PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
467aced734765d80df4f5770c994fd6cb500ce29
xamxam/apps/public/SEARCH_FEATURE.md
Théophile Gervreau-Mercier 467aced734 Restructure repository and implement secure search feature 
Phase 1: Consolidate shared infrastructure
- Create shared/ directory for common code
- Consolidate Database.php from front-backend and formulaire into unified shared/Database.php
  - Smart path detection for test.db vs posterg.db
  - Secure search with wildcard escaping and input validation
  - Support both singleton and direct instantiation patterns
  - Full CRUD methods for admin functionality
- Move RateLimit.php to shared/ (30 requests/min)
- Update all require paths across apps to use shared/

Phase 2: Reorganize directory structure
- Rename front-backend/ → apps/public/
- Rename formulaire/ → apps/admin/
- Rename db/ → database/
- Update all file paths for new structure
- Create root .gitignore excluding databases, cache, logs

Implement secure search feature
- Add apps/public/search.php with full-text search across theses
- Search filters: query, year, orientation, AP program, keywords
- Security features:
  - SQL injection prevention (prepared statements)
  - Wildcard injection prevention (escape % and _)
  - Input validation (max 200 chars, year range 1900-2100)
  - Rate limiting (30 req/min per IP)
  - Pagination limited to 100 results/page
  - XSS protection (htmlspecialchars on output)

Add comprehensive test suite
- Create apps/public/tests/ with proper structure
  - tests/Integration/SearchTest.php - 12 search scenarios
  - tests/Security/SecurityTest.php - vulnerability testing
  - tests/Unit/RateLimitTest.php - rate limit behavior
- Create database/fixtures/CreateTestDatabase.php
- Add apps/public/run-tests.php test runner
- All tests passing (4/4 suites)

Update deployment configuration
- Rename justfile 'sync' recipe to 'deploy'
- Create deploy group with separate deploy-public and deploy-admin
- Add test-deploy recipe for test database
- Exclude *.db, tests/, cache/, *.md from production deploy
- Deploy shared/ to both public and admin locations

Stats: +4482 insertions, -654 deletions across 72 files
2026-02-02 18:53:58 +01:00

5.4 KiB
Raw Blame History

Search Feature Documentation

Overview

The search feature allows users to search across theses using multiple criteria including full-text search and advanced filters.

Files Created/Modified

New Files

  1. search.php - Main search interface page
  2. create_test_db.php - Script to generate test database with sample data
  3. SEARCH_FEATURE.md - This documentation file

Modified Files

  1. Database.php - Added search methods:

    • searchTheses() - Search with multiple filters
    • countSearchResults() - Count matching results
    • getAvailableYears() - Get all years from published theses
    • getOrientations() - Get all orientations
    • getApPrograms() - Get all AP programs
    • getFinalityTypes() - Get all finality types
    • getUsedKeywords() - Get keywords used in published theses
    • getFormatTypes() - Get all format types
    • getLanguages() - Get all languages

  2. inc/header.php - Added "Rechercher" link to navigation

Searchable Fields

The search feature allows filtering by:

  1. Full-text query - Searches across:

    • Title
    • Subtitle
    • Synopsis
    • Author names
    • Supervisor names
    • Keywords

  2. Year - Filter by specific year

  3. Orientation - Filter by artistic orientation:

    • Arts Numériques, Dessin, Cinéma d'animation, Installation-Performance
    • Peinture, Photographie, Sculpture, Vidéographie
    • Graphisme, Typographie, Design Numérique, Illustration
    • Bande-Dessinée, Sérigraphie, Gravure

  4. AP Program - Filter by atelier pratique:

    • Narration Spéculative
    • Design et Politique du Multiple (DPM)
    • Atelier Pratiques Situées (APS)
    • Lieux, Interdisciplinarités, Écologie, Nécessité, Systèmes (LIENS)

  5. Finality - Filter by master finality:

    • Approfondi
    • Enseignement
    • Spécialisé

  6. Format - Filter by work format:

    • Site web, Audio, Vidéo, Performance
    • Objet éditorial, Installation, Autre

  7. Language - Filter by language (Français, Anglais)

  8. Keyword - Filter by specific keyword

  9. Type - Filter by thesis type:

    • TFE (final thesis projects)
    • Doctoral theses

Testing the Search Feature

1. Create Test Database

Run the script to generate sample data:

cd /home/padlock/dev/posterg-website/front-backend
php create_test_db.php

This will create test.db in the formulaire/ directory with:

  • 6 sample theses (various years, orientations, and programs)
  • 5 sample authors
  • 3 sample supervisors
  • 20 keywords
  • Complete relationships (authors, supervisors, keywords, formats, languages)

2. Access the Search Page

Navigate to: search.php

3. Test Search Scenarios

Scenario 1: Full-text Search

  • Enter "urbain" in the search field
  • Should find: "Espaces Urbains et Narration Collective"

Scenario 2: Filter by Year

  • Select year: 2024
  • Should find: 3 theses from 2024

Scenario 3: Filter by Orientation

  • Select orientation: "Installation-Performance"
  • Should find: 2 theses

Scenario 4: Filter by AP Program

  • Select AP: "Narration Spéculative"
  • Should find: 2 theses

Scenario 5: Combined Filters

  • Enter "performance" in search field
  • Select year: 2024
  • Should find: 1 thesis ("Corps et Technologies")

Scenario 6: Keyword Search

  • Select keyword: "écologie"
  • Should find: "Écologies Affectives"

Database Schema Reference

The search uses the v_theses_public view which combines:

  • Main thesis data from theses table
  • Related authors via thesis_authors junction table
  • Related supervisors via thesis_supervisors junction table
  • Related keywords via thesis_keywords junction table
  • Related formats via thesis_formats junction table
  • Related languages via thesis_languages junction table
  • Predefined values from lookup tables (orientations, ap_programs, finality_types, etc.)

Features

Pagination

  • Results are paginated (20 items per page)
  • Previous/Next navigation
  • Numbered page links

Result Display

  • Shows total number of results
  • Card-based layout matching the main index page
  • Displays: title, author, year, synopsis excerpt
  • Links to full thesis detail page

User Experience

  • All filters are optional
  • Filters can be combined
  • "Réinitialiser" button to clear all filters
  • Maintains filter state during pagination

Security Considerations

  • All user inputs are sanitized using htmlspecialchars()
  • SQL queries use prepared statements with parameter binding
  • No direct SQL injection risk
  • Only published theses are searchable (is_published = 1)

Future Enhancements

Potential improvements:

  1. Auto-complete - Suggest keywords/authors as user types
  2. Faceted search - Show filter counts (e.g., "Peinture (12)")
  3. Sort options - Sort by year, title, relevance
  4. Save searches - Allow users to bookmark search queries
  5. Export results - Export search results as CSV/JSON
  6. Advanced boolean search - Support AND/OR/NOT operators
  7. Search highlights - Highlight matching terms in results
  8. Related theses - Show similar works based on keywords
  9. Statistics - Show search analytics and popular queries
  10. AJAX search - Live search without page reload

Technical Notes

  • Uses SQLite LIKE operator for text matching (case-insensitive)
  • Searches across GROUP_CONCAT fields in the view for many-to-many relationships
  • Efficient use of indexes defined in schema.sql
  • Compatible with existing Database.php singleton pattern
Reference in New Issue View Git Blame Copy Permalink