SECURITY_ANALYSIS.md
View File

@@ -369,7 +369,7 @@ rest of the codebase which uses `htmlspecialchars()` everywhere.
**File:** `config/bootstrap.php`
```php
define('DATABASE_PATH', APP_ROOT . '/database/test.db');
define('DATABASE_PATH', APP_ROOT . '/storage/test.db');
```
This constant is never used anywhere. `Database.php` uses `getDatabasePath()` from

4
docs/SERVER_SETUP.md
View File

@@ -113,6 +113,6 @@ sudo chmod 660 database/*.db
**Fix:**
```bash
ssh posterg
sudo chown www-data:posterg /var/www/posterg/database/test.db
sudo chmod 660 /var/www/posterg/database/test.db
sudo chown www-data:posterg /var/www/posterg/storage/test.db
sudo chmod 660 /var/www/posterg/storage/test.db
```

2
docs/SIMPLIFICATION.md
View File

@@ -67,7 +67,7 @@ posterg-website/
define('APP_ROOT', dirname(__DIR__));
// Database path
define('DATABASE_PATH', APP_ROOT . '/database/test.db');
define('DATABASE_PATH', APP_ROOT . '/storage/test.db');
// Error reporting (dev vs production)
if (php_sapi_name() === 'cli-server') {

2
docs/TEST_CENTRALIZATION.md
View File

@@ -278,7 +278,7 @@ jobs:
## 📖 Related Documentation
- [Test README](../tests/README.md) - Complete test documentation
- [Database Specification](../database/DATABASE_SPECIFICATION.md)
- [Database Specification](../storage/DATABASE_SPECIFICATION.md)
- [Security Documentation](SECURITY.md)
---

