PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d30153871fe5cf8ff4b45221f4f17d847facab01
xamxam/TODO.md

133 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Post-ERG Dependency & Refactoring Analysis
## Summary
The project has **zero external PHP library dependencies** (no Composer, no vendor/).
All PHP logic relies exclusively on standard PHP extensions: PDO/SQLite, `finfo`,
`session_*`, `password_verify`, `hash_equals`, `random_bytes`, `json_*`, SPL iterators.
There is one vendored CSS file (`modern-normalize.min.css`, 1 file, 8 lines).
The only real problems are **internal structural bugs** and **dead code paths**, not
third-party dependencies. The tasks below are ordered from critical to nice-to-have.
---
## Critical Bugs (broken at runtime)
- [x] **Fix broken `lib/` require paths in all admin pages**
Admin pages (`add.php`, `edit.php`, `import.php`, `thanks.php`, `login.php`,
`logout.php`, `actions/formulaire.php`, `actions/publish.php`) all require
`../../lib/AdminAuth.php` and `../../lib/Database.php`, but the `lib/` directory
**does not exist**. The actual files live in `src/`. This means the entire admin
panel is broken. Fix: change all `lib/` references to `src/`.
- [x] **Fix missing `modern-normalize.css` (no `.min` variant)**
`templates/header.php`, `templates/head.php`, and `public/search.php` reference
`assets/modern-normalize.css` (without `.min`), but only `modern-normalize.min.css`
exists. Either rename the file or update the references to be consistent.
- [x] **Fix `admin/index.php` inconsistency**
`admin/index.php` uses `src/AdminAuth.php` (correct) but then
`../../lib/Database.php` (broken). It should load from `src/` consistently.
---
## Structural / Code-Quality Refactors
- [ ] **Unify and rename `src/` path references across the entire codebase**
After fixing the `lib/``src/` migration, normalise every admin page to load
`src/Database.php` and `src/AdminAuth.php` via `APP_ROOT` (the constant already
defined in `bootstrap.php`), removing the fragile relative-path `../../` chains.
- [ ] **Eliminate the duplicate `searchTheses` / `countSearchResults` condition block**
`Database::searchTheses()` and `Database::countSearchResults()` share identical
WHERE-clause construction logic (~80 lines each). Extract a private
`buildSearchConditions(array $params): array` helper that returns `[$conditions,
$bindings]` and call it from both methods.
- [ ] **Remove `getConnection()` / `getPDO()` alias duplication**
The `Database` class exposes `getConnection()`, `getPDO()`, and direct transaction
delegation (`beginTransaction`, `commit`, `rollback`) purely because the admin code
accesses raw PDO. Consider removing `getConnection()` (alias of `getPDO()`) and
instead promoting the most-used raw queries into `Database` methods, reducing
direct PDO exposure.
- [ ] **Move inline SQL in `admin/index.php` into `Database`**
`admin/index.php` builds a raw SQL query with dynamic filter conditions directly in
the page. This is the only admin page doing so. Add a `getThesesList(array
$filters): array` method to `Database` to match the pattern used everywhere else.
- [ ] **Add a `getThesisByIdAdmin(int $id): ?array` method to remove repeated raw queries in admin**
`admin/thanks.php` and `admin/edit.php` each call `$db->getThesis($id)` then
immediately issue further raw PDO queries for related data (`thesis_languages`,
`thesis_formats`, files). Consolidate into a method that returns everything needed
for the admin detail view.
---
## What Can Be Removed / Simplified
- [ ] **Remove `include_template()` helper from `bootstrap.php` — it is never called**
The function `include_template($name)` in `config/bootstrap.php` is dead code;
pages use direct `include APP_ROOT . '/templates/...'` instead.
- [ ] **Remove the Composer autoload stub from `bootstrap.php`**
`bootstrap.php` has `if (file_exists(APP_ROOT . '/vendor/autoload.php'))` — there
is no Composer vendor directory and no plan for one. Remove this dead branch.
- [ ] **Delete `apps/admin/` directory**
`apps/admin/` contains only `data/` (empty with test data) and `error.log` and
`test.db`. It appears to be a leftover from an earlier structure. If confirmed
unused, delete it.
- [ ] **Remove `apps/` directory entirely if it contains only residual artefacts**
Related to the above — verify no active code references `apps/`.
---
## What Needs External Dependencies (nothing — keep it that way)
- **Authentication**: `password_verify` + `session_*` + `random_bytes` — already
standard PHP. No dependency needed.
- **Database**: PDO + SQLite — already standard PHP. No dependency needed.
- **Rate limiting**: File-based JSON sliding window — already implemented without
deps. Could be replaced by Redis/APCu at scale, but unnecessary for current load.
- **File serving / MIME validation**: `finfo` (fileinfo extension) — standard PHP
bundled extension.
- **CSRF**: `hash_equals` + `random_bytes` — standard PHP. No dependency needed.
- **CSS reset** (`modern-normalize`): The single vendored file (8 lines, minified)
is small enough to keep vendored. No CDN link, no build step. ✓
---
## Testing Infrastructure
- [ ] **Fix `SearchTest.php` — it calls `searchTheses()` with a string, not an array**
`$db->searchTheses('art')` passes a string, but `searchTheses()` expects
`array $params`. This test would throw a TypeError at runtime. Fix the call to
`$db->searchTheses(['query' => 'art'])`.
- [ ] **Add a test for the `lib/` → `src/` path fix once it is applied**
After the path fix, add a smoke test that `require`-s each admin page's
dependencies to catch future regressions.
---
## Low Priority / Nice-to-Have
- [ ] **Normalise `modern-normalize` to a single canonical filename**
Pick either `.min.css` or `.css` and use it everywhere. Prefer `.min.css` since
the file is already minified.
- [ ] **Consider extracting file-upload logic from `formulaire.php` into `Database`**
File validation, directory creation, and `insertThesisFile()` are scattered across
`formulaire.php`. Wrapping them in a `Database::attachFile()` or a dedicated
`FileUploadHandler` class would make `formulaire.php` much shorter and the upload
logic testable.
- [ ] **Unify `head.php` vs `header.php` templates**
The public site has both `templates/head.php` (shared `<head>` tag) and
`templates/header.php` (full `<head>` + `<body><header>`). `tfe.php` uses
`head.php` and renders its own `<body>`, while `index.php` uses `header.php`.
This split is confusing. Consider making `header.php` the single entry point.
Reference in New Issue View Git Blame Copy Permalink