netig/f3-simple-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Less home code more F3

Browse Source
This commit is contained in:
julien
2026-03-28 17:37:22 +01:00
parent d2e70af739
commit 16850386d3
19 changed files with 232 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controllers/AuthController.php
View File

@@ -29,7 +29,7 @@ class AuthController extends BaseController
return;
}
session_regenerate_id(true);
session_regenerate_id(true); // Prévient la fixation de session.
$this->f3->set('SESSION.user_id', $user['id']);
$this->flash('success', 'Connexion réussie.');
$this->f3->reroute('@dashboard');
@@ -39,7 +39,7 @@ class AuthController extends BaseController
{
$this->verifyCsrf();
$this->f3->clear('SESSION.user_id');
session_regenerate_id(true);
session_regenerate_id(true); // Invalide l'ancien ID de session.
$this->flash('success', 'Déconnexion effectuée.');
$this->f3->reroute('@login');
}

21
app/Controllers/BaseController.php
View File

@@ -7,8 +7,8 @@ abstract class BaseController
protected Base $f3;
protected DB\SQL $db;
private ?array $resolvedUser = null;
private bool $userResolved = false;
// false = pas encore résolu, null = résolu sans utilisateur.
private array|false|null $resolvedUser = false;
public function __construct()
{
@@ -20,9 +20,9 @@ abstract class BaseController
{
$user = $this->currentUser();
// Les pages publiques peuvent rester cacheables avec le TTL demandé.
// Les pages publiques restent cacheables avec le TTL demandé.
// Si un utilisateur est connecté, le layout dépend de la session
// (navigation d'admin, déconnexion + CSRF) : on force expire(0)
// (navigation admin, déconnexion + CSRF) : on force expire(0)
// pour ne pas servir ce rendu à d'autres visiteurs.
$this->f3->expire($user !== null ? 0 : $cacheTtl);
@@ -37,19 +37,17 @@ abstract class BaseController
'metaDescription' => null,
]);
// Mémoriser en session la valeur exposée à @CSRF pour que les
// formulaires rendus pendant cette réponse puissent être vérifiés
// lors du POST suivant par verifyCsrf().
// Recopier @CSRF en session pour que verifyCsrf() puisse
// vérifier le jeton soumis au POST suivant.
$this->f3->copy('CSRF', 'SESSION.csrf');
echo Template::instance()->render('layout.html');
}
protected function currentUser(): ?array
{
if (!$this->userResolved) {
if ($this->resolvedUser === false) {
$userId = (int) ($this->f3->get('SESSION.user_id') ?? 0);
$this->resolvedUser = $userId > 0 ? (new User($this->db))->findById($userId) : null;
$this->userResolved = true;
}
return $this->resolvedUser;
@@ -65,15 +63,12 @@ abstract class BaseController
$this->f3->reroute('@login');
}
// La classe Session de F3 expose la valeur courante via « CSRF ».
// Au rendu, on la recopie en SESSION.csrf ; le formulaire renvoie
// ensuite le jeton affiché lors du rendu précédent, qu'on compare à
// la valeur mémorisée en session.
protected function verifyCsrf(): void
{
$submitted = (string) ($this->f3->get('POST.csrf_token') ?? '');
$expected = (string) ($this->f3->get('SESSION.csrf') ?? '');
// hash_equals : comparaison en temps constant contre les attaques temporelles.
if ($submitted !== '' && $expected !== '' && hash_equals($expected, $submitted)) {
return;
}

4
app/Controllers/DashboardController.php
View File

@@ -12,13 +12,15 @@ class DashboardController extends BaseController
public function index(): void
{
$page = max(1, (int) ($this->f3->get('GET.page') ?? 1));
$result = (new Post($this->db))->paginateList($page, 24);
$media = new Media($this->db);
$result = (new Post($this->db))->paginateList($page, 24, $media);
$this->render('admin/dashboard.html', [
'pageTitle' => 'Tableau de bord',
'posts' => $result['posts'],
'pagination' => $result,
'paginationAlias' => 'dashboard',
'adminMode' => true,
]);
}
}

