Refactor AuthenticatedState to store displayName and uid

The AuthenticatedState interface was updated to directly store the
`displayName` and `uid` properties. Previously, it stored the entire
`CasContent` object, which contained these properties along with others
that were not consistently used. This change simplifies the interface
and reduces redundancy.

.gitea/workflows/deploy.yml

@@ -1,27 +0,0 @@
-name: "Build and push image"
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  deploy:
-    name: "Build Docker image"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: registry.docker.polytech.djalim.fr
-          username: ${{ secrets.registry_login }}
-          password: ${{ secrets.registry_pass }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: registry.docker.polytech.djalim.fr/polympr:latest

.github/workflows/main.yml

@@ -24,6 +24,3 @@ jobs:
 
       - name: Check linting
         run: deno lint
-
-      - name: Run tests
-        run: deno test -A --no-check tests/

Dockerfile

@@ -3,7 +3,7 @@ FROM denoland/deno:alpine
 WORKDIR /app
 
 COPY . .
-RUN deno cache main.ts --allow-import
+RUN deno cache main.ts --allow-import flag
 RUN deno task build
 
 USER deno

defaults/interfaces.ts

@@ -3,12 +3,16 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
 
 export interface AuthenticatedState {
   isAuthenticated: true;
-  session: CasContent;
+  isFromPolytech: boolean;
+  role: "etudiant" | "professeur" | "administration" | "autre";
+  displayName: string;
+  uid: string;
   availablePages: Record<string, string>;
 }
 
 interface UnauthenticatedState {
   isAuthenticated: false;
+  isFromPolytech: false;
   session: undefined;
 }
 

deno.json

@@ -9,8 +9,7 @@
     "start": "deno run -A --unstable-ffi --watch=static/,routes/ dev.ts",
     "build": "deno run -A --unstable-ffi dev.ts build",
     "preview": "deno run -A --unstable-ffi main.ts",
-    "update": "deno run -A -r https://fresh.deno.dev/update .",
+    "update": "deno run -A -r https://fresh.deno.dev/update ."
-    "test": "deno test -A --no-check tests/"
   },
   "lint": {
     "rules": {
@@ -36,9 +35,6 @@
     "@preact/signals": "https://esm.sh/*@preact/signals@1.2.2",
     "@preact/signals-core": "https://esm.sh/*@preact/signals-core@1.5.1",
     "$std/": "https://deno.land/std@0.216.0/",
-    "@std/assert": "jsr:@std/assert@^1.0.0",
-    "@std/testing": "jsr:@std/testing@^1.0.0",
-    "happy-dom": "npm:happy-dom@^16.0.0",
     "$root/": "./",
     "$apps/": "./routes/(apps)/"
   },

env.template

@@ -1,2 +0,0 @@
-#Local mode, set to true to access admin pages with any users
-LOCAL=false

fresh.config.ts

@@ -2,7 +2,7 @@ import { defineConfig } from "$fresh/server.ts";
 import ensureDatabases from "$root/databases/ensure.ts";
 import { load } from "@std/dotenv";
 
-await load({ envPath: "./.env", export: true });
+await load({ envPath: "./.env.development.local", export: true });
 await ensureDatabases();
 export default defineConfig({
   server: {

fresh.gen.ts

@@ -19,6 +19,7 @@ import * as $_apps_students_partials_admin_consult from "./routes/(apps)/student
 import * as $_apps_students_partials_admin_upload from "./routes/(apps)/students/partials/(admin)/upload.tsx";
 import * as $_apps_students_partials_index from "./routes/(apps)/students/partials/index.tsx";
 import * as $_apps_students_types_d from "./routes/(apps)/students/types.d.ts";
+import * as $_403 from "./routes/_403.tsx";
 import * as $_404 from "./routes/_404.tsx";
 import * as $_app from "./routes/_app.tsx";
 import * as $_middleware from "./routes/_middleware.ts";
@@ -64,6 +65,7 @@ const manifest = {
     "./routes/(apps)/students/partials/index.tsx":
       $_apps_students_partials_index,
     "./routes/(apps)/students/types.d.ts": $_apps_students_types_d,
+    "./routes/_403.tsx": $_403,
     "./routes/_404.tsx": $_404,
     "./routes/_app.tsx": $_app,
     "./routes/_middleware.ts": $_middleware,

routes/(apps)/_middleware.ts

@@ -23,7 +23,7 @@ export const handler: MiddlewareHandler<AuthenticatedState>[] = [
 
     context.state.availablePages = properties.pages;
     if (
-      context.state.session.eduPersonPrimaryAffiliation == "student" &&
+      context.state.role == "etudiant" &&
       Deno.env.get("LOCAL") != "true"
     ) {
       properties.adminOnly.forEach((page) =>

routes/(apps)/mobility/(_islands)/EditMobility.tsx

@@ -240,7 +240,7 @@ export default function EditMobility() {
           </table>
         </div>
       ))}
-      <button type="button" onClick={handleSave} disabled={isSaving}>
+      <button onClick={handleSave} disabled={isSaving}>
         {isSaving ? "Saving..." : "Confirm"}
       </button>
     </section>

routes/(apps)/mobility/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/(admin)/courses.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Courses(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/index.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/notes/partials/notes.tsx

