xamxam/TODO.md

# TODO

## TFE Public Page — File Display

- [x] Replace `<embed>` with `<iframe>` for PDF display (better cross-browser support)
- [x] Exclude `cover` file_type from public files loop (covers are banners, not content)
- [x] Move `App::boot()` in Dispatcher to after direct-response matching (no session on media requests)

## SMTP Relay — bad greeting fix

- [x] Fix `$read()` loop: use `!== false` so empty lines don't terminate early; check `timed_out` meta
- [x] Add SSL stream context (`verify_peer=false`) to `stream_socket_client` to avoid CA bundle failures
- [x] Improve "bad greeting" error: distinguish timeout vs garbage response in log message

## Bug Fixes

- [x] Fix `RateLimit::check()` called statically in `request-access.php` — replaced with `(new RateLimit(3, 600))->checkKey($rateLimitKey)`

## Dev / Debug Fixes

- [x] Fix `serve` recipe: show all PHP output (errors, logs) except static assets/connection noise
- [x] Fix `STORAGE_ROOT` — use local `app/storage/` in dev (cli-server), `/var/www/posterg/storage` in prod
- [x] Create `app/storage/covers/` and `app/storage/theses/` with `.gitkeep`
- [x] Add gitignore rules for uploaded files in dev storage dirs
- [x] Fix `error_log` path in `formulaire.php` (was relative, now absolute)
- [x] Fix CSRF debug: log both tokens on mismatch
- [x] Fix undefined `$redirect` on success path in `formulaire.php`

## Deploy — Preserve Remote Data

- [x] Exclude `storage/posterg.db` from rsync (not sent locally, not deleted remotely)
- [x] Exclude `storage/theses/` from rsync (not sent locally, not deleted remotely)
- [x] Exclude `storage/covers/` from rsync (not sent locally, not deleted remotely)

## Deploy — Rename deploy path to /var/www/xamxam

- [x] Update rsync destination in `justfile` (`deploy`, `deploy-db` recipes)
- [x] Update all `/var/www/posterg` paths in `scripts/deploy-server.sh`
- [x] Update `root` directive in `nginx/posterg.conf`
- [x] Update `STORAGE_ROOT` production path in `app/bootstrap.php`

## Centralise Form Templates

- [x] Extract shared fieldset partials: `fieldset-tfe-info.php`, `fieldset-academic.php`, `fieldset-files.php`, `fieldset-metadata.php`, `fieldset-licence-explanation.php`
- [x] Refactor `templates/admin/add.php` to use shared partials
- [x] Refactor `templates/admin/edit.php` to use shared partials (with edit-mode callable adapters)
- [x] Refactor `partage/index.php` `renderShareLinkForm()` to use shared partials
- [x] Add TODO comments in `partage/index.php` for student-facing explanations (intro block, per-fieldset notes, email note)

## File Display in Forms & Recaps

- [x] Add live file preview to `file-field.php` partial (`data-preview` attribute + `.file-preview-list` container)
- [x] Write `file-preview.js` — renders thumbnails for images, emoji icons for PDFs/videos/zips, filename + size
- [x] Load `file-preview.js` in `admin/add.php` via `$extraJs`
- [x] Load `file-preview.js` in `admin/edit.php` via `$extraJs`
- [x] Load `file-preview.js` in `partage/index.php` (self-contained HTML, direct `<script>` tag)
- [x] Support `$extraJs` in `head.php`
- [x] Add `data-preview` + preview container to edit template's cover/banner/files inputs (not using partial)
- [x] Enhance `admin/recapitulatif.php` template — image thumbnails, clickable filenames, type badges, file size, date
- [x] Rewrite `partage/recapitulatif.php` — full recap with thesis metadata + uploaded files list (thumbnails for images, icons for others)
- [x] Add CSS: `.file-preview-list`, `.fp-item`, `.fp-thumb`, `.fp-icon`, `.fp-meta`, `.fp-name`, `.fp-size`
- [x] Add CSS: `.recap-file-list`, `.recap-file-item`, `.recap-file-thumb`, `.recap-file-icon`, `.recap-file-meta`, `.recap-file-type-badge`, `.recap-file-date`
- [x] Add CSS: `.partage-recap`, `.recap-section`, `.recap-dl` for partage recap layout