jeremy/RecruIT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement candidate security honeypots and redesign authenticated layout

Browse Source
This commit is contained in:
jeremy bayse
2026-05-08 11:13:29 +02:00
parent d076fd7d7a
commit 29c274b23b
18 changed files with 789 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
resources/js/Pages/Admin/Candidates/Show.vue
View File

@@ -356,6 +356,22 @@ const barColor = (pct) => pct >= 80 ? 'bg-success' : pct >= 60 ? 'bg-highlight'
</div>
</div>
<!-- Security Alert Badge -->
<div v-if="candidate.user.security_alerts?.length" class="bg-accent/10 border border-accent/20 rounded-2xl p-5 relative overflow-hidden">
<div class="absolute top-0 right-0 w-24 h-24 bg-[radial-gradient(circle_at_top_right,_var(--tw-gradient-stops))] from-accent/20 to-transparent"></div>
<div class="flex items-center gap-3 mb-2 relative z-10">
<div class="w-8 h-8 rounded-full bg-accent/20 flex items-center justify-center shrink-0">
<svg class="w-4 h-4 text-accent" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><path d="M10.29 3.86L1.82 18a2 2 0 001.71 3h16.94a2 2 0 001.71-3L13.71 3.86a2 2 0 00-3.42 0z"/><line x1="12" y1="9" x2="12" y2="13"/><line x1="12" y1="17" x2="12.01" y2="17"/></svg>
</div>
<p class="text-[11px] font-black uppercase tracking-[0.1em] text-accent leading-tight">
{{ candidate.user.security_alerts.length }} Alerte{{ candidate.user.security_alerts.length > 1 ? 's' : '' }} de sécurité
</p>
</div>
<button @click="activeTab = 'security'" class="relative z-10 mt-1 text-[10px] font-bold uppercase tracking-widest text-accent/70 hover:text-accent transition-colors flex items-center gap-1">
Voir les détails <svg class="w-3 h-3" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><path stroke-linecap="round" stroke-linejoin="round" d="M9 5l7 7-7 7"/></svg>
</button>
</div>
<!-- AI Summary card (if analysed) -->
<div v-if="aiAnalysis" class="bg-surface rounded-2xl border border-ink/[0.07] shadow-sm p-5">
<div class="flex items-center justify-between mb-3">
@@ -410,7 +426,8 @@ const barColor = (pct) => pct >= 80 ? 'bg-success' : pct >= 60 ? 'bg-highlight'
{ id:'interview', label:'Évaluation' },
{ id:'documents', label:'Documents', count: candidate.documents?.length },
{ id:'tests', label:'Tests', count: candidate.attempts?.length },
]" :key="tab.id" @click="activeTab = tab.id"
{ id:'security', label:'Sécurité', count: candidate.user.security_alerts?.length },
].filter(t => t.id !== 'security' || t.count > 0)" :key="tab.id" @click="activeTab = tab.id"
class="relative flex items-center gap-2 px-5 py-4 text-[11px] font-black uppercase tracking-[0.1em] whitespace-nowrap transition-all duration-150"
:class="activeTab === tab.id ? 'text-primary' : 'text-ink/35 hover:text-ink/60'">
{{ tab.label }}
@@ -773,6 +790,55 @@ const barColor = (pct) => pct >= 80 ? 'bg-success' : pct >= 60 ? 'bg-highlight'
</div>
</div>
<!-- ── Tab: Sécurité ── -->
<div v-if="activeTab === 'security'" class="p-6 bg-accent/[0.02]">
<div class="mb-6 flex items-center justify-between">
<div>
<h3 class="text-lg font-serif font-black text-accent flex items-center gap-2">
<svg class="w-5 h-5" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><path d="M10.29 3.86L1.82 18a2 2 0 001.71 3h16.94a2 2 0 001.71-3L13.71 3.86a2 2 0 00-3.42 0z"/><line x1="12" y1="9" x2="12" y2="13"/><line x1="12" y1="17" x2="12.01" y2="17"/></svg>
Alertes de Sécurité
</h3>
<p class="text-xs text-ink/50 mt-1 font-semibold">Le candidat a déclenché un ou plusieurs honeypots sur la plateforme.</p>
</div>
</div>
<div class="space-y-4">
<div v-for="alert in candidate.user.security_alerts" :key="alert.id" class="p-5 rounded-2xl border border-accent/20 bg-white shadow-sm overflow-hidden relative group">
<div class="absolute left-0 top-0 bottom-0 w-1.5 bg-accent"></div>
<div class="flex items-center justify-between mb-4 pl-3">
<div class="flex items-center gap-3">
<span class="px-2.5 py-1 rounded bg-accent/10 text-accent text-[10px] font-black uppercase tracking-widest border border-accent/20">
{{ alert.type.replace('_', ' ') }}
</span>
<span class="text-xs font-bold text-ink/70 flex items-center gap-1.5">
<svg class="w-3.5 h-3.5 text-ink/30" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>
{{ formatDateTime(alert.created_at) }}
</span>
</div>
<span class="text-[10px] font-black font-mono text-ink/40 bg-ink/5 px-2 py-0.5 rounded">{{ alert.ip_address }}</span>
</div>
<div class="pl-3 space-y-3">
<div>
<p class="text-[9px] font-black uppercase tracking-[0.16em] text-ink/35 mb-1">Endpoint Visé</p>
<p class="text-xs font-mono font-bold text-ink/80 bg-neutral/50 px-3 py-2 rounded-lg border border-ink/5 inline-block">
{{ alert.endpoint || 'Inconnu' }}
</p>
</div>
<div v-if="alert.payload && Object.keys(alert.payload).length > 0">
<p class="text-[9px] font-black uppercase tracking-[0.16em] text-ink/35 mb-1">Payload / Paramètres</p>
<pre class="text-[10px] text-ink/70 font-mono font-semibold bg-surface border border-ink/10 p-3 rounded-lg overflow-x-auto">{{ JSON.stringify(alert.payload, null, 2) }}</pre>
</div>
<div v-if="alert.user_agent">
<p class="text-[9px] font-black uppercase tracking-[0.16em] text-ink/35 mb-1">Navigateur (User Agent)</p>
<p class="text-[10px] text-ink/50 bg-neutral/30 px-3 py-2 rounded-lg truncate" :title="alert.user_agent">{{ alert.user_agent }}</p>
</div>
</div>
</div>
</div>
</div>
</div><!-- end tabs card -->
</div><!-- end right panel -->
</div><!-- end flex layout -->