14
app/Controllers/MediaController.php
View File

@@ -81,7 +81,19 @@ class MediaController extends BaseController
$this->verifyCsrf();
try {
(new Media($this->db))->delete((int) $this->f3->get('PARAMS.id'));
$id = (int) $this->f3->get('PARAMS.id');
$media = new Media($this->db);
$item = $media->findById($id);
if ($item === null) {
throw new RuntimeException('Image introuvable.');
}
if ((new Post($this->db))->isMediaUsed($item['id'], $item['file_name'])) {
throw new RuntimeException('Cette image est encore utilisée par un article.');
}
$media->delete($id);
$this->flash('success', 'Image supprimée.');
} catch (RuntimeException $e) {
$this->flash('error', $e->getMessage());

17
app/Controllers/PostController.php
View File

@@ -20,14 +20,15 @@ class PostController extends BaseController
{
$this->verifyCsrf();
$media = new Media($this->db);
$input = $this->postInput();
try {
(new Post($this->db))->create($input);
(new Post($this->db))->create($input, $media);
$this->flash('success', 'Article créé.');
$this->f3->reroute('@dashboard');
} catch (RuntimeException $e) {
$this->renderForm('Nouvel article', $this->f3->alias('post_store'), $input, $e->getMessage());
$this->renderForm('Nouvel article', $this->f3->alias('post_store'), $input, $e->getMessage(), $media);
}
}
@@ -46,11 +47,12 @@ class PostController extends BaseController
{
$this->verifyCsrf();
$media = new Media($this->db);
$id = (int) $this->f3->get('PARAMS.id');
$input = $this->postInput() + ['id' => $id];
try {
$updated = (new Post($this->db))->updatePost($id, $input);
$updated = (new Post($this->db))->updatePost($id, $input, $media);
if (!$updated) {
$this->f3->error(404, 'Article introuvable.');
return;
@@ -59,7 +61,7 @@ class PostController extends BaseController
$this->flash('success', 'Article mis à jour.');
$this->f3->reroute('@dashboard');
} catch (RuntimeException $e) {
$this->renderForm('Modifier l\'article', $this->f3->alias('post_update', ['id' => $id]), $input, $e->getMessage());
$this->renderForm('Modifier l\'article', $this->f3->alias('post_update', ['id' => $id]), $input, $e->getMessage(), $media);
}
}
@@ -77,14 +79,15 @@ class PostController extends BaseController
$this->f3->reroute('@dashboard');
}
private function renderForm(string $pageTitle, string $formAction, array $post, ?string $error = null): void
private function renderForm(string $pageTitle, string $formAction, array $post, ?string $error = null, ?Media $media = null): void
{
$media ??= new Media($this->db);
$coverPreview = null;
if (!empty($post['cover_media_id'])) {
$coverPreview = (new Media($this->db))->findById((int) $post['cover_media_id']);
$coverPreview = $media->findById((int) $post['cover_media_id']);
}
$media = new Media($this->db);
$mediaItems = $media->latest(self::MEDIA_PICKER_LIMIT);
$mediaCount = $media->count();
$flash = $error !== null ? ['type' => 'error', 'message' => $error] : null;

6
app/Controllers/SiteController.php
View File

@@ -7,7 +7,8 @@ class SiteController extends BaseController
public function home(): void
{
$page = max(1, (int) ($this->f3->get('GET.page') ?? 1));
$result = (new Post($this->db))->paginateList($page);
$media = new Media($this->db);
$result = (new Post($this->db))->paginateList($page, 12, $media);
$this->render('site/home.html', [
'pageTitle' => 'Accueil',
@@ -19,7 +20,8 @@ class SiteController extends BaseController
public function show(): void
{
$post = (new Post($this->db))->findBySlug((string) $this->f3->get('PARAMS.slug'));
$media = new Media($this->db);
$post = (new Post($this->db))->findBySlug((string) $this->f3->get('PARAMS.slug'), $media);
if ($post === null) {
$this->f3->error(404, 'Article introuvable.');
return;