feat: Securisation du Backend

2026-04-04 01:51:28 +00:00 · 2026-02-27 10:45:36 +01:00
parent 2fef6d61a4
commit fa843097ba
55 changed files with 2898 additions and 910 deletions
--- a/Front-End/src/app/actions/subscriptionAction.js
+++ b/Front-End/src/app/actions/subscriptionAction.js
@ -11,20 +11,15 @@ import {
 } from '@/utils/Url';

 import { CURRENT_YEAR_FILTER } from '@/utils/constants';
-import { errorHandler, requestResponseHandler } from './actionsHandlers';
+import { fetchWithAuth, fetchWithAuthRaw } from '@/utils/fetchWithAuth';
 import logger from '@/utils/logger';

 export const editStudentCompetencies = (data, csrfToken) => {
-  const request = new Request(`${BE_SUBSCRIPTION_STUDENT_COMPETENCIES_URL}`, {
+  return fetchWithAuth(`${BE_SUBSCRIPTION_STUDENT_COMPETENCIES_URL}`, {
    method: 'PUT',
+    headers: { 'X-CSRFToken': csrfToken },
    body: JSON.stringify(data),
-    headers: {
-      'X-CSRFToken': csrfToken,
-      'Content-Type': 'application/json',
-    },
-    credentials: 'include',
  });
-  return fetch(request).then(requestResponseHandler).catch(errorHandler);
 };

 export const fetchStudentCompetencies = (id, period) => {
@ -33,13 +28,7 @@ export const fetchStudentCompetencies = (id, period) => {
    ? `${BE_SUBSCRIPTION_STUDENT_COMPETENCIES_URL}?student_id=${id}&period=${period}`
    : `${BE_SUBSCRIPTION_STUDENT_COMPETENCIES_URL}?student_id=${id}`;

-  const request = new Request(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  });
-  return fetch(request).then(requestResponseHandler).catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const fetchRegisterForms = (
@ -53,37 +42,22 @@ export const fetchRegisterForms = (
  if (page !== '' && pageSize !== '') {
    url = `${BE_SUBSCRIPTION_REGISTERFORMS_URL}?filter=${filter}&establishment_id=${establishment}&page=${page}&search=${search}`;
  }
-  return fetch(url, {
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const fetchRegisterForm = (id) => {
-  return fetch(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`) // Utilisation de studentId au lieu de codeDI
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`); // Utilisation de studentId au lieu de codeDI
 };
 export const fetchLastGuardian = () => {
-  return fetch(`${BE_SUBSCRIPTION_LAST_GUARDIAN_ID_URL}`)
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(`${BE_SUBSCRIPTION_LAST_GUARDIAN_ID_URL}`);
 };

 export const editRegisterForm = (id, data, csrfToken) => {
-  return fetch(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`, {
+  return fetchWithAuth(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`, {
    method: 'PUT',
-    headers: {
-      'X-CSRFToken': csrfToken,
-    },
+    headers: { 'X-CSRFToken': csrfToken },
    body: data,
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  });
 };

 export const autoSaveRegisterForm = async (id, data, csrfToken) => {
@ -106,15 +80,12 @@ export const autoSaveRegisterForm = async (id, data, csrfToken) => {
    }
    autoSaveData.append('auto_save', 'true');

-    return fetch(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`, {
+    return fetchWithAuth(`${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}`, {
      method: 'PATCH', // Utiliser PATCH pour les mises à jour partielles
-      headers: {
-        'X-CSRFToken': csrfToken,
-      },
+      headers: { 'X-CSRFToken': csrfToken },
      body: autoSaveData,
-      credentials: 'include',
    })
-      .then(requestResponseHandler)
+      .then(() => {})
      .catch(() => {
        // Silent fail pour l'auto-save
        logger.debug('Auto-save failed silently');
@ -127,62 +98,30 @@ export const autoSaveRegisterForm = async (id, data, csrfToken) => {

