chore : bump version to v1.9.9

- Backend: MaintenanceModeListener blocks non-admin API requests when
  var/maintenance flag file exists. MaintenanceController provides
  toggle (PUT /api/admin/maintenance) and public check endpoint
  (GET /api/maintenance/check).
- Frontend: Toggle button in admin page, maintenance.vue page for
  blocked users, middleware redirects non-admins to /maintenance.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/auto-tag-develop.yml

@@ -16,7 +16,7 @@ jobs:
           token: ${{ secrets.REGISTRY_TOKEN }}
           persist-credentials: true
 
-      - name: Create next tag from VERSION
+      - name: Create next tag from config/version.yaml
         shell: bash
         run: |
           set -euo pipefail
@@ -28,18 +28,18 @@ jobs:
           fi
 
           changed_version=false
-          if git diff --name-only "${{ gitea.event.before }}" "${{ gitea.event.after }}" | grep -q '^VERSION$'; then
+          if git diff --name-only "${{ gitea.event.before }}" "${{ gitea.event.after }}" | grep -q '^config/version\.yaml$'; then
             changed_version=true
           fi
 
           read_version() {
-            cat VERSION | tr -d '[:space:]'
+            awk -F': *' '/app\.version:/{print $2}' config/version.yaml | tr -d '[:space:]' | tr -d "'\""
           }
 
           if $changed_version; then
             version="$(read_version)"
             if ! [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-              echo "Invalid version in VERSION: $version" >&2
+              echo "Invalid version in version.yaml: $version" >&2
               exit 1
             fi
           else
@@ -52,10 +52,10 @@ jobs:
               version="${major}.${minor}.$((patch + 1))"
             fi
 
-            echo "$version" > VERSION
+            printf "parameters:\\n    app.version: '%s'\\n" "$version" > config/version.yaml
             git config user.name "gitea-actions"
             git config user.email "gitea-actions@local"
-            git add VERSION
+            git add config/version.yaml
             git commit -m "chore : bump version to v$version" || true
             git push origin develop || true
           fi

VERSION

@@ -1 +0,0 @@
-1.9.7

config/packages/api_platform.yaml

@@ -1,7 +1,7 @@
 api_platform:
     title: Inventory API
     description: API de gestion d'inventaire industriel — machines, pièces, composants, produits.
-    version: 1.9.1
+    version: 1.9.6
     defaults:
         stateless: false
         cache_headers:

config/packages/security.yaml

@@ -55,6 +55,7 @@ security:
         - { path: ^/api/admin, roles: ROLE_ADMIN }
         - { path: ^/api/docs, roles: PUBLIC_ACCESS }
         - { path: ^/api/health$, roles: PUBLIC_ACCESS }
+        - { path: ^/api/maintenance/check$, roles: PUBLIC_ACCESS }
         - { path: ^/_mcp, roles: ROLE_USER }
         - { path: ^/docs, roles: PUBLIC_ACCESS }
         - { path: ^/contexts, roles: PUBLIC_ACCESS }

config/version.yaml

@@ -0,0 +1,2 @@
+parameters:
+    app.version: '1.9.9'

deploy/docker/Dockerfile.prod

@@ -19,7 +19,6 @@ COPY migrations migrations/
 COPY public public/
 COPY src src/
 COPY templates templates/
-COPY VERSION VERSION
 
 RUN composer dump-autoload --optimize --no-dev
 
@@ -31,6 +30,7 @@ COPY frontend/package.json frontend/package-lock.json ./
 RUN npm ci
 
 COPY frontend/ ./
+COPY config/version.yaml /app/config/version.yaml
 ENV CI=1 \
     NUXT_TELEMETRY_DISABLED=1 \
     NUXT_PUBLIC_API_BASE_URL=/api \

deploy/docker/deploy.sh

@@ -24,5 +24,5 @@ echo "==> Clearing cache..."
 sudo docker compose exec -T -u www-data app php bin/console cache:clear --env=prod
 sudo docker compose exec -T -u www-data app php bin/console cache:warmup --env=prod
 
-VERSION=$(sudo docker compose exec -T app cat VERSION)
+VERSION=$(sudo docker compose exec -T app cat config/version.yaml | grep 'app.version' | awk -F"'" '{print $2}')
 echo "==> Deployed v${VERSION}"

frontend/app/composables/useMaintenance.ts

@@ -0,0 +1,30 @@
+import { ref } from 'vue'
+import { useApi } from './useApi'
+
+const maintenanceEnabled = ref(false)
+
+export function useMaintenance() {
+    const { apiCall } = useApi()
+    const loading = ref(false)
+
+    const fetchStatus = async () => {
+        const res = await apiCall<{ enabled: boolean }>('/admin/maintenance')
+        if (res.success && res.data) {
+            maintenanceEnabled.value = res.data.enabled
+        }
+    }
+
+    const toggle = async () => {
+        loading.value = true
+        try {
+            const res = await apiCall<{ enabled: boolean }>('/admin/maintenance', { method: 'PUT' })
+            if (res.success && res.data) {
+                maintenanceEnabled.value = res.data.enabled
+            }
+        } finally {
+            loading.value = false
+        }
+    }
+
+    return { maintenanceEnabled, loading, fetchStatus, toggle }
+}