@@ -7,7 +7,7 @@ import { State } from "$root/routes/_middleware.ts";
 
 // deno-lint-ignore require-await
 async function Notes(_request: Request, context: FreshContext<State>) {
-  return <h2>Welcome to {context.state.session?.displayName}.</h2>;
+  return <h2>Welcome to {context.state.displayName || 'Guest'}.</h2>;
 }
 
 export const config = getPartialsConfig();

routes/(apps)/students/(_components)/Promotion.tsx

@@ -22,7 +22,7 @@ export default function Promotion(props: PromotionProps) {
         <tbody>
           {props.students
             .filter((student) => student.promotionId === props.promo.id)
-            .map((student) => <Student key={student.id} student={student} />)}
+            .map((student) => <Student student={student} />)}
         </tbody>
       </table>
     </div>

routes/(apps)/students/(_islands)/UploadStudents.tsx

@@ -104,7 +104,7 @@ export default function UploadStudents() {
   return (
     <>
       <input type="file" accept=".xlsx, .xls" onChange={handleFileChange} />
-      <button type="button" onClick={confirmUpload}>Confirm Upload</button>
+      <button onClick={confirmUpload}>Confirm Upload</button>
       <p>{statusMessage.value}</p>
     </>
   );

routes/(apps)/students/api/students.ts

@@ -92,9 +92,9 @@ export const handler: Handlers<null, AuthenticatedState> = {
     using connection = connect("students");
     const database = connection.database;
 
-    if (context.state.session.eduPersonPrimaryAffiliation == "student") {
+    if (context.state.role == "etudiant") {
       return new Response(
-        JSON.stringify(getItself(database, context.state.session.uid)),
+        JSON.stringify(getItself(database, context.state.uid)),
         {
           headers: {
             "content-type": "application/json",

routes/(apps)/students/partials/index.tsx

@@ -8,13 +8,7 @@ import SelfPortrait from "$root/routes/(apps)/students/(_components)/SelfPortrai
 
 // deno-lint-ignore require-await
 export async function Index(_request: Request, context: FreshContext<State>) {
-  return (
+  return <h2>Welcome {context.state.displayName || 'Guest'}!</h2>;
-    <>
-      <h2>Welcome {context.state.session?.givenName}!</h2>
-      <h3>Your amU identity</h3>
-      <SelfPortrait self={context.state.session!} />
-    </>
-  );
 }
 
 export const config = getPartialsConfig();

routes/_403.tsx

@@ -0,0 +1,12 @@
+import { Head } from "$fresh/runtime.ts";
+
+export default function Error403() {
+  return (
+    <>
+      <Head>
+        <title>403 - Forbidden</title>
+      </Head>
+      <p>403</p>
+    </>
+  );
+}

routes/_middleware.ts

@@ -44,6 +44,7 @@ export function getKey(user: string): string {
 export const handler: MiddlewareHandler<State>[] = [
   /**
    * Check if user is authenticated and add session to context accordingly.
+   * Only authenticated users who are members of Polytech are allowed.
    * @param request The HTTP incomming request.
    * @param context The Fresh context object with custom `State`.
    * @returns The response from the next middleware.
@@ -55,6 +56,7 @@ export const handler: MiddlewareHandler<State>[] = [
     const cookies = getCookies(request.headers);
     if (!cookies["sessionToken"]) {
       context.state.isAuthenticated = false;
+      context.state.isFromPolytech = false;
       return await context.next();
     }
 
