4nk/lecoffre-front
5
0
Fork 0
Code Issues 3 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

ci: docker_tag=ext chore: sync ignores, logging and backups

Browse Source
This commit is contained in:
Debian Dev4 2025-09-25 08:58:03 +00:00
parent c7034fe0d3
commit 9aa6e85825
22 changed files with 1431 additions and 688 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -11,6 +11,10 @@ secrets/
logs/ logs/
*.log *.log
.cargo/
Cargo.lock
*/.cargo/
*/Cargo.lock
# Node.js # Node.js
node_modules/ node_modules/
npm-debug.log* npm-debug.log*
@ -35,4 +39,4 @@ Thumbs.db
# Temporary files # Temporary files
tmp/ tmp/
*.tmp *.tmp.cursor-server

BIN
backups/20250925_072119/nginx_conf/assets/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 590 B

15
backups/20250925_072119/nginx_conf/dev4.4nkweb.com-http.conf Normal file
View File

@ -0,0 +1,15 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80 default_server;
server_name _;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
}

265
backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf Normal file
View File

@ -0,0 +1,265 @@
# Configuration HTTPS pour dev4.4nkweb.com
server {
listen 443 ssl;
http2 on;
server_name dev4.4nkweb.com;
include /home/debian/4NK_env/lecoffre_node/conf/nginx/logging.conf;
# Certificats SSL
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_set_header X-Request-ID $x_request_id;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://dev3.4nkweb.com:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
# signer (sdk_signer) avec support WebSocket
# lecoffre-front - Application LeCoffre
location = /lecoffre { return 301 /lecoffre/; }
location ^~ /lecoffre/ {
# ensure no redirect here; only proxy to Next
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
add_header Expires "-1" always;
proxy_hide_header ETag;
proxy_hide_header Last-Modified;
rewrite ^/lecoffre/(.*)$ /$1 break;
proxy_pass http://localhost:3004;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Request-ID $x_request_id;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
}
# HMR dev front
location ^~ /lecoffre-hmr/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break;
proxy_pass http://localhost:3000;
}
# ihm_client (root) - DOIT être en dernier
# Next.js assets for lecoffre-front
location ^~ /_next/ {
proxy_pass http://localhost:3004/_next/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

246
backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf.bak.1758553408 Normal file
View File

@ -0,0 +1,246 @@
# Configuration HTTPS pour dev4.4nkweb.com
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
# Certificats SSL
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Désactiver le cache côté client
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
expires -1;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Désactiver le cache proxy/client
proxy_no_cache 1;
proxy_cache_bypass 1;
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://localhost:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_pass http://localhost:3001/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# lecoffre-front - Application LeCoffre
# Forcer le trailing slash pour éviter les redirections et erreurs 500 côté Next.js
location = /lecoffre {
return 301 /lecoffre/;
}
location ^~ /lecoffre/ {
# Déléguer la gestion du basePath à Next.js
proxy_pass http://localhost:3004;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

258
backups/20250925_072119/nginx_conf/dev4.4nkweb.com.conf Normal file
View File

@ -0,0 +1,258 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com http://dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
location ~* ^/apiv1/(.*)$ {
# CORS pour compatibilité
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/v1/$1;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://localhost:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
access_log off;
expires 30d;
}
# lecoffre frontend
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004/lecoffre/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# Next.js assets
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
}

49
backups/20250925_072119/nginx_conf/grafana.conf Normal file
View File

@ -0,0 +1,49 @@
# Configuration Nginx pour Grafana
server {
listen 80;
server_name dev4.4nkweb.com;
# Proxy pour Grafana
location /grafana/ {
proxy_pass http://127.0.0.1:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Proxy pour Loki (API)
location /loki/ {
proxy_pass http://127.0.0.1:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

39
backups/20250925_072119/nginx_conf/logging.conf Normal file
View File

@ -0,0 +1,39 @@
# Logging configuration for lecoffre front
log_format lecoffre_json escape=json
'{'
'"time":"$time_iso8601",'
'"request_id":"$request_id",'
'"remote_addr":"$remote_addr",'
'"host":"$host",'
'"method":"$request_method",'
'"uri":"$uri",'
'"args":"$args",'
'"status":$status,'
'"bytes":$body_bytes_sent,'
'"referer":"$http_referer",'
'"user_agent":"$http_user_agent",'
'"request_time":$request_time,'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"upstream_connect_time":"$upstream_connect_time",'
'"upstream_header_time":"$upstream_header_time",'
'"upstream_response_time":"$upstream_response_time",'
'"x_forwarded_for":"$http_x_forwarded_for"'
'}';
# Default access and error logs for the front site
access_log /var/log/nginx/lecoffre_front_access.log lecoffre_json;
error_log /var/log/nginx/lecoffre_front_error.log warn;
# Map incoming X-Request-ID or generate one
map $http_x_request_id $x_request_id {
default $http_x_request_id;
"" $request_id;
}
# These headers should be set in each proxy location of the vhost
# proxy_set_header X-Request-ID $x_request_id;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;

