admin/crm_ecosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bec008bdc1eaa7d001e4aac79c8c848249d7b203
crm_ecosplay/.env
Serreau Jovann bec008bdc1 refactor: stocker les secrets webhook Stripe en BDD au lieu de .env.local 
src/Entity/StripeWebhookSecret.php (nouveau):
- Constantes TYPE_MAIN_LIGHT, TYPE_MAIN_INSTANT, TYPE_CONNECT_LIGHT,
  TYPE_CONNECT_INSTANT pour les 4 types de webhook
- type: string(30) unique, identifie le webhook (main_light, etc.)
- secret: string(255), le signing secret retourne par Stripe (whsec_xxx)
- endpointId: string nullable, l'ID de l'endpoint Stripe (we_xxx)
- createdAt: DateTimeImmutable

src/Repository/StripeWebhookSecretRepository.php (nouveau):
- findByType(): trouve un secret par type
- getSecret(): retourne directement la valeur du secret ou null

src/Controller/WebhookStripeController.php (reecrit):
- Les 4 routes lisent le secret depuis la BDD via
  StripeWebhookSecretRepository::getSecret() au lieu de variables d'env
- Retourne HTTP 503 si le secret n'est pas encore configure
- Plus besoin des variables STRIPE_WH_*_SECRET dans .env

src/Controller/Admin/SyncController.php:
- syncStripeWebhooks(): sauvegarde les secrets en BDD
  (cree ou met a jour StripeWebhookSecret par type)
- Suppression de saveSecretsToEnvLocal() (plus de modification .env.local)
- URL de base lue depuis WEBHOOK_BASE_URL (env)

.env:
- Suppression des 4 variables STRIPE_WH_*_SECRET (stockees en BDD)
- Ajout WEBHOOK_BASE_URL (vide par defaut)

docker/ngrok/sync.sh:
- Ecrit aussi WEBHOOK_BASE_URL en plus de OUTSIDE_URL

ansible/env.local.j2:
- WEBHOOK_BASE_URL=https://stripe.siteconseil.fr pour la prod

migrations/Version20260402205935.php:
- Table stripe_webhook_secret avec type unique, secret, endpoint_id

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 22:59:51 +02:00

115 lines
3.2 KiB
Bash
Raw Blame History

# In all environments, the following files are loaded if they exist,
# the latter taking precedence over the former:
#
# * .env contains default values for the environment variables needed by the app
# * .env.local uncommitted file with local overrides
# * .env.$APP_ENV committed environment-specific defaults
# * .env.$APP_ENV.local uncommitted environment-specific overrides
#
# Real environment variables win over .env files.
#
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
# https://symfony.com/doc/current/configuration/secrets.html
#
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
APP_SHARE_DIR=var/share
###< symfony/framework-bundle ###
###> symfony/routing ###
DEFAULT_URI=https://esyweb.local
###< symfony/routing ###
###> doctrine/doctrine-bundle ###
DATABASE_URL="postgresql://app:secret@pgbouncer:6432/e_ticket?serverVersion=16&charset=utf8"
###< doctrine/doctrine-bundle ###
###> symfony/messenger ###
MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
###< symfony/messenger ###
###> session ###
SESSION_HANDLER_DSN=redis://redis:6379/1
###< session ###
###> cache ###
REDIS_CACHE_DSN=redis://redis:6379/2
###< cache ###
###> symfony/mailer ###
MAILER_DSN=smtp://mailpit:1025
###< symfony/mailer ###
###> vite ###
# 0 = dev (HMR via localhost:5173), 1 = prod (manifest build)
VITE_LOAD=0
REAL_MAIL=0
###< vite ###
STRIPE_PK=
STRIPE_SK=
STRIPE_WEBHOOK_SECRET=
STRIPE_WEBHOOK_SECRET_CONNECT=
STRIPE_MODE=test
STRIPE_FEE_RATE=0.015
STRIPE_FEE_FIXED=25
ADMIN_EMAIL=contact@siteconseil.fr
###> SonarQube ###
SONARQUBE_URL=https://sn.esy-web.dev
SONARQUBE_BADGE_TOKEN=sqb_bf06d32640147db064c99d2e893ca63a072630d7
SONARQUBE_PROJECT_KEY=crm_siteconseil
###< SonarQube ###
###> SSO SITECONSEIL (Keycloak OIDC) ###
OAUTH_KEYCLOAK_CLIENT_ID=crm_siteconseil
OAUTH_KEYCLOAK_CLIENT_SECRET=kh1WBbnEzcEZVriXmU7IaxizChReHmIx
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
OAUTH_KEYCLOAK_REALM=master
###< SSO SITECONSEIL (Keycloak OIDC) ###
###> Keycloak Admin Service Account ###
KEYCLOAK_ADMIN_CLIENT_ID=crm_siteconseil_admin
KEYCLOAK_ADMIN_CLIENT_SECRET=5pIluXMGWgOhx8nI9EiLB43QCuShHLyw
###< Keycloak Admin Service Account ###
###> symfony/amazon-mailer ###
# MAILER_DSN=ses://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
# MAILER_DSN=ses+smtp://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
###< symfony/amazon-mailer ###
###> stripe/stripe-php ###
STRIPE_SECRET_KEY=sk_test_***
###< stripe/stripe-php ###
SMIME_PASSPHRASE=EVz5zNV8h4ndSLOCWO9JeaQnIertQm7k
SECRET_ANALYTICS=
###> aws ###
AWS_PK=
AWS_SECRET=
AWS_REGION=eu-west-3
###< aws ###
###> cloudflare ###
CLOUDFLARE_KEY=
###< cloudflare ###
###> mailcow ###
MAILCOW_URL=https://mail.esy-web.dev
MAILCOW_API_KEY=
###< mailcow ###
###> webhooks ###
WEBHOOK_BASE_URL=
###< webhooks ###
###> docuseal ###
DOCUSEAL_URL=https://signature.esy-web.dev
DOCUSEAL_API=
DOCUSEAL_WEBHOOKS_SECRET_HEADER=X-Sign
DOCUSEAL_WEBHOOKS_SECRET=
###< docuseal ###
Reference in New Issue View Git Blame Copy Permalink