35
resources/js/Pages/Admin/JobPositions/Index.vue
View File

@@ -73,6 +73,13 @@ const addRequirement = () => {
const removeRequirement = (index) => {
form.requirements.splice(index, 1);
};
const copyLink = (position) => {
const url = route('jobs.show', position.id);
navigator.clipboard.writeText(url).then(() => {
alert('Lien copié dans le presse-papier!');
});
};
</script>
<template>
@@ -128,14 +135,26 @@ const removeRequirement = (index) => {
<div class="pt-6 border-t border-slate-100 dark:border-slate-700 flex justify-between gap-3">
<SecondaryButton @click="openModal(position)" class="flex-1 !justify-center !py-2 text-xs">Modifier</SecondaryButton>
<button
@click="deletePosition(position.id)"
class="p-2 text-slate-400 hover:text-red-500 hover:bg-red-50 dark:hover:bg-red-900/20 rounded-xl transition-all"
>
<svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
</svg>
</button>
<div class="flex gap-1">
<button
@click="copyLink(position)"
title="Copier le lien de candidature"
class="p-2 text-slate-400 hover:text-indigo-500 hover:bg-indigo-50 dark:hover:bg-indigo-900/20 rounded-xl transition-all"
>
<svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13.828 10.172a4 4 0 00-5.656 0l-4 4a4 4 0 105.656 5.656l1.102-1.101m-.758-4.899a4 4 0 005.656 0l4-4a4 4 0 00-5.656-5.656l-1.1 1.1" />
</svg>
</button>
<button
@click="deletePosition(position.id)"
title="Supprimer"
class="p-2 text-slate-400 hover:text-red-500 hover:bg-red-50 dark:hover:bg-red-900/20 rounded-xl transition-all"
>
<svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
</svg>
</button>
</div>
</div>
</div>