470
backups/20250925_072119/nginx_conf/nginx.conf Normal file
View File

@ -0,0 +1,470 @@
user www-data;
worker_processes auto;
pid /app/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Configuration de base
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /app/logs/nginx/access.log main;
error_log /app/logs/nginx/error.log warn;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Upstream servers
upstream lecoffre_frontend {
server localhost:3004;
keepalive 32;
}
upstream ihm_client {
server localhost:3003;
keepalive 32;
}
upstream grafana {
server localhost:3005;
keepalive 32;
}
upstream loki {
server localhost:3100;
keepalive 32;
}
upstream status_api {
server localhost:3006;
keepalive 32;
}
upstream sdk_relay {
server localhost:8090;
keepalive 32;
}
upstream blindbit {
server localhost:8000;
keepalive 32;
}
# Serveur principal HTTP (port 80)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Redirection automatique vers HTTPS si disponible
return 301 https://$host$request_uri;
}
# Serveur HTTPS (port 443)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
# Certificats SSL (auto-signés pour le développement)
ssl_certificate /app/ssl/nginx-selfsigned.crt;
ssl_certificate_key /app/ssl/nginx-selfsigned.key;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Page de statut des services
location /status/ {
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs
location /loki/ {
limit_req zone=api burst=10 nodelay;
proxy_pass http://loki/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique
set $cors_origin "";
if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
limit_req zone=api burst=5 nodelay;
proxy_pass http://lecoffre_backend/api/v1/funds/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /var/www/lecoffre/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://blindbit/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique pour développement local
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
}

44
backups/20250925_072119/nginx_http_flows.txt Normal file
View File

@ -0,0 +1,44 @@
136: location /api/ {
137: # CORS pour développement local Next.js
138: proxy_hide_header Access-Control-Allow-Origin;
139: proxy_hide_header Access-Control-Allow-Credentials;
140: proxy_hide_header Access-Control-Allow-Headers;
141: proxy_hide_header Access-Control-Allow-Methods;
142:
143: if ($request_method = OPTIONS) {
144: add_header Access-Control-Allow-Origin $cors_origin always;
145: add_header Access-Control-Allow-Credentials "true" always;
146: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
147: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
148: return 204;
149: }
185: location /api/v1/funds/ {
186: proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
187: include /etc/nginx/proxy_params;
188: proxy_read_timeout 300;
189: proxy_connect_timeout 300;
190: proxy_send_timeout 300;
191: }
136: location /api/ {
137: # CORS pour développement local Next.js
138: proxy_hide_header Access-Control-Allow-Origin;
139: proxy_hide_header Access-Control-Allow-Credentials;
140: proxy_hide_header Access-Control-Allow-Headers;
141: proxy_hide_header Access-Control-Allow-Methods;
142:
143: if ($request_method = OPTIONS) {
144: add_header Access-Control-Allow-Origin $cors_origin always;
145: add_header Access-Control-Allow-Credentials "true" always;
146: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
147: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
148: return 204;
149: }
150:
151: add_header Access-Control-Allow-Origin $cors_origin always;
152: add_header Access-Control-Allow-Credentials "true" always;
153: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
154: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
155:
156: proxy_set_header X-Request-ID $x_request_id;
157: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
158: proxy_set_header X-Forwarded-Proto $scheme;

27
backups/20250925_072119/ports_open.txt Normal file
View File

@ -0,0 +1,27 @@
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:*
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
udp UNCONN 0 0 92.243.24.12%enX0:68 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:*
udp UNCONN 0 0 [::]:5355 [::]:*
tcp LISTEN 0 4096 0.0.0.0:3001 0.0.0.0:*
tcp LISTEN 0 511 0.0.0.0:3000 0.0.0.0:* users:(("next-server (v1",pid=2772198,fd=25))
tcp LISTEN 0 4096 0.0.0.0:3003 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:3005 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:3004 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:3006 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:8081 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:8000 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:3100 0.0.0.0:*
tcp LISTEN 0 511 127.0.0.1:43709 0.0.0.0:* users:(("node",pid=2771446,fd=19))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:*
tcp LISTEN 0 20 127.0.0.1:25 0.0.0.0:*
tcp LISTEN 0 511 127.0.0.1:45431 0.0.0.0:* users:(("node",pid=2771409,fd=19))
tcp LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 4096 [::]:5355 [::]:*
tcp LISTEN 0 20 [::1]:25 [::]:*

