CONFLICT srcs/requirements/nestjs/api_back/src/friendship/friendship.service.ts ### Pour lancer le docker : - Il faut un fichier .env qu'on ne doit pas push, donc je ne le push pas. - Pour l'instant, on doit donc le faire à la main (je verrai par la suite comment faire mieux). - Dans le .env il y a juste à mettre (sans les guillemets) "NODE_ENV=development" ou "NODE_ENV=production". - Il faut le placer au même endroit que docker-compose.yml - Dans le makefile il y a un sedf pour changer l'un ou l'autre. - also add an alias for transcendance in /etc/hosts ### TODO List : Utilisateur édition. - [x] Utilisateur : faire la base pour un utilisateur - [x] Utilisateur : faire le système de requêtes amis - [x] Utilisateur : mettre en place le système de session (voire de statut ?) - [x] Utilisateur : mettre en place le système d'avatar - [x] Utilisateur : mettre en place la double authentification - [x] Utilisateur : mettre en place le système d'Oauth - [x] Utilisateur : mettre en place la hashage de mot de passe (avec Oauth) - [x] Utilisateur : mettre en place le système de statut - [x] Utilisateur : mettre en place le système de stats - [x] Utilisateur : mettre en place l'historique des matches ### TODO List : Docker édition. - [ ] Docker : trouver un moyen simple de générer un .env. Peut-être renouveller les clé à chaque lancement. --- ## instructions : #### global instructions : - [ ] backend in NestJs - [ ] frontend any TypeScript framework - [ ] latest stable version of any library or framework used - [ ] use only PostgreSQL db - [ ] single page application - [ ] navigator back and forward button working - [ ] works on last Chrome and another browser - [ ] launch with "docker-compose up --build", put in sgoinfre, in rootless mode - [ ] can't use bind-mount volumes : 1. docker in VM ? 2. rebuild after changes ? 3. craft own imags with root as unique UID #### security concerns : - [ ] hash every passwords in db - [ ] protection against SQL injections - [ ] server-side validation of users inputs - [ ] store credentials in local .env git-ignored #### user account : - [ ] login with 42 intranet OAuth system - [ ] user can choose name, avatar, 2fa (ex texto or Google Authenticator) - [ ] display user name on site - [ ] user default avatar if not chosen - [ ] user can add friends, and see status (online/offline, in game, ...) - [ ] display stats on user profile (wins, losses, ladderm levelm achievements, ...) - [ ] public match history (lvl games, ladder, ...) #### chat : - [ ] can create chat-rooms (public/private, password protected) - [ ] send direct messages - [ ] block other users - [ ] creators of chat-room are owners, untill they leave - [ ] chat-room owner can set, change, remove password - [ ] chat-room owner is administrator and can set other administrators - [ ] administrators can ban or mute for a time other users - [ ] send game invitation in chat - [ ] view user profiles from chat #### game : - [ ] play pong with others on website - [ ] matchmaking system : join a queue untill automatic match - [ ] faithfull to original pong (1972) - [ ] customs options (powers up, multiple maps, ...), with a default one - [ ] reponsive - [ ] can watch other matchs --- ## Resources - [routes back](https://semestriel.framapad.org/p/z5gqbq51dx-9xlo?lang=fr) ### error msg - [rollup packages did not export](https://stackoverflow.com/questions/69768925/rollup-plugin-svelte-the-following-packages-did-not-export-their-package-json) ### Svelte - [The Official Svelte Tutorial](https://svelte.dev/tutorial/basics) - SPA Svelte Article [Build a single-page application in Svelte with svelte-spa-router](https://blog.logrocket.com/build-spa-svelte-svelte-spa-router/) - [An excellent Svelt Tutorial video series](https://www.youtube.com/watch?v=zojEMeQGGHs&list=PL4cUxeGkcC9hlbrVO_2QFVqVPhlZmz7tO&index=2) - to check svelte logs, do a 'docker logs --follow ' ### nestjs - [linkedin clone angular nestjs](https://www.youtube.com/watch?v=gL3D-MIt_G8&list=PL9_OU-1M9E_ut3NA04C4eHZuuAFQOUwT0&index=1) - [nestjs