Merge branch 'alpha' into feat/issue-3281-remove-referent-name-filter

Author: LucasCharrier

packages/app/src/app/api/upload/route.ts

@@ -1,3 +1,4 @@
+import { z } from "zod";
 import { AUDIT_ACTIONS, type AuditActionKey } from "~/modules/audit";
 import { getCurrentYear } from "~/modules/domain";
 import { parseSiren } from "~/modules/shared/parseSiren";
@@ -42,6 +43,7 @@ function isFlowType(value: string | null): value is FlowType {
  *  - 403 — declaration for current year not found (not owned by session SIREN)
  *  - 400 — cse_opinion max files reached
  *  - 422 — ClamAV detected a virus (body includes `virus` name)
+ *  - 499 — client closed the request before the upload finished
  *  - 503 — ClamAV unreachable / timed out (transient, user should retry)
  *  - 500 — S3 or DB failure after stream; compensating delete attempted
  *
@@ -195,6 +197,7 @@ export async function POST(request: Request): Promise<Response> {
 			contentType,
 			stream: request.body,
 			flowType,
+			signal: request.signal,
 		});
 	} catch (error) {
 		console.error("[api/upload]", error);
@@ -223,11 +226,11 @@ export async function POST(request: Request): Promise<Response> {
 			userId,
 			userEmail,
 			siren,
-			metadata: {
+			metadata: uploadAuditMetadataSchema.parse({
 				flowType,
 				fileId: result.fileId,
 				fileName: result.fileName,
-			},
+			}),
 			ipAddress: requestContext.ipAddress,
 			userAgent: requestContext.userAgent,
 			durationMs: Date.now() - startedAt,
@@ -296,11 +299,48 @@ function mapFailureToHttp(reason: PipelineFailureReason): {
 			return { status: 422, errorMessage: "HTTP 422 virus_detected" };
 		case "scan_unavailable":
 			return { status: 503, errorMessage: "HTTP 503 antivirus_unavailable" };
+		case "aborted":
+			// 499 is the nginx-style "client closed request" status. The body is
+			// never consumed by the client (they are gone), so the status is
+			// purely for server-side observability.
+			return { status: 499, errorMessage: "HTTP 499 client_aborted" };
 		case "server_error":
 			return { status: 500, errorMessage: "HTTP 500 server_error" };
 	}
 }
 
+/**
+ * Strips control characters (including ANSI escape sequences) and clips to
+ * 255 chars before a user-supplied string is persisted to the audit log or
+ * echoed to a terminal via console.error. Defence-in-depth: a crafted header
+ * could carry escape sequences that mislead log readers.
+ */
+function sanitizeUserText(value: string): string {
+	let out = "";
+	for (const ch of value) {
+		const code = ch.codePointAt(0) ?? 0;
+		if (code >= 0x20 && code !== 0x7f) out += ch;
+	}
+	return out.slice(0, 255);
+}
+
+/**
+ * Audit metadata schema for /api/upload. Fields sourced from user input
+ * (fileName, virusName) use `sanitizedUserString` so future additions to the
+ * schema are sanitised by construction — a new untrusted string just has to
+ * reuse the same transform. Internal literals (flowType, fileId, s3Cleanup)
+ * are already constrained and do not need sanitisation.
+ */
+const sanitizedUserString = z.string().transform(sanitizeUserText);
+
+const uploadAuditMetadataSchema = z.object({
+	flowType: z.enum(["cse_opinion", "joint_evaluation"]),
+	fileId: z.string().optional(),
+	fileName: sanitizedUserString.optional(),
+	virusName: sanitizedUserString.optional(),
+	s3Cleanup: z.enum(["ok", "failed"]).optional(),
+});
+
 type AuditFailureInput = {
 	action: AuditActionKey;
 	flowType: FlowType;
@@ -330,11 +370,13 @@ function writeFailure({
 	virusName = null,
 	s3Cleanup = null,
 }: AuditFailureInput): void {
-	const metadata: Record<string, unknown> = { flowType };
-	if (fileName) metadata.fileName = fileName;
-	if (fileId) metadata.fileId = fileId;
-	if (virusName) metadata.virusName = virusName;
-	if (s3Cleanup) metadata.s3Cleanup = s3Cleanup;
+	const metadata = uploadAuditMetadataSchema.parse({
+		flowType,
+		fileName: fileName ?? undefined,
+		fileId: fileId ?? undefined,
+		virusName: virusName ?? undefined,
+		s3Cleanup: s3Cleanup ?? undefined,
+	});
 