1
backups/LAST_BACKUP Normal file
View File

@ -0,0 +1 @@
20250925_072119

1
backups/latest Symbolic link
View File

@ -0,0 +1 @@
20250925_072119

301
docs/ANALYSE-DEPENDANCES.md
View File

@ -1,301 +0,0 @@
# Analyse des Dépendances - lecoffre-front
## Vue d'ensemble
Ce document analyse les dépendances du projet lecoffre-front, leurs versions, leur utilisation et les recommandations de mise à jour.
## Dépendances principales
### Framework et Runtime
#### Next.js
- **Version actuelle**: 14.2.3
- **Type**: Framework React
- **Utilisation**: Framework principal de l'application
- **Statut**: Version récente et stable
- **Recommandation**: Maintenir la version actuelle
#### React
- **Version actuelle**: 18.2.0
- **Type**: Bibliothèque UI
- **Utilisation**: Bibliothèque de base pour l'interface utilisateur
- **Statut**: Version stable LTS
- **Recommandation**: Maintenir la version actuelle
#### React DOM
- **Version actuelle**: 18.2.0
- **Type**: Rendu DOM pour React
- **Utilisation**: Rendu des composants React dans le DOM
- **Statut**: Version stable LTS
- **Recommandation**: Maintenir la version actuelle
### Interface utilisateur
#### Material-UI (MUI)
- **Version actuelle**: 5.11.13
- **Type**: Bibliothèque de composants UI
- **Utilisation**: Composants d'interface utilisateur
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
#### Emotion
- **Versions**:
- @emotion/react: ^11.10.6
- @emotion/styled: ^11.10.6
- **Type**: Bibliothèque CSS-in-JS
- **Utilisation**: Styling des composants
- **Statut**: Versions récentes
- **Recommandation**: Maintenir les versions actuelles
#### Heroicons
- **Version actuelle**: ^2.1.3
- **Type**: Icônes SVG
- **Utilisation**: Icônes dans l'interface
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
### TypeScript et outils de développement
#### TypeScript
- **Version actuelle**: 4.9.5
- **Type**: Langage de programmation
- **Utilisation**: Typage statique
- **Statut**: Version stable mais ancienne
- **Recommandation**: ⚠️ Mettre à jour vers TypeScript 5.x
#### ESLint
- **Version actuelle**: 8.36.0
- **Type**: Linter JavaScript/TypeScript
- **Utilisation**: Analyse de code
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
#### Prettier
- **Version actuelle**: ^2.8.7
- **Type**: Formateur de code
- **Utilisation**: Formatage automatique
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
### Utilitaires et bibliothèques
#### Class Validator
- **Version actuelle**: ^0.14.0
- **Type**: Validation de classes
- **Utilisation**: Validation des données
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### Classnames
- **Version actuelle**: ^2.3.2
- **Type**: Utilitaire pour les noms de classes
- **Utilisation**: Gestion conditionnelle des classes CSS
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### UUIDv4
- **Version actuelle**: ^6.2.13
- **Type**: Générateur d'UUID
- **Utilisation**: Génération d'identifiants uniques
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
### Gestion de fichiers
#### File Saver
- **Version actuelle**: ^2.0.5
- **Type**: Sauvegarde de fichiers
- **Utilisation**: Téléchargement de fichiers
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### JSZip
- **Version actuelle**: ^3.10.1
- **Type**: Manipulation d'archives ZIP
- **Utilisation**: Création d'archives
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### PDF-lib
- **Version actuelle**: ^1.17.1
- **Type**: Manipulation de PDF
- **Utilisation**: Génération et modification de PDF
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
### Intégrations et services
#### le-coffre-resources
- **Version actuelle**: v2.167
- **Type**: Ressources partagées
- **Utilisation**: Ressources communes du projet
- **Source**: git+ssh://git@git.4nkweb.com/4nk/lecoffre-ressources.git
- **Statut**: Version spécifique
- **Recommandation**: Maintenir la version actuelle
#### React GTM Module
- **Version actuelle**: ^2.0.11
- **Type**: Intégration Google Tag Manager
- **Utilisation**: Analytics et tracking
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### React Toastify