54
justfile
View File

@@ -76,9 +76,9 @@ deploy:
--exclude '.git*' \
--exclude '.jj' \
--exclude '.DS_Store' \
--exclude 'database/backup_*' \
--exclude 'database/fixtures' \
--exclude 'database/docs' \
--exclude 'storage/backup_*' \
--exclude 'storage/fixtures' \
--exclude 'storage/docs' \
--exclude 'nginx' \
--exclude 'docs' \
--exclude 'justfile*' \
@@ -93,8 +93,8 @@ deploy:
mkdir -p var/{cache,logs,tmp} && \
chown -R www-data:posterg . && \
chmod -R 755 . && \
chmod -R 775 var/ database/ && \
chmod 660 database/*.db 2>/dev/null || true"
chmod -R 775 var/ storage/ && \
chmod 660 storage/*.db 2>/dev/null || true"
@echo ""
@echo "✅ Deployment complete!"
@echo ""
@@ -114,9 +114,9 @@ deploy-database:
@echo "⚠️ Deploying test database (will overwrite remote test.db)"
@echo "Creating database directory if needed..."
ssh posterg "mkdir -p /var/www/posterg/database"
rsync -vur --progress ./database/test.db posterg:/var/www/posterg/database/test.db
rsync -vur --progress ./storage/test.db posterg:/var/www/posterg/storage/test.db
@echo "Setting correct permissions..."
ssh posterg "chown www-data:posterg /var/www/posterg/database /var/www/posterg/database/test.db && chmod 775 /var/www/posterg/database && chmod 660 /var/www/posterg/database/test.db"
ssh posterg "chown www-data:posterg /var/www/posterg/database /var/www/posterg/storage/test.db && chmod 775 /var/www/posterg/database && chmod 660 /var/www/posterg/storage/test.db"
@echo "✅ Test database deployed and configured"
# Legacy alias
@@ -176,18 +176,18 @@ stats:
@echo "📊 Database Statistics"
@echo "======================"
@echo ""
@sqlite3 database/test.db "SELECT COUNT(*) || ' total theses' FROM theses;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' published theses' FROM theses WHERE is_published = 1;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' authors' FROM authors;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' supervisors' FROM supervisors;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' keywords' FROM keywords;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' files uploaded' FROM thesis_files;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' total theses' FROM theses;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' published theses' FROM theses WHERE is_published = 1;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' authors' FROM authors;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' supervisors' FROM supervisors;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' keywords' FROM keywords;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' files uploaded' FROM thesis_files;"
[group('stats')]
recent:
@echo "📅 Recent Theses"
@echo "================"
@sqlite3 -column -header database/test.db "SELECT id, title, year, authors FROM v_theses_public ORDER BY year DESC, title LIMIT 10;"
@sqlite3 -column -header storage/test.db "SELECT id, title, year, authors FROM v_theses_public ORDER BY year DESC, title LIMIT 10;"
# ============================================================================
# Database Management
@@ -196,50 +196,50 @@ recent:
[group('database')]
init-db:
@echo "📊 Creating test database from schema..."
@sqlite3 database/test.db < database/schema.sql
@sqlite3 storage/test.db < storage/schema.sql
@echo "✓ Test database created"
@sqlite3 database/test.db "SELECT COUNT(*) || ' tables created' FROM sqlite_master WHERE type='table';"
@sqlite3 database/test.db "SELECT COUNT(*) || ' orientations loaded' FROM orientations;"
@sqlite3 database/test.db "SELECT COUNT(*) || ' AP programs loaded' FROM ap_programs;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' tables created' FROM sqlite_master WHERE type='table';"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' orientations loaded' FROM orientations;"
@sqlite3 storage/test.db "SELECT COUNT(*) || ' AP programs loaded' FROM ap_programs;"
[group('database')]
reset-db:
@echo "⚠️ Resetting database (will delete all data)..."
@rm -f database/test.db
@rm -f storage/test.db
@just init-db
@echo "✓ Database reset complete"
[group('database')]
query:
@sqlite3 database/test.db
@sqlite3 storage/test.db
[group('database')]
show id:
@echo "Thesis #{{id}}"
@echo "=============="
@sqlite3 -column -header database/test.db "SELECT * FROM v_theses_full WHERE id = {{id}};"
@sqlite3 -column -header storage/test.db "SELECT * FROM v_theses_full WHERE id = {{id}};"
[group('database')]
backup:
@echo "💾 Backing up database..."
@sqlite3 database/test.db .dump > database/backup_$(date +%Y%m%d_%H%M%S).sql
@echo "✓ Database dumped to database/backup_$(date +%Y%m%d_%H%M%S).sql"
@sqlite3 storage/test.db .dump > storage/backup_$(date +%Y%m%d_%H%M%S).sql
@echo "✓ Database dumped to storage/backup_$(date +%Y%m%d_%H%M%S).sql"
[group('database')]
fixtures:
@echo "🎭 Creating test database with fixtures..."
@php database/fixtures/CreateTestDatabase.php
@php storage/fixtures/CreateTestDatabase.php
[group('database')]
deploy-test-db:
@echo "⚠️ Deploying test database to server (will overwrite remote test.db)"
@echo "Creating database directory if needed..."
ssh posterg "mkdir -p /var/www/html/database"
rsync -vur --progress ./database/test.db posterg:/var/www/html/database/test.db
rsync -vur --progress ./storage/test.db posterg:/var/www/html/storage/test.db
@echo "Setting correct permissions..."
ssh posterg "chgrp posterg /var/www/html/database /var/www/html/database/test.db && \
ssh posterg "chgrp posterg /var/www/html/database /var/www/html/storage/test.db && \
chmod 775 /var/www/html/database && \
chmod 660 /var/www/html/database/test.db"
chmod 660 /var/www/html/storage/test.db"
@echo "✅ Test database deployed"
# ============================================================================