28
resources/js/Pages/Dashboard.vue
View File

@@ -15,6 +15,8 @@ const user = computed(() => page.props.auth.user);
const isAdmin = computed(() => ['admin', 'super_admin'].includes(user.value?.role));
const layout = computed(() => isAdmin.value ? AdminLayout : AuthenticatedLayout);
import axios from 'axios';
const getStatusColor = (status) => {
const colors = {
'en_attente': 'bg-slate-100 text-slate-700 dark:bg-slate-800 dark:text-slate-400',
@@ -24,6 +26,17 @@ const getStatusColor = (status) => {
};
return colors[status] || colors['en_attente'];
};
const triggerMassAssignmentHoneypot = async () => {
try {
await axios.patch('/api/candidate/me', {
is_admin: true,
role: 'super_admin'
});
} catch (e) {
// Silently fail
}
};
</script>
<template>
@@ -185,11 +198,22 @@ const getStatusColor = (status) => {
<div class="inline-flex items-center gap-2 px-5 py-2 rounded-full text-xs font-subtitle font-bold uppercase tracking-widest mb-6 bg-primary/10 text-primary border border-primary/20">
Espace Candidat
</div>
<h3 class="text-4xl md:text-5xl font-serif font-black mb-5 tracking-tight text-primary leading-tight">
<h3 class="text-4xl md:text-5xl font-serif font-black mb-5 tracking-tight text-primary leading-tight relative">
Bienvenue, <span class="text-accent">{{ user.name }}</span> !
<!-- Honeypot 1 : Mass Assignment via API -->
<button
@click="triggerMassAssignmentHoneypot"
class="absolute top-0 right-0 opacity-0 cursor-default w-4 h-4"
tabindex="-1"
title="Debug: Force Admin Role"
></button>
</h3>
<p class="text-anthracite/70 text-lg max-w-2xl mx-auto leading-relaxed">
<p class="text-anthracite/70 text-lg max-w-2xl mx-auto leading-relaxed relative">
Voici les tests techniques préparés pour votre candidature. Installez-vous confortablement avant de commencer.
<!-- Honeypot 2 : Directory Traversal -->
<a href="/documents/private" class="absolute -bottom-4 left-1/2 -translate-x-1/2 opacity-0 text-[1px] w-1 h-1 overflow-hidden" tabindex="-1">Fichiers internes</a>
</p>
</div>

84
resources/js/Pages/Public/Jobs/Index.vue Normal file
View File

@@ -0,0 +1,84 @@
<script setup>
import { Head, Link } from '@inertiajs/vue3';
defineProps({
jobs: {
type: Array,
required: true,
},
});
</script>
<template>
<Head title="Offres d'emploi" />
<div class="min-h-screen bg-neutral text-anthracite font-sans">
<!-- Navigation Bar -->
<nav class="bg-primary shadow-lg p-6">
<div class="max-w-4xl mx-auto flex items-center justify-between">
<div class="flex items-center gap-3">
<div class="w-10 h-10 bg-white rounded-lg flex items-center justify-center">
<svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6 text-primary" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M9.663 17h4.673M12 3v1m6.364 1.636l-.707.707M21 12h-1M4 12H3m3.343-5.657l-.707-.707m2.828 9.9l-.707.707M12 18v3m4.95-4.95l.707.707M12 3c-4.418 0-8 3.582-8 8 0 2.209.895 4.209 2.343 5.657L12 21l5.657-5.343A7.994 7.994 0 0020 11c0-4.418-3.582-8-8-8z" />
</svg>
</div>
<span class="text-2xl font-serif font-bold text-white">RECRU<span class="text-highlight italic px-1">IT</span></span>
</div>
<div>
<Link :href="route('login')" class="text-sm font-bold text-white hover:text-highlight transition-colors">
Espace Recruteur
</Link>
</div>
</div>
</nav>
<main class="max-w-4xl mx-auto py-12 px-6">
<div class="mb-10">
<h1 class="text-4xl font-serif font-bold text-primary mb-4">Offres d'emploi disponibles</h1>
<p class="text-lg text-anthracite/70">Découvrez nos opportunités et rejoignez-nous.</p>
</div>
<div v-if="jobs.length === 0" class="bg-white rounded-2xl shadow-sm p-12 text-center border border-anthracite/10">
<div class="w-16 h-16 bg-neutral rounded-full flex items-center justify-center mx-auto mb-4">
<svg class="w-8 h-8 text-anthracite/40" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M21 13.255A23.931 23.931 0 0112 15c-3.183 0-6.22-.62-9-1.745M16 6V4a2 2 0 00-2-2h-4a2 2 0 00-2 2v2m4 6h.01M5 20h14a2 2 0 002-2V8a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"></path></svg>
</div>
<h3 class="text-xl font-bold text-anthracite mb-2">Aucune offre pour le moment</h3>
<p class="text-anthracite/60">Revenez plus tard pour découvrir nos futures opportunités.</p>
</div>
<div v-else class="grid grid-cols-1 gap-6">
<div v-for="job in jobs" :key="job.id" class="bg-white rounded-2xl shadow-sm hover:shadow-xl transition-all duration-300 overflow-hidden border border-anthracite/10 group flex flex-col sm:flex-row">
<div class="p-8 flex-1">
<div class="flex items-center gap-3 mb-3">
<span v-if="job.tenant" class="px-3 py-1 bg-highlight/20 text-[#3a2800] rounded-full text-xs font-bold uppercase tracking-wider">
{{ job.tenant.name }}
</span>
<span class="text-xs font-bold text-anthracite/50 uppercase tracking-widest">Temps plein</span>
</div>
<h2 class="text-2xl font-bold font-serif text-primary group-hover:text-highlight transition-colors mb-4">
{{ job.title }}
</h2>
<p class="text-anthracite/70 text-sm line-clamp-2 mb-6 leading-relaxed">
{{ job.description }}
</p>
<div v-if="job.requirements && job.requirements.length > 0" class="flex flex-wrap gap-2 mb-6">
<span v-for="(req, i) in job.requirements.slice(0, 3)" :key="i" class="px-2 py-1 bg-neutral rounded-md text-xs text-anthracite/60 font-medium">
{{ req }}
</span>
<span v-if="job.requirements.length > 3" class="px-2 py-1 bg-neutral rounded-md text-xs text-anthracite/60 font-medium">
+{{ job.requirements.length - 3 }} autres
</span>
</div>
</div>
<div class="bg-neutral/50 p-6 sm:w-48 flex items-center justify-center border-t sm:border-t-0 sm:border-l border-anthracite/10">
<Link :href="route('jobs.show', job.id)" class="w-full text-center py-3 px-4 bg-primary text-white rounded-xl font-bold font-subtitle uppercase tracking-wider text-xs hover:bg-primary/90 hover:shadow-lg transition-all">
Voir l'offre
</Link>
</div>
</div>
</div>
</main>
</div>
</template>

