netig/f3-simple-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
julien
2026-03-27 14:43:08 +01:00
commit ced7dbfbf7
54 changed files with 3680 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
app/Controllers/AssetController.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
class AssetController extends BaseController
{
private const ALLOWED = [
'app.css' => 'text/css',
'app.js' => 'application/javascript',
];
public function serve(): void
{
$file = basename((string) $this->f3->get('PARAMS.file'));
if (!array_key_exists($file, self::ALLOWED)) {
$this->f3->error(404);
return;
}
$this->f3->expire(86400); // 24 h côté navigateur
echo Web::instance()->minify(
$file,
self::ALLOWED[$file],
true, // envoie le Content-Type
app_root() . '/public/assets/' // répertoire source (hors UI)
);
}
}

47
app/Controllers/AuthController.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
declare(strict_types=1);
class AuthController extends BaseController
{
public function show(): void
{
if ($this->currentUser() !== null) {
$this->f3->reroute($this->f3->alias('dashboard'));
return;
}
$this->f3->expire(0);
$this->render('auth/login.html', ['pageTitle' => 'Connexion']);
}
public function login(): void
{
$this->verifyCsrf();
$username = trim((string) ($this->f3->get('POST.username') ?? ''));
$password = (string) ($this->f3->get('POST.password') ?? '');
$user = (new User($this->db))->findByUsername($username);
if ($user === null || !password_verify($password, $user['password_hash'])) {
usleep(1_500_000); // 1,5 s — ralentit le brute-force
$this->flash('error', 'Identifiants invalides.');
$this->f3->reroute($this->f3->alias('login'));
return;
}
session_regenerate_id(true);
$this->f3->set('SESSION.user_id', $user['id']);
$this->flash('success', 'Connexion réussie.');
$this->f3->reroute($this->f3->alias('dashboard'));
}
public function logout(): void
{
$this->verifyCsrf();
$this->f3->clear('SESSION.user_id');
session_regenerate_id(true);
$this->flash('success', 'Déconnexion effectuée.');
$this->f3->reroute($this->f3->alias('home'));
}
}

79
app/Controllers/BaseController.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
declare(strict_types=1);
abstract class BaseController
{
protected Base $f3;
protected DB\SQL $db;
public function __construct()
{
$this->f3 = Base::instance();
$this->db = $this->f3->get('DB');
}
protected function render(string $view, array $data = []): void
{
$this->f3->mset($data + [
'view' => $view,
'currentUser' => $this->currentUser(),
'flash' => $this->pullFlash(),
'csrfToken' => $this->csrfToken(),
]);
echo Template::instance()->render('layout.html');
}
protected function currentUser(): ?array
{
$userId = (int) ($this->f3->get('SESSION.user_id') ?? 0);
return $userId > 0 ? (new User($this->db))->findById($userId) : null;
}
protected function requireAuth(): void
{
if ($this->currentUser() !== null) {
return;
}
$this->flash('error', 'Connecte-toi pour continuer.');
$this->f3->reroute($this->f3->alias('login'));
}
protected function csrfToken(): string
{
// Génère un token CSRF et le stocke en session au premier appel.
$token = (string) ($this->f3->get('SESSION.csrf_token') ?? '');
if ($token === '') {
$token = bin2hex(random_bytes(32));
$this->f3->set('SESSION.csrf_token', $token);
}
return $token;
}
protected function verifyCsrf(): void
{
$submitted = (string) ($this->f3->get('POST.csrf_token') ?? '');
$expected = (string) ($this->f3->get('SESSION.csrf_token') ?? '');
if ($submitted !== '' && $expected !== '' && hash_equals($expected, $submitted)) {
return;
}
$this->f3->error(400, 'Jeton CSRF invalide.');
}
protected function flash(string $type, string $message): void
{
$this->f3->set('SESSION.flash', ['type' => $type, 'message' => $message]);
}
private function pullFlash(): ?array
{
$flash = $this->f3->get('SESSION.flash');
$this->f3->clear('SESSION.flash');
return is_array($flash) ? $flash : null;
}
}

22
app/Controllers/DashboardController.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
class DashboardController extends BaseController
{
public function index(): void
{
$this->requireAuth();
$this->f3->expire(0);
$page = max(1, (int) ($this->f3->get('GET.page') ?? 1));
$result = (new Post($this->db))->paginateList($page, 24);
$this->render('admin/dashboard.html', [
'pageTitle' => 'Tableau de bord',
'posts' => $result['posts'],
'pagination' => $result,
'paginationBase' => $this->f3->alias('dashboard'),
]);
}
}