8
nginx/DEPLOYMENT_COMPLETE.md
View File

@@ -16,7 +16,7 @@ The Post-ERG website is now successfully deployed with production-ready nginx co
| **Public Site** | ✅ Working | https://posterg.erg.be/ → 200 OK |
| **SSL/TLS** | ✅ Working | HTTPS with valid certificate |
| **Admin Panel** | ✅ Protected | /formulaire/ → 401 (requires password) |
| **Database Protection** | ✅ Blocked | /database/ → 403 Forbidden |
| **Database Protection** | ✅ Blocked | /storage/ → 403 Forbidden |
| **Sensitive Files** | ✅ Blocked | .md, .sql files → 403 Forbidden |
| **Shared Directory** | ✅ Blocked | /shared/ → 403 Forbidden |
| **Security Headers** | ✅ Present | X-Frame-Options, CSP, etc. |
@@ -96,7 +96,7 @@ find /var/www/html -type f -exec chmod 640 {} \;
- Admin panel: 10 requests/minute (burst: 5)
**Protected Paths:**
- `/database/` - Database files (403)
- `/storage/` - Database files (403)
- `/shared/` - PHP libraries (403)
- `/data/` - Upload directories (403)
- `*.db` files - Database files (403)
@@ -174,7 +174,7 @@ curl -I http://localhost/ # Should: 200 OK
curl -I http://localhost/formulaire/ # Should: 401 Unauthorized
# Test security
curl -I http://localhost/database/posterg.db # Should: 403 Forbidden
curl -I http://localhost/storage/posterg.db # Should: 403 Forbidden
curl -I http://localhost/README.md # Should: 403 Forbidden
curl -I http://localhost/shared/Database.php # Should: 403 Forbidden
```
@@ -345,7 +345,7 @@ ssh posterg "cd /var/www/html && sed -i \"s|__DIR__ . '/../../shared/|__DIR__ .
- **Deployment Issues:** Check logs first
- **Nginx Config:** `/etc/nginx/sites-available/posterg`
- **PHP Config:** `/etc/php/8.4/fpm/pool.d/www.conf`
- **Database:** `/var/www/html/database/posterg.db`
- **Database:** `/var/www/html/storage/posterg.db`
---

4
nginx/DEPLOY_NOW.md
View File

@@ -80,7 +80,7 @@ The new configuration adds:
**File Protection**
- Database files (`.db`) → 403 Forbidden
- Sensitive files (`.md`, `.sql`, `.txt`) → 403 Forbidden
- `/database/` directory → 403 Forbidden
- `/storage/` directory → 403 Forbidden
- `/shared/` directory → 403 Forbidden
- `/data/` directory → 403 Forbidden
- Hidden files (`.git`, `.env`) → 403 Forbidden
@@ -119,7 +119,7 @@ curl http://localhost/index.php | head -n 20
curl -I http://localhost/formulaire/
# Database should be blocked (403)
curl -I http://localhost/database/posterg.db
curl -I http://localhost/storage/posterg.db
# Sensitive files should be blocked (403)
curl -I http://localhost/README.md

12
nginx/PRODUCTION_DEPLOYMENT.md
View File

@@ -88,8 +88,8 @@ sudo chmod 775 /var/www/html/formulaire/data/theses
sudo chmod 775 /var/www/html/formulaire/data/covers
# Protect database
sudo chmod 640 /var/www/html/database/posterg.db
sudo chown www-data:posterg /var/www/html/database/posterg.db
sudo chmod 640 /var/www/html/storage/posterg.db