- **Version actuelle**: ^9.1.3
- **Type**: Notifications toast
- **Utilisation**: Affichage de notifications
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### React Select
- **Version actuelle**: ^5.7.2
- **Type**: Composant de sélection
- **Utilisation**: Listes déroulantes avancées
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
### Sécurité et authentification
#### JWT Decode
- **Version actuelle**: ^3.1.2
- **Type**: Décodage de JWT
- **Utilisation**: Traitement des tokens JWT
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### Crypto Random String
- **Version actuelle**: ^5.0.0
- **Type**: Génération de chaînes aléatoires
- **Utilisation**: Génération de tokens sécurisés
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
### Styling et assets
#### SASS
- **Version actuelle**: ^1.59.2
- **Type**: Préprocesseur CSS
- **Utilisation**: Styles avancés
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### Sharp
- **Version actuelle**: ^0.32.1
- **Type**: Optimisation d'images
- **Utilisation**: Traitement d'images
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
## Dépendances de développement
### Types TypeScript
#### @types/node
- **Version actuelle**: 18.15.1
- **Type**: Types pour Node.js
- **Utilisation**: Typage Node.js
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
#### @types/react
- **Version actuelle**: 18.0.28
- **Type**: Types pour React
- **Utilisation**: Typage React
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
#### @types/react-dom
- **Version actuelle**: 18.0.11
- **Type**: Types pour React DOM
- **Utilisation**: Typage React DOM
- **Statut**: Version stable
- **Recommandation**: Maintenir la version actuelle
#### @types/file-saver
- **Version actuelle**: ^2.0.7
- **Type**: Types pour file-saver
- **Utilisation**: Typage file-saver
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
#### @types/react-gtm-module
- **Version actuelle**: ^2.0.3
- **Type**: Types pour react-gtm-module
- **Utilisation**: Typage react-gtm-module
- **Statut**: Version récente
- **Recommandation**: Maintenir la version actuelle
## Analyse de sécurité
### Dépendances avec des vulnérabilités potentielles
#### TypeScript 4.9.5
- **Risque**: Version ancienne
- **Impact**: Fonctionnalités manquantes, corrections de bugs
- **Recommandation**: Mettre à jour vers TypeScript 5.x
### Dépendances sécurisées
Toutes les autres dépendances sont à jour et ne présentent pas de vulnérabilités connues.
## Recommandations de mise à jour
### Priorité haute
1. **TypeScript**: Mettre à jour vers la version 5.x
```bash
npm install typescript@latest
```
### Priorité moyenne
1. **Vérification régulière**: Utiliser `npm audit` pour détecter les vulnérabilités
2. **Mise à jour des dépendances**: Utiliser `npm update` régulièrement
### Priorité basse
1. **Dépendances optionnelles**: Évaluer l'utilisation de certaines dépendances
2. **Optimisation**: Analyser les dépendances non utilisées
## Scripts de maintenance
### Audit de sécurité
```bash
npm audit
npm audit fix
```
### Mise à jour des dépendances
```bash
npm update
npm outdated
```
### Vérification des dépendances non utilisées
```bash
npx depcheck
```
## Monitoring des dépendances
### Outils recommandés
1. **Dependabot**: Mise à jour automatique des dépendances
2. **Snyk**: Détection des vulnérabilités
3. **npm audit**: Audit de sécurité intégré
### Processus de mise à jour
1. **Test**: Tester les mises à jour en environnement de développement
2. **Validation**: Valider le fonctionnement de l'application
3. **Déploiement**: Déployer en staging puis en production
## Conclusion
Le projet lecoffre-front utilise des dépendances modernes et bien maintenues. La seule recommandation majeure est la mise à jour de TypeScript vers la version 5.x pour bénéficier des dernières fonctionnalités et corrections de bugs.
Les dépendances sont globalement sécurisées et à jour, ce qui garantit la stabilité et la sécurité de l'application.
---
*Analyse effectuée le $(date) - Dépendances lecoffre-front*