frontend/app/middleware/profile.global.ts

@@ -1,4 +1,4 @@
-import { useProfileSession, usePermissions } from "#imports";
+import { useProfileSession, usePermissions, useApi } from "#imports";
 
 export default defineNuxtRouteMiddleware(async (to) => {
   const { ensureSession, activeProfile } = useProfileSession();
@@ -12,9 +12,10 @@ export default defineNuxtRouteMiddleware(async (to) => {
     normalizedPath.startsWith("/profiles") ||
     fullPath.startsWith("/profiles") ||
     routeName.startsWith("profiles");
+  const isMaintenanceRoute = normalizedPath === "/maintenance";
 
   // Redirect to login if no active profile
-  if (!activeProfile.value && !isProfilesRoute) {
+  if (!activeProfile.value && !isProfilesRoute && !isMaintenanceRoute) {
     return navigateTo("/profiles");
   }
 
@@ -29,5 +30,13 @@ export default defineNuxtRouteMiddleware(async (to) => {
       }
     }
 
+    // Maintenance mode check for non-admin users
+    if (!isAdmin.value && !isMaintenanceRoute && !isProfilesRoute) {
+      const { apiCall } = useApi();
+      const res = await apiCall<{ enabled: boolean }>('/maintenance/check');
+      if (res.success && res.data?.enabled) {
+        return navigateTo("/maintenance");
+      }
+    }
   }
 });

frontend/app/pages/admin/index.vue

@@ -1,5 +1,28 @@
 <template>
   <div class="container mx-auto p-6 max-w-6xl">
+    <!-- Maintenance Mode -->
+    <div class="alert mb-6" :class="maintenanceEnabled ? 'alert-warning' : 'alert-info'">
+      <div class="flex items-center justify-between w-full">
+        <div class="flex items-center gap-2">
+          <span class="font-medium">Mode maintenance</span>
+          <span v-if="maintenanceEnabled" class="badge badge-warning badge-sm">Actif</span>
+          <span v-else class="badge badge-ghost badge-sm">Inactif</span>
+        </div>
+        <button
+          class="btn btn-sm"
+          :class="maintenanceEnabled ? 'btn-ghost' : 'btn-warning'"
+          :disabled="maintenanceLoading"
+          @click="handleToggleMaintenance"
+        >
+          <span v-if="maintenanceLoading" class="loading loading-spinner loading-xs" />
+          {{ maintenanceEnabled ? 'Désactiver' : 'Activer' }}
+        </button>
+      </div>
+      <p class="text-sm opacity-70 mt-1">
+        {{ maintenanceEnabled ? 'Seuls les administrateurs peuvent accéder à l\'application.' : 'L\'application est accessible à tous les utilisateurs.' }}
+      </p>
+    </div>
+
     <div class="flex items-center justify-between mb-6">
       <h1 class="text-2xl font-bold">
         Administration des profils
@@ -153,9 +176,14 @@
 <script setup>
 import { ref, computed, onMounted } from 'vue'
 import DataTable from '~/components/common/DataTable.vue'
-import { useAdminProfiles } from '#imports'
+import { useAdminProfiles, useMaintenance } from '#imports'
 
 const { profiles, loading, fetchAll, createProfile, updateRole, setPassword, deactivateProfile } = useAdminProfiles()
+const { maintenanceEnabled, loading: maintenanceLoading, fetchStatus: fetchMaintenanceStatus, toggle: toggleMaintenance } = useMaintenance()
+
+const handleToggleMaintenance = async () => {
+  await toggleMaintenance()
+}
 
 const loaded = ref(false)
 const isLoading = computed(() => loading.value || !loaded.value)
@@ -264,7 +292,7 @@ const handleDeactivate = async (profileId) => {
 }
 
 onMounted(async () => {
-  await fetchAll()
+  await Promise.all([fetchAll(), fetchMaintenanceStatus()])
   loaded.value = true
 })
 </script>

frontend/app/pages/maintenance.vue

@@ -0,0 +1,21 @@
+<template>
+  <div class="min-h-screen flex items-center justify-center bg-base-200">
+    <div class="text-center max-w-md">
+      <h1 class="text-4xl font-bold mb-4">
+        Maintenance
+      </h1>
+      <p class="text-lg text-base-content/70 mb-6">
+        L'application est actuellement en maintenance. Veuillez réessayer ultérieurement.
+      </p>
+      <button class="btn btn-primary" @click="retry">
+        Réessayer
+      </button>
+    </div>
+  </div>
+</template>
+
+<script setup>
+const retry = () => {
+  navigateTo('/')
+}
+</script>

frontend/nuxt.config.ts

@@ -3,12 +3,14 @@ import { readFileSync } from 'node:fs'
 import { dirname, resolve } from 'node:path'
 import { fileURLToPath } from 'node:url'
 