sudo chown www-data:posterg /var/www/html/storage/posterg.db
```
### Step 2: Deploy Nginx Config
@@ -148,7 +148,7 @@ curl -u admin:your_password http://localhost/formulaire/
```bash
# These should all return 403 Forbidden
curl -I http://localhost/database/posterg.db
curl -I http://localhost/storage/posterg.db
curl -I http://localhost/README.md
curl -I http://localhost/shared/Database.php
curl -I http://localhost/.git/config
@@ -217,9 +217,9 @@ ls -la /etc/nginx/.htpasswd-posterg
**Fix database permissions:**
```bash
sudo chown www-data:posterg /var/www/html/database/posterg.db
sudo chmod 640 /var/www/html/database/posterg.db
sudo chmod 755 /var/www/html/database/
sudo chown www-data:posterg /var/www/html/storage/posterg.db
sudo chmod 640 /var/www/html/storage/posterg.db
sudo chmod 755 /var/www/html/storage/
```
### Can't Write Uploaded Files

4
nginx/QUICK_REFERENCE.md
View File

@@ -122,7 +122,7 @@ done
```bash
# Should return 403
curl -I https://posterg.erg.be/database/posterg.db
curl -I https://posterg.erg.be/storage/posterg.db
curl -I https://posterg.erg.be/shared/Database.php
curl -I https://posterg.erg.be/.env
```
@@ -217,7 +217,7 @@ sudo cp /etc/nginx/.htpasswd-posterg /etc/nginx/.htpasswd-posterg.backup.$(date
- [ ] Admin password set: `sudo ls -l /etc/nginx/.htpasswd-posterg`
- [ ] SSL enabled: `curl -I https://posterg.erg.be/`
- [ ] Database blocked: `curl -I https://posterg.erg.be/database/posterg.db`
- [ ] Database blocked: `curl -I https://posterg.erg.be/storage/posterg.db`
- [ ] Shared directory blocked: `curl -I https://posterg.erg.be/shared/Database.php`
- [ ] Rate limiting working: Test with curl loop
- [ ] Security headers present: `curl -I https://posterg.erg.be/ | grep X-`

2
nginx/README.md
View File

@@ -95,7 +95,7 @@ Test your configuration:
curl -I https://posterg.erg.be/formulaire/
# Test file protection
curl -I https://posterg.erg.be/database/posterg.db
curl -I https://posterg.erg.be/storage/posterg.db
# Test security headers
curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport"

6
nginx/SETUP.md
View File

@@ -150,8 +150,8 @@ sudo chmod 775 /var/www/html/formulaire/data/theses
sudo chmod 775 /var/www/html/formulaire/data/covers
# Protect database
sudo chmod 600 /var/www/html/database/posterg.db
sudo chown www-data:www-data /var/www/html/database/posterg.db
sudo chmod 600 /var/www/html/storage/posterg.db
sudo chown www-data:www-data /var/www/html/storage/posterg.db
```
## Security Features Implemented
@@ -216,7 +216,7 @@ for i in {1..50}; do curl -I https://posterg.erg.be/ 2>&1 | grep HTTP; done
```bash
# Should return 403 Forbidden
curl -I https://posterg.erg.be/database/posterg.db
curl -I https://posterg.erg.be/storage/posterg.db
curl -I https://posterg.erg.be/shared/Database.php
curl -I https://posterg.erg.be/README.md
```

