mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 08:09:18 +02:00
2e9ebfc684
Replace `storeAsFile:true` with a full async FilePond round-trip pipeline using opaque server-side file IDs.
* Added 4 new PHP endpoints under `/admin/actions/filepond/`:
* `process.php` — upload/process single file and return opaque `file_id`
* `revert.php` — delete pending tmp uploads before form submit
* `load.php` — stream existing files by DB ID for FilePond preload
* `remove.php` — soft-delete `thesis_files` rows
* `process.php` improvements:
* accept arbitrary FilePond field names instead of hardcoded `file`
* support PHP-nested multi-file queue inputs (`queue_file[tfe][]`)
* explicit unwrapping of nested `$_FILES` structures
* add `audio/mp3` to audio + `peertube_audio` MIME whitelists
* immediate upload of `peertube_*` files to PeerTube, returning `peertube:{uuid}` IDs
* extensive `error_log()` instrumentation for request, CSRF, MIME, upload, and save stages
* `revert.php` now accepts `peertube:` IDs without local cleanup
* `ThesisFileHandler`:
* add `handleFilePondQueueFiles()` + `handleFilePondSingleFile()`
* process async uploads from `storage/tmp/filepond/` via opaque `file_id`
* inline handling of `peertube:{uuid}` IDs with direct `thesis_files` insertion
* remove obsolete deferred PeerTube queue-processing flow
* `ThesisCreateController` + `ThesisEditController`:
* gate async path behind `filepond_mode=1`
* preserve legacy multipart flow as fallback
* `file-upload-filepond.js`:
* remove `storeAsFile:true`
* add `buildServerConfig()` for async endpoint wiring
* fix `syncOrderInput()` to use `serverId`
* add `onprocessfile` hook
* add `fileValidateSizeFilterItem` for per-extension size caps
* preload existing uploads via `data-existing-files` + `server.load`
* replace static `INPUT_ID_TO_TYPE` map with `data-queue-type`
* add extensive `console.log()` debugging across upload pipeline stages
* `upload-progress.js`:
* block form submission while uploads are pending
* update `collectFileNames()` to read processed FilePond items
* Templates/layout:
* add `data-queue-type`
* add `data-existing-files`
* add global CSRF meta tag outside admin-only context
* add `filepond_mode` hidden input
* add CSRF token/meta support for partage pages
* move website URL field below file upload block
* `.gitignore`: exclude `storage/tmp/` from version control
XAMXAM
(Anciennement Posterg)
Répertoire des travaux de fin d'études de l'ERG (École de Recherche Graphique).
Requirements
- PHP 8.4
- SQLite3 (
php8.4-sqlite3) - nginx (production)
Development
MacOS
Logiciels:
- un IDE pour éditer → VSCode
- git (ou une interface graphique) pour partager les modifications → git-gui (officiel) ou Github Desktop
- un server web avec PHP pour visualiser le project dans le navigateur → MAMP
Workflow
- Faire un changement dans ton IDE
- Démarrer le site via MAMP, en sélectionnant le dossier
public - Vérifier que ça marche sur le site en local, depuis ton navigateur
- Une fois qu'un changement spécifique est fait,
commitles changements sur les fichiers qui sont relatif à ce changement - Vérifier que vous avez syncroniser avec le
remote→pull+rebase! pas merge pushles changements vers le remote
just serve # http://localhost:8000 (public) and /admin/
Deployment
Files are pushed to the server with rsync — there is no repo on the remote.
just deploy # rsync app files → xamxam:/var/www/xamxam/
just deploy-db # push local xamxam.db → remote (only if remote DB is absent)
deploy-db refuses to run if a database already exists on the server, to avoid
accidental overwrites of production data.
First-time server setup
ssh xamxam
sudo mkdir -p /var/www/xamxam
sudo chown www-data:xamxam /var/www/xamxam
sudo chmod 775 /var/www/xamxam
exit
Then deploy once and apply nginx config:
just deploy
just deploy-nginx
Admin users (htpasswd)
just manage-admin-users
# Then on server:
ssh xamxam "sudo bash /tmp/manage-admin-users.sh"
Security notes
- Admin panel protected by nginx
auth_basic+ PHP session (AdminAuth) - Uploads stored outside webroot, served via controlled
media.php - Rate limiting on public search (
src/RateLimit.php) - See
nginx/docs/SECURITY_HEADERS.mdfor security headers reference