42_INT_14_transcendence/README.md

CONFLICT srcs/requirements/nestjs/api_back/src/friendship/friendship.service.ts


### Pour lancer le docker :

- Il faut un fichier .env qu'on ne doit pas push, donc je ne le push pas.
- Pour l'instant, on doit donc le faire à la main (je verrai par la suite comment faire mieux).
- Dans le .env il y a juste à mettre (sans les guillemets) "NODE_ENV=development" ou "NODE_ENV=production".
- Il faut le placer au même endroit que docker-compose.yml
- Dans le makefile il y a un sedf pour changer l'un ou l'autre.

- also add an alias for transcendance in /etc/hosts



### TODO List : Utilisateur édition.

- [x] Utilisateur : faire la base pour un utilisateur
- [x] Utilisateur : faire le système de requêtes amis
- [x] Utilisateur : mettre en place le système de session (voire de statut ?)
- [x] Utilisateur : mettre en place le système d'avatar
- [x] Utilisateur : mettre en place la double authentification
- [x] Utilisateur : mettre en place le système d'Oauth
- [x] Utilisateur : mettre en place la hashage de mot de passe (avec Oauth)
- [x] Utilisateur : mettre en place le système de statut
- [x] Utilisateur : mettre en place le système de stats
- [x] Utilisateur : mettre en place l'historique des matches

### TODO List : Docker édition.

- [ ] Docker : trouver un moyen simple de générer un .env. Peut-être renouveller les clé à chaque lancement.


---

## instructions :

#### global instructions :

- [ ] backend in NestJs
- [ ] frontend any TypeScript framework
- [ ] latest stable version of any library or framework used
- [ ] use only PostgreSQL db
- [ ] single page application
- [ ] navigator back and forward button working
- [ ] works on last Chrome and another browser
- [ ] launch with "docker-compose up --build", put in sgoinfre, in rootless mode
- [ ] can't use bind-mount volumes :
	1. docker in VM ?
	2. rebuild after changes ?
	3. craft own imags with root as unique UID

#### security concerns :

- [ ] hash every passwords in db
- [ ] protection against SQL injections
- [ ] server-side validation of users inputs
- [ ] store credentials in local .env git-ignored

#### user account :

- [ ] login with 42 intranet OAuth system
- [ ] user can choose name, avatar, 2fa (ex texto or Google Authenticator)
- [ ] display user name on site
- [ ] user default avatar if not chosen
- [ ] user can add friends, and see status (online/offline, in game, ...)
- [ ] display stats on user profile (wins, losses, ladderm levelm achievements, ...)
- [ ] public match history (lvl games, ladder, ...)

#### chat :

- [ ] can create chat-rooms (public/private, password protected)
- [ ] send direct messages
- [ ] block other users
- [ ] creators of chat-room are owners, untill they leave
- [ ] chat-room owner can set, change, remove password
- [ ] chat-room owner is administrator and can set other administrators
- [ ] administrators can ban or mute for a time other users
- [ ] send game invitation in chat
- [ ] view user profiles from chat

#### game :

- [ ] play pong with others on website
- [ ] matchmaking system : join a queue untill automatic match
- [ ] faithfull to original pong (1972)
- [ ] customs options (powers up, multiple maps, ...), with a default one
- [ ] reponsive
- [ ] can watch other matchs


---
## Resources

- [routes back](https://semestriel.framapad.org/p/z5gqbq51dx-9xlo?lang=fr)

### error msg
- [rollup packages did not export](https://stackoverflow.com/questions/69768925/rollup-plugin-svelte-the-following-packages-did-not-export-their-package-json)

### Svelte
- [The Official Svelte Tutorial](https://svelte.dev/tutorial/basics)
- SPA Svelte Article [Build a single-page application in Svelte with svelte-spa-router](https://blog.logrocket.com/build-spa-svelte-svelte-spa-router/)
- [An excellent Svelt Tutorial video series](https://www.youtube.com/watch?v=zojEMeQGGHs&list=PL4cUxeGkcC9hlbrVO_2QFVqVPhlZmz7tO&index=2)
- to check svelte logs, do a 'docker logs --follow <container-id>'

### nestjs
- [linkedin clone angular nestjs](https://www.youtube.com/watch?v=gL3D-MIt_G8&list=PL9_OU-1M9E_ut3NA04C4eHZuuAFQOUwT0&index=1)
- [nestjs crash course](https://www.youtube.com/watch?v=vGafqCNCCSs)

### websocket
- [game networking](https://gafferongames.com/post/what_every_programmer_needs_to_know_about_game_networking/)
- [client-server game architecture](https://www.gabrielgambetta.com/client-server-game-architecture.html)
- [websocket api mozilla doc](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API)
- [websocket rfc](https://www.rfc-editor.org/rfc/rfc6455.html)
- [ws doc npm](https://www.npmjs.com/package/ws)
- [exemple chat implementation](https://github.com/mdn/samples-server/tree/master/s/websocket-chat)
- [websocket and nginx](https://www.nginx.com/blog/websocket-nginx/)

### css
- [separation of concern](https://adamwathan.me/css-utility-classes-and-separation-of-concerns/)
- [decoupling css and html](https://www.smashingmagazine.com/2012/04/decoupling-html-from-css/)

