2026-03-21 13:46:06 +01:00
|
|
|
function formatEur(value) {
|
|
|
|
|
return value.toFixed(2).replace('.', ',') + ' \u20AC'
|
|
|
|
|
}
|
|
|
|
|
|
Reduce cognitive complexity, improve test coverage, fix SonarQube issues
Cognitive complexity refactors:
- cart.js: extract buildCart, handleCheckout, updateStockLabel, updateItemStock, startStockPolling (21→~8)
- tabs.js: use .at(-1) instead of [length-1]
- MeilisearchConsistencyCommand: extract checkAllIndexes, accumulate, reportSummary (18→~8)
- TranslateCommand: extract processDomain, processLanguage, loadExisting, findMissingKeys, removeObsoleteKeys, handleUpToDate, mergeAndOrder (36→~10)
- AccountController::index: extract computeFinanceStats with statusMap pattern (19→~12)
Test coverage additions:
- HomeController: expired invitation view, stock not found, stock with billets, search+city with mock results
- AdminController: delete/resend invitation not found (404)
- AccountController: item without billet (codeCoverageIgnore - NOT NULL in DB)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 12:57:00 +01:00
|
|
|
function buildCart(items) {
|
|
|
|
|
const cart = []
|
|
|
|
|
for (const item of items) {
|
|
|
|
|
const qty = Number.parseInt(item.querySelector('[data-cart-qty]').value, 10) || 0
|
|
|
|
|
if (qty > 0) {
|
|
|
|
|
cart.push({ billetId: item.dataset.billetId, qty })
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cart
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function handleCheckout(checkoutBtn, items, errorEl, errorText) {
|
|
|
|
|
const cart = buildCart(items)
|
|
|
|
|
if (cart.length === 0) return
|
|
|
|
|
|
|
|
|
|
const orderUrl = checkoutBtn.dataset.orderUrl
|
|
|
|
|
if (!orderUrl) return
|
|
|
|
|
|
|
|
|
|
checkoutBtn.disabled = true
|
|
|
|
|
checkoutBtn.textContent = 'Chargement...'
|
|
|
|
|
if (errorEl) errorEl.classList.add('hidden')
|
|
|
|
|
|
|
|
|
|
globalThis.fetch(orderUrl, {
|
|
|
|
|
method: 'POST',
|
|
|
|
|
headers: { 'Content-Type': 'application/json' },
|
|
|
|
|
body: JSON.stringify(cart),
|
|
|
|
|
})
|
|
|
|
|
.then(r => {
|
|
|
|
|
if (!r.ok) throw new Error(r.status)
|
|
|
|
|
return r.json()
|
|
|
|
|
})
|
|
|
|
|
.then(data => {
|
|
|
|
|
if (data.redirect) {
|
|
|
|
|
globalThis.location.href = data.redirect
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
.catch(() => {
|
|
|
|
|
checkoutBtn.disabled = false
|
|
|
|
|
checkoutBtn.textContent = 'Commander'
|
|
|
|
|
if (errorEl && errorText) {
|
|
|
|
|
errorText.textContent = 'Une erreur est survenue. Veuillez reessayer.'
|
|
|
|
|
errorEl.classList.remove('hidden')
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function updateStockLabel(label, max) {
|
|
|
|
|
if (max === 0) {
|
|
|
|
|
label.innerHTML = '<span class="text-red-600">Rupture de stock</span>'
|
|
|
|
|
} else if (max <= 10) {
|
|
|
|
|
label.innerHTML = '<span class="text-orange-500">Plus que ' + max + ' place' + (max > 1 ? 's' : '') + ' !</span>'
|
|
|
|
|
} else {
|
|
|
|
|
label.innerHTML = '<span class="text-gray-400">' + max + ' places disponibles</span>'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function updateItemStock(item) {
|
|
|
|
|
const qtyInput = item.querySelector('[data-cart-qty]')
|
|
|
|
|
const max = Number.parseInt(item.dataset.max, 10) || 0
|
|
|
|
|
const current = Number.parseInt(qtyInput.value, 10) || 0
|
|
|
|
|
|
|
|
|
|
if (max > 0 && current > max) {
|
|
|
|
|
qtyInput.value = max
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const label = item.querySelector('[data-stock-label]')
|
|
|
|
|
if (label) {
|
|
|
|
|
updateStockLabel(label, max)
|
|
|