@@ -67,9 +69,27 @@ export const handler: MiddlewareHandler<State>[] = [
     );
 
     if (context.state.isAuthenticated) {
+
       const session: CasContent =
         (getJwtPayload(cookies["sessionToken"]) as LoginJWT).user;
-      context.state.session = session;
+
+      const isFromPolytech = session.amuComposante.includes("polytech");
+      context.state.isFromPolytech = isFromPolytech;
+
+      if (isFromPolytech) {
+        context.state.displayName = session.displayName;
+        context.state.uid = session.uid;
+
+        if (session.eduPersonPrimaryAffiliation == "faculty") {
+          context.state.role = "professeur"
+        } else if (session.eduPersonPrimaryAffiliation == "employee") {
+          context.state.role = "administration"
+        } else if (session.eduPersonPrimaryAffiliation == "student") {
+          context.state.role = "etudiant";
+        } else {
+          context.state.role = "autre";
+        }
+      }
     }
 
     return await context.next();
@@ -87,13 +107,24 @@ export const handler: MiddlewareHandler<State>[] = [
   ): Promise<Response> {
     const url = new URL(request.url);
 
-    if (!isRoutePublic(url.pathname) && !context.state.isAuthenticated) {
+    if (!isRoutePublic(url.pathname)) {
-      return new Response(null, {
+      if (!context.state.isAuthenticated) {
-        status: 302,
+        return new Response(null, {
-        headers: {
+          status: 302,
-          Location: "/login",
+          headers: {
-        },
+            Location: "/login",
-      });
+          },
+        });
+      }
+
+      if (!context.state.isFromPolytech) {
+        return new Response(null, {
+          status: 403,
+          headers: {
+            Location: "/403",
+          },
+        });
+      }
     }
 
     return await context.next();

tests/helpers/api_mock.ts

@@ -1,56 +0,0 @@
-// Mock de fetch() pour les tests
-
-// deno-lint-ignore no-explicit-any
-let _originalFetch: ((input: any, init?: any) => Promise<Response>) | null =
-  null;
-
-/**
- * Remplace globalThis.fetch par un mock qui retourne des réponses
- * pré-configurées selon l'URL.
- *
- * @param routes - Map URL pattern → données de réponse (sera sérialisé en JSON)
- */
-export function mockFetch(
-  routes: Record<string, unknown>,
-): void {
-  _originalFetch = globalThis.fetch;
-
-  globalThis.fetch = (
-    input: string | URL | Request,
-    _init?: RequestInit,
-  ): Promise<Response> => {
-    const url = typeof input === "string"
-      ? input
-      : input instanceof URL
-      ? input.toString()
-      : input.url;
-
-    for (const [pattern, data] of Object.entries(routes)) {
-      if (url.includes(pattern)) {
-        return Promise.resolve(
-          new Response(JSON.stringify(data), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          }),
-        );
-      }
-    }
-
-    return Promise.resolve(
-      new Response(JSON.stringify({ error: "Not Found" }), {
-        status: 404,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-  };
-}
-
-/**
- * Restaure le fetch original.
- */
-export function restoreFetch(): void {
-  if (_originalFetch) {
-    globalThis.fetch = _originalFetch;
-    _originalFetch = null;
-  }
-}

tests/helpers/fixtures.ts

@@ -1,107 +0,0 @@
-// Types et données de test pour l'API PolyMPR
-
-export interface Student {
-  numEtud: number;
-  nom: string;
-  prenom: string;
-  idPromo: number;
-}
-
-export interface Promotion {
-  idPromo: number;
-  annee: string;
-}
-
-export interface Prof {
-  id: number;
-  nom: string;
-  prenom: string;
-}
-
-export interface Module {
-  id: number;
-  nom: string;
-}
-
-export interface Note {
-  note: number;
-  numEtud: number;
-  idModule: number;
-}
-
-export interface UE {
-  id: number;
-  nom: string;
-}
-
-export interface UeModule {
-  idModule: number;
-  idUE: number;
-  idPromo: number;
-  coeff: number;
-}
-
-export interface Enseignement {
-  idProf: number;
-  idModule: number;
-  idPromo: number;
-}
-
-export interface Ajustement {
-  numEtud: number;
-  idUE: number;
-  valeur: number;
-}
-
-// --- Fixtures ---
-
-export const students: Student[] = [
-  { numEtud: 1, nom: "Dupont", prenom: "Alice", idPromo: 1 },
-  { numEtud: 2, nom: "Martin", prenom: "Bob", idPromo: 1 },
-  { numEtud: 3, nom: "Durand", prenom: "Claire", idPromo: 2 },
-];
-
-export const promotions: Promotion[] = [
-  { idPromo: 1, annee: "2025-2026" },
-  { idPromo: 2, annee: "2024-2025" },
-];
-
-export const profs: Prof[] = [
-  { id: 1, nom: "Leclerc", prenom: "Jean" },
-  { id: 2, nom: "Moreau", prenom: "Sophie" },
-];
-
-export const modules: Module[] = [
-  { id: 1, nom: "Mathématiques" },
-  { id: 2, nom: "Informatique" },
-  { id: 3, nom: "Physique" },
-];
-
-export const notes: Note[] = [
-  { note: 15, numEtud: 1, idModule: 1 },
-  { note: 12, numEtud: 1, idModule: 2 },
-  { note: 18, numEtud: 2, idModule: 1 },
-  { note: 9, numEtud: 3, idModule: 3 },
-];
-
-export const ues: UE[] = [
-  { id: 1, nom: "Sciences fondamentales" },
-  { id: 2, nom: "Sciences appliquées" },
-];
-
-export const ueModules: UeModule[] = [
-  { idModule: 1, idUE: 1, idPromo: 1, coeff: 3 },
-  { idModule: 2, idUE: 2, idPromo: 1, coeff: 4 },
-  { idModule: 3, idUE: 1, idPromo: 2, coeff: 2 },
-];
-
-export const enseignements: Enseignement[] = [
-  { idProf: 1, idModule: 1, idPromo: 1 },
-  { idProf: 2, idModule: 2, idPromo: 1 },
-  { idProf: 1, idModule: 3, idPromo: 2 },
-];
-
-export const ajustements: Ajustement[] = [
-  { numEtud: 1, idUE: 1, valeur: 0.5 },
-  { numEtud: 3, idUE: 1, valeur: -1 },
-];

