Merge branch 'br1' into 'main'

test1 See merge request !1

Merge branch 'br1' into 'main'
08be1628 · MENACER Mohamed · 98b13cc8 · 8646cf5c · 08be1628 · 08be1628
Commit 08be1628 authored 4 months ago by MENACER Mohamed
--- a/.env
+++ b/.env
+# In all environments, the following files are loaded if they exist,
+# the latter taking precedence over the former:
+#
+#  * .env                contains default values for the environment variables needed by the app
+#  * .env.local          uncommitted file with local overrides
+#  * .env.$APP_ENV       committed environment-specific defaults
+#  * .env.$APP_ENV.local uncommitted environment-specific overrides
+#
+# Real environment variables win over .env files.
+#
+# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+# https://symfony.com/doc/current/configuration/secrets.html
+#
+# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
+# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
+###> symfony/framework-bundle ###
+APP_ENV=dev
+APP_SECRET=
+###< symfony/framework-bundle ###
+###> doctrine/doctrine-bundle ###
+# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
+# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
+#
+# DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
+# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
+DATABASE_URL="mysql://root:root@database:3306/app?serverVersion=10.7.3-MariaDB&charset=utf8mb4"
+# DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=16&charset=utf8"
+###< doctrine/doctrine-bundle ###
+###> symfony/messenger ###
+# Choose one of the transports below
+# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
+# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
+MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
+###< symfony/messenger ###
+###> symfony/mailer ###
+MAILER_DSN=smtp://mailer:1025?encryption=null&auth_mode=null
+###< symfony/mailer ###
--- a/.env.dev
+++ b/.env.dev
+###> symfony/framework-bundle ###
+APP_SECRET=142606b87f226743f1704552c659e898
+###< symfony/framework-bundle ###
--- a/.env.test
+++ b/.env.test
+# define your env variables for the test env here
+KERNEL_CLASS='App\Kernel'
+APP_SECRET='$ecretf0rt3st'
+SYMFONY_DEPRECATIONS_HELPER=999999
+PANTHER_APP_ENV=panther
+PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
+name: Security Audit
+on: [push, pull_request]
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+          tools: composer:v2
+      - name: Setup Cache
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+      - name: Caching deps
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php8.3-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            php8.3-composer-latest-
+      - name: Update composer
+        run: composer self-update
+      - name: install deps
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+      - name: security audit
+        run: |
+          composer audit \
+            --no-dev \
+            --abandoned="report" \
+            --ignore-severity="low" \
+            --ignore-severity="medium" \
+            --format="json" \
+            --no-ansi \
+            > /tmp/security-audit.json
+      - name: upload security audit report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: security-audit
+          path: /tmp/security-audit.json                        
--- a/.github/workflows/quality.yaml
+++ b/.github/workflows/quality.yaml
+name: Quality Analysis
+on: [push, pull_request]
+jobs:
+  quality:
+    name: Quality Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+          tools: composer:v2
+      - name: Setup Cache
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+      - name: Caching deps
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php8.3-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            php8.3-composer-latest-
+      - name: Update composer
+        run: composer self-update
+      - name: install deps
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+      - name: Quality analysis
+        run: composer app:code-quality
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
+name: Tests
+on: [push, pull_request]
+jobs:
+  test:
+    name: Tests
+    runs-on: ubuntu-latest
+    services:
+      database:
+        image: mariadb:10.7.3
+        env:
+          MARIADB_USER: root
+          MARIADB_ROOT_PASSWORD: root
+          MARIADB_DATABASE: app_test
+          MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 'no'
+        ports:
+          - 3306/tcp
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+          tools: composer:v2
+      - name: Setup Cache
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+      - name: Caching deps
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php8.3-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            php8.3-composer-latest-
+      - name: Update composer
+        run: composer self-update
+      - name: install deps
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+      - name: Prepare the database
+        run: sudo systemctl start mysql
+      - name: Tests
+        run: composer app:tests
+        env:
+          APP_ENV: test
+          DATABASE_URL: mysql://root:root@127.0.0.1:${{ job.services.database.ports['3306'] }}/app_test 
--- a/.gitignore
+++ b/.gitignore
+###> symfony/framework-bundle ###
+/.env.local
+/.env.local.php
+/.env.*.local
+/config/secrets/prod/prod.decrypt.private.php
+/public/bundles/
+/var/
+/vendor/
+###< symfony/framework-bundle ###
+###> phpunit/phpunit ###
+/phpunit.xml
+.phpunit.result.cache
+###< phpunit/phpunit ###
+###> symfony/phpunit-bridge ###
+.phpunit.result.cache
+/phpunit.xml
+###< symfony/phpunit-bridge ###
+###> symfony/asset-mapper ###
+/public/assets/
+/assets/vendor/
+###< symfony/asset-mapper ###
+###> phpstan/phpstan ###
+phpstan.neon
+###< phpstan/phpstan ###
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-image: docker:latest
-services:
-  - docker:dind
-variables:
-  DOCKER_HOST: tcp://docker:2375
-  DOCKER_TLS_CERTDIR: ""  # Désactive TLS pour éviter les erreurs de certificat
-  DOCKER_DRIVER: overlay2 # (Optionnel) Optimise le stockage Docker
-before_script:
-  - docker info
-stages:
-  - build
-build:
-  stage: build
-  script:
-    - docker build -t my-app .