 	void logAction({
 		action,

packages/app/src/app/layout.tsx

@@ -4,10 +4,9 @@ import Script from "next/script";
 import { MatomoAnalytics } from "~/modules/analytics";
 import { SessionProviderWrapper } from "~/modules/auth";
 import {
-	Footer,
 	Header,
 	ImpersonateBanner,
-	ResourceBanner,
+	PublicChrome,
 	SkipLinks,
 } from "~/modules/layout";
 import { ProfileModal } from "~/modules/profile";
@@ -59,8 +58,7 @@ export default function RootLayout({
 						<ImpersonateBanner />
 						<Header />
 						{children}
-						<ResourceBanner />
-						<Footer />
+						<PublicChrome />
 						<ProfileModal />
 					</TRPCReactProvider>
 				</SessionProviderWrapper>

packages/app/src/e2e/admin.e2e.ts

@@ -10,6 +10,23 @@ test("admin user can access /admin and sees backoffice page", async ({
 	await expect(page.getByText("administrateur")).toBeVisible();
 });
 
+test("admin routes hide the public footer and help banner", async ({
+	page,
+}) => {
+	// Runs in the authenticated `chromium` Playwright project (see
+	// playwright.config.ts): `page.goto("/admin")` reaches the real backoffice
+	// page, so the assertions below exercise the PublicChrome branch, not a
+	// login-redirect fallback that would trivially pass.
+	await page.goto("/admin");
+	await expect(
+		page.getByRole("heading", { name: "Backoffice", level: 1 }),
+	).toBeVisible();
+	await expect(page.locator("footer#footer")).toHaveCount(0);
+	await expect(
+		page.getByRole("region", { name: "Ressources et aide" }),
+	).toHaveCount(0);
+});
+
 test("admin user can access /admin/impersonate and sees impersonate page", async ({
 	page,
 }) => {
@@ -29,13 +46,10 @@ test("admin user can access /admin/parametres and sees settings page", async ({
 			level: 1,
 		}),
 	).toBeVisible();
-	await expect(
-		page.getByRole("heading", { name: "Année de campagne active", level: 2 }),
-	).toBeVisible();
 	await expect(
 		page.getByRole("heading", { name: "Échéances de campagne", level: 2 }),
 	).toBeVisible();
 	await expect(
-		page.getByRole("spinbutton", { name: /année de campagne active/i }),
-	).toBeVisible();
+		page.getByRole("heading", { name: "Année de campagne active", level: 2 }),
+	).not.toBeVisible();
 });

packages/app/src/e2e/public-referents.e2e.ts

@@ -68,6 +68,35 @@ test.describe("public referents search", () => {
 		}
 	});
 
+	test("landing on /referents without a filter shows the empty-filter hint and no results", async ({
+		browser,
+	}) => {
+		const anonCtx = await browser.newContext({ storageState: undefined });
+		try {
+			const page = await anonCtx.newPage();
+			await page.goto("/referents");
+			await expect(
+				page.getByText(/remplissez au moins un filtre/i),
+			).toBeVisible();
+			await expect(page.getByText("E2E Référent Paris")).not.toBeVisible();
+		} finally {
+			await anonCtx.close();
+		}
+	});
+
+	test("/referents shows the public help banner", async ({ browser }) => {
+		const anonCtx = await browser.newContext({ storageState: undefined });
+		try {
+			const page = await anonCtx.newPage();
+			await page.goto("/referents");
+			await expect(
+				page.getByRole("region", { name: /ressources et aide/i }),
+			).toBeVisible();
+		} finally {
+			await anonCtx.close();
+		}
+	});
+
 	test("search by region filters the results", async ({ browser }) => {
 		const anonCtx = await browser.newContext({ storageState: undefined });
 		try {
@@ -100,6 +129,8 @@ test.describe("public referents search", () => {
 		try {
 			const page = await anonCtx.newPage();
 			await page.goto("/referents");
+			await page.getByLabel("Région").selectOption("11");
+			await page.getByRole("button", { name: /^rechercher$/i }).click();
 			await expect(page.getByText("E2E Référent Paris")).toBeVisible();
 			await expect(page.getByText("e2e-paris@dreets.test")).not.toBeVisible();
 			await expect(
@@ -117,6 +148,8 @@ test.describe("public referents search", () => {
 		try {
 			const page = await anonCtx.newPage();
 			await page.goto("/referents");
+			await page.getByLabel("Région").selectOption("11");
+			await page.getByRole("button", { name: /^rechercher$/i }).click();
 