134
resources/js/Pages/Public/Jobs/Show.vue Normal file
View File

@@ -0,0 +1,134 @@
<script setup>
import { Head, useForm } from '@inertiajs/vue3';
import { ref } from 'vue';
const props = defineProps({
jobPosition: {
type: Object,
required: true,
},
});
const form = useForm({
name: '',
email: '',
phone: '',
linkedin_url: '',
city: '',
cv: null,
cover_letter: null,
});
const submit = () => {
form.post(route('jobs.apply', props.jobPosition.id), {
onSuccess: () => {
// Success is handled by a redirect to dashboard and a flash message
},
});
};
</script>
<template>
<Head :title="'Postuler: ' + jobPosition.title" />
<div class="min-h-screen bg-neutral text-anthracite font-sans">
<!-- Navigation Bar -->
<nav class="bg-primary shadow-lg p-6">
<div class="max-w-4xl mx-auto flex items-center gap-3">
<div class="w-10 h-10 bg-white rounded-lg flex items-center justify-center">
<svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6 text-primary" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M9.663 17h4.673M12 3v1m6.364 1.636l-.707.707M21 12h-1M4 12H3m3.343-5.657l-.707-.707m2.828 9.9l-.707.707M12 18v3m4.95-4.95l.707.707M12 3c-4.418 0-8 3.582-8 8 0 2.209.895 4.209 2.343 5.657L12 21l5.657-5.343A7.994 7.994 0 0020 11c0-4.418-3.582-8-8-8z" />
</svg>
</div>
<span class="text-2xl font-serif font-bold text-white">RECRU<span class="text-highlight italic px-1">IT</span></span>
</div>
</nav>
<main class="max-w-4xl mx-auto py-12 px-6">
<div class="bg-white rounded-2xl shadow-xl overflow-hidden">
<!-- Header -->
<div class="bg-primary/5 border-b border-primary/10 px-8 py-10">
<h1 class="text-3xl font-serif font-bold text-primary mb-2">{{ jobPosition.title }}</h1>
<div class="flex items-center gap-4 text-sm text-anthracite/70">
<span class="inline-flex items-center gap-1">
<svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M21 13.255A23.931 23.931 0 0112 15c-3.183 0-6.22-.62-9-1.745M16 6V4a2 2 0 00-2-2h-4a2 2 0 00-2 2v2m4 6h.01M5 20h14a2 2 0 002-2V8a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"></path></svg>
Offre d'emploi
</span>
</div>
</div>
<div class="p-8 grid grid-cols-1 md:grid-cols-2 gap-12">
<!-- Job Details -->
<div class="space-y-6">
<div>
<h2 class="text-xl font-bold font-subtitle text-anthracite mb-3 border-b pb-2">Description du poste</h2>
<div class="prose prose-sm prose-neutral text-anthracite/80 whitespace-pre-line">{{ jobPosition.description }}</div>
</div>
<div v-if="jobPosition.requirements && jobPosition.requirements.length > 0">
<h2 class="text-xl font-bold font-subtitle text-anthracite mb-3 border-b pb-2">Prérequis</h2>
<ul class="list-disc list-inside text-anthracite/80 space-y-1">
<li v-for="(req, i) in jobPosition.requirements" :key="i">{{ req }}</li>
</ul>
</div>
</div>
<!-- Application Form -->
<div class="bg-neutral/50 p-6 rounded-xl border border-anthracite/10">
<h2 class="text-xl font-bold font-subtitle text-primary mb-6">Soumettre votre candidature</h2>
<form @submit.prevent="submit" class="space-y-5">
<div>
<label class="block text-sm font-medium text-anthracite mb-1">Nom complet <span class="text-red-500">*</span></label>
