PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
467aced734765d80df4f5770c994fd6cb500ce29
xamxam/apps/public/tests/MIGRATION_SUMMARY.md
Théophile Gervreau-Mercier 467aced734 Restructure repository and implement secure search feature 
Phase 1: Consolidate shared infrastructure
- Create shared/ directory for common code
- Consolidate Database.php from front-backend and formulaire into unified shared/Database.php
  - Smart path detection for test.db vs posterg.db
  - Secure search with wildcard escaping and input validation
  - Support both singleton and direct instantiation patterns
  - Full CRUD methods for admin functionality
- Move RateLimit.php to shared/ (30 requests/min)
- Update all require paths across apps to use shared/

Phase 2: Reorganize directory structure
- Rename front-backend/ → apps/public/
- Rename formulaire/ → apps/admin/
- Rename db/ → database/
- Update all file paths for new structure
- Create root .gitignore excluding databases, cache, logs

Implement secure search feature
- Add apps/public/search.php with full-text search across theses
- Search filters: query, year, orientation, AP program, keywords
- Security features:
  - SQL injection prevention (prepared statements)
  - Wildcard injection prevention (escape % and _)
  - Input validation (max 200 chars, year range 1900-2100)
  - Rate limiting (30 req/min per IP)
  - Pagination limited to 100 results/page
  - XSS protection (htmlspecialchars on output)

Add comprehensive test suite
- Create apps/public/tests/ with proper structure
  - tests/Integration/SearchTest.php - 12 search scenarios
  - tests/Security/SecurityTest.php - vulnerability testing
  - tests/Unit/RateLimitTest.php - rate limit behavior
- Create database/fixtures/CreateTestDatabase.php
- Add apps/public/run-tests.php test runner
- All tests passing (4/4 suites)

Update deployment configuration
- Rename justfile 'sync' recipe to 'deploy'
- Create deploy group with separate deploy-public and deploy-admin
- Add test-deploy recipe for test database
- Exclude *.db, tests/, cache/, *.md from production deploy
- Deploy shared/ to both public and admin locations

Stats: +4482 insertions, -654 deletions across 72 files
2026-02-02 18:53:58 +01:00

9.3 KiB
Raw Blame History

Test Migration Summary

Tests Reorganized Following PHP Standards

The test files have been reorganized to follow PHP testing best practices.

What Changed

Before (Non-Standard)

front-backend/
├── test_search.php              ❌ Tests in root
├── test_security.php            ❌ Would deploy to production
├── test_security_updated.php    ❌ No organization
├── test_rate_limit.php          ❌ Mixed with application code
├── create_test_db.php           ❌ Test fixtures in root
├── Database_secure.php          ❌ Duplicate code
├── Database.php                 ✓ Application code
└── RateLimit.php                ✓ Application code

After (Standard)

front-backend/
├── tests/                       ✅ Dedicated test directory
│   ├── Fixtures/               ✅ Test data & setup
│   │   └── CreateTestDatabase.php
│   ├── Integration/            ✅ Multi-component tests
│   │   └── SearchTest.php
│   ├── Security/               ✅ Security validation
│   │   └── SecurityTest.php
│   ├── Unit/                   ✅ Individual component tests
│   │   └── RateLimitTest.php
│   └── README.md               ✅ Test documentation
├── run-tests.php               ✅ Convenient test runner
├── .gitignore                  ✅ Excludes cache, logs, etc.
├── Database.php                ✓ Application code
└── RateLimit.php               ✓ Application code

Benefits Achieved

Production Safety

  • Tests excluded from deployment via justfile
  • No test code in production - cleaner, more secure
  • Smaller deployment size - only application code deployed

Better Organization

  • Clear separation - tests vs application code
  • Logical grouping - unit, integration, security, fixtures
  • Standard structure - other PHP developers will understand immediately

Easier Testing

  • Single command - php run-tests.php runs everything
  • Individual tests - php tests/Security/SecurityTest.php for specific tests
  • Better output - formatted test results with summary

Future-Ready

  • PHPUnit compatible - directory structure ready for migration
  • CI/CD ready - easy to integrate with GitHub Actions, etc.
  • Scalable - easy to add new tests in proper categories

Running Tests

Run All Tests

cd /home/padlock/dev/posterg-website/front-backend
php run-tests.php

Output:

╔════════════════════════════════════════════╗
║       Running Front-Backend Tests         ║
╚════════════════════════════════════════════╝

┌─────────────────────────────────────────┐
│ Test Suite: Fixtures                   │
└─────────────────────────────────────────┘
✅ PASSED

┌─────────────────────────────────────────┐
│ Test Suite: Integration                │
└─────────────────────────────────────────┘
✅ PASSED

┌─────────────────────────────────────────┐
│ Test Suite: Security                   │
└─────────────────────────────────────────┘
✅ PASSED

┌─────────────────────────────────────────┐
│ Test Suite: Unit                       │
└─────────────────────────────────────────┘
✅ PASSED

╔════════════════════════════════════════════╗
║              Test Summary                  ║
╠════════════════════════════════════════════╣
║ Total:  4                                  ║
║ Passed: 4 ✅                               ║
║ Failed: 0                                   ║
╚════════════════════════════════════════════╝

✅ All tests passed!