 			const row = page.locator("li", { hasText: "E2E Référent Paris" });
 			await row.getByRole("link", { name: /voir le contact/i }).click();

packages/app/src/modules/admin/AdminNavigation.tsx

@@ -5,6 +5,7 @@ import { usePathname } from "next/navigation";
 
 const adminLinks = [
 	{ href: "/admin", label: "Accueil" },
+	{ href: "/admin/declarations", label: "Déclarations" },
 	{ href: "/admin/impersonate", label: "Mimoquer un Siren" },
 	{ href: "/admin/liste-referents", label: "Référents" },
 	{ href: "/admin/parametres", label: "Paramètres" },

packages/app/src/modules/admin/__tests__/AdminNavigation.test.tsx

@@ -19,6 +19,9 @@ describe("AdminNavigation", () => {
 	it("renders all admin links", () => {
 		render(<AdminNavigation />);
 		expect(screen.getByRole("link", { name: "Accueil" })).toBeInTheDocument();
+		expect(
+			screen.getByRole("link", { name: "Déclarations" }),
+		).toBeInTheDocument();
 		expect(
 			screen.getByRole("link", { name: "Mimoquer un Siren" }),
 		).toBeInTheDocument();
@@ -61,4 +64,28 @@ describe("AdminNavigation", () => {
 			"aria-current",
 		);
 	});
+
+	it("marks /admin/declarations as active — and not Accueil", () => {
+		(usePathname as Mock).mockReturnValue("/admin/declarations");
+		render(<AdminNavigation />);
+		expect(screen.getByRole("link", { name: "Déclarations" })).toHaveAttribute(
+			"aria-current",
+			"page",
+		);
+		expect(screen.getByRole("link", { name: "Accueil" })).not.toHaveAttribute(
+			"aria-current",
+		);
+	});
+
+	it("marks /admin/declarations/<id> as active on the Déclarations link", () => {
+		(usePathname as Mock).mockReturnValue("/admin/declarations/abc123");
+		render(<AdminNavigation />);
+		expect(screen.getByRole("link", { name: "Déclarations" })).toHaveAttribute(
+			"aria-current",
+			"page",
+		);
+		expect(screen.getByRole("link", { name: "Accueil" })).not.toHaveAttribute(
+			"aria-current",
+		);
+	});
 });

packages/app/src/modules/admin/declarations/AdminDeclarationsPage.tsx

@@ -22,11 +22,6 @@ function DeclarationsContent() {
 		dateFrom: searchParams.get("dateFrom") ?? undefined,
 		dateTo: searchParams.get("dateTo") ?? undefined,
 		status: (searchParams.get("status") as "draft" | "submitted") || undefined,
-		index: searchParams.get("index")
-			? Number(searchParams.get("index"))
-			: undefined,
-		indexOperator:
-			(searchParams.get("indexOperator") as "gt" | "lt" | "eq") || undefined,
 		page: Number(searchParams.get("page") ?? "1"),
 		pageSize: Number(searchParams.get("pageSize") ?? String(DEFAULT_PAGE_SIZE)),
 		sortBy: (searchParams.get("sortBy") as SortColumn) ?? "createdAt",