228
docs/ANALYSE-REPOSITORY.md
View File

@ -1,228 +0,0 @@
# Analyse du Repository lecoffre-front
## Vue d'ensemble
Le projet **lecoffre-front** est une application Next.js développée en TypeScript pour la gestion de dossiers notariaux. Il s'agit d'une application frontend qui communique avec une API backend et intègre plusieurs services externes.
## Structure du Repository
### Architecture générale
```
lecoffre-front/
├── src/ # Code source principal
│ ├── common/ # Code partagé
│ │ └── Api/ # Services API communs
│ ├── front/ # Code spécifique au frontend
│ │ ├── Api/ # Services API frontend
│ │ ├── Components/ # Composants React
│ │ ├── Config/ # Configuration par environnement
│ │ ├── Hooks/ # Hooks React personnalisés
│ │ ├── Services/ # Services métier
│ │ ├── Stores/ # Gestion d'état
│ │ ├── Themes/ # Thèmes et styles
│ │ └── Utils/ # Utilitaires
│ ├── pages/ # Pages Next.js
│ └── sdk/ # SDK et intégrations
├── docs/ # Documentation
├── tests/ # Tests
├── public/ # Assets statiques
├── Dockerfile # Configuration Docker
├── next.config.js # Configuration Next.js
├── package.json # Dépendances et scripts
└── temp.yaml # Configuration Kubernetes temporaire
```
### Technologies utilisées
- **Framework**: Next.js 14.2.3
- **Language**: TypeScript 4.9.5
- **UI**: Material-UI (MUI) 5.11.13
- **Styling**: Emotion, SASS
- **État**: Context API / Hooks
- **Build**: Docker multi-stage
- **Déploiement**: Kubernetes
## Variables d'Environnement
### Variables principales
Le projet utilise un système de variables d'environnement préfixées par `NEXT_PUBLIC_` pour la configuration runtime.
#### Configuration API Backend
```bash
NEXT_PUBLIC_BACK_API_PROTOCOL=https://
NEXT_PUBLIC_BACK_API_HOST=api.example.com
NEXT_PUBLIC_BACK_API_PORT=443
NEXT_PUBLIC_BACK_API_ROOT_URL=/api
NEXT_PUBLIC_BACK_API_VERSION=v1
```
#### Configuration Frontend
```bash
NEXT_PUBLIC_FRONT_APP_HOST=https://app.example.com
NEXT_PUBLIC_FRONT_APP_PORT=443
```
#### Intégrations externes
```bash
# IDNot (authentification)
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/oauth/authorize
NEXT_PUBLIC_IDNOT_CLIENT_ID=client_id
NEXT_PUBLIC_IDNOT_BASE_URL=https://idnot.example.com
NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://app.example.com/callback
# Docaposte
NEXT_PUBLIC_DOCAPOSTE_API_URL=https://api.docaposte.com
# 4NK (services blockchain)
NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
# Hotjar (analytics)
NEXT_PUBLIC_HOTJAR_SITE_ID=123456
NEXT_PUBLIC_HOTJAR_VERSION=6
# Configuration système
NEXT_PUBLIC_API_URL=https://api.example.com
NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=862406317a35064537ac959cb5d8bbdf4f849283b63db3ffa9904de2b3427c43:0
NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev3.4nkweb.com/storage
```
### Gestion des environnements
Le projet supporte 4 environnements via la variable `NEXTJS_APP_ENV_NAME`:
- `development` (par défaut)
- `staging`
- `preprod`
- `production`
Chaque environnement a sa configuration dans `src/front/Config/Module/`:
- `development.json`
- `staging.json`
- `preprod.json`
- `production.json`
## Configuration Docker
### Multi-stage build
Le Dockerfile utilise un build multi-stage avec 3 cibles:
1. **deps**: Installation des dépendances avec support SSH pour git.4nkweb.com
2. **development**: Image de développement avec hot-reload
3. **builder**: Build de production
4. **ext**: Image de production finale
### Variables d'environnement Docker
Toutes les variables `NEXT_PUBLIC_*` sont passées comme arguments de build et variables d'environnement runtime.
### Sécurité
- Utilisateur non-root (`lecoffreuser` avec UID 10000)
- Support SSH agent pour cloner les dépendances privées
- Cache npm pour optimiser les builds
## Configuration Kubernetes
### Déploiement
Le fichier `temp.yaml` contient la configuration Kubernetes complète:
- **Namespace**: `lecoffre`
- **Service**: `lecoffre-front-svc` (port 80 → 3000)
- **Deployment**: `lecoffre-front` avec 1 replica
- **Ingress**: `app.stg.lecoffre.smart-chain.fr` avec SSL
### Gestion des secrets
- **Vault**: Intégration HashiCorp Vault pour les secrets
- **External Secrets**: Gestion automatique des secrets Docker
- **Service Account**: `lecoffre-front-sa` avec permissions appropriées
### Ressources
```yaml
resources:
limits:
memory: 2Gi
requests:
cpu: 200m
memory: 1Gi
```
## Dépendances principales
### Production
- **Next.js**: 14.2.3 (framework React)
- **React**: 18.2.0
- **Material-UI**: 5.11.13 (composants UI)
- **TypeScript**: 4.9.5
- **le-coffre-resources**: v2.167 (ressources partagées)
### Développement
- **ESLint**: 8.36.0
- **Prettier**: 2.8.7
- **SASS**: 1.59.2
### Intégrations
- **Google Tag Manager**: Analytics
- **Hotjar**: Heatmaps et enregistrements
- **Docaposte**: Services postaux
- **4NK**: Services blockchain
## Architecture de l'application
### Gestion d'état
- **FrontendVariables**: Singleton pour les variables d'environnement
- **Module**: Configuration par environnement
- **Context API**: Gestion d'état React
### Communication API
- **DatabaseService**: Service générique pour les appels API
- **BaseApiService**: Service de base pour les API
- **Construction dynamique d'URLs**: Basée sur les variables d'environnement
### SDK et intégrations
- **Iframe**: Communication avec les services 4NK
- **MessageBus**: Bus de messages pour la communication inter-iframe
- **User**: Gestion de l'authentification utilisateur
- **AuthModal**: Modal d'authentification
## Points d'attention
### Sécurité
- Variables d'environnement exposées côté client (préfixe `NEXT_PUBLIC_`)
- Authentification via IDNot
- Communication sécurisée avec les services 4NK
### Performance
- Build standalone Next.js
- Cache npm dans Docker
- Optimisation des images avec Sharp
### Déploiement
- Support multi-environnement
- Intégration Vault pour les secrets
- Monitoring avec Hotjar et GTM
## Recommandations
1. **Documentation**: Maintenir la documentation des variables d'environnement
2. **Tests**: Étendre la couverture de tests
3. **Monitoring**: Ajouter des métriques de performance
4. **Sécurité**: Auditer régulièrement les dépendances
5. **CI/CD**: Automatiser les déploiements avec validation des variables
## Version actuelle
- **Application**: v0.1.6 (package.json)
- **Frontend**: v2.5.1 (version.json)
- **Docker**: v0.1.9 (temp.yaml)
---
*Analyse effectuée le $(date) - Repository lecoffre-front*

