Semaine 1 — fuites et accès : - /archive rendu accessible via sidebar (était invisible) - Suppression pages orphelines : /chat, /graph, /support, test-title-suggestions - Fixes i18n : search-modal (clé non interpolée), sidebar tooltips, export PDF - 15 locales mises à jour Semaine 2 — garde-fous : - 8 erreurs TS fixees → ignoreBuildErrors: false (build type-safe) - reactStrictMode: true (dev-only, zero impact prod) - reserveUsageOrThrow → wrapper deprecie vers reserveAiUsageOrThrow - auth-guard.ts : requireAuthOrResponse() + requireAdminOrResponse() Tests 212/212 | Lint 0 erreur | Build OK | tsc 0 erreur
89 lines
2.5 KiB
TypeScript
89 lines
2.5 KiB
TypeScript
import type { NextConfig } from "next";
|
|
|
|
const nextConfig: NextConfig = {
|
|
// Enable standalone output for Docker
|
|
output: 'standalone',
|
|
|
|
|
|
// Type-check at build time (TS errors block the build)
|
|
typescript: {
|
|
ignoreBuildErrors: false,
|
|
},
|
|
|
|
// These server-side packages use Node.js internals (buffers, native modules, etc.)
|
|
// and must not be bundled by Turbopack — they are required directly by Node.js at runtime.
|
|
serverExternalPackages: ['pptxgenjs', 'dagre', 'elkjs'],
|
|
|
|
// Serve dynamically uploaded files via API route (public/ is read-only in production)
|
|
async rewrites() {
|
|
return [
|
|
{
|
|
source: '/uploads/:path*',
|
|
destination: '/api/uploads/:path*',
|
|
},
|
|
]
|
|
},
|
|
|
|
async headers() {
|
|
return [
|
|
{
|
|
// Apply to all routes
|
|
source: '/(.*)',
|
|
headers: [
|
|
// Prevent clickjacking
|
|
{ key: 'X-Frame-Options', value: 'SAMEORIGIN' },
|
|
// Prevent MIME-type sniffing
|
|
{ key: 'X-Content-Type-Options', value: 'nosniff' },
|
|
// Limit referrer info to same-origin
|
|
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
|
|
// Disable browser features not needed by the app
|
|
{
|
|
key: 'Permissions-Policy',
|
|
value: 'camera=(), microphone=(), geolocation=(), payment=()',
|
|
},
|
|
// HSTS — enforce HTTPS for 1 year (prod only; harmless in dev)
|
|
{
|
|
key: 'Strict-Transport-Security',
|
|
value: 'max-age=31536000; includeSubDomains',
|
|
},
|
|
// Legacy XSS filter for older browsers
|
|
{ key: 'X-XSS-Protection', value: '1; mode=block' },
|
|
],
|
|
},
|
|
]
|
|
},
|
|
|
|
async redirects() {
|
|
return [
|
|
{
|
|
source: '/shared',
|
|
destination: '/?shared=1',
|
|
permanent: false,
|
|
},
|
|
{
|
|
source: '/reminders',
|
|
destination: '/home?reminders=1',
|
|
permanent: false,
|
|
},
|
|
]
|
|
},
|
|
|
|
// Image optimization (enabled for better performance)
|
|
images: {
|
|
formats: ['image/avif', 'image/webp'],
|
|
},
|
|
|
|
// Hide the "compiling" indicator
|
|
devIndicators: false,
|
|
|
|
// React strict mode: double-invokes effects/renders in DEV ONLY (zero prod impact).
|
|
// Catches missing cleanups and side-effects in render. May surface pre-existing
|
|
// dev-mode issues that were hidden when this was disabled.
|
|
reactStrictMode: true,
|
|
|
|
// Allow development origins for HMR and Dev Server access
|
|
allowedDevOrigins: ['192.168.1.83'],
|
|
};
|
|
|
|
export default nextConfig;
|