AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests -2 Projects Releases Packages Wiki Activity Actions
68 commits 20 branches 2 tags 17 MiB
Commit graph

5 commits

Author SHA1 Message Date
Imugiii
c4c55338ac fix(auth): retire le bouton mort PASSWORD_ALGO (argon2id fixe dans le code)
All checks were successful
CI / php-lint (push) Successful in 26s
Details
CI / static-tests (push) Successful in 35s
Details
CI / php-lint (pull_request) Successful in 23s
Details
CI / auto-merge (push) Has been skipped
Details
CI / auto-merge (pull_request) Successful in 5s
Details
CI / secret-scan (push) Successful in 13s
Details
CI / secret-scan (pull_request) Successful in 11s
Details
CI / static-tests (pull_request) Successful in 43s
Details 
PASSWORD_ALGO etait expose (.env.example + docker-compose) comme si l'algorithme
de hashage etait configurable, mais PasswordHasher code PASSWORD_ARGON2ID en dur :
poser PASSWORD_ALGO=bcrypt n'aurait eu aucun effet (faux levier, risque de fausse
confiance dans une config inactive).

argon2id est un choix security-by-design non configurable. On retire donc la var
(.env.example + compose) et on documente l'intention dans PasswordHasher::hash.
Les COUTS (ARGON2_MEMORY/TIME/THREADS) restent reglables et honores. Aucun code
ne lisait PASSWORD_ALGO : pas de changement de comportement.
 2026-06-16 12:08:01 +00:00
Corentin JOGUET
ad5203d3fc feat(admin): throttle du PIN d action sensible par acteur (RG-T22) (#18)
All checks were successful
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 20s
Details
CI / static-tests (push) Successful in 32s
Details
CI / auto-merge (push) Has been skipped
Details
2026-06-16 00:06:33 +02:00
Corentin JOGUET
7c35f8e2dc feat: PIN d action sensible P2 (PinVerifier RG-T13) (#13)
All checks were successful
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 16s
Details
CI / static-tests (push) Successful in 30s
Details
CI / auto-merge (push) Has been skipped
Details
2026-06-15 21:00:11 +02:00
Corentin JOGUET
32ff6a63ba P1 conception: security-by-design layer (Merise 21 entities, Forgejo CI/CD, hardening) (#3)
All checks were successful
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 16s
Details
CI / static-tests (push) Successful in 4s
Details
2026-06-15 12:16:11 +02:00
Imugiii
32924a5813 chore(docker): add env template, dockerignore and Makefile scaffold 
.env.example : template neutre (kiosk.example.com / admin.example.com /
traefik_proxy, RFC 2606 pour le domaine), a editer par l'utilisateur.
Variables DB_*, SESSION_*, CORS_*, APP_URL_*, TRAEFIK_DOMAIN_*,
REVERSE_PROXY_NETWORK. Aucune information de prod (FQDN, noms de reseau)
n'est exposee dans ce template committe.

.dockerignore : exclusion du contexte de build des artefacts non
pertinents ou sensibles (git, docs, tests, .claude, _byan, secrets,
node_modules, logs, volumes locaux).

Makefile : orchestration en une seule commande conforme Cr RNCP 7.c.4.
- Charge .env automatiquement avec export vers l'environnement shell
- Cible check-env valide la presence des 8 variables critiques Wakdo
  et guide l'utilisateur vers un merge plutot qu'un ecrasement si un
  .env pre-existant (tooling externe) est detecte incomplet
- Cible init enchaine .env check -> check-env -> reseau proxy ->
  build -> up -> wait-db -> migrate -> status final
- Verification du reseau REVERSE_PROXY_NETWORK avec message d'aide
  precis si absent (sans auto-creation silencieuse : l'utilisateur
  decide soit d'adapter la variable soit de creer le reseau)
- Cibles secondaires : up / down / stop / restart / build / rebuild,
  logs(-app|-web|-db), shell-(app|db|cron), wait-db, migrate, seed,
  backup, test(-unit|-integration), lint, clean (interactif),
  clean-force (CI), install-hooks. Aide auto-generee via make help.

Les cibles marquees [a venir] seront completees lors des phases
correspondantes (P2 back squelette, P6 tests, P7 DevOps finalisation).
 2026-04-24 09:50:59 +00:00