84
app/Controllers/MediaController.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
declare(strict_types=1);
class MediaController extends BaseController
{
private const UPLOAD_MAX_BYTES = 10 * 1024 * 1024; // 10 Mo
public function index(): void
{
$this->requireAuth();
$this->f3->expire(0);
$this->render('admin/media.html', [
'pageTitle' => 'Médiathèque',
'items' => (new Media($this->db))->all(),
]);
}
public function upload(): void
{
$this->requireAuth();
$this->verifyCsrf();
try {
// Lire le nom d'origine avant que Web::receive() déplace le fichier.
$originalName = (string) ($this->f3->get('FILES.image.name') ?? '');
$received = Web::instance()->receive(
fn(array $file): bool => $file['size'] <= self::UPLOAD_MAX_BYTES,
overwrite: false,
slug: true
);
// UPLOADS étant absolu (bootstrap.php), les chemins retournés le sont aussi.
$accepted = array_keys(array_filter($received));
if ($accepted === []) {
throw new RuntimeException('Choisis une image valide à envoyer (JPG, PNG, WebP ≤ ' . (int)(self::UPLOAD_MAX_BYTES / 1024 / 1024) . ' Mo).');
}
foreach ($accepted as $destPath) {
(new Media($this->db))->upload($destPath, $originalName);
}
$this->flash('success', 'Image ajoutée.');
} catch (RuntimeException $e) {
$this->flash('error', $e->getMessage());
}
$this->f3->reroute($this->f3->alias('media_index'));
}
public function updateAlt(): void
{
$this->requireAuth();
$this->verifyCsrf();
try {
$alt = trim((string) ($this->f3->get('POST.alt') ?? ''));
(new Media($this->db))->updateAlt((int) $this->f3->get('PARAMS.id'), $alt);
$this->flash('success', 'Texte alternatif mis à jour.');
} catch (RuntimeException $e) {
$this->flash('error', $e->getMessage());
}
$this->f3->reroute($this->f3->alias('media_index'));
}
public function delete(): void
{
$this->requireAuth();
$this->verifyCsrf();
try {
(new Media($this->db))->delete((int) $this->f3->get('PARAMS.id'));
$this->flash('success', 'Image supprimée.');
} catch (RuntimeException $e) {
$this->flash('error', $e->getMessage());
}
$this->f3->reroute($this->f3->alias('media_index'));
}
}

110
app/Controllers/PostController.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
declare(strict_types=1);
class PostController extends BaseController
{
public function create(): void
{
$this->requireAuth();
$this->f3->expire(0);
$this->renderForm('Nouvel article', $this->f3->alias('post_store'), Post::emptyForm());
}
public function store(): void
{
$this->requireAuth();
$this->verifyCsrf();
$input = $this->postInput();
try {
(new Post($this->db))->create($input);
Cache::instance()->reset('.url'); // invalide le cache des pages publiques
$this->flash('success', 'Article créé.');
$this->f3->reroute($this->f3->alias('dashboard'));
} catch (RuntimeException $e) {
$this->f3->expire(0);
$this->renderForm('Nouvel article', $this->f3->alias('post_store'), $input, $e->getMessage());
}
}
public function edit(): void
{
$this->requireAuth();
$this->f3->expire(0);
$post = (new Post($this->db))->findForEdit((int) $this->f3->get('PARAMS.id'));
if ($post === null) {
$this->f3->error(404, 'Article introuvable.');
return;
}
$this->renderForm('Modifier l\'article', $this->f3->alias('post_update', ['id' => $post['id']]), $post);
}
public function update(): void
{
$this->requireAuth();
$this->verifyCsrf();
$id = (int) $this->f3->get('PARAMS.id');
$input = $this->postInput() + ['id' => $id];
try {
$updated = (new Post($this->db))->updatePost($id, $input);
if (!$updated) {
$this->f3->error(404, 'Article introuvable.');
return;
}
Cache::instance()->reset('.url'); // invalide le cache des pages publiques
$this->flash('success', 'Article mis à jour.');
$this->f3->reroute($this->f3->alias('dashboard'));
} catch (RuntimeException $e) {
$this->f3->expire(0);
$this->renderForm('Modifier l\'article', $this->f3->alias('post_update', ['id' => $id]), $input, $e->getMessage());
}
}
public function delete(): void
{
$this->requireAuth();
$this->verifyCsrf();
(new Post($this->db))->delete((int) $this->f3->get('PARAMS.id'));
Cache::instance()->reset('.url'); // invalide le cache des pages publiques
$this->flash('success', 'Article supprimé.');
$this->f3->reroute($this->f3->alias('dashboard'));
}
private function renderForm(string $pageTitle, string $formAction, array $post, ?string $error = null): void
{
$coverPreview = null;
if (!empty($post['cover_media_id'])) {
$coverPreview = (new Media($this->db))->findById((int) $post['cover_media_id']);
}
$flash = $error !== null ? ['type' => 'error', 'message' => $error] : null;
$this->render('admin/post_form.html', [
'pageTitle' => $pageTitle,
'formAction' => $formAction,
'post' => $post,
'coverPreview' => $coverPreview,
'mediaItems' => (new Media($this->db))->all(),
'titleMax' => Post::TITLE_MAX_LENGTH,
'excerptMax' => Post::EXCERPT_MAX_LENGTH,
'flash' => $flash,
]);
}
private function postInput(): array
{
return [
'title' => trim((string) ($this->f3->get('POST.title') ?? '')),
'excerpt' => trim((string) ($this->f3->get('POST.excerpt') ?? '')),
'cover_media_id' => (string) ($this->f3->get('POST.cover_media_id') ?? ''),
'body_markdown' => trim((string) ($this->f3->get('POST.body_markdown') ?? '')),
];
}
}

37
app/Controllers/SiteController.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
class SiteController extends BaseController
{
public function home(): void
{
$this->f3->expire(300); // 5 min — page publique, contenu peu volatile
$page = max(1, (int) ($this->f3->get('GET.page') ?? 1));
$result = (new Post($this->db))->paginateList($page);
$this->render('site/home.html', [
'pageTitle' => 'Accueil',
'posts' => $result['posts'],
'pagination' => $result,
'paginationBase' => $this->f3->alias('home'),
]);
}
public function show(): void
{
$this->f3->expire(3600); // 1 h — les articles bougent rarement
$post = (new Post($this->db))->findBySlug((string) $this->f3->get('PARAMS.slug'));
if ($post === null) {
$this->f3->error(404, 'Article introuvable.');
return;
}
$this->render('site/post.html', [
'pageTitle' => $post['title'],
'post' => $post,
]);
}
}