tests/helpers/render.ts

@@ -1,55 +0,0 @@
-// Setup happy-dom + wrapper render pour les tests de composants Preact
-
-import { Window } from "happy-dom";
-
-let _window: Window | null = null;
-
-/**
- * Initialise un environnement DOM virtuel via happy-dom.
- * À appeler avant de rendre des composants Preact dans les tests.
- */
-export function setupDOM(): void {
-  _window = new Window({ url: "http://localhost" });
-
-  // Expose les globals DOM nécessaires à Preact
-  const globals = _window as unknown as Record<string, unknown>;
-  const target = globalThis as unknown as Record<string, unknown>;
-
-  for (
-    const key of [
-      "document",
-      "navigator",
-      "location",
-      "HTMLElement",
-      "HTMLInputElement",
-      "HTMLTextAreaElement",
-      "HTMLSelectElement",
-      "Event",
-      "CustomEvent",
-      "KeyboardEvent",
-      "MouseEvent",
-      "InputEvent",
-      "MutationObserver",
-      "requestAnimationFrame",
-      "cancelAnimationFrame",
-    ]
-  ) {
-    target[key] = globals[key];
-  }
-
-  target["window"] = _window;
-}
-
-/**
- * Nettoie l'environnement DOM.
- * À appeler dans un afterEach ou à la fin d'un test.
- */
-export function cleanupDOM(): void {
-  if (_window) {
-    const doc = _window.document;
-    doc.body.innerHTML = "";
-    doc.head.innerHTML = "";
-    _window.close();
-    _window = null;
-  }
-}

tests/unit/example_test.ts

@@ -1,61 +0,0 @@
-import { assertEquals, assertExists } from "@std/assert";
-import { mockFetch, restoreFetch } from "../helpers/api_mock.ts";
-import { notes, students } from "../helpers/fixtures.ts";
-import { cleanupDOM, setupDOM } from "../helpers/render.ts";
-
-Deno.test("fixtures - students have expected shape", () => {
-  assertEquals(students.length, 3);
-  assertEquals(students[0].nom, "Dupont");
-  assertExists(students[0].numEtud);
-});
-
-Deno.test("mockFetch - returns mocked data for matching route", async () => {
-  mockFetch({
-    "/students": students,
-    "/notes": notes,
-  });
-
-  try {
-    const res = await fetch("http://localhost/api/students");
-    assertEquals(res.status, 200);
-
-    const data = await res.json();
-    assertEquals(data.length, 3);
-    assertEquals(data[0].nom, "Dupont");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("mockFetch - returns 404 for unknown routes", async () => {
-  mockFetch({});
-
-  try {
-    const res = await fetch("http://localhost/api/unknown");
-    assertEquals(res.status, 404);
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test({
-  name: "happy-dom - document is available after setup",
-  sanitizeResources: false,
-  sanitizeOps: false,
-  fn() {
-  setupDOM();
-
-  try {
-    const doc = globalThis.document;
-    assertExists(doc);
-
-    const div = doc.createElement("div");
-    div.textContent = "hello";
-    doc.body.appendChild(div);
-
-    assertEquals(doc.body.textContent, "hello");
-  } finally {
-    cleanupDOM();
-  }
-  },
-});