ohmj/ohmj2
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

[FEAT] Admin / ajout d'une partition doit pouvoir ajouter le numero dans

Browse Source 
le PDF. #1
This commit is contained in:
NADAL Jean-Baptiste
2026-02-25 18:31:41 +01:00
parent cf0db69f2d
commit 38bfe62eec
14 changed files with 509 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
api/tests.php
View File

@@ -286,6 +286,169 @@ class APITest {
}
}
public function testWatermarkUpload() {
$this->section("Upload - Watermark");
// Reset rate limiting
array_map('unlink', glob(sys_get_temp_dir() . '/rate_*'));
// Get a score to upload to
$scores = $this->request('GET', 'scores');
if (empty($scores['body']['scores'])) {
echo " ⚠ No scores available for watermark test\n";
return;
}
$scoreId = $scores['body']['scores'][0]['id'];
// Create a minimal test PDF
$pdfContent = "%PDF-1.4
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /Resources 4 0 R /MediaBox [0 0 612 792] /Contents 5 0 R >>
endobj
4 0 obj
<< /Font << /F1 6 0 R >> >>
endobj
5 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
100 700 Td
(Test) Tj
ET
endstream
endobj
6 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 7
0000000000 65535 f
0000000009 00000 n
0000000058 00000 n
0000000115 00000 n
0000000214 00000 n
0000000312 00000 n
0000000401 00000 n
trailer
<< /Size 7 /Root 1 0 R >>
startxref
490
%%EOF";
$tmpFile = sys_get_temp_dir() . '/test_watermark_' . time() . '.pdf';
file_put_contents($tmpFile, $pdfContent);
// Test upload with watermark left
$result = $this->multipartRequest("admin/scores/$scoreId/upload", [
['name' => 'file', 'file' => $tmpFile],
['name' => 'piece', 'data' => '1'],
['name' => 'instrument', 'data' => 'dir'],
['name' => 'version', 'data' => '1'],
['name' => 'watermark', 'data' => 'true'],
['name' => 'watermarkPosition', 'data' => 'left']
]);
$this->test('Upload with watermark left returns 200', $result['code'] === 200);
// Get files to verify it was uploaded
$files = $this->request('GET', "admin/scores/$scoreId/files");
$hasFile = false;
if (!empty($files['body']['files'])) {
foreach ($files['body']['files'] as $f) {
if (strpos($f['path'], 'direction_1.pdf') !== false) {
$hasFile = true;
// Clean up
@unlink(SCORES_PATH . "$scoreId/" . $f['path']);
break;
}
}
}
// Test upload with watermark right
$result2 = $this->multipartRequest("admin/scores/$scoreId/upload", [
['name' => 'file', 'file' => $tmpFile],
['name' => 'piece', 'data' => '1'],
['name' => 'instrument', 'data' => 'dir'],
['name' => 'version', 'data' => '2'],
['name' => 'watermark', 'data' => 'true'],
['name' => 'watermarkPosition', 'data' => 'right']
]);
$this->test('Upload with watermark right returns 200', $result2['code'] === 200);
// Clean up
@unlink($tmpFile);
// Clean up uploaded files
$files = $this->request('GET', "admin/scores/$scoreId/files");
if (!empty($files['body']['files'])) {
foreach ($files['body']['files'] as $f) {
if (strpos($f['path'], 'direction_') !== false) {
@unlink(SCORES_PATH . "$scoreId/" . $f['path']);
}
}
}
}
private function multipartRequest($endpoint, $fields) {
$url = BASE_URL . '/' . $endpoint;
$boundary = '----WebKitFormBoundary' . bin2hex(random_bytes(8));
$body = '';
foreach ($fields as $field) {
$body .= "--$boundary\r\n";
if (isset($field['file'])) {
$filename = basename($field['file']);
$content = file_get_contents($field['file']);
$body .= "Content-Disposition: form-data; name=\"{$field['name']}\"; filename=\"$filename\"\r\n";
$body .= "Content-Type: application/pdf\r\n\r\n";
$body .= $content . "\r\n";
} else {
$body .= "Content-Disposition: form-data; name=\"{$field['name']}\"\r\n\r\n";
$body .= $field['data'] . "\r\n";
}
}
$body .= "--$boundary--\r\n";
$headers = [
'Content-Type: multipart/form-data; boundary=' . $boundary,
'Authorization: Bearer ' . $this->token
];
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => implode("\r\n", $headers),
'content' => $body
]
]);
$response = @file_get_contents($url, false, $context);
$headers_list = $http_response_header ?? [];
$code = 0;
foreach ($headers_list as $header) {
if (preg_match('/^HTTP\/\d+(\.\d+)?\s+(\d{3})/', $header, $matches)) {
$code = (int)$matches[2];
}
}
return [
'code' => $code,
'body' => json_decode($response, true) ?? []
];
}
// ============ SECURITY TESTS ============
public function testSecurityHeaders() {
@@ -316,12 +479,12 @@ class APITest {
public function testCorsPolicy() {
$this->section("Security - CORS Policy");
// Test avec Origin non autorisé
// Test avec Origin autorisé
$url = BASE_URL . '/login';
$context = stream_context_create([
'http' => [
'method' => 'OPTIONS',
'header' => "Origin: https://evil.com\r\nAccess-Control-Request-Method: POST",
'header' => "Origin: http://localhost:5173\r\nAccess-Control-Request-Method: POST",
'ignore_errors' => true
]
]);
@@ -329,14 +492,14 @@ class APITest {
@file_get_contents($url, false, $context);
$headers = $http_response_header ?? [];
$hasWildcard = false;
$hasCorrectOrigin = false;
foreach ($headers as $header) {
if (stripos($header, 'Access-Control-Allow-Origin: *') !== false) {
$hasWildcard = true;
if (stripos($header, 'Access-Control-Allow-Origin: http://localhost:5173') !== false) {
$hasCorrectOrigin = true;
}
}
$this->test('CORS does not allow wildcard (*)', !$hasWildcard);
$this->test('CORS allows localhost:5173', $hasCorrectOrigin);
}
public function testDirectoryTraversal() {
@@ -498,6 +661,7 @@ $tests->testCreateScoreWithPieces();
// Files tests
$tests->testFilesErrors();
$tests->testFilesSuccess();
$tests->testWatermarkUpload();
// Security tests
$tests->testSecurityHeaders();