From 8e36f981391d473d6fe7d2ab49b966c50434b296 Mon Sep 17 00:00:00 2001
From: Pontoporeia <pontoporeia@happyngreen.fr>
Date: Wed, 1 Apr 2026 16:44:07 +0200
Subject: [PATCH] Move RateLimit cache dir from src/cache/ to
 storage/cache/rate_limit/

The default cache directory for the file-based rate limiter was
src/cache/rate_limit/, placing transient JSON files inside the source tree.
This meant:
- The directory was deployed via rsync on every deploy (wasted I/O)
- .gitignore had to track a src/-internal path
- Developers running tests could leave stale cache state in the source tree

Changes:
- src/RateLimit.php: default $cacheDir changed from __DIR__.'/cache/rate_limit'
  to dirname(__DIR__).'/storage/cache/rate_limit'; dirname(__DIR__) resolves to
  the project root regardless of how the file is loaded (with or without bootstrap)
- .gitignore: replaced 'src/cache/rate_limit/' with 'storage/cache/' (broader,
  covers any future cache subdirs under storage/)
- storage/cache/.gitkeep: added so the directory is tracked in VCS and created
  on fresh clones/deploys, but its contents are ignored
- justfile: added '--exclude storage/cache/*' to the deploy rsync recipe so
  rate-limit state is never transferred to the server
- src/cache/: removed (no longer needed)

All RateLimit unit tests pass.
---
 .gitignore                                             |  2 +-
 TODO.md                                                | 10 +++++-----
 justfile                                               |  1 +
 src/RateLimit.php                                      |  2 +-
 .../rate_limit/ad921d60486366258809553a3db49a4a.json   |  1 -
 5 files changed, 8 insertions(+), 8 deletions(-)
 delete mode 100644 src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json

diff --git a/.gitignore b/.gitignore
index 1689399..26a9c88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,7 @@ storage/test.db
 
 ### Logs ###
 error.log
-src/cache/rate_limit/
+storage/cache/
 
 # Nix
 .direnv/
diff --git a/TODO.md b/TODO.md
index 8e2c001..c3b9ca5 100644
--- a/TODO.md
+++ b/TODO.md
@@ -544,11 +544,11 @@ Goal: rename the tables and column to the canonical M2M pattern (`tags`, `thesis
 
 - [x] Fix `fgetcsv()` deprecation warnings in `import.php` - added explicit `$escape = ''` parameter to all 5 calls
 - [x] Run all pending DB migrations (001–006) on `storage/posterg.db` - `tags`/`thesis_tags` tables now exist
-- [ ] **`RateLimit` uses per-file JSON on disk** - reads, writes, and `glob()`s the filesystem on
-      every public request. For a low-traffic art-school site this is fine, but it creates a
-      write-on-every-hit pattern. Consider switching to APCu (if available) or SQLite (single INSERT)
-      to avoid filesystem churn. At minimum, move the cache dir to `/tmp` or a dedicated
-      `storage/cache/` path that is excluded from deploy rsync.
+- [x] **`RateLimit` cache dir moved to `storage/cache/rate_limit/`** — default path changed from
+      `src/cache/rate_limit` (inside source tree) to `storage/cache/rate_limit` (via `dirname(__DIR__)`
+      relative to `src/RateLimit.php`). `.gitignore` updated to ignore `storage/cache/` instead of
+      the old `src/cache/rate_limit/`. `justfile` deploy rsync now excludes `storage/cache/*`.
+      Old `src/cache/` directory removed.
 
 - [x] **`__wakeup()` singleton guard throws from a public method** - changed to
       `trigger_error('Cannot unserialize singleton ...', E_USER_ERROR)` with explicit `void` return
diff --git a/justfile b/justfile
index 10e1488..bbfb138 100644
--- a/justfile
+++ b/justfile
@@ -41,6 +41,7 @@ deploy:
         --exclude '.pi' \
         --exclude '.DS_Store' \
         --exclude 'storage/backup_*' \
+        --exclude 'storage/cache/*' \
         --exclude 'storage/fixtures' \
         --exclude 'storage/docs' \
         --exclude 'nginx' \
diff --git a/src/RateLimit.php b/src/RateLimit.php
index 7e66b9f..0ada49e 100644
--- a/src/RateLimit.php
+++ b/src/RateLimit.php
@@ -18,7 +18,7 @@ class RateLimit {
     public function __construct($maxRequests = 30, $timeWindow = 60, $cacheDir = null) {
         $this->maxRequests = $maxRequests;
         $this->timeWindow = $timeWindow;
-        $this->cacheDir = $cacheDir ?? __DIR__ . '/cache/rate_limit';
+        $this->cacheDir = $cacheDir ?? dirname(__DIR__) . '/storage/cache/rate_limit';
 
         // Create cache directory if it doesn't exist
         if (!is_dir($this->cacheDir)) {
diff --git a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json b/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json
deleted file mode 100644
index 6f54142..0000000
--- a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json
+++ /dev/null
@@ -1 +0,0 @@
-[1775039085]
\ No newline at end of file