### security
- [xss attack with innerHTML](https://gomakethings.com/a-safer-alternative-to-innerhtml-with-vanilla-js/)
- [xss attack innerHTML prevention](https://stackoverflow.com/questions/30661497/xss-prevention-and-innerhtml)
- [xss attack prevention with createTextNode](https://stackoverflow.com/questions/11654555/is-createtextnode-completely-safe-from-html-injection-xss)
- [xss attacks prevention in svelte](https://stackoverflow.com/questions/74931516/in-svete-what-to-use-instead-of-html-to-avoid-xss-attacks/74932137)

### installation
- [node and npm with nvm](https://github.com/nvm-sh/nvm)
- [docker](https://github.com/docker/docker-install)



---
## http status :

```
- '100': 'CONTINUE',
- '101': 'SWITCHING_PROTOCOLS',
- '102': 'PROCESSING',
- '103': 'EARLYHINTS',
- '200': 'OK',
- '201': 'CREATED',
- '202': 'ACCEPTED',
- '203': 'NON_AUTHORITATIVE_INFORMATION',
- '204': 'NO_CONTENT',
- '205': 'RESET_CONTENT',
- '206': 'PARTIAL_CONTENT',
- '300': 'AMBIGUOUS',
- '301': 'MOVED_PERMANENTLY',
- '302': 'FOUND',
- '303': 'SEE_OTHER',
- '304': 'NOT_MODIFIED',
- '307': 'TEMPORARY_REDIRECT',
- '308': 'PERMANENT_REDIRECT',
- '400': 'BAD_REQUEST',
- '401': 'UNAUTHORIZED',
- '402': 'PAYMENT_REQUIRED',
- '403': 'FORBIDDEN',
- '404': 'NOT_FOUND',
- '405': 'METHOD_NOT_ALLOWED',
- '406': 'NOT_ACCEPTABLE',
- '407': 'PROXY_AUTHENTICATION_REQUIRED',
- '408': 'REQUEST_TIMEOUT',
- '409': 'CONFLICT',
- '410': 'GONE',
- '411': 'LENGTH_REQUIRED',
- '412': 'PRECONDITION_FAILED',
- '413': 'PAYLOAD_TOO_LARGE',
- '414': 'URI_TOO_LONG',
- '415': 'UNSUPPORTED_MEDIA_TYPE',
- '416': 'REQUESTED_RANGE_NOT_SATISFIABLE',
- '417': 'EXPECTATION_FAILED',
- '418': 'I_AM_A_TEAPOT',
- '421': 'MISDIRECTED',
- '422': 'UNPROCESSABLE_ENTITY',
- '424': 'FAILED_DEPENDENCY',
- '428': 'PRECONDITION_REQUIRED',
- '429': 'TOO_MANY_REQUESTS',
- '500': 'INTERNAL_SERVER_ERROR',
- '501': 'NOT_IMPLEMENTED',
- '502': 'BAD_GATEWAY',
- '503': 'SERVICE_UNAVAILABLE',
- '504': 'GATEWAY_TIMEOUT',
- '505': 'HTTP_VERSION_NOT_SUPPORTED',
- CONTINUE: 100,
- SWITCHING_PROTOCOLS: 101,
- PROCESSING: 102,
- EARLYHINTS: 103,
- OK: 200,
- CREATED: 201,
- ACCEPTED: 202,
- NON_AUTHORITATIVE_INFORMATION: 203,
- NO_CONTENT: 204,
- RESET_CONTENT: 205,
- PARTIAL_CONTENT: 206,
- AMBIGUOUS: 300,
- MOVED_PERMANENTLY: 301,
- FOUND: 302,
- SEE_OTHER: 303,
- NOT_MODIFIED: 304,
- TEMPORARY_REDIRECT: 307,
- PERMANENT_REDIRECT: 308,
- BAD_REQUEST: 400,
- UNAUTHORIZED: 401,
- PAYMENT_REQUIRED: 402,
- FORBIDDEN: 403,
- NOT_FOUND: 404,
- METHOD_NOT_ALLOWED: 405,
- NOT_ACCEPTABLE: 406,
- PROXY_AUTHENTICATION_REQUIRED: 407,
- REQUEST_TIMEOUT: 408,
- CONFLICT: 409,
- GONE: 410,
- LENGTH_REQUIRED: 411,
- PRECONDITION_FAILED: 412,
- PAYLOAD_TOO_LARGE: 413,
- URI_TOO_LONG: 414,
- UNSUPPORTED_MEDIA_TYPE: 415,
- REQUESTED_RANGE_NOT_SATISFIABLE: 416,
- EXPECTATION_FAILED: 417,
- I_AM_A_TEAPOT: 418,
- MISDIRECTED: 421,
- UNPROCESSABLE_ENTITY: 422,
- FAILED_DEPENDENCY: 424,
- PRECONDITION_REQUIRED: 428,
- TOO_MANY_REQUESTS: 429,
- INTERNAL_SERVER_ERROR: 500,
- NOT_IMPLEMENTED: 501,
- BAD_GATEWAY: 502,
- SERVICE_UNAVAILABLE: 503,
- GATEWAY_TIMEOUT: 504,
- HTTP_VERSION_NOT_SUPPORTED: 505
```