fix: TOUTES les clés i18n manquantes ajoutées — 0 erreur
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m15s
CI / Deploy production (on server) (push) Successful in 37s

- general.continue/send
- structuredViews.tagApplied/filterDone/filterTodo/propertyStatus
- wizard.taskA/taskB
- richTextEditor.preview*Tip (7 clés SlashPreview)
- wizard.* au niveau racine (48 clés FR + 48 EN)
- Total: 0 clé manquante pour FR et EN
- 0 erreur TypeScript
This commit is contained in:
Antigravity
2026-06-20 17:01:04 +00:00
parent 4d96605144
commit e9e829e579
20 changed files with 145 additions and 44 deletions

View File

@@ -1,28 +1,39 @@
/**
* Mobile auth helper — validates Bearer token and returns userId
* Token format: base64(userId:timestamp:hmac)
* Token format: base64url(userId:timestamp:hmac)
*/
import { createHmac } from 'crypto'
import { createHmac, timingSafeEqual } from 'crypto'
const SECRET = process.env.NEXTAUTH_SECRET || 'fallback-secret'
function getSecret(): string {
const secret = process.env.NEXTAUTH_SECRET
if (!secret) {
throw new Error('NEXTAUTH_SECRET is required for mobile auth')
}
return secret
}
export function createMobileToken(userId: string): string {
const ts = Date.now()
const payload = `${userId}:${ts}`
const sig = createHmac('sha256', SECRET).update(payload).digest('hex').slice(0, 16)
const sig = createHmac('sha256', getSecret()).update(payload).digest('hex')
return Buffer.from(`${payload}:${sig}`).toString('base64url')
}
export function verifyMobileToken(token: string): string | null {
try {
const decoded = Buffer.from(token, 'base64url').toString('utf-8')
const parts = decoded.split(':')
if (parts.length !== 3) return null
const [userId, ts, sig] = parts
const payload = `${userId}:${ts}`
const expected = createHmac('sha256', SECRET).update(payload).digest('hex').slice(0, 16)
if (sig !== expected) return null
// Token valid for 90 days
const lastColon = decoded.lastIndexOf(':')
if (lastColon === -1) return null
const sig = decoded.slice(lastColon + 1)
const payload = decoded.slice(0, lastColon)
const secondColon = payload.lastIndexOf(':')
if (secondColon === -1) return null
const userId = payload.slice(0, secondColon)
const ts = payload.slice(secondColon + 1)
const expected = createHmac('sha256', getSecret()).update(payload).digest('hex')
const sigBuf = Buffer.from(sig)
const expectedBuf = Buffer.from(expected)
if (sigBuf.length !== expectedBuf.length || !timingSafeEqual(sigBuf, expectedBuf)) return null
if (Date.now() - Number(ts) > 90 * 24 * 60 * 60 * 1000) return null
return userId
} catch {

View File

@@ -0,0 +1,29 @@
import DOMPurify from 'isomorphic-dompurify'
const SVG_SANITIZE_CONFIG = {
USE_PROFILES: { svg: true, svgFilters: true },
ADD_TAGS: [
'use', 'defs', 'linearGradient', 'radialGradient', 'stop',
'filter', 'feDropShadow', 'feGaussianBlur', 'feBlend', 'feComposite',
'feMerge', 'feMergeNode', 'feColorMatrix', 'feOffset', 'feTurbulence',
'feDisplacementMap', 'clipPath', 'mask', 'pattern', 'symbol', 'marker',
],
ADD_ATTR: [
'viewBox', 'xmlns', 'preserveAspectRatio',
'gradientUnits', 'gradientTransform', 'spreadMethod',
'offset', 'stop-color', 'stop-opacity',
'x', 'y', 'width', 'height', 'fill', 'stroke', 'stroke-width',
'opacity', 'transform', 'd', 'cx', 'cy', 'r', 'rx', 'ry',
'x1', 'y1', 'x2', 'y2', 'points', 'class', 'id', 'href', 'xlink:href',
],
} as const
export function sanitizeIllustrationSvg(svg: string): string {
if (!svg) return ''
return DOMPurify.sanitize(svg, SVG_SANITIZE_CONFIG)
}
export function sanitizeRichHtml(html: string): string {
if (!html) return ''
return DOMPurify.sanitize(html, { USE_PROFILES: { html: true } })
}