 export const createRegisterForm = (data, csrfToken) => {
  const url = `${BE_SUBSCRIPTION_REGISTERFORMS_URL}`;
-  return fetch(url, {
+  return fetchWithAuth(url, {
    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      'X-CSRFToken': csrfToken,
-    },
+    headers: { 'X-CSRFToken': csrfToken },
    body: JSON.stringify(data),
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  });
 };

 export const sendRegisterForm = (id) => {
  const url = `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/send`;
-  return fetch(url, {
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const resendRegisterForm = (id) => {
  const url = `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/resend`;
-  return fetch(url, {
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };
 export const archiveRegisterForm = (id) => {
  const url = `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/archive`;
-  return fetch(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const searchStudents = (establishmentId, query) => {
  const url = `${BE_SUBSCRIPTION_SEARCH_STUDENTS_URL}/?establishment_id=${establishmentId}&q=${encodeURIComponent(query)}`;
-  return fetch(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const fetchStudents = (establishment, id = null, status = null) => {
@ -195,153 +134,68 @@ export const fetchStudents = (establishment, id = null, status = null) => {
      url += `&status=${status}`;
    }
  }
-  const request = new Request(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  });
-  return fetch(request).then(requestResponseHandler).catch(errorHandler);
+  return fetchWithAuth(url);
 };

 export const fetchChildren = (id, establishment) => {
-  const request = new Request(
-    `${BE_SUBSCRIPTION_CHILDRENS_URL}/${id}?establishment_id=${establishment}`,
-    {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-    }
+  return fetchWithAuth(
+    `${BE_SUBSCRIPTION_CHILDRENS_URL}/${id}?establishment_id=${establishment}`
  );
-  return fetch(request).then(requestResponseHandler).catch(errorHandler);
 };

 export async function getRegisterFormFileTemplate(fileId) {
-  const response = await fetch(
-    `${BE_SUBSCRIPTION_REGISTERFORM_FILE_TEMPLATE_URL}/${fileId}`,
-    {
-      credentials: 'include',
-      headers: {
-        Accept: 'application/json',
-      },
-    }
+  return fetchWithAuth(
+    `${BE_SUBSCRIPTION_REGISTERFORM_FILE_TEMPLATE_URL}/${fileId}`
  );
-  if (!response.ok) {
-    throw new Error('Failed to fetch file template');
-  }
-  return response.json();
 }

-export const fetchSchoolFileTemplatesFromRegistrationFiles = async (id) => {
-  const response = await fetch(
-    `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/school_file_templates`,
-    {
-      credentials: 'include',
-      headers: {
-        Accept: 'application/json',
-      },
-    }
+export const fetchSchoolFileTemplatesFromRegistrationFiles = (id) => {
+  return fetchWithAuth(
+    `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/school_file_templates`
  );
-  if (!response.ok) {
-    throw new Error(
-      'Erreur lors de la récupération des fichiers associés au groupe'
-    );
-  }
-  return response.json();
 };

-export const fetchParentFileTemplatesFromRegistrationFiles = async (id) => {
-  const response = await fetch(
-    `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/parent_file_templates`,
-    {
-      credentials: 'include',
-      headers: {
-        Accept: 'application/json',
-      },
-    }
+export const fetchParentFileTemplatesFromRegistrationFiles = (id) => {
+  return fetchWithAuth(
+    `${BE_SUBSCRIPTION_REGISTERFORMS_URL}/${id}/parent_file_templates`
  );
-  if (!response.ok) {
-    throw new Error(
-      'Erreur lors de la récupération des fichiers associés au groupe'
-    );
-  }
-  return response.json();
 };

