PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

analysis: dependency audit and refactoring task proposals in TODO.md

Browse Source
This commit is contained in:
Pontoporeia
2026-02-24 23:11:13 +01:00
parent 73c27a067d
commit da53d56744
4 changed files with 383 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
TODO.md Normal file
View File

@@ -0,0 +1,132 @@
# Post-ERG Dependency & Refactoring Analysis
## Summary
The project has **zero external PHP library dependencies** (no Composer, no vendor/).
All PHP logic relies exclusively on standard PHP extensions: PDO/SQLite, `finfo`,
`session_*`, `password_verify`, `hash_equals`, `random_bytes`, `json_*`, SPL iterators.
There is one vendored CSS file (`modern-normalize.min.css`, 1 file, 8 lines).
The only real problems are **internal structural bugs** and **dead code paths**, not
third-party dependencies. The tasks below are ordered from critical to nice-to-have.
---
## Critical Bugs (broken at runtime)
- [ ] **Fix broken `lib/` require paths in all admin pages**
Admin pages (`add.php`, `edit.php`, `import.php`, `thanks.php`, `login.php`,
`logout.php`, `actions/formulaire.php`, `actions/publish.php`) all require
`../../lib/AdminAuth.php` and `../../lib/Database.php`, but the `lib/` directory
**does not exist**. The actual files live in `src/`. This means the entire admin
panel is broken. Fix: change all `lib/` references to `src/`.
- [ ] **Fix missing `modern-normalize.css` (no `.min` variant)**
`templates/header.php`, `templates/head.php`, and `public/search.php` reference
`assets/modern-normalize.css` (without `.min`), but only `modern-normalize.min.css`
exists. Either rename the file or update the references to be consistent.
- [ ] **Fix `admin/index.php` inconsistency**
`admin/index.php` uses `src/AdminAuth.php` (correct) but then
`../../lib/Database.php` (broken). It should load from `src/` consistently.
---
## Structural / Code-Quality Refactors
- [ ] **Unify and rename `src/` path references across the entire codebase**
After fixing the `lib/``src/` migration, normalise every admin page to load
`src/Database.php` and `src/AdminAuth.php` via `APP_ROOT` (the constant already
defined in `bootstrap.php`), removing the fragile relative-path `../../` chains.
- [ ] **Eliminate the duplicate `searchTheses` / `countSearchResults` condition block**
`Database::searchTheses()` and `Database::countSearchResults()` share identical
WHERE-clause construction logic (~80 lines each). Extract a private
`buildSearchConditions(array $params): array` helper that returns `[$conditions,
$bindings]` and call it from both methods.
- [ ] **Remove `getConnection()` / `getPDO()` alias duplication**
The `Database` class exposes `getConnection()`, `getPDO()`, and direct transaction
delegation (`beginTransaction`, `commit`, `rollback`) purely because the admin code
accesses raw PDO. Consider removing `getConnection()` (alias of `getPDO()`) and
instead promoting the most-used raw queries into `Database` methods, reducing
direct PDO exposure.
- [ ] **Move inline SQL in `admin/index.php` into `Database`**
`admin/index.php` builds a raw SQL query with dynamic filter conditions directly in
the page. This is the only admin page doing so. Add a `getThesesList(array
$filters): array` method to `Database` to match the pattern used everywhere else.
- [ ] **Add a `getThesisByIdAdmin(int $id): ?array` method to remove repeated raw queries in admin**
`admin/thanks.php` and `admin/edit.php` each call `$db->getThesis($id)` then
immediately issue further raw PDO queries for related data (`thesis_languages`,
`thesis_formats`, files). Consolidate into a method that returns everything needed
for the admin detail view.
---
## What Can Be Removed / Simplified
- [ ] **Remove `include_template()` helper from `bootstrap.php` — it is never called**
The function `include_template($name)` in `config/bootstrap.php` is dead code;
pages use direct `include APP_ROOT . '/templates/...'` instead.
- [ ] **Remove the Composer autoload stub from `bootstrap.php`**
`bootstrap.php` has `if (file_exists(APP_ROOT . '/vendor/autoload.php'))` — there
is no Composer vendor directory and no plan for one. Remove this dead branch.
- [ ] **Delete `apps/admin/` directory**
`apps/admin/` contains only `data/` (empty with test data) and `error.log` and
`test.db`. It appears to be a leftover from an earlier structure. If confirmed
unused, delete it.
- [ ] **Remove `apps/` directory entirely if it contains only residual artefacts**
Related to the above — verify no active code references `apps/`.
---
## What Needs External Dependencies (nothing — keep it that way)
- **Authentication**: `password_verify` + `session_*` + `random_bytes` — already
standard PHP. No dependency needed.
- **Database**: PDO + SQLite — already standard PHP. No dependency needed.
- **Rate limiting**: File-based JSON sliding window — already implemented without
deps. Could be replaced by Redis/APCu at scale, but unnecessary for current load.
- **File serving / MIME validation**: `finfo` (fileinfo extension) — standard PHP
bundled extension.
- **CSRF**: `hash_equals` + `random_bytes` — standard PHP. No dependency needed.
- **CSS reset** (`modern-normalize`): The single vendored file (8 lines, minified)
is small enough to keep vendored. No CDN link, no build step. ✓
---
## Testing Infrastructure
- [ ] **Fix `SearchTest.php` — it calls `searchTheses()` with a string, not an array**
`$db->searchTheses('art')` passes a string, but `searchTheses()` expects
`array $params`. This test would throw a TypeError at runtime. Fix the call to
`$db->searchTheses(['query' => 'art'])`.
- [ ] **Add a test for the `lib/` → `src/` path fix once it is applied**
After the path fix, add a smoke test that `require`-s each admin page's
dependencies to catch future regressions.
---
## Low Priority / Nice-to-Have
- [ ] **Normalise `modern-normalize` to a single canonical filename**
Pick either `.min.css` or `.css` and use it everywhere. Prefer `.min.css` since
the file is already minified.
- [ ] **Consider extracting file-upload logic from `formulaire.php` into `Database`**
File validation, directory creation, and `insertThesisFile()` are scattered across
`formulaire.php`. Wrapping them in a `Database::attachFile()` or a dedicated
`FileUploadHandler` class would make `formulaire.php` much shorter and the upload
logic testable.
- [ ] **Unify `head.php` vs `header.php` templates**
The public site has both `templates/head.php` (shared `<head>` tag) and
`templates/header.php` (full `<head>` + `<body><header>`). `tfe.php` uses
`head.php` and renders its own `<body>`, while `index.php` uses `header.php`.
This split is confusing. Consider making `header.php` the single entry point.