28
nginx/TEST_DATABASE_SETUP.md
View File

@@ -11,7 +11,7 @@ just test-deploy
```
This automatically:
1. ✅ Creates `/var/www/html/database/` directory
1. ✅ Creates `/var/www/html/storage/` directory
2. ✅ Uploads `test.db` to the server
3. ✅ Sets correct group ownership (`posterg`)
4. ✅ Sets correct permissions (775 for dir, 660 for file)
@@ -100,8 +100,8 @@ php -r "require_once '/var/www/html/shared/Database.php'; echo 'Using: ' . Datab
```
Output will be:
- `/var/www/html/database/test.db` (test mode)
- `/var/www/html/database/posterg.db` (production mode)
- `/var/www/html/storage/test.db` (test mode)
- `/var/www/html/storage/posterg.db` (production mode)
### 5. Switch Back to Production
@@ -109,7 +109,7 @@ Simply remove the test database:
```bash
ssh posterg
rm /var/www/html/database/test.db
rm /var/www/html/storage/test.db
```
The site automatically switches to production database.
@@ -121,7 +121,7 @@ The site automatically switches to production database.
### Directory Permissions
```
drwxrwxr-x theophile posterg /var/www/html/database/
drwxrwxr-x theophile posterg /var/www/html/storage/
```
- **775**: Owner and group can read/write/execute, others can read/execute
@@ -165,11 +165,11 @@ sudo systemctl restart php8.4-fpm
```bash
ssh posterg
# Fix group ownership
chgrp posterg /var/www/html/database /var/www/html/database/test.db
chgrp posterg /var/www/html/database /var/www/html/storage/test.db
# Fix permissions
chmod 775 /var/www/html/database
chmod 660 /var/www/html/database/test.db
chmod 660 /var/www/html/storage/test.db
```
### "SQLSTATE[HY000]: General error: 8 attempt to write a readonly database"
@@ -185,9 +185,9 @@ chmod 775 /var/www/html/database
**Clear SQLite cache:**
```bash
ssh posterg
rm -f /var/www/html/database/test.db-journal
rm -f /var/www/html/database/test.db-shm
rm -f /var/www/html/database/test.db-wal
rm -f /var/www/html/storage/test.db-journal
rm -f /var/www/html/storage/test.db-shm
rm -f /var/www/html/storage/test.db-wal
```
Then redeploy:
@@ -239,7 +239,7 @@ just test-deploy
```bash
ssh posterg
sqlite3 /var/www/html/database/test.db
sqlite3 /var/www/html/storage/test.db
# ... make changes ...
```
@@ -281,7 +281,7 @@ Before deploying test database, backup production if needed:
```bash
ssh posterg
cp /var/www/html/database/posterg.db /var/www/html/database/posterg.db.backup.$(date +%Y%m%d)
cp /var/www/html/storage/posterg.db /var/www/html/storage/posterg.db.backup.$(date +%Y%m%d)
```
---
@@ -325,7 +325,7 @@ cp /var/www/html/database/posterg.db /var/www/html/database/posterg.db.backup.$(
After running `just test-deploy`, verify:
- [ ] Database file exists: `ssh posterg "ls -la /var/www/html/database/test.db"`
- [ ] Database file exists: `ssh posterg "ls -la /var/www/html/storage/test.db"`
- [ ] Correct permissions: `-rw-rw---- theophile posterg`
- [ ] Directory writable: `drwxrwxr-x theophile posterg`
- [ ] Site loads: Visit https://posterg.erg.be/
@@ -346,7 +346,7 @@ When working correctly:
To switch back to production, just:
```bash
ssh posterg "rm /var/www/html/database/test.db"
ssh posterg "rm /var/www/html/storage/test.db"
```
Site automatically uses `posterg.db` again! 🚀

8
nginx/deploy-production-new.sh
View File

@@ -42,9 +42,9 @@ if [ -d "/var/www/posterg/database" ]; then
fi
# Fix database file permissions
if [ -f "/var/www/posterg/database/test.db" ]; then
chmod 660 /var/www/posterg/database/test.db
chown www-data:posterg /var/www/posterg/database/test.db
if [ -f "/var/www/posterg/storage/test.db" ]; then
chmod 660 /var/www/posterg/storage/test.db
chown www-data:posterg /var/www/posterg/storage/test.db
echo "✓ Fixed database file permissions (660)"
fi
@@ -102,4 +102,4 @@ echo ""
echo "After reload, verify:"
echo " • https://posterg.erg.be/"
echo " • https://posterg.erg.be/admin/"
echo " • https://posterg.erg.be/database/test.db (should 404)"
echo " • https://posterg.erg.be/storage/test.db (should 404)"

8
nginx/deploy-production.sh
View File

@@ -42,9 +42,9 @@ if [ -d "/var/www/html/formulaire/data/theses" ]; then
fi
# Protect database if it exists
if [ -f "/var/www/html/database/posterg.db" ]; then
chmod 660 /var/www/html/database/posterg.db
chown www-data:posterg /var/www/html/database/posterg.db
if [ -f "/var/www/html/storage/posterg.db" ]; then
chmod 660 /var/www/html/storage/posterg.db
chown www-data:posterg /var/www/html/storage/posterg.db
echo "✓ Protected database file"
fi
@@ -174,7 +174,7 @@ echo " • Access log: tail -f /var/log/nginx/posterg_access.log"
echo " • Error log: tail -f /var/log/nginx/posterg_error.log"
echo ""
echo "🔒 Security Checks:"
echo " • Database blocked: curl -I http://localhost/database/posterg.db"
echo " • Database blocked: curl -I http://localhost/storage/posterg.db"
echo " • MD files blocked: curl -I http://localhost/README.md"
echo " • Shared blocked: curl -I http://localhost/shared/Database.php"
echo ""