-// Lire la version depuis le fichier VERSION à la racine du projet parent
+// Lire la version depuis config/version.yaml à la racine du projet parent
 const getAppVersion = (): string => {
   try {
     const __dirname = dirname(fileURLToPath(import.meta.url))
-    const versionPath = resolve(__dirname, '..', 'VERSION')
+    const versionPath = resolve(__dirname, '..', 'config', 'version.yaml')
-    return readFileSync(versionPath, 'utf-8').trim()
+    const content = readFileSync(versionPath, 'utf-8')
+    const match = content.match(/app\.version:\s*'([^']+)'/)
+    return match ? match[1] : '0.0.0'
   } catch {
     return '0.0.0'
   }

scripts/release.sh

@@ -11,11 +11,11 @@ NC='\033[0m' # No Color
 # Répertoire racine du projet
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
-VERSION_FILE="$PROJECT_ROOT/VERSION"
+VERSION_FILE="$PROJECT_ROOT/config/version.yaml"
 API_PLATFORM_FILE="$PROJECT_ROOT/config/packages/api_platform.yaml"
 
 # Lire la version actuelle
-current_version=$(cat "$VERSION_FILE" | tr -d '\n')
+current_version=$(awk -F': *' '/app\.version:/{print $2}' "$VERSION_FILE" | tr -d "' \n\r")
 
 # Fonction pour afficher l'aide
 show_help() {
@@ -113,8 +113,8 @@ cd "$PROJECT_ROOT"
 # ===========================================
 # ÉTAPE 1 : Mettre à jour VERSION
 # ===========================================
-echo -e "${BLUE}[1/4]${NC} Mise à jour du fichier VERSION..."
+echo -e "${BLUE}[1/4]${NC} Mise à jour de config/version.yaml..."
-echo "$new_version" > "$VERSION_FILE"
+printf "parameters:\\n    app.version: '%s'\\n" "$new_version" > "$VERSION_FILE"
 
 # ===========================================
 # ÉTAPE 2 : Mettre à jour api_platform.yaml

src/Controller/MaintenanceController.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpKernel\KernelInterface;
+use Symfony\Component\Routing\Attribute\Route;
+
+final class MaintenanceController extends AbstractController
+{
+    public function __construct(
+        private readonly KernelInterface $kernel,
+    ) {}
+
+    #[Route('/api/maintenance/check', name: 'maintenance_check', methods: ['GET'])]
+    public function check(): JsonResponse
+    {
+        return new JsonResponse([
+            'enabled' => file_exists($this->flagPath()),
+        ]);
+    }
+
+    #[Route('/api/admin/maintenance', name: 'admin_maintenance_status', methods: ['GET'])]
+    public function status(): JsonResponse
+    {
+        $this->denyAccessUnlessGranted('ROLE_ADMIN');
+
+        return new JsonResponse([
+            'enabled' => file_exists($this->flagPath()),
+        ]);
+    }
+
+    #[Route('/api/admin/maintenance', name: 'admin_maintenance_toggle', methods: ['PUT'])]
+    public function toggle(): JsonResponse
+    {
+        $this->denyAccessUnlessGranted('ROLE_ADMIN');
+
+        $path = $this->flagPath();
+
+        if (file_exists($path)) {
+            unlink($path);
+            $enabled = false;
+        } else {
+            file_put_contents($path, (string) time());
+            $enabled = true;
+        }
+
+        return new JsonResponse(['enabled' => $enabled]);
+    }
+
+    private function flagPath(): string
+    {
+        return $this->kernel->getProjectDir() . '/var/maintenance';
+    }
+}

src/EventListener/MaintenanceModeListener.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\EventListener;
+
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+
+#[AsEventListener(event: 'kernel.request', priority: 10)]
+final class MaintenanceModeListener
+{
+    public function __construct(
+        private readonly KernelInterface $kernel,
+        private readonly TokenStorageInterface $tokenStorage,
+    ) {}
+
+    public function __invoke(RequestEvent $event): void
+    {
+        if (!$event->isMainRequest()) {
+            return;
+        }
+
+        $flagFile = $this->kernel->getProjectDir() . '/var/maintenance';
+
+        if (!file_exists($flagFile)) {
+            return;
+        }
+
+        $request = $event->getRequest();
+        $path = $request->getPathInfo();
+
+        // Always allow maintenance status endpoint and session endpoints
+        if (str_starts_with($path, '/api/admin/maintenance')
+            || str_starts_with($path, '/api/maintenance/check')
+            || str_starts_with($path, '/api/session')
+            || str_starts_with($path, '/api/health')
+            || str_starts_with($path, '/api/docs')
+        ) {
+            return;
+        }
+
+        // Allow admin users through
+        $token = $this->tokenStorage->getToken();
+        if ($token && $token->getUser()) {
+            $roles = $token->getRoleNames();
+            if (in_array('ROLE_ADMIN', $roles, true)) {
+                return;
+            }
+        }
+
+        $event->setResponse(new JsonResponse(
+            ['message' => 'Application en maintenance. Veuillez réessayer ultérieurement.'],
+            JsonResponse::HTTP_SERVICE_UNAVAILABLE,
+        ));
+    }
+}