2026-03-04 21:52:21 +01:00
|
|
|
# In all environments, the following files are loaded if they exist,
|
|
|
|
|
# the latter taking precedence over the former:
|
|
|
|
|
#
|
|
|
|
|
# * .env contains default values for the environment variables needed by the app
|
|
|
|
|
# * .env.local uncommitted file with local overrides
|
|
|
|
|
# * .env.$APP_ENV committed environment-specific defaults
|
|
|
|
|
# * .env.$APP_ENV.local uncommitted environment-specific overrides
|
|
|
|
|
#
|
|
|
|
|
# Real environment variables win over .env files.
|
|
|
|
|
#
|
|
|
|
|
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
|
|
|
|
|
# https://symfony.com/doc/current/configuration/secrets.html
|
|
|
|
|
#
|
|
|
|
|
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
|
|
|
|
|
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
|
|
|
|
|
|
|
|
|
|
###> symfony/framework-bundle ###
|
|
|
|
|
APP_ENV=dev
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
2026-03-04 21:52:21 +01:00
|
|
|
APP_SHARE_DIR=var/share
|
|
|
|
|
###< symfony/framework-bundle ###
|
|
|
|
|
|
|
|
|
|
###> symfony/routing ###
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
DEFAULT_URI=https://esyweb.local
|
2026-03-04 21:52:21 +01:00
|
|
|
###< symfony/routing ###
|
2026-03-04 21:52:29 +01:00
|
|
|
|
|
|
|
|
###> doctrine/doctrine-bundle ###
|
2026-03-26 10:33:51 +01:00
|
|
|
DATABASE_URL="postgresql://app:secret@pgbouncer:6432/e_ticket?serverVersion=16&charset=utf8"
|
2026-03-04 21:52:29 +01:00
|
|
|
###< doctrine/doctrine-bundle ###
|
|
|
|
|
|
|
|
|
|
###> symfony/messenger ###
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
|
2026-03-04 21:52:29 +01:00
|
|
|
###< symfony/messenger ###
|
|
|
|
|
|
2026-03-24 09:21:19 +01:00
|
|
|
###> session ###
|
2026-03-24 09:35:13 +01:00
|
|
|
SESSION_HANDLER_DSN=redis://redis:6379/1
|
2026-03-24 09:21:19 +01:00
|
|
|
###< session ###
|
|
|
|
|
|
2026-03-26 10:24:35 +01:00
|
|
|
###> cache ###
|
|
|
|
|
REDIS_CACHE_DSN=redis://redis:6379/2
|
|
|
|
|
###< cache ###
|
|
|
|
|
|
2026-03-04 21:52:29 +01:00
|
|
|
###> symfony/mailer ###
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
MAILER_DSN=smtp://mailpit:1025
|
2026-03-04 21:52:29 +01:00
|
|
|
###< symfony/mailer ###
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
|
|
|
|
|
###> vite ###
|
|
|
|
|
# 0 = dev (HMR via localhost:5173), 1 = prod (manifest build)
|
|
|
|
|
VITE_LOAD=0
|
|
|
|
|
REAL_MAIL=0
|
|
|
|
|
###< vite ###
|
|
|
|
|
STRIPE_PK=
|
|
|
|
|
STRIPE_SK=
|
2026-04-01 14:07:49 +02:00
|
|
|
STRIPE_WEBHOOK_SECRET_INSTA=
|
|
|
|
|
STRIPE_WEBHOOK_SECRET_LEGER=
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
STRIPE_MODE=test
|
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)
Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin
UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page
Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)
Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config
Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
|
|
|
STRIPE_FEE_RATE=0.015
|
|
|
|
|
STRIPE_FEE_FIXED=25
|
|
|
|
|
ADMIN_EMAIL=contact@e-cosplay.fr
|
Add application source code, configs and assets
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:16:01 +01:00
|
|
|
SMIME_PASSPHRASE='KLreLnyR07x5h#3$AC'
|
2026-03-18 21:10:45 +01:00
|
|
|
|
2026-03-19 14:25:04 +01:00
|
|
|
###> SonarQube ###
|
2026-04-10 17:44:37 +02:00
|
|
|
SONARQUBE_URL=https://sn.e-cosplay.fr
|
|
|
|
|
SONARQUBE_BADGE_TOKEN=sqb_d02e5edca9ef985e356d969f59acbc6bc9cd0f50
|
2026-03-19 14:25:04 +01:00
|
|
|
SONARQUBE_PROJECT_KEY=e-ticket
|
|
|
|
|
###< SonarQube ###
|
|
|
|
|
|
2026-03-19 10:38:19 +01:00
|
|
|
###> SSO E-Cosplay (Keycloak OIDC) ###
|
|
|
|
|
OAUTH_KEYCLOAK_CLIENT_ID=e-ticket
|
|
|
|
|
OAUTH_KEYCLOAK_CLIENT_SECRET=changeme
|
|
|
|
|
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
|
|
|
|
|
OAUTH_KEYCLOAK_REALM=e-cosplay
|
|
|
|
|
###< SSO E-Cosplay (Keycloak OIDC) ###
|
2026-03-20 16:03:06 +01:00
|
|
|
|
|
|
|
|
###> symfony/amazon-mailer ###
|
|
|
|
|
# MAILER_DSN=ses://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
|
|
|
|
|
# MAILER_DSN=ses+smtp://ACCESS_KEY:SECRET_KEY@default?region=eu-west-1
|
|
|
|
|
###< symfony/amazon-mailer ###
|
2026-03-26 12:27:05 +01:00
|
|
|
SECRET_ANALYTICS=dev_analytics_secret_change_me
|