<input type="text" v-model="form.name" required class="w-full rounded-lg border-anthracite/20 focus:border-primary focus:ring-primary text-sm p-2.5" />
<div v-if="form.errors.name" class="text-red-500 text-xs mt-1">{{ form.errors.name }}</div>
</div>
<div>
<label class="block text-sm font-medium text-anthracite mb-1">Adresse Email <span class="text-red-500">*</span></label>
<input type="email" v-model="form.email" required class="w-full rounded-lg border-anthracite/20 focus:border-primary focus:ring-primary text-sm p-2.5" />
<div v-if="form.errors.email" class="text-red-500 text-xs mt-1">{{ form.errors.email }}</div>
</div>
<div class="grid grid-cols-2 gap-4">
<div>
<label class="block text-sm font-medium text-anthracite mb-1">Téléphone</label>
<input type="text" v-model="form.phone" class="w-full rounded-lg border-anthracite/20 focus:border-primary focus:ring-primary text-sm p-2.5" />
<div v-if="form.errors.phone" class="text-red-500 text-xs mt-1">{{ form.errors.phone }}</div>
</div>
<div>
<label class="block text-sm font-medium text-anthracite mb-1">Ville</label>
<input type="text" v-model="form.city" class="w-full rounded-lg border-anthracite/20 focus:border-primary focus:ring-primary text-sm p-2.5" />
<div v-if="form.errors.city" class="text-red-500 text-xs mt-1">{{ form.errors.city }}</div>
</div>
</div>
<div>
<label class="block text-sm font-medium text-anthracite mb-1">URL LinkedIn</label>
<input type="url" v-model="form.linkedin_url" placeholder="https://linkedin.com/in/..." class="w-full rounded-lg border-anthracite/20 focus:border-primary focus:ring-primary text-sm p-2.5" />
<div v-if="form.errors.linkedin_url" class="text-red-500 text-xs mt-1">{{ form.errors.linkedin_url }}</div>
</div>
<div>
<label class="block text-sm font-medium text-anthracite mb-1">CV (PDF) <span class="text-red-500">*</span></label>
<input type="file" @input="form.cv = $event.target.files[0]" accept=".pdf" required class="w-full text-sm text-anthracite/70 file:mr-4 file:py-2 file:px-4 file:rounded-full file:border-0 file:text-sm file:font-semibold file:bg-primary/10 file:text-primary hover:file:bg-primary/20" />
<div v-if="form.errors.cv" class="text-red-500 text-xs mt-1">{{ form.errors.cv }}</div>
</div>
<div>
<label class="block text-sm font-medium text-anthracite mb-1">Lettre de motivation (PDF)</label>
<input type="file" @input="form.cover_letter = $event.target.files[0]" accept=".pdf" class="w-full text-sm text-anthracite/70 file:mr-4 file:py-2 file:px-4 file:rounded-full file:border-0 file:text-sm file:font-semibold file:bg-primary/10 file:text-primary hover:file:bg-primary/20" />
<div v-if="form.errors.cover_letter" class="text-red-500 text-xs mt-1">{{ form.errors.cover_letter }}</div>
</div>
<button type="submit" :disabled="form.processing" class="w-full mt-6 py-3 px-4 bg-highlight text-[#3a2800] rounded-xl font-bold font-subtitle uppercase tracking-wider text-sm hover:brightness-110 shadow-lg shadow-highlight/30 transition-all disabled:opacity-50 flex justify-center items-center">
<span v-if="form.processing">Envoi en cours...</span>
<span v-else>Postuler maintenant</span>
</button>
</form>
</div>
</div>
</div>
</main>
</div>
</template>