50
docs/ANALYSE.md
View File

@ -1,50 +0,0 @@
## Analyse détaillée
### Périmètre
Front Next.js `lecoffre-front` (Next 14, TypeScript), build multiétapes et image `ext` runtime.
### Stack
- **Framework**: Next.js 14 (React 18), TypeScript 4.9.5
- **UI**: MUI, Emotion, Heroicons
- **Outillage**: ESLint (8.36), Prettier
- **Ressources externes**: `le-coffre-resources` via SSH Gitea (`#v2.167`)
### Build et exécution
- Scripts: `dev`, `build` (telemetry off, `--no-lint`), `start`, `lint`, `format`.
- `next.config.js`: `output: 'standalone'`, `basePath: '/lecoffre'`, `ignoreBuildErrors: true`.
- Docker multiétapes: `deps` (npm ci), `development` (npm run dev), `builder` (npm run build), `ext` (runtime node:19alpine, `server.js`).
### Variables denvironnement
Variables NEXT_PUBLIC nombreuses (API back, IDNot, Docaposte, 4NK URLs, defaults). Exposées en `env`, `publicRuntimeConfig`, `serverRuntimeConfig` et redéclarées en Docker (`ARG``ENV`).
### Ports et réseau
- Port 3000 interne; exposé 3004:3000 dans `lecoffre_node`.
### Dépendances clés
- `next@^14.2.3`, `react@18.2.0`, `sharp@^0.32.1` (build imageprocessing Alpine), `jszip`, `jwt-decode`, `react-select`, `react-toastify`.
### Risques et points dattention
- `ignoreBuildErrors: true` masque les erreurs TS. Risque de dérive de type.
- `--no-lint` en build désactive ESLint. Manque de garde qualité en CI.
- Node 19 sur Alpine: fin de support. Préférer LTS (20/22).
- Dépendance Git SSH privée (`lecoffre-ressources`): exige agent SSH BuildKit; documenter clé et politiques.
### Actions proposées
- Rétablir le lint en build (ou CI) et supprimer `ignoreBuildErrors` si possible.
- Monter vers Node LTS (20alpine) et tester `sharp`.
- Documenter toutes les variables NEXT_PUBLIC et fournir `.env.example`.
- Mettre en place codesplitting (React.lazy/Suspense) et centraliser létat (Context/Redux) selon les règles projet.

