site-mva-global-fret/js
Serge RAKOTO HARRY-NAIVO dd23a46603 chore: post-review cleanup (3 Important fixes + dead code purge)
Addresses the 3 Important issues + 4 follow-ups flagged by the
final code review subagent.

## Important fixes

- **getNextRef pagination** (cloudflare-worker/hubspot-proxy.js):
  previously used HubSpot search with limit:100 without pagination,
  causing reference-number collisions once contact count exceeded
  100 (= search results don't guarantee ordering by ref). Now
  paginates through all results via paging.next.after cursor to
  find the true numeric maximum. ~10 API calls for 1000 contacts.

- **Turnstile reset after Worker calls** (js/form-handler.js):
  Cloudflare Turnstile tokens are single-use server-side. Without
  explicit reset, a re-submit would 403 silently from siteverify.
  New helper resetTurnstile() clears window.turnstileToken and
  calls window.turnstile.reset() to force a fresh challenge. Called
  after both requestVerification and sendWelcomeBack flows.

- **notifyDuplicateViaFormspree removed** (js/form-handler.js):
  was actively POSTing returning customers' name+email to Formspree
  (FORMSPREE_ID='mojrvokp' = real endpoint, sentinel guard never
  triggered). PII leak to a third-party service inconsistent with
  the new Resend-only architecture. Function + call site removed.

## Dead code purge

- form-handler.js: removed generateRefNumber (= dead, no callers),
  submitToHubSpot, submitToFormspree, notifyDuplicateViaFormspree
  functions. Removed constants HUBSPOT_PORTAL_ID, HUBSPOT_FORM_GUID,
  FORMSPREE_ID, EMAILJS_PUBLIC_KEY, EMAILJS_SERVICE_ID,
  EMAILJS_TEMPLATE_ID, EMAILJS_TEMPLATE_WELCOME_BACK. Removed
  emailjs.init() block. Net -111 lines.

- contact.html + confirmation.html: removed <script> tag loading
  EmailJS browser SDK from jsDelivr (~30KB gzipped per page).

- cloudflare-worker/hubspot-proxy.js: removed unused HUBSPOT_PORTAL_ID
  + HUBSPOT_FORM_GUID constants. Removed listSubscriptions and
  subscribe action handlers (= 0 callers in frontend, debug-only,
  reachable by unauthenticated POST without Turnstile guard).

- cloudflare-worker/DEPLOIEMENT.md: KV ID note updated to reflect
  the actual ID in wrangler.toml.

## Net diff

-116 lines (= 92 added, 208 removed across 4 files).

Refs: post-cutover polish, addresses code review 2026-05-07.
2026-05-07 17:36:25 +02:00
..
confirmation.js feat(cloudflare): point HTML/JS to new Mind4Solutions Worker + Turnstile sitekey (#4) 2026-05-07 15:28:23 +03:00
form-handler.js chore: post-review cleanup (3 Important fixes + dead code purge) 2026-05-07 17:36:25 +02:00
intro-scene.js Intro: bouton 'Accéder au site' visible immédiatement, sans animation 2026-05-05 22:21:30 +02:00
main.js fix(js): animate-on-scroll threshold 0.1 ? 0 (mobile cgv + politique invisible bug) (#7) 2026-05-07 16:37:39 +03:00
translations.js Add Mentions Légales & Politique de Confidentialité pages 2026-05-06 20:05:39 +02:00