MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

WIP

Browse Source
This commit is contained in:
Matthieu
2026-03-31 17:57:59 +02:00
parent 1b1dab65b6
commit 476060cf7d
45 changed files with 8547 additions and 648 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Controller/AdminProfileController.php
View File

@@ -68,6 +68,9 @@ final class AdminProfileController extends AbstractController
}
if (null !== $password && '' !== $password) {
if (mb_strlen($password) < 8) {
return new JsonResponse(['message' => 'Le mot de passe doit contenir au moins 8 caractères.'], JsonResponse::HTTP_BAD_REQUEST);
}
$profile->setPassword(
$this->passwordHasher->hashPassword($profile, $password)
);
@@ -131,6 +134,10 @@ final class AdminProfileController extends AbstractController
return new JsonResponse(['message' => 'Le mot de passe est requis.'], JsonResponse::HTTP_BAD_REQUEST);
}
if (mb_strlen($password) < 8) {
return new JsonResponse(['message' => 'Le mot de passe doit contenir au moins 8 caractères.'], JsonResponse::HTTP_BAD_REQUEST);
}
$profile->setPassword(
$this->passwordHasher->hashPassword($profile, $password)
);

17
src/Controller/CommentController.php
View File

@@ -91,12 +91,29 @@ final class CommentController extends AbstractController
$this->entityManager->persist($comment);
// Handle file uploads
$allowedMimeTypes = [
'application/pdf',
'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/bmp',
'text/plain', 'text/csv',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'application/msword', 'application/vnd.ms-excel',
'application/zip',
];
$files = $request->files->all('files');
foreach ($files as $file) {
if (!$file instanceof UploadedFile || !$file->isValid()) {
continue;
}
$detectedMime = $file->getMimeType() ?: 'application/octet-stream';
if (!in_array($detectedMime, $allowedMimeTypes, true)) {
return $this->json([
'message' => sprintf('Type de fichier non autorisé : %s', $detectedMime),
], 400);
}
$document = new Document();
$documentId = 'cl'.bin2hex(random_bytes(12));
$document->setId($documentId);

19
src/Controller/DocumentServeController.php
View File

@@ -8,6 +8,7 @@ use App\Repository\DocumentRepository;
use App\Service\DocumentStorageService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
use Symfony\Component\HttpFoundation\HeaderUtils;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\Routing\Attribute\Route;
@@ -42,11 +43,15 @@ class DocumentServeController extends AbstractController
return $this->json(['error' => 'Invalid document data.'], 500);
}
$disposition = HeaderUtils::makeDisposition(ResponseHeaderBag::DISPOSITION_INLINE, $document->getFilename());
return new Response($content, 200, [
'Content-Type' => $document->getMimeType(),
'Content-Disposition' => ResponseHeaderBag::DISPOSITION_INLINE.'; filename="'.$document->getFilename().'"',
'Content-Length' => (string) strlen($content),
'Cache-Control' => 'private, max-age=3600',
'Content-Type' => $document->getMimeType(),
'Content-Disposition' => $disposition,
'Content-Length' => (string) strlen($content),
'Cache-Control' => 'private, max-age=3600',
'X-Content-Type-Options' => 'nosniff',
'Content-Security-Policy' => 'sandbox',
]);
}
@@ -63,6 +68,8 @@ class DocumentServeController extends AbstractController
$document->getFilename()
);
$response->headers->set('Cache-Control', 'private, max-age=3600');
$response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('Content-Security-Policy', 'sandbox');
return $response;
}
@@ -86,9 +93,11 @@ class DocumentServeController extends AbstractController
return $this->json(['error' => 'Invalid document data.'], 500);
}
$disposition = HeaderUtils::makeDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $document->getFilename());
return new Response($content, 200, [
'Content-Type' => 'application/octet-stream',
'Content-Disposition' => ResponseHeaderBag::DISPOSITION_ATTACHMENT.'; filename="'.$document->getFilename().'"',
'Content-Disposition' => $disposition,
'Content-Length' => (string) strlen($content),
]);
}

25
src/Controller/SessionProfileController.php
View File

@@ -5,10 +5,12 @@ declare(strict_types=1);
namespace App\Controller;
use App\Repository\ProfileRepository;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\RateLimiter\RateLimiterFactory;
use Symfony\Component\Routing\Attribute\Route;
final class SessionProfileController
@@ -16,6 +18,8 @@ final class SessionProfileController
public function __construct(
private readonly ProfileRepository $profiles,
private readonly UserPasswordHasherInterface $passwordHasher,
#[Autowire(service: 'limiter.login')]
private readonly RateLimiterFactory $loginLimiter,
) {}
#[Route('/api/session/profile', name: 'api_session_profile_get', methods: ['GET'])]
@@ -56,6 +60,11 @@ final class SessionProfileController
return new JsonResponse(['message' => 'Session indisponible.'], JsonResponse::HTTP_INTERNAL_SERVER_ERROR);
}
$limiter = $this->loginLimiter->create($request->getClientIp());
if (!$limiter->consume()->isAccepted()) {
return new JsonResponse(['message' => 'Trop de tentatives. Réessayez dans une minute.'], JsonResponse::HTTP_TOO_MANY_REQUESTS);
}
$payload = $request->toArray();
$profileId = $payload['profileId'] ?? null;
@@ -64,24 +73,24 @@ final class SessionProfileController
}
$profile = $this->profiles->find($profileId);
if (!$profile || !$profile->isActive()) {
return new JsonResponse(['message' => 'Profil introuvable ou inactif.'], JsonResponse::HTTP_UNAUTHORIZED);
}
$password = $payload['password'] ?? '';
if ('' === $password) {
return new JsonResponse(['message' => 'Mot de passe requis.'], JsonResponse::HTTP_BAD_REQUEST);
}
$loginFailed = new JsonResponse(['message' => 'Identifiants invalides.'], JsonResponse::HTTP_UNAUTHORIZED);
if (!$profile || !$profile->isActive()) {
return $loginFailed;
}
if (!$profile->getPassword()) {
return new JsonResponse(
['message' => 'Ce profil n\'a pas de mot de passe. Contactez un administrateur.'],
JsonResponse::HTTP_FORBIDDEN,
);
return $loginFailed;
}
if (!$this->passwordHasher->isPasswordValid($profile, $password)) {
return new JsonResponse(['message' => 'Mot de passe incorrect.'], JsonResponse::HTTP_UNAUTHORIZED);
return $loginFailed;
}
$session->migrate(true);

7
src/Controller/SessionProfilesController.php
View File

@@ -27,10 +27,9 @@ final class SessionProfilesController
return new JsonResponse(array_map(static function ($profile): array {
return [
'id' => $profile->getId(),
'firstName' => $profile->getFirstName(),
'lastName' => $profile->getLastName(),
'hasPassword' => null !== $profile->getPassword() && '' !== $profile->getPassword(),
'id' => $profile->getId(),
'firstName' => $profile->getFirstName(),
'lastName' => $profile->getLastName(),
];
}, $items));
}