1
docs/DEPLOYMENT_FIXES_2025-09-24.md
View File

@ -76,3 +76,4 @@
- ✅ HMR: `/lecoffre-hmr/` → 200 - ✅ HMR: `/lecoffre-hmr/` → 200
- ✅ CORS dev3: OPTIONS 204 + POST state 200 - ✅ CORS dev3: OPTIONS 204 + POST state 200
- ✅ ihm_client: `/` → 200 - ✅ ihm_client: `/` → 200

1
docs/HMR_IDNOT_STATE.md
View File

@ -38,3 +38,4 @@ Vue densemble
- `POST /api/v1/idnot/state`: 200 + `state` présent. - `POST /api/v1/idnot/state`: 200 + `state` présent.
- Checks publics: `/lecoffre` = 301 → `/lecoffre/`, `/lecoffre/` = 200. - Checks publics: `/lecoffre` = 301 → `/lecoffre/`, `/lecoffre/` = 200.

1
docs/PORTS.md
View File

@ -27,3 +27,4 @@ Notes
- Next.js: `basePath: '/lecoffre'`, `assetPrefix: '/lecoffre'`, `trailingSlash: true` - Next.js: `basePath: '/lecoffre'`, `assetPrefix: '/lecoffre'`, `trailingSlash: true`
- Nginx: rediriger `/lecoffre``/lecoffre/`, et proxy sur `^~ /lecoffre/` vers `http://localhost:3004` - Nginx: rediriger `/lecoffre``/lecoffre/`, et proxy sur `^~ /lecoffre/` vers `http://localhost:3004`

81
docs/analyse.md
View File

@ -1,81 +0,0 @@
### Objet
Analyse synthétique de `lecoffre-front` (Next.js) : périmètre, dépendances, configuration, intégrations et points dattention.
### Périmètre et stack
- **Framework**: Next.js 14 (React 18), rendu côté serveur désactivable selon pages
- **Langage**: TypeScript
- **Styles**: SCSS + MUI (@mui/material), Emotion
- **Bundle**: `output: 'standalone'`, `basePath: '/lecoffre'`
### Arborescence notable
- **`src/front/`**: API client (services, entités, SDK) et composants UI (DesignSystem, Layouts, Elements)
- **`pages/`**: routes Next (tableau client, gestion utilisateurs, dossiers, documents, souscriptions)
- **`src/common/Api/LeCoffreApi`**: modules Admin/Customer/Notary/SuperAdmin et `sdk`
- **`src/front/Stores/`**: stores locaux (User, Customer, Window, Toasts)
- **`src/front/Services/`**: services utilitaires (JWT, PDF, Watermark, Crypto, Cookie)
### Configuration et variables
- **`next.config.js`**: publie `NEXT_PUBLIC_*` aux clients et serveur; `reactStrictMode: false`; `ignoreBuildErrors: true`
- **BasePath**: `/lecoffre` (impacte le routage et les assets)
- **Intégrations**: Hotjar, GTM, Docaposte, 4NK (iframe/URL), Idnot (OAuth)
### Dépendances clés
- **UI**: `@mui/material`, `@emotion/*`, `react-select`, `react-toastify`
- **Utilitaires**: `jwt-decode`, `file-saver`, `jszip`, `pdf-lib`, `sass`, `sharp`
- **Ressources**: `le-coffre-resources` (dépôt Git 4NK)
### Intégrations externes (indiciaires)
- **Back**: via `NEXT_PUBLIC_BACK_API_*` et `NEXT_PUBLIC_API_URL`
- **Idnot**: endpoints OAuth (authorize, base_url, redirect_uri)
- **Docaposte**: `NEXT_PUBLIC_DOCAPOSTE_API_URL`
### Points dattention
- **TypeScript**: `ignoreBuildErrors: true` masque des erreurs de typage
- **BasePath**: vérifier la cohérence côté Nginx et lors du déploiement
- **Ressources Git**: accès SSH requis pour `le-coffre-resources`
- **Sécurité**: exposition de multiples `NEXT_PUBLIC_*` (vérifier quaucun secret nest divulgué)
### Tests et qualité
- **Scripts**: `build` sans lint, `lint` séparé, `format` ciblé `src/`
- **`tests/`**: présent (à enrichir avec scénarios e2e/smoke sur pages principales)
### Déploiement
- **Dockerfile**: présent (build Next standalone)
- **Intégration**: orchestré via `lecoffre_node` (voir analyse dédiée)
## Scripts npm, build et configuration
### Scripts
- **dev**: `next dev`
- **build**: `NEXT_TELEMETRY_DISABLED=1 next build --no-lint`
- **start**: `next start`
- **lint**: `next lint`
- **format**: `prettier --write src`
### next.config.js
- `output: 'standalone'`, `basePath: '/lecoffre'`
- `typescript.ignoreBuildErrors: true` (risque: masquage derreurs)
- Exposition de nombreuses variables `NEXT_PUBLIC_*` via `env`, `publicRuntimeConfig` et `serverRuntimeConfig`
### Docker (multistage)
- Étapes: `deps` (install), `development` (dev), `builder` (build), `ext` (runtime)
- BuildKit SSH pour `le-coffre-resources` (clé non copiée dans limage)
- Port runtime 3000; utilisateur nonroot `lecoffreuser`
### Dépendances (extraits)
- UI: `@mui/material`, `@emotion/*`, `react-select`, `react-toastify`
- Utilitaires: `jwt-decode`, `file-saver`, `jszip`, `pdf-lib`, `sass`, `sharp`
- Ressources: `le-coffre-resources` (SSH Git 4NK)
- Versions Node/Next: Node 19alpine; Next `^14.2.3`
## Risques et recommandations
- Désactiver `ignoreBuildErrors` et corriger les erreurs TypeScript avant build
- Envisager Node LTS (20/22) pour les images
- Vérifier quaucune info sensible nest exposée via `NEXT_PUBLIC_*`
- Assurer la cohérence `basePath` `/lecoffre` avec Nginx et les liens internes
- Introduire du code splitting ciblé (`React.lazy`/`Suspense`) sur pages lourdes
- Centraliser létat (Redux/Context) pour limiter le prop drilling dans `src/front`
## Changements IdNot
- Lauthentification IdNot appelle désormais le backend en POST avec le code dautorisation dans le corps JSON sur `/api/v1/idnot/auth`.
- Ce changement évite des erreurs en reverse proxy liées à des segments dURL très longs.

