refactor: full codebase audit — extract modules, fix type safety, clean dead code

- Extract API helpers from UploadZone into lib/upload-api.ts (FormData builder, checkFolderDiffs, uploadDrive, uploadGit)
- Extract upload orchestration into hooks/useUploadOrchestrator.ts (UploadZone: 489 → 162 lines)
- Extract file diff classification into lib/diff-files.ts (from git route)
- Extract shared SVG icons into components/ui/icons.tsx (7 icons, 0 duplication)
- Extract shared modal wrapper into components/ui/Modal.tsx + ModalActions
- Extract DriveStatusLine sub-component from FolderCard
- Fix checkFolderDiffs silently swallowing auth/network errors (now throws)
- Fix type safety: remove as never casts, add isHttpError type guard, use discriminated union for validateFolder
- Fix nextcloud: cache getConfig, add max bound to findNextVersion, optimize mkdirRecursive (skip PROPFIND)
- Fix drive route: remove req.clone(), extend parseMultiUpload to return extra fields
- Fix commit message: model shown as unchanged with ↔️ on updates (not falsely marked as modified)
- Clean dead code: unused folderExists import, FileStatus/DriveStatus exports, ParsedFile.textureName, getConfig basePath
- Add security headers in next.config.ts (HSTS, X-Content-Type-Options, X-Frame-Options, etc.)
- Update README with new project structure

lib/nextcloud.ts

@@ -3,11 +3,17 @@
 // Uses native fetch — no npm package needed.
 // ---------------------------------------------------------------------------
 
+const MAX_VERSIONS = 1000
+
+// Lazy-cached config to avoid recomputing on every request
+let cachedConfig: { davBase: string; auth: string } | null = null
+
 function getConfig() {
+  if (cachedConfig) return cachedConfig
+
   const url = process.env.NEXTCLOUD_URL
   const token = process.env.NEXTCLOUD_SHARE_TOKEN
   const password = process.env.NEXTCLOUD_SHARE_PASSWORD || ''
-  const basePath = process.env.NEXTCLOUD_BASE_PATH || 'Models'
 
   if (!url || !token) {
     throw new Error('Nextcloud non configure (NEXTCLOUD_URL, NEXTCLOUD_SHARE_TOKEN)')
@@ -17,7 +23,8 @@ function getConfig() {
   const davBase = `${url.replace(/\/+$/, '')}/public.php/webdav`
   const auth = 'Basic ' + Buffer.from(`${token}:${password}`).toString('base64')
 
-  return { davBase, auth, basePath }
+  cachedConfig = { davBase, auth }
+  return cachedConfig
 }
 
 function davUrl(davBase: string, path: string): string {
@@ -66,7 +73,7 @@ export async function folderExists(path: string): Promise<boolean> {
 
 /**
  * Create a folder and all parent segments if they don't exist.
- * Like `mkdir -p`.
+ * Like `mkdir -p`. Attempts MKCOL directly and handles 405 (already exists).
  */
 export async function mkdirRecursive(path: string): Promise<void> {
   const segments = path.replace(/^\/+/, '').replace(/\/+$/, '').split('/')
@@ -74,14 +81,11 @@ export async function mkdirRecursive(path: string): Promise<void> {
 
   for (const seg of segments) {
     current += '/' + seg
-    const exists = await folderExists(current)
-    if (!exists) {
-      const res = await davRequest('MKCOL', current + '/')
-      if (res.status !== 201 && res.status !== 405) {
-        // 405 = already exists (race condition), that's fine
-        const text = await res.text().catch(() => '')
-        throw new Error(`MKCOL ${current} failed (${res.status}): ${text.slice(0, 200)}`)
-      }
+    const res = await davRequest('MKCOL', current + '/')
+    if (res.status !== 201 && res.status !== 405) {
+      // 201 = created, 405 = already exists — both are fine
+      const text = await res.text().catch(() => '')
+      throw new Error(`MKCOL ${current} failed (${res.status}): ${text.slice(0, 200)}`)
     }
   }
 }
@@ -127,9 +131,10 @@ export async function findNextVersion(
   basePath: string,
   folderName: string,
 ): Promise<string> {
-  for (let i = 1; ; i++) {
+  for (let i = 1; i <= MAX_VERSIONS; i++) {
     const versionPath = `${basePath}/V${i}/${folderName}`
     const exists = await folderExists(versionPath)
     if (!exists) return `V${i}`
   }
+  throw new Error(`Nombre maximum de versions atteint (V${MAX_VERSIONS})`)
 }