mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00

Files

Théophile Gervreau-Mercier 467aced734 Restructure repository and implement secure search feature

Phase 1: Consolidate shared infrastructure
- Create shared/ directory for common code
- Consolidate Database.php from front-backend and formulaire into unified shared/Database.php
  - Smart path detection for test.db vs posterg.db
  - Secure search with wildcard escaping and input validation
  - Support both singleton and direct instantiation patterns
  - Full CRUD methods for admin functionality
- Move RateLimit.php to shared/ (30 requests/min)
- Update all require paths across apps to use shared/

Phase 2: Reorganize directory structure
- Rename front-backend/ → apps/public/
- Rename formulaire/ → apps/admin/
- Rename db/ → database/
- Update all file paths for new structure
- Create root .gitignore excluding databases, cache, logs

Implement secure search feature
- Add apps/public/search.php with full-text search across theses
- Search filters: query, year, orientation, AP program, keywords
- Security features:
  - SQL injection prevention (prepared statements)
  - Wildcard injection prevention (escape % and _)
  - Input validation (max 200 chars, year range 1900-2100)
  - Rate limiting (30 req/min per IP)
  - Pagination limited to 100 results/page
  - XSS protection (htmlspecialchars on output)

Add comprehensive test suite
- Create apps/public/tests/ with proper structure
  - tests/Integration/SearchTest.php - 12 search scenarios
  - tests/Security/SecurityTest.php - vulnerability testing
  - tests/Unit/RateLimitTest.php - rate limit behavior
- Create database/fixtures/CreateTestDatabase.php
- Add apps/public/run-tests.php test runner
- All tests passing (4/4 suites)

Update deployment configuration
- Rename justfile 'sync' recipe to 'deploy'
- Create deploy group with separate deploy-public and deploy-admin
- Add test-deploy recipe for test database
- Exclude *.db, tests/, cache/, *.md from production deploy
- Deploy shared/ to both public and admin locations

Stats: +4482 insertions, -654 deletions across 72 files

2026-02-02 18:53:58 +01:00

posterg.conf

Restructure repository and implement secure search feature

2026-02-02 18:53:58 +01:00

QUICK_REFERENCE.md

Restructure repository and implement secure search feature

2026-02-02 18:53:58 +01:00

README.md

Restructure repository and implement secure search feature

2026-02-02 18:53:58 +01:00

setup-password.sh

Restructure repository and implement secure search feature

2026-02-02 18:53:58 +01:00

SETUP.md

Restructure repository and implement secure search feature

2026-02-02 18:53:58 +01:00

README.md

Nginx Configuration - Post-ERG

This directory contains nginx configuration and setup scripts for the Post-ERG thesis website.

📁 Files

posterg.conf - Complete nginx configuration file
setup-password.sh - Script to create admin passwords
SETUP.md - Detailed setup instructions
QUICK_REFERENCE.md - Command reference and troubleshooting

🚀 Quick Start

1. Set up admin password

# Make script executable
chmod +x nginx/setup-password.sh

# Run setup (as root on server)
sudo ./nginx/setup-password.sh

2. Deploy nginx configuration

# From your local machine
just deploy-nginx

# Then on the server:
sudo cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
sudo ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

3. Set up SSL (production)

# On server
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d posterg.erg.be -d www.posterg.erg.be

🔒 Security Features

Admin Panel Protection

Password required for /formulaire/ (admin panel)
HTTP Basic Authentication
Rate limited: 10 requests/minute

File Access Protection

Database files (.db) - BLOCKED
Sensitive files (.md, .sql, .env) - BLOCKED
Shared directory - BLOCKED
Tests directory - BLOCKED
Cache directory - BLOCKED
Hidden files (.git, etc.) - BLOCKED

Rate Limiting

General requests: 30/minute
Search endpoint: 30/minute
Admin panel: 10/minute

Security Headers

✅ X-Frame-Options (clickjacking protection)
✅ X-Content-Type-Options (MIME sniffing protection)
✅ X-XSS-Protection (XSS filter)
✅ Strict-Transport-Security (force HTTPS)
✅ Referrer-Policy (referrer control)
✅ Permissions-Policy (disable browser features)

SSL/TLS

TLS 1.2 and 1.3 only
Strong cipher suites
OCSP stapling
HSTS enabled

📚 Documentation

SETUP.md - Complete setup guide
- Installation steps
- Configuration details
- Testing procedures
- Troubleshooting
- Performance tuning
- Security checklist
QUICK_REFERENCE.md - Command reference
- Common operations
- Password management
- Nginx control
- Log viewing
- Testing commands
- Troubleshooting

🧪 Testing

Test your configuration:

# Test admin authentication
curl -I https://posterg.erg.be/formulaire/

# Test file protection
curl -I https://posterg.erg.be/database/posterg.db

# Test security headers
curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport"

🆘 Quick Help

Admin can't log in

# Reset password
sudo htpasswd /etc/nginx/.htpasswd-posterg admin

502 Bad Gateway

# Check PHP-FPM
sudo systemctl status php8.2-fpm
sudo systemctl restart php8.2-fpm

Configuration errors

# Test and show errors
sudo nginx -t

📊 Monitoring

# Watch access logs
sudo tail -f /var/log/nginx/posterg_access.log

# Watch error logs
sudo tail -f /var/log/nginx/posterg_error.log

# Check nginx status
sudo systemctl status nginx

🔄 Maintenance

Change admin password

sudo htpasswd /etc/nginx/.htpasswd-posterg admin

Reload after config changes

sudo nginx -t && sudo systemctl reload nginx

Renew SSL certificate

sudo certbot renew

📞 Support

For detailed instructions, see:

SETUP.md - Complete setup guide
QUICK_REFERENCE.md - Command reference

For issues:

Check nginx error logs: sudo tail /var/log/nginx/posterg_error.log
Test configuration: sudo nginx -t
Check PHP-FPM: sudo systemctl status php8.2-fpm