-export const dissociateGuardian = async (studentId, guardianId) => {
-  const response = await fetch(
+export const dissociateGuardian = (studentId, guardianId) => {
+  return fetchWithAuth(
    `${BE_SUBSCRIPTION_STUDENTS_URL}/${studentId}/guardians/${guardianId}/dissociate`,
    {
-      credentials: 'include',
      method: 'PUT',
-      headers: {
-        Accept: 'application/json',
-      },
    }
  );
-
-  if (!response.ok) {
-    // Extraire le message d'erreur du backend
-    const errorData = await response.json();
-    const errorMessage =
-      errorData?.error || 'Une erreur est survenue lors de la dissociation.';
-
-    // Jeter une erreur avec le message spécifique
-    throw new Error(errorMessage);
-  }
-
-  return response.json();
 };

 export const fetchAbsences = (establishment) => {
-  return fetch(
+  return fetchWithAuth(
    `${BE_SUBSCRIPTION_ABSENCES_URL}?establishment_id=${establishment}`
-  )
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  );
 };

 export const createAbsences = (data, csrfToken) => {
-  return fetch(`${BE_SUBSCRIPTION_ABSENCES_URL}`, {
+  return fetchWithAuth(`${BE_SUBSCRIPTION_ABSENCES_URL}`, {
    method: 'POST',
+    headers: { 'X-CSRFToken': csrfToken },
    body: JSON.stringify(data),
-    headers: {
-      'X-CSRFToken': csrfToken,
-      'Content-Type': 'application/json',
-    },
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  });
 };

 export const editAbsences = (absenceId, payload, csrfToken) => {
-  return fetch(`${BE_SUBSCRIPTION_ABSENCES_URL}/${absenceId}`, {
+  return fetchWithAuth(`${BE_SUBSCRIPTION_ABSENCES_URL}/${absenceId}`, {
    method: 'PUT',
-    headers: {
-      'Content-Type': 'application/json',
-      'X-CSRFToken': csrfToken,
-    },
-    body: JSON.stringify(payload), // Sérialisez les données en JSON
-    credentials: 'include',
-  }).then((response) => {
-    if (!response.ok) {
-      return response.json().then((error) => {
-        throw new Error(error);
-      });
-    }
-    return response.json();
+    headers: { 'X-CSRFToken': csrfToken },
+    body: JSON.stringify(payload),
  });
 };

 export const deleteAbsences = (id, csrfToken) => {
-  return fetch(`${BE_SUBSCRIPTION_ABSENCES_URL}/${id}`, {
+  return fetchWithAuthRaw(`${BE_SUBSCRIPTION_ABSENCES_URL}/${id}`, {
    method: 'DELETE',
-    headers: {
-      'X-CSRFToken': csrfToken,
-    },
-    credentials: 'include',
+    headers: { 'X-CSRFToken': csrfToken },
  });
 };

@ -352,16 +206,7 @@ export const deleteAbsences = (id, csrfToken) => {
 */
 export const fetchRegistrationSchoolFileMasters = (establishmentId) => {
  const url = `${BE_SUBSCRIPTION_REGISTRATION_SCHOOL_FILE_MASTERS_URL}?establishment_id=${establishmentId}`;
-
-  return fetch(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };

 /**
@ -373,22 +218,14 @@ export const fetchRegistrationSchoolFileMasters = (establishmentId) => {
 */
 export const saveFormResponses = (templateId, formTemplateData, csrfToken) => {
  const url = `${BE_SUBSCRIPTION_REGISTRATION_SCHOOL_FILE_TEMPLATES_URL}/${templateId}`;
-
  const payload = {
    formTemplateData: formTemplateData,
  };
-
-  return fetch(url, {
+  return fetchWithAuth(url, {
    method: 'PUT',
-    headers: {
-      'Content-Type': 'application/json',
-      'X-CSRFToken': csrfToken,
-    },
+    headers: { 'X-CSRFToken': csrfToken },
    body: JSON.stringify(payload),
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  });
 };

 /**
@ -398,14 +235,5 @@ export const saveFormResponses = (templateId, formTemplateData, csrfToken) => {
 */
 export const fetchFormResponses = (templateId) => {
  const url = `${BE_SUBSCRIPTION_REGISTRATION_SCHOOL_FILE_TEMPLATES_URL}/${templateId}`;
-
-  return fetch(url, {
-    method: 'GET',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    credentials: 'include',
-  })
-    .then(requestResponseHandler)
-    .catch(errorHandler);
+  return fetchWithAuth(url);
 };