crash course](https://www.youtube.com/watch?v=vGafqCNCCSs) ### websocket - [game networking](https://gafferongames.com/post/what_every_programmer_needs_to_know_about_game_networking/) - [client-server game architecture](https://www.gabrielgambetta.com/client-server-game-architecture.html) - [websocket api mozilla doc](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API) - [websocket rfc](https://www.rfc-editor.org/rfc/rfc6455.html) - [ws doc npm](https://www.npmjs.com/package/ws) - [exemple chat implementation](https://github.com/mdn/samples-server/tree/master/s/websocket-chat) - [websocket and nginx](https://www.nginx.com/blog/websocket-nginx/) ### css - [separation of concern](https://adamwathan.me/css-utility-classes-and-separation-of-concerns/) - [decoupling css and html](https://www.smashingmagazine.com/2012/04/decoupling-html-from-css/) ### security - [xss attack with innerHTML](https://gomakethings.com/a-safer-alternative-to-innerhtml-with-vanilla-js/) - [xss attack innerHTML prevention](https://stackoverflow.com/questions/30661497/xss-prevention-and-innerhtml) - [xss attack prevention with createTextNode](https://stackoverflow.com/questions/11654555/is-createtextnode-completely-safe-from-html-injection-xss) - [xss attacks prevention in svelte](https://stackoverflow.com/questions/74931516/in-svete-what-to-use-instead-of-html-to-avoid-xss-attacks/74932137) ### installation - [node and npm with nvm](https://github.com/nvm-sh/nvm) - [docker](https://github.com/docker/docker-install) --- ## http status : ``` - '100': 'CONTINUE', - '101': 'SWITCHING_PROTOCOLS', - '102': 'PROCESSING', - '103': 'EARLYHINTS', - '200': 'OK', - '201': 'CREATED', - '202': 'ACCEPTED', - '203': 'NON_AUTHORITATIVE_INFORMATION', - '204': 'NO_CONTENT', - '205': 'RESET_CONTENT', - '206': 'PARTIAL_CONTENT', - '300': 'AMBIGUOUS', - '301': 'MOVED_PERMANENTLY', - '302': 'FOUND', - '303': 'SEE_OTHER', - '304': 'NOT_MODIFIED', - '307': 'TEMPORARY_REDIRECT', - '308': 'PERMANENT_REDIRECT', - '400': 'BAD_REQUEST', - '401': 'UNAUTHORIZED', - '402': 'PAYMENT_REQUIRED', - '403': 'FORBIDDEN', - '404': 'NOT_FOUND', - '405': 'METHOD_NOT_ALLOWED', - '406': 'NOT_ACCEPTABLE', - '407': 'PROXY_AUTHENTICATION_REQUIRED', - '408': 'REQUEST_TIMEOUT', - '409': 'CONFLICT', - '410': 'GONE', - '411': 'LENGTH_REQUIRED', - '412': 'PRECONDITION_FAILED', - '413': 'PAYLOAD_TOO_LARGE', - '414': 'URI_TOO_LONG', - '415': 'UNSUPPORTED_MEDIA_TYPE', - '416': 'REQUESTED_RANGE_NOT_SATISFIABLE', - '417': 'EXPECTATION_FAILED', - '418': 'I_AM_A_TEAPOT', - '421': 'MISDIRECTED', - '422': 'UNPROCESSABLE_ENTITY', - '424': 'FAILED_DEPENDENCY', - '428': 'PRECONDITION_REQUIRED', - '429': 'TOO_MANY_REQUESTS', - '500': 'INTERNAL_SERVER_ERROR', - '501': 'NOT_IMPLEMENTED', - '502': 'BAD_GATEWAY', - '503': 'SERVICE_UNAVAILABLE', - '504': 'GATEWAY_TIMEOUT', - '505': 'HTTP_VERSION_NOT_SUPPORTED', - CONTINUE: 100, - SWITCHING_PROTOCOLS: 101, - PROCESSING: 102, - EARLYHINTS: 103, - OK: 200, - CREATED: 201, - ACCEPTED: 202, - NON_AUTHORITATIVE_INFORMATION: 203, - NO_CONTENT: 204, - RESET_CONTENT: 205, - PARTIAL_CONTENT: 206, - AMBIGUOUS: 300, - MOVED_PERMANENTLY: 301, - FOUND: 302, - SEE_OTHER: 303, - NOT_MODIFIED: 304, - TEMPORARY_REDIRECT: 307, - PERMANENT_REDIRECT: 308, - BAD_REQUEST: 400, - UNAUTHORIZED: 401, - PAYMENT_REQUIRED: 402, - FORBIDDEN: 403, - NOT_FOUND: 404, - METHOD_NOT_ALLOWED: 405, - NOT_ACCEPTABLE: 406, - PROXY_AUTHENTICATION_REQUIRED: 407, - REQUEST_TIMEOUT: 408, - CONFLICT: 409, - GONE: 410, - LENGTH_REQUIRED: 411, - PRECONDITION_FAILED: 412, - PAYLOAD_TOO_LARGE: 413, - URI_TOO_LONG: 414, - UNSUPPORTED_MEDIA_TYPE: 415, - REQUESTED_RANGE_NOT_SATISFIABLE: 416, - EXPECTATION_FAILED: 417, - I_AM_A_TEAPOT: 418, - MISDIRECTED: 421, - UNPROCESSABLE_ENTITY: 422, - FAILED_DEPENDENCY: 424, - PRECONDITION_REQUIRED: 428, - TOO_MANY_REQUESTS: 429, - INTERNAL_SERVER_ERROR: 500, - NOT_IMPLEMENTED: 501, - BAD_GATEWAY: 502, - SERVICE_UNAVAILABLE: 503, - GATEWAY_TIMEOUT: 504, - HTTP_VERSION_NOT_SUPPORTED: 505 ```