mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
b8529f7abe
Contrast failures (WCAG 1.4.3): - common.css: remove opacity:0.92 from .site-nav__link (was 4.05:1, now 4.87:1 white-on-purple) - common.css: placeholder colour #aaa → #767676 (2.32:1 → 4.54:1 on white) - main.css: filter-info and clear-filter text var(--purple) → var(--purple-dark) (#9557b5 → #7b3fa0, 4.08 → 5.7:1) - index.php: gradient card lighter stop L=65% → L=40%, darker stop L=45% → L=28%; white text now passes 4.5:1 across all hues Non-text contrast (WCAG 1.4.11): - search.css: search-filter <select> border #ddd → #949494 (1.6:1 → 3.0:1 on white) - admin.css: --admin-border #333 → #555 (input bottom-border on #1a1a1a: 1.8:1 → 3.1:1) - admin.css: --admin-text-muted #888 → #969696 (4.38:1 → 4.54:1 on #242424) Mobile layout (WCAG 1.4.10 Reflow): - search.css: add @media (max-width:768px) to collapse répertoire 4-column grid to single column; columns switch from right-border to bottom-border separators Keyboard / screen reader (WCAG 2.1.1, 2.4.4): - index.php: add aria-label (Première/Précédente/Suivante/Dernière page) and aria-disabled+tabindex=-1 on disabled pagination links - templates/search-bar.php: add aria-hidden=true and focusable=false to decorative SVG magnifier Language (WCAG 3.1.1): - search.php: add lang=fr to <html> in 429 rate-limit response
posterg
Répertoire des travaux de fin d'études de l'ERG (École de Recherche Graphique).
Requirements
- PHP 8.4
- SQLite3 (
php8.4-sqlite3) - nginx (production)
Project structure
posterg/
├── public/ # DocumentRoot — web-accessible only
│ ├── admin/ # Admin panel (session-authenticated)
│ ├── assets/ # CSS, fonts, icons
│ ├── media.php # Controlled file serving (covers, PDFs)
│ └── *.php # Public pages (index, search, tfe, apropos)
├── src/ # PHP classes (not web-accessible)
│ ├── AdminAuth.php
│ ├── Database.php
│ ├── RateLimit.php
│ └── config.php
├── templates/ # Shared PHP template partials
├── config/ # Bootstrap and credentials (not web-accessible)
├── storage/ # Database and uploaded files (not web-accessible)
│ ├── schema.sql
│ ├── test.db
│ └── fixtures/
├── tests/
├── scripts/ # Dev and server management scripts
│ ├── setup-dev.sh
│ ├── deploy-server.sh # Run on server with sudo to apply nginx config
│ └── manage-admin-users.sh # Run on server with sudo to manage htpasswd
└── nginx/ # nginx config and reference files
└── posterg.conf
Uploaded files (PDFs, covers) live in storage/ — outside the webroot — and are
served exclusively through public/media.php, which validates paths and MIME types.
Development
just setup # first-time: installs dev dependencies
just serve # http://localhost:8000 (public) and /admin/
just test # run test suite
Admin credentials in development are set via config/admin_credentials.php
(see config/admin_credentials.example.php).
Deployment
Files are pushed to the server with rsync — there is no repo on the remote.
just deploy # rsync app files → posterg:/var/www/posterg/
just deploy-db # push local test.db → remote (only if remote DB is absent)
deploy-db refuses to run if a database already exists on the server, to avoid
accidental overwrites of production data.
First-time server setup
ssh posterg
sudo mkdir -p /var/www/posterg
sudo chown www-data:posterg /var/www/posterg
sudo chmod 775 /var/www/posterg
exit
Then deploy once, copy nginx config, and apply:
just deploy
rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf
ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh"
ssh posterg "sudo systemctl reload nginx"
Admin users (htpasswd)
ssh posterg "sudo bash /var/www/posterg/scripts/manage-admin-users.sh"
Security notes
- Admin panel protected by nginx
auth_basic+ PHP session (AdminAuth) - Uploads stored outside webroot, served via controlled
media.php - Rate limiting on public search (
src/RateLimit.php) - See
docs/TODO.SECURITY.mdfor outstanding items