-  only:
-    - main
--- a/assets/app.js
+++ b/assets/app.js
+import './bootstrap.js';
+/*
+ * Welcome to your app's main JavaScript file!
+ *
+ * This file will be included onto the page via the importmap() Twig function,
+ * which should already be in your base.html.twig.
+ */
+import './styles/app.css';
+console.log('This log comes from assets/app.js - welcome to AssetMapper! 🎉');
--- a/assets/bootstrap.js
+++ b/assets/bootstrap.js
+import { startStimulusApp } from '@symfony/stimulus-bundle';
+const app = startStimulusApp();
+// register any custom, 3rd party controllers here
+// app.register('some_controller_name', SomeImportedController);
--- a/assets/controllers.json
+++ b/assets/controllers.json
+{
+    "controllers": {
+        "@symfony/ux-turbo": {
+            "turbo-core": {
+                "enabled": true,
+                "fetch": "eager"
+            },
+            "mercure-turbo-stream": {
+                "enabled": false,
+                "fetch": "eager"
+            }
+        }
+    },
+    "entrypoints": []
+}
--- a/assets/controllers/csrf_protection_controller.js
+++ b/assets/controllers/csrf_protection_controller.js
+var nameCheck = /^[-_a-zA-Z0-9]{4,22}$/;
+var tokenCheck = /^[-_/+a-zA-Z0-9]{24,}$/;
+// Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager
+document.addEventListener('submit', function (event) {
+    var csrfField = event.target.querySelector('input[data-controller="csrf-protection"]');
+    if (!csrfField) {
+        return;
+    }
+    var csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+    var csrfToken = csrfField.value;
+    if (!csrfCookie && nameCheck.test(csrfToken)) {
+        csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
+        csrfField.value = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
+    }
+    if (csrfCookie && tokenCheck.test(csrfToken)) {
+        var cookie = csrfCookie + '_' + csrfToken + '=' + csrfCookie + '; path=/; samesite=strict';
+        document.cookie = window.location.protocol === 'https:' ? '__Host-' + cookie + '; secure' : cookie;
+    }
+});
+// When @hotwired/turbo handles form submissions, send the CSRF token in a header in addition to a cookie
+// The `framework.csrf_protection.check_header` config option needs to be enabled for the header to be checked
+document.addEventListener('turbo:submit-start', function (event) {
+    var csrfField = event.detail.formSubmission.formElement.querySelector('input[data-controller="csrf-protection"]');
+    if (!csrfField) {
+        return;
+    }
+    var csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+    if (tokenCheck.test(csrfField.value) && nameCheck.test(csrfCookie)) {
+        event.detail.formSubmission.fetchRequest.headers[csrfCookie] = csrfField.value;
+    }
+});
+// When @hotwired/turbo handles form submissions, remove the CSRF cookie once a form has been submitted
+document.addEventListener('turbo:submit-end', function (event) {
+    var csrfField = event.detail.formSubmission.formElement.querySelector('input[data-controller="csrf-protection"]');
+    if (!csrfField) {
+        return;
+    }
+    var csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+    if (tokenCheck.test(csrfField.value) && nameCheck.test(csrfCookie)) {
+        var cookie = csrfCookie + '_' + csrfField.value + '=0; path=/; samesite=strict; max-age=0';
+        document.cookie = window.location.protocol === 'https:' ? '__Host-' + cookie + '; secure' : cookie;
+    }
+});
+/* stimulusFetch: 'lazy' */
+export default 'csrf-protection-controller';
--- a/assets/controllers/hello_controller.js
+++ b/assets/controllers/hello_controller.js
+import { Controller } from '@hotwired/stimulus';
+/*
+ * This is an example Stimulus controller!