8
scripts/deploy-production.sh
View File

@@ -42,9 +42,9 @@ if [ -d "/var/www/html/formulaire/data/theses" ]; then
fi
# Protect database if it exists
if [ -f "/var/www/html/database/posterg.db" ]; then
chmod 660 /var/www/html/database/posterg.db
chown www-data:posterg /var/www/html/database/posterg.db
if [ -f "/var/www/html/storage/posterg.db" ]; then
chmod 660 /var/www/html/storage/posterg.db
chown www-data:posterg /var/www/html/storage/posterg.db
echo "✓ Protected database file"
fi
@@ -174,7 +174,7 @@ echo " • Access log: tail -f /var/log/nginx/posterg_access.log"
echo " • Error log: tail -f /var/log/nginx/posterg_error.log"
echo ""
echo "🔒 Security Checks:"
echo " • Database blocked: curl -I http://localhost/database/posterg.db"
echo " • Database blocked: curl -I http://localhost/storage/posterg.db"
echo " • MD files blocked: curl -I http://localhost/README.md"
echo " • Shared blocked: curl -I http://localhost/shared/Database.php"
echo ""

2
scripts/migrate-structure.sh
View File

@@ -164,6 +164,6 @@ echo " admin/ - Admin panel"
echo " lib/ - Shared libraries"
echo " assets/ - Static files"
echo " inc/ - Templates"
echo " database/ - Database files"
echo " storage/ - Database files"
echo " vendor/ - Third-party (gitignored)"
echo ""

4
scripts/setup-dev.sh
View File

@@ -35,10 +35,10 @@ else
fi
# Create test database if needed
if [ ! -f "database/test.db" ]; then
if [ ! -f "storage/test.db" ]; then
echo ""
echo "📊 Creating test database..."
sqlite3 database/test.db < database/schema.sql
sqlite3 storage/test.db < storage/schema.sql
echo "✓ Created test database"
fi

2
src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json vendored
View File

@@ -1 +1 @@
[1770894664]
[1770894771]

4
src/config.php
View File

@@ -9,10 +9,10 @@
define('DB_ROOT', __DIR__ . '/..');
// Test database (used in development)
define('DB_TEST_PATH', DB_ROOT . '/database/test.db');
define('DB_TEST_PATH', DB_ROOT . '/storage/test.db');
// Production database (used on server)
define('DB_PROD_PATH', DB_ROOT . '/database/posterg.db');
define('DB_PROD_PATH', DB_ROOT . '/storage/posterg.db');
/**
* Determine which database to use

0
database/Database_TFE_test.csv → storage/Database_TFE_test.csv
View File

0
database/README.md → storage/README.md
View File

0
database/docs/DATABASE_SPECIFICATION.md → storage/docs/DATABASE_SPECIFICATION.md
View File

0
database/docs/QUICK_SCHEMA_REFERENCE.md → storage/docs/QUICK_SCHEMA_REFERENCE.md
View File

0
database/docs/SETUP.md → storage/docs/SETUP.md
View File

0
database/docs/posterg_fiche-technique.md → storage/docs/posterg_fiche-technique.md
View File

0
database/fixtures/CreateTestDatabase.php → storage/fixtures/CreateTestDatabase.php
View File

0
database/posterg.db → storage/posterg.db
View File

0
database/schema.sql → storage/schema.sql
View File

0
database/test.db → storage/test.db
View File

2
tests/README.md
View File

@@ -225,7 +225,7 @@ php tests/run-tests.php
## 📚 Related Documentation
- [Database Specification](../database/DATABASE_SPECIFICATION.md)
- [Database Specification](../storage/DATABASE_SPECIFICATION.md)
- [Security Documentation](../docs/SECURITY.md)
- [Development Guide](../MIGRATION_GUIDE.md)