Run Individual Tests

# Setup test database
php tests/Fixtures/CreateTestDatabase.php

# Run specific test suite
php tests/Integration/SearchTest.php
php tests/Security/SecurityTest.php
php tests/Unit/RateLimitTest.php

Deployment Configuration

Updated justfile

The deployment now excludes test files:

[group('deploy')]
deploy:
    rsync -vur --progress \
      --exclude '*.db' \
      --exclude 'tests/' \
      --exclude 'cache/' \
      --exclude '*.md' \
      --exclude 'run-tests.php' \
      ./front-backend/ posterg:/var/www/html/

What's Excluded:

  • tests/ - All test files
  • *.db - Test databases
  • cache/ - Runtime cache (rate limiting)
  • *.md - Documentation files
  • run-tests.php - Test runner

What's Deployed:

  • Application code (.php files)
  • Assets (assets/ directory)
  • Templates (inc/ directory)
  • Public pages (index.php, search.php, etc.)

New .gitignore

/vendor/
/cache/
*.db
*.log
.env
.env.local

Test Organization Explained

1. Fixtures (tests/Fixtures/)

Purpose: Test data setup and database initialization

Files:

  • CreateTestDatabase.php - Creates test.db with sample theses

When to run: Before running other tests

2. Integration Tests (tests/Integration/)

Purpose: Test multiple components working together

Files:

  • SearchTest.php - Full search functionality with filters

What it tests:

  • Full-text search
  • Year filtering
  • Orientation filtering
  • AP program filtering
  • Keyword search
  • Combined filters
  • Pagination

3. Security Tests (tests/Security/)

Purpose: Verify security measures are working

Files:

  • SecurityTest.php - All security validations

What it tests:

  • Wildcard injection prevention
  • Input length validation (max 200 chars)
  • Year range validation (1900-2100)
  • SQL injection prevention
  • Pagination limits (max 100/page)

4. Unit Tests (tests/Unit/)

Purpose: Test individual components in isolation

Files:

  • RateLimitTest.php - Rate limiting functionality

What it tests:

  • Request tracking
  • Limit enforcement (5 requests in test, 30 in production)
  • Reset time calculation
  • Header generation

Comparison with Professional Projects

Aspect This Project Laravel/Symfony Status
Test directory tests/ tests/ Match
Test organization Unit/Integration/Security Unit/Feature Good
Test framework PHP scripts PHPUnit ⚠️ Can migrate
Deployment exclusion Via rsync Via .deployignore Works
Runner Custom script composer test ⚠️ Can improve
CI/CD Manual GitHub Actions ⚠️ Future

Current Status: Following PHP conventions, ready for growth

Future Migration Path: Can easily migrate to PHPUnit when needed

Next Steps (Optional)

For Small Projects (Current Approach is Fine)

  • Keep using simple PHP test scripts
  • Run php run-tests.php before deploying
  • Tests are properly organized and excluded

To Upgrade to PHPUnit (When Project Grows)

  1. Install PHPUnit:

    composer require --dev phpunit/phpunit

  2. Convert tests to PHPUnit format:

    // Instead of:
echo "Test result: " . ($result ? "✅" : "❌") . "\n";

// Use:
$this->assertTrue($result);

  3. Add phpunit.xml configuration

  4. Run with: composer test

See TESTING_BEST_PRACTICES.md for complete migration guide.

Files Created/Modified

New Files

  • tests/ directory structure
  • tests/README.md - Test documentation
  • run-tests.php - Test runner script
  • .gitignore - Git exclusions

Moved Files

  • test_search.phptests/Integration/SearchTest.php
  • test_security_updated.phptests/Security/SecurityTest.php
  • test_rate_limit.phptests/Unit/RateLimitTest.php
  • create_test_db.phptests/Fixtures/CreateTestDatabase.php

Updated Files

  • All test files (updated require_once paths)
  • justfile (added test exclusions)

Removed Files

  • test_security.php (obsolete, replaced by SecurityTest.php)
  • Database_secure.php (obsolete, functionality in Database.php)

Summary

Organized - Tests follow PHP conventions Secure - Tests excluded from production Convenient - Single command to run all tests Documented - README explains structure Scalable - Easy to add new tests Future-ready - Can migrate to PHPUnit later

All tests passing: 4/4

Ready for production deployment!

Reference in New Issue View Git Blame Copy Permalink