+ *
+ * Any element with a data-controller="hello" attribute will cause
+ * this controller to be executed. The name "hello" comes from the filename:
+ * hello_controller.js -> "hello"
+ *
+ * Delete this file or adapt it for your use!
+ */
+export default class extends Controller {
+    connect() {
+        this.element.textContent = 'Hello Stimulus! Edit me in assets/controllers/hello_controller.js';
+    }
+}
--- a/assets/styles/app.css
+++ b/assets/styles/app.css
+body {
+    background-color: skyblue;
+}
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
-FROM php:7.4-apache
-# Installer les extensions PHP nécessaires
-RUN docker-php-ext-install mysqli pdo pdo_mysql
-# Activer les modules Apache
-RUN a2enmod rewrite
-# Copier les fichiers du projet
-COPY src/ /var/www/html/
-# Donner les permissions à Apache
-RUN chown -R www-data:www-data /var/www/html
-EXPOSE 80
-CMD ["apache2-foreground"]
--- a/backend/src/dashboard.php
+++ b/backend/src/dashboard.php
-<?php
-session_start();
-if (!isset($_SESSION["loggedin"])) {
-    header("Location: index.php");
-    exit;
-}
-include "db.php";
-$query = "SELECT name FROM cars";
-$result = $conn->query($query);
-?>
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Dashboard</title>
-    <link rel="stylesheet" href="styles.css">
-</head>
-<body>
-    <h2>Bienvenue, Admin !</h2>
-    <h3>Liste des voitures :</h3>
-    <ul>
-        <?php while ($row = $result->fetch_assoc()): ?>
-            <li><?php echo $row["name"]; ?></li>
-        <?php endwhile; ?>
-    </ul>
-    <a href="logout.php">Déconnexion</a>
-</body>
-</html>
--- a/backend/src/db.php
+++ b/backend/src/db.php
-<?php
-$host = "db";
-$user = "root";
-$password = "rootpassword";
-$database = "car_database";
-// Connexion à la base de données
-$conn = new mysqli($host, $user, $password, $database);
-// Vérifier la connexion
-if ($conn->connect_error) {
-    die("Erreur de connexion: " . $conn->connect_error);
-}
-?>
--- a/backend/src/index.php
+++ b/backend/src/index.php
-<?php
-session_start();
-include 'db.php'; // Vérifie qu'il n'affiche rien
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    $username = $_POST['username'];
-    $password = $_POST['password'];
-    if ($username == "admin" && $password == "admin123") {
-        $_SESSION['loggedin'] = true;
-        header("Location: dashboard.php"); 
-        exit(); // Toujours ajouter `exit()` après `header()`
-    } else {
-        $error = "Identifiants incorrects";
-    }
-}
-?>
-<!DOCTYPE html>
-<html lang="fr">
-<head>
-    <meta charset="UTF-8">
-    <title>Connexion</title>
-</head>
-<body>
-    <h2>Connexion</h2>
-    <form method="post">
-        <label>Nom d'utilisateur :</label>
-        <input type="text" name="username" required><br>
-        <label>Mot de passe :</label>
-        <input type="password" name="password" required><br>
-        <button type="submit">Se connecter</button>
-    </form>
-    <?php if (isset($error)) echo "<p style='color:red;'>$error</p>"; ?>
-</body>
-</html>
--- a/backend/src/logout.php
+++ b/backend/src/logout.php
-<?php
-session_start();
-session_destroy();
-header("Location: index.php");
-exit;
-?>
--- a/backend/src/styles.css
+++ b/backend/src/styles.css
-body {
-    font-family: Arial, sans-serif;
-    text-align: center;
-}
-form {
-    margin-top: 50px;
-}
-input, button {
-    display: block;
-    margin: 10px auto;
-    padding: 10px;
-}