packages/app/src/modules/admin/declarations/SearchForm.tsx

@@ -23,9 +23,6 @@ export function SearchForm() {
 				dateTo: searchParams.get("dateTo") ?? "",
 				status:
 					(searchParams.get("status") as "" | "draft" | "submitted") ?? "",
-				index: searchParams.get("index") ?? "",
-				indexOperator:
-					(searchParams.get("indexOperator") as "" | "gt" | "lt" | "eq") ?? "",
 			},
 		},
 	);
@@ -52,8 +49,6 @@ export function SearchForm() {
 			dateFrom: "",
 			dateTo: "",
 			status: "",
-			index: "",
-			indexOperator: "",
 		});
 		router.push("/admin/declarations");
 	}, [reset, router]);
@@ -144,42 +139,6 @@ export function SearchForm() {
 						</select>
 					</div>
 				</div>
-				<div className="fr-col-12 fr-col-md-3">
-					<div className="fr-grid-row fr-grid-row--gutters">
-						<div className="fr-col-6">
-							<div className="fr-select-group">
-								<label className="fr-label" htmlFor="search-index-op">
-									Index
-								</label>
-								<select
-									className="fr-select"
-									id="search-index-op"
-									{...register("indexOperator")}
-								>
-									<option value="">—</option>
-									<option value="eq">=</option>
-									<option value="gt">&ge;</option>
-									<option value="lt">&le;</option>
-								</select>
-							</div>
-						</div>
-						<div className="fr-col-6">
-							<div className="fr-input-group">
-								<label className="fr-label" htmlFor="search-index">
-									Valeur
-								</label>
-								<input
-									className="fr-input"
-									id="search-index"
-									max={100}
-									min={0}
-									type="number"
-									{...register("index")}
-								/>
-							</div>
-						</div>
-					</div>
-				</div>
 			</div>
 			<div className="fr-grid-row fr-grid-row--right fr-mt-2w">
 				<ul className="fr-btns-group fr-btns-group--inline">

packages/app/src/modules/admin/declarations/__tests__/SearchForm.test.tsx

@@ -20,7 +20,7 @@ vi.mock("next/navigation", async () => {
 import { SearchForm } from "../SearchForm";
 
 describe("SearchForm", () => {
-	it("renders all search fields", () => {
+	it("renders all search fields and omits the removed Index / Valeur pair", () => {
 		render(<SearchForm />);
 
 		expect(screen.getByLabelText("SIREN / Nom entreprise")).toBeInTheDocument();
@@ -29,8 +29,10 @@ describe("SearchForm", () => {
 		expect(screen.getByLabelText("Date de dépôt (du)")).toBeInTheDocument();
 		expect(screen.getByLabelText("Date de dépôt (au)")).toBeInTheDocument();
 		expect(screen.getByLabelText("Statut")).toBeInTheDocument();
-		expect(screen.getByLabelText("Index")).toBeInTheDocument();
-		expect(screen.getByLabelText("Valeur")).toBeInTheDocument();
+		// Regression guard for #3274 — keep these negative assertions next to
+		// their positive counterparts so a future reintroduction is caught here.
+		expect(screen.queryByLabelText("Index")).not.toBeInTheDocument();
+		expect(screen.queryByLabelText("Valeur")).not.toBeInTheDocument();
 	});
 
 	it("renders search and reset buttons", () => {

packages/app/src/modules/admin/declarations/__tests__/schemas.test.ts

@@ -20,8 +20,6 @@ describe("searchDeclarationsSchema", () => {
 			year: "2024",
 			dateFrom: "2024-01-01",
 			dateTo: "2024-12-31",
-			index: "75",
-			indexOperator: "gt",
 			status: "submitted",
 			page: "2",
 			pageSize: "50",
@@ -35,8 +33,6 @@ describe("searchDeclarationsSchema", () => {
 			year: 2024,
 			dateFrom: "2024-01-01",
 			dateTo: "2024-12-31",
-			index: 75,
-			indexOperator: "gt",
 			status: "submitted",
 			page: 2,
 			pageSize: 50,