BIN
apps/admin/data/covers/Théophile Gervreau-Mercier_2024_.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 174 KiB

251
apps/admin/error.log Normal file
View File

@@ -0,0 +1,251 @@
[27-Jan-2026 14:57:08 UTC] FILES array: Array
(
[couverture] => Array
(
[name] =>
[full_path] =>
[type] =>
[tmp_name] =>
[error] => 4
[size] => 0
)
[files] => Array
(
[name] => Array
(
[0] =>
)
[full_path] => Array
(
[0] =>
)
[type] => Array
(
[0] =>
)
[tmp_name] => Array
(
[0] =>
)
[error] => Array
(
[0] => 4
)
[size] => Array
(
[0] => 0
)
)
)
[27-Jan-2026 14:57:08 UTC] Form processing error: Veuillez sélectionner au moins une langue.
[27-Jan-2026 15:16:43 UTC] FILES array: Array
(
[couverture] => Array
(
[name] =>
[full_path] =>
[type] =>
[tmp_name] =>
[error] => 4
[size] => 0
)
[files] => Array
(
[name] => Array
(
[0] =>
)
[full_path] => Array
(
[0] =>
)
[type] => Array
(
[0] =>
)
[tmp_name] => Array
(
[0] =>
)
[error] => Array
(
[0] => 4
)
[size] => Array
(
[0] => 0
)
)
)
[27-Jan-2026 15:16:43 UTC] Form processing error: Lien URL invalide.
[27-Jan-2026 15:30:28 UTC] FILES array: Array
(
[couverture] => Array
(
[name] =>
[full_path] =>
[type] =>
[tmp_name] =>
[error] => 4
[size] => 0
)
[files] => Array
(
[name] => Array
(
[0] =>
)
[full_path] => Array
(
[0] =>
)
[type] => Array
(
[0] =>
)
[tmp_name] => Array
(
[0] =>
)
[error] => Array
(
[0] => 4
)
[size] => Array
(
[0] => 0
)
)
)
[27-Jan-2026 15:30:28 UTC] Author ID: 1
[27-Jan-2026 15:30:28 UTC] Thesis ID: 1
[27-Jan-2026 15:30:29 UTC] Thesis submission completed successfully: 2026-001
[27-Jan-2026 15:33:11 UTC] FILES array: Array
(
[couverture] => Array
(
[name] =>
[full_path] =>
[type] =>
[tmp_name] =>
[error] => 4
[size] => 0
)
[files] => Array
(
[name] => Array
(
[0] =>
)
[full_path] => Array
(
[0] =>
)
[type] => Array
(
[0] =>
)
[tmp_name] => Array
(
[0] =>
)
[error] => Array
(
[0] => 4
)
[size] => Array
(
[0] => 0
)
)
)
[27-Jan-2026 15:33:11 UTC] Author ID: 2
[27-Jan-2026 15:33:11 UTC] Thesis ID: 2
[27-Jan-2026 15:33:12 UTC] Thesis submission completed successfully: 2026-002
[27-Jan-2026 15:48:51 UTC] FILES array: Array
(
[couverture] => Array
(
[name] =>
[full_path] =>
[type] =>
[tmp_name] =>
[error] => 4
[size] => 0
)
[files] => Array
(
[name] => Array
(
[0] =>
)
[full_path] => Array
(
[0] =>
)
[type] => Array
(
[0] =>
)
[tmp_name] => Array
(
[0] =>
)
[error] => Array
(
[0] => 4
)
[size] => Array
(
[0] => 0
)
)
)
[27-Jan-2026 15:48:51 UTC] Author ID: 14
[27-Jan-2026 15:48:51 UTC] Thesis ID: 14
[27-Jan-2026 15:48:51 UTC] Thesis submission completed successfully: 2026-003

BIN
apps/admin/test.db Normal file
View File

Binary file not shown.