5
src/front/Api/Auth/IdNot/index.ts
View File

@ -41,7 +41,10 @@ export default class Auth extends BaseApiService {
// 1) Ask backend for a signed state that embeds next_url // 1) Ask backend for a signed state that embeds next_url
const resp = await fetch(stateEndpoint.toString(), { const resp = await fetch(stateEndpoint.toString(), {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: {
'Content-Type': 'application/json',
'X-Request-ID': `front_${Math.random().toString(36).slice(2)}`,
},
body: JSON.stringify({ next_url: nextUrl }) body: JSON.stringify({ next_url: nextUrl })
}); });
if (!resp.ok) { if (!resp.ok) {

30
src/pages/api/env.ts
View File

@ -1,33 +1,11 @@
import type { NextApiRequest, NextApiResponse } from 'next'; import type { NextApiRequest, NextApiResponse } from 'next';
export default function handler(req: NextApiRequest, res: NextApiResponse) { export default function handler(req: NextApiRequest, res: NextApiResponse) {
// Endpoint désactivé pour raisons de sécurité
res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate'); res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
const pick = (keys: string[]) => keys.reduce<Record<string, string | undefined>>((acc, k) => { res.status(410).json({
acc[k] = process.env[k]; error: 'Endpoint supprimé pour raisons de sécurité',
return acc; code: 'ENV_ENDPOINT_REMOVED',
}, {});
const clientKeys = [
'NEXT_PUBLIC_4NK_URL',
'NEXT_PUBLIC_4NK_IFRAME_URL',
'NEXT_PUBLIC_BACK_BASE',
'NEXT_PUBLIC_IDNOT_BASE_URL',
'NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT',
'NEXT_PUBLIC_IDNOT_CLIENT_ID',
'NEXT_PUBLIC_IDNOT_REDIRECT_URI',
'NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED',
'NEXT_PUBLIC_BACK_API_PROTOCOL',
'NEXT_PUBLIC_BACK_API_HOST',
'NEXT_PUBLIC_BACK_API_PORT',
'NEXT_PUBLIC_BACK_API_ROOT_URL',
'NEXT_PUBLIC_BACK_API_VERSION',
'NEXT_PUBLIC_API_URL',
'NEXT_PUBLIC_DEFAULT_VALIDATOR_ID',
'NEXT_PUBLIC_DEFAULT_STORAGE_URLS',
];
res.status(200).json({
time: new Date().toISOString(), time: new Date().toISOString(),
client: pick(clientKeys),
}); });
} }