42_INT_14_transcendence/README.md

- CONFLICT srcs/requirements/svelte/api_front/public/build/bundle.js
- CONFLICT srcs/requirements/svelte/api_front/public/build/bundle.js.map


### Pour lancer le docker :

- Il faut un fichier .env qu'on ne doit pas push, donc je ne le push pas.
- Pour l'instant, on doit donc le faire à la main (je verrai par la suite comment faire mieux).
- Dans le .env il y a juste à mettre (sans les guillemets) "NODE_ENV=development" ou "NODE_ENV=production".
- Il faut le placer au même endroit que docker-compose.yml
- Dans le makefile il y a un sedf pour changer l'un ou l'autre.

- also add an alias for transcendance in /etc/hosts



### TODO List : Utilisateur édition.

- [x] Utilisateur : faire la base pour un utilisateur
- [x] Utilisateur : faire le système de requêtes amis
- [x] Utilisateur : mettre en place le système de session (voire de statut ?)
- [x] Utilisateur : mettre en place le système d'avatar
- [x] Utilisateur : mettre en place la double authentification
- [x] Utilisateur : mettre en place le système d'Oauth
- [x] Utilisateur : mettre en place la hashage de mot de passe (avec Oauth)
- [x] Utilisateur : mettre en place le système de statut
- [x] Utilisateur : mettre en place le système de stats
- [x] Utilisateur : mettre en place l'historique des matches

### TODO List : Docker édition.

- [ ] Docker : trouver un moyen simple de générer un .env. Peut-être renouveller les clé à chaque lancement.


---

## instructions :

#### global instructions :

- [ ] backend in NestJs
- [ ] frontend any TypeScript framework
- [ ] latest stable version of any library or framework used
- [ ] use only PostgreSQL db
- [ ] single page application
- [ ] navigator back and forward button working
- [ ] works on last Chrome and another browser
- [ ] launch with "docker-compose up --build", put in sgoinfre, in rootless mode
- [ ] can't use bind-mount volumes :
	1. docker in VM ?
	2. rebuild after changes ?
	3. craft own imags with root as unique UID

#### security concerns :

- [ ] hash every passwords in db
- [ ] protection against SQL injections
- [ ] server-side validation of users inputs
- [ ] store credentials in local .env git-ignored

#### user account :

- [ ] login with 42 intranet OAuth system
- [ ] user can choose name, avatar, 2fa (ex texto or Google Authenticator)
- [ ] display user name on site
- [ ] user default avatar if not chosen
- [ ] user can add friends, and see status (online/offline, in game, ...)
- [ ] display stats on user profile (wins, losses, ladderm levelm achievements, ...)
- [ ] public match history (lvl games, ladder, ...)

#### chat :

- [ ] can create chat-rooms (public/private, password protected)
- [ ] send direct messages
- [ ] block other users
- [ ] creators of chat-room are owners, untill they leave
- [ ] chat-room owner can set, change, remove password
- [ ] chat-room owner is administrator and can set other administrators
- [ ] administrators can ban or mute for a time other users
- [ ] send game invitation in chat
- [ ] view user profiles from chat

#### game :

- [ ] play pong with others on website
- [ ] matchmaking system : join a queue untill automatic match
- [ ] faithfull to original pong (1972)
- [ ] customs options (powers up, multiple maps, ...), with a default one
- [ ] reponsive
- [ ] can watch other matchs


---
## Resources

- [routes back](https://semestriel.framapad.org/p/z5gqbq51dx-9xlo?lang=fr)

### error msg
- [rollup packages did not export](https://stackoverflow.com/questions/69768925/rollup-plugin-svelte-the-following-packages-did-not-export-their-package-json)

### Svelte
- [The Official Svelte Tutorial](https://svelte.dev/tutorial/basics)
- SPA Svelte Article [Build a single-page application in Svelte with svelte-spa-router](https://blog.logrocket.com/build-spa-svelte-svelte-spa-router/)
- [An excellent Svelt Tutorial video series](https://www.youtube.com/watch?v=zojEMeQGGHs&list=PL4cUxeGkcC9hlbrVO_2QFVqVPhlZmz7tO&index=2)
- to check svelte logs, do a 'docker logs --follow <container-id>'

### nestjs
- [linkedin clone angular nestjs](https://www.youtube.com/watch?v=gL3D-MIt_G8&list=PL9_OU-1M9E_ut3NA04C4eHZuuAFQOUwT0&index=1)
- [nestjs crash course](https://www.youtube.com/watch?v=vGafqCNCCSs)

### websocket
- [game networking](https://gafferongames.com/post/what_every_programmer_needs_to_know_about_game_networking/)
- [client-server game architecture](https://www.gabrielgambetta.com/client-server-game-architecture.html)
- [websocket api mozilla doc](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API)
- [websocket rfc](https://www.rfc-editor.org/rfc/rfc6455.html)
- [ws doc npm](https://www.npmjs.com/package/ws)
- [exemple chat implementation](https://github.com/mdn/samples-server/tree/master/s/websocket-chat)
- [websocket and nginx](https://www.nginx.com/blog/websocket-nginx/)

### css
- [separation of concern](https://adamwathan.me/css-utility-classes-and-separation-of-concerns/)
- [decoupling css and html](https://www.smashingmagazine.com/2012/04/decoupling-html-from-css/)

### security
- [xss attack with innerHTML](https://gomakethings.com/a-safer-alternative-to-innerhtml-with-vanilla-js/)
- [xss attack innerHTML prevention](https://stackoverflow.com/questions/30661497/xss-prevention-and-innerhtml)
- [xss attack prevention with createTextNode](https://stackoverflow.com/questions/11654555/is-createtextnode-completely-safe-from-html-injection-xss)
- [xss attacks prevention in svelte](https://stackoverflow.com/questions/74931516/in-svete-what-to-use-instead-of-html-to-avoid-xss-attacks/74932137)

### installation
- [node and npm with nvm](https://github.com/nvm-sh/nvm)
- [docker](https://github.com/docker/docker-install)



---
## hugo

- in Chat.svelte, import of socket is not always defined becaus async, tried to solve that in onMount but no luck