feat: Discogs music scraper plugin (#87)

.coderabbit.yaml

@@ -1,2 +1,155 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+# Pinakes — CodeRabbit Configuration
+# PHP/Slim 4 library management system with MySQL
+
+language: "it-IT"
+
+tone_instructions: |
+  Sii conciso e diretto. Concentrati su bug reali, vulnerabilità di sicurezza
+  e violazioni delle regole del progetto. Evita suggerimenti stilistici minori.
+
+early_access: true
+
 reviews:
-  max_files: 200
+  profile: "assertive"
+  request_changes_workflow: false
+  high_level_summary: true
+  poem: false
+  review_status: true
+
+  # ── File Filters ──────────────────────────────────────────────────
+  path_filters:
+    - "!vendor/**"
+    - "!node_modules/**"
+    - "!public/assets/tinymce/**"
+    - "!public/assets/fontawesome/**"
+    - "!public/assets/choices/**"
+    - "!public/assets/flatpickr/**"
+    - "!public/assets/sweetalert2/**"
+    - "!*.min.js"
+    - "!*.min.css"
+    - "!*.map"
+    - "!pinakes-*.zip"
+    - "!pinakes-*.sha256"
+    - "!test-results/**"
+
+  # ── Path-Specific Review Instructions ──────────────────────────────
+  path_instructions:
+    # Controllers — input validation, auth, soft-delete
+    - path: "app/Controllers/**"
+      instructions: |
+        - CRITICO: ogni query sulla tabella `libri` DEVE avere `AND deleted_at IS NULL`
+        - Verifica che `getParsedBody()` non sia usato per JSON — serve `json_decode((string)$request->getBody())`
+        - Input utente: validare e sanitizzare PRIMA dell'uso
+        - Sessione: `$_SESSION['user']['id']` (NON `$_SESSION['user_id']`)
+        - Eccezioni: catturare `\Throwable` non `\Exception` (strict_types TypeError extends \Error)
+        - Logging: `SecureLogger::error()` non `error_log()` per contesti sensibili
+        - Route: mai hardcodare percorsi URL, usare `route_path('key')` o `RouteTranslator::route('key')`
+        - Export CSV: tipo_media deve essere incluso, usare stringa vuota come fallback (non 'libro')
+
+    # Models / Repository — query safety
+    - path: "app/Models/**"
+      instructions: |
+        - CRITICO: ogni SELECT/UPDATE/DELETE sulla tabella `libri` DEVE avere `AND deleted_at IS NULL`
+        - Soft-delete: nullificare isbn10, isbn13, ean quando si fa soft-delete (prevent unique constraint violations)
+        - Transaction safety: mai annidare `begin_transaction()` in mysqli (causa commit implicito)
+        - Pattern: verificare `@@autocommit` per rilevare transazioni in corso
+        - hasColumn() guard per colonne aggiunte in migrazioni recenti (backward compat)
+        - tipo_media: usare `array_key_exists` guard, non sovrascrivere il valore se non esplicitamente fornito
+
+    # Views — escaping, XSS prevention
+    - path: "app/Views/**"
+      instructions: |
+        - CRITICO: `htmlspecialchars(url(...), ENT_QUOTES, 'UTF-8')` in TUTTI gli attributi HTML (href, action, src)
+        - `route_path()` richiede lo stesso escaping negli attributi HTML
+        - PHP->JS: usare `json_encode(..., JSON_HEX_TAG)` per qualsiasi dato PHP inserito in JavaScript
+        - TinyMCE: SEMPRE includere `model: 'dom'` e `license_key: 'gpl'` in ogni `tinymce.init({})`
+        - Mai usare `HtmlHelper::e()` nelle view — usare `htmlspecialchars(..., ENT_QUOTES, 'UTF-8')`
+        - Schema.org: ogni tipo_media deve avere il proprio branch con proprietà specifiche (non mescolare Book con CreativeWork)
+        - DataTable: ogni valore da API deve passare per `escapeHtml()` prima del rendering
+
+    # Support classes — helpers, utilities
+    - path: "app/Support/**"
+      instructions: |
+        - MediaLabels: `isMusic()` deve essere autoritativo su tipo_media quando impostato
+        - `inferTipoMedia()`: attenzione ai false positive su token corti ('cd' matcha 'CD-ROM', 'lp' matcha parole con 'lp')
+        - `formatTracklist()`: deve rilevare HTML pre-formattato (`<ol>`) e restituirlo as-is
+        - PluginManager: usare `\Throwable` non `\Exception`, `BundledPlugins::LIST` centralizzato
+        - Route translation: mai hardcodare percorsi, usare `RouteTranslator::route('key')`
+
+    # Plugins — API safety, rate limiting
+    - path: "storage/plugins/**"
+      instructions: |
+        - SICUREZZA: ogni chiamata curl DEVE avere CURLOPT_PROTOCOLS (HTTP/HTTPS only), CURLOPT_MAXREDIRS, CURLOPT_CONNECTTIMEOUT, CURLOPT_SSL_VERIFYPEER
+        - SSRF: validare/castare ID esterni (es. releaseId a int) prima di usarli in URL
+        - Rate limiting: deve essere elapsed-based (microtime) e static (persistere tra istanze)
+        - Ogni `curl_exec()` deve avere `curl_error()` check con logging
+        - Hook registration: transazione + rethrow on failure
+        - Non enrichire dati di libri con cover musicali (gate su resolveTipoMedia)
+
+    # Migrations — versioning, idempotency
+    - path: "installer/database/migrations/**"
+      instructions: |
+        - CRITICO: il nome del file di migrazione DEVE avere versione <= version.json (altrimenti viene silenziosamente saltata)
+        - L'updater usa `version_compare($migrationVersion, $toVersion, '<=')` — versioni superiori sono IGNORATE
+        - Ogni migrazione DEVE essere completamente idempotente (IF NOT EXISTS, IF @col_exists = 0, etc.)
+        - LIKE patterns: evitare `%cd%` e `%lp%` che matchano false positive ('CD-ROM', parole con 'lp') — usare REGEXP word boundaries
+        - Se servono più migrazioni per una release: unirle in UN file con la versione della release
+
+    # Translations — completeness
+    - path: "locale/**"
+      instructions: |
+        - Ogni chiave presente in it_IT.json DEVE essere presente anche in en_US.json e de_DE.json
+        - Le chiavi di traduzione devono corrispondere esattamente (case-sensitive)
+        - I placeholder (%s, %d) devono essere preservati in tutte le lingue
+        - Nuove chiavi aggiunte nel codice PHP/JS devono essere aggiunte in TUTTE le lingue
+
+    # Tests — E2E patterns
+    - path: "tests/**"
+      instructions: |
+        - I test E2E richiedono `/tmp/run-e2e.sh` per credenziali DB/admin
+        - `--workers=1` obbligatorio per esecuzione seriale
+        - SweetAlert: dopo form submit, verificare e cliccare `.swal2-confirm`
+        - Choices.js: usare `fill` + `waitForTimeout` + click suggestion
+        - Flatpickr: interagire via JS evaluate, non click diretto
+        - Pulizia dati test: FK-safe order (prima tabelle figlie, poi padri)
+
+    # Release scripts
+    - path: "scripts/**"
+      instructions: |
+        - MAI creare ZIP manualmente — SEMPRE usare `create-release.sh`
+        - Lo script verifica 9 file critici nel ZIP prima del rilascio
+        - `git archive` usa file COMMITTATI, non la working directory
+        - Verificare che `public/assets/tinymce/models/dom/model.min.js` sia nel ZIP
+
+  # ── Auto Review Settings ───────────────────────────────────────────
+  auto_review:
+    enabled: true
+    drafts: false
+
+  # ── Tools ──────────────────────────────────────────────────────────
+  tools:
+    phpstan:
+      enabled: true
+    shellcheck:
+      enabled: true
+    semgrep:
+      enabled: true
+    gitleaks:
+      enabled: true
+    yamllint:
+      enabled: true
+
+# ── Chat ──────────────────────────────────────────────────────────────
+chat:
+  auto_reply: true
+
+# ── Knowledge Base ────────────────────────────────────────────────────
+knowledge_base:
+  opt_out: false
+  learnings:
+    scope: "local"
+  issues:
+    scope: "auto"
+  pull_requests:
+    scope: "auto"

.gitattributes

@@ -2,7 +2,8 @@
 * text=auto
 
 # Exclude from release archives (git archive)
-public/installer/assets export-ignore
+# NOTE: public/installer/assets/ MUST be in the ZIP — contains installer.js
+# and style.css. Excluding it causes step 2 (test connection) to silently fail.
 tests/ export-ignore
 test/ export-ignore
 .github/ export-ignore

.gitignore

@@ -138,6 +138,27 @@ storage/plugins/goodlib/*
 !storage/plugins/goodlib/*.md
 !storage/plugins/goodlib/views/
 !storage/plugins/goodlib/views/*.php
+!storage/plugins/discogs/
+storage/plugins/discogs/*
+!storage/plugins/discogs/*.php
+!storage/plugins/discogs/*.json
+!storage/plugins/discogs/*.md
+!storage/plugins/discogs/views/
+!storage/plugins/discogs/views/*.php
+!storage/plugins/deezer/
+storage/plugins/deezer/*
+!storage/plugins/deezer/*.php
+!storage/plugins/deezer/*.json
+!storage/plugins/deezer/*.md
+!storage/plugins/deezer/views/
+!storage/plugins/deezer/views/*.php
+!storage/plugins/musicbrainz/
+storage/plugins/musicbrainz/*
+!storage/plugins/musicbrainz/*.php
+!storage/plugins/musicbrainz/*.json
+!storage/plugins/musicbrainz/*.md
+!storage/plugins/musicbrainz/views/
+!storage/plugins/musicbrainz/views/*.php
 
 # Premium plugin - never track (private/commercial)
 storage/plugins/scraping-pro/
@@ -204,6 +225,7 @@ desktop.ini
 # Test Artifacts
 # ========================================
 .playwright-mcp/
+test-results/
 
 # ========================================
 # Development Documentation (not for distribution)
@@ -402,6 +424,14 @@ hackernews.md
 docs/reference/bug-gemini.md
 docs/reference/analisi-sicurezza.md
 scripts/generate_dewey_json.py
+scripts/create-release-local.sh
+scripts/reinstall-test.sh
+pinakes-v*-local.zip
+pinakes-v*-local.zip.sha256
+
+# Reinstall / upgrade regression runbook (local-only, not committed)
+reinstall_test.md
+tests/manual-upgrade-real.spec.js
 docs/reference/start-server.md
 docs/reference/security-audit-report.md
 docs/reference/routes-to-add.md
@@ -423,6 +453,7 @@ internal/
 updater.md
 updater_new.md
 scraping-pro-*.zip
+scraping-pro-*.zip.sha256
 fix-autoloader.php
 test-upgrade/
 .playwright-cli/

README.md

@@ -9,7 +9,7 @@
 
 Pinakes is a self-hosted, full-featured ILS for schools, municipalities, and private collections. It focuses on automation, extensibility, and a usable public catalog without requiring a web team.
 
-[![Version](https://img.shields.io/badge/version-0.5.3-0ea5e9?style=for-the-badge)](version.json)
+[![Version](https://img.shields.io/badge/version-0.5.5-0ea5e9?style=for-the-badge)](version.json)
 [![Installer Ready](https://img.shields.io/badge/one--click_install-ready-22c55e?style=for-the-badge&logo=azurepipelines&logoColor=white)](installer)
 [![License](https://img.shields.io/badge/License-GPL--3.0-orange?style=for-the-badge)](LICENSE)
 
@@ -24,19 +24,79 @@ Pinakes is a self-hosted, full-featured ILS for schools, municipalities, and pri
 
 ---
 
-## What's New in v0.5.3
+## What's New in v0.5.5
 
-### 🔍 Cross-Version Consistency Fixes (v0.4.9.9–v0.5.2)
+### 📥 Bulk ISBN Enrichment (#87 follow-up)
+
+- **New Admin page `/admin/libri/bulk-enrich`** — automatic enrichment of books with missing covers/descriptions using their ISBN/EAN
+- **Manual batch** — process 20 books per click through all active scraping plugins (Open Library, Google Books, Discogs, MusicBrainz, Deezer, scraping-pro if installed). Rate-limited to 1 request per 2 minutes to protect upstream APIs
+- **Cron-driven** — configurable background enrichment via `scripts/bulk-enrich-cron.php` with atomic `flock(LOCK_EX|LOCK_NB)` locking
+- **No-overwrite guarantee** — only fills NULL or empty fields, never touches populated data
+- **Empty-string safe** — `NULLIF(TRIM(col), '')` on `isbn13/isbn10/ean` so legacy rows with blank identifiers don't shadow populated ones
+
+### 🔌 New bundled scraping plugins
+
+- **Discogs** — music metadata (CD, vinyl, cassette) via UPC/EAN barcode or text search. Registers 4 hooks (`scrape.isbn.validate`, `scrape.sources`, `scrape.fetch.custom`, `scrape.data.modify`)
+- **MusicBrainz** — fallback music metadata source
+- **Deezer** — cover art + track listings for audio media
+- **GoodLib** — custom-domain book metadata scraper
+
+### 🎯 Upgrade/Install robustness
+
+- **Fixed** `public/installer/assets` symlink → real directory (manual upgrade used to crash with `copy(): The second argument cannot be a directory` on installs where the dir had been materialized)
+- **Release ZIP guard** — `create-release.sh` now scans ZIP metadata via `zipinfo` and aborts if any symlink entry would ship (prevents regressions like the one above)
+- **Reinstall regression test** — full end-to-end suite (`scripts/reinstall-test.sh` + `tests/manual-upgrade-real.spec.js`) that exercises the real admin UI upgrade flow (upload ZIP → click "Avvia" → `Updater::performUpdateFromFile`) instead of bypassing via rsync. Runs the full Playwright suite on both a fresh install and an upgraded install
+
+### 🧹 CodeRabbit Major fixes (16 items)
+
+- **`BulkEnrichController::start`** — no longer leaks raw exception messages to clients; logs via `SecureLogger` and returns a generic 500
+- **`BulkEnrichController::toggle`** — `filter_var(FILTER_VALIDATE_BOOL)` so `"false"/"0"/"off"` correctly disable the feature
+- **`BulkEnrichmentService::setEnabled`** — returns bool; controller propagates DB failures instead of swallowing them
+- **`BulkEnrichmentService::enrichBook`** — checks the `UPDATE` execute() result before marking the book as enriched (prevents false-positive success logs on DB failure)
+- **`ScrapeController::normalizeIsbnFields`** — distinguishes validated ISBN requests (via `IsbnFormatter::isValid`) from plugin-accepted barcode requests, so legitimate book lookups no longer skip ISBN backfill when the scraper omits `format`/`tipo_media`
+- **Accessible switch** — `aria-label` + `aria-labelledby` on `#toggle-enrichment`
+- Full list in `updater.md` Version History.
+
+### 🌐 i18n
+
+- **168 new translations** added to `en_US.json` + `de_DE.json` — all strings introduced in this branch are now fully localised. `it_IT.json` stays minimal (fallback-to-key)
+
+### Migrations
+
+No new migrations. All DB changes ship in existing `migrate_0.5.4.sql`. Running v0.5.5 on a v0.5.4 install is a code-only upgrade.
+
+---
+
+## Previous Releases
+
+<details>
+<summary><strong>v0.5.4</strong> - Discogs Plugin + Media Type + Plugin Manager Hardening</summary>
+
+### 🎵 Discogs music scraper plugin (#87)
+
+- **New `tipo_media` ENUM** (`libro/disco/audiolibro/dvd/altro`) on `libri` with composite index `(deleted_at, tipo_media)`
+- **Heuristic backfill** from `formato` using anchored LIKE patterns (avoids `%cd%` matching CD-ROM, `%lp%` matching "help")
+- **Discogs + MusicBrainz + CoverArtArchive + Deezer** chain with 4 hooks (incl. `scrape.isbn.validate` for UPC-12/13)
+- **Barcode → ISBN guard** in `ScrapeController::normalizeIsbnFields` — skips normalization when no format/tipo_media signal to avoid the EAN-in-`isbn13` regression
+- **PluginManager** migrated from `error_log` → `SecureLogger` (31 call sites)
+
+### Post-release hotfixes (rolled into v0.5.4)
+
+- `autoRegisterBundledPlugins` INSERT had 14 columns / 13 values after CodeRabbit round 11 — fresh installs crashed with "Column count doesn't match value count" (fixed in `c9bd82c`)
+- Same method's `bind_param('ssssssssissss')` had positions 8+9 swapped — `path='discogs'` was cast to int `0`, orphan-detection then deleted the rows (fixed in `fb1e881`)
+
+</details>
+
+<details>
+<summary><strong>v0.5.3</strong> - Cross-Version Consistency Fixes (v0.4.9.9–v0.5.2)</summary>
 
 - **`descrizione_plain` propagated** — Catalog FULLTEXT search and admin grid now use `COALESCE(NULLIF(descrizione_plain, ''), descrizione)` for LIKE conditions, completing the HTML-free search feature from v0.4.9.9
 - **ISSN in Schema.org & API** — `issn` property now emitted in Book JSON-LD and returned by the public API (`/api/books`)
 - **CollaneController atomicity** — `rename()` aborts on `prepare()` failure instead of committing partial state
 - **LibraryThing import aligned** — `descrizione_plain` (with `html_entity_decode` + spacing), ISSN normalization, `AuthorNormalizer` on traduttore, soft-delete guards on all UPDATE queries, and `descrizione_plain` column conditional (safe on pre-0.4.9.9 databases)
 - **Secondary Author Roles** — LT import now routes translators to `traduttore` field based on `Secondary Author Roles`
 
----
-
-## Previous Releases
+</details>
 
 <details>
 <summary><strong>v0.5.2</strong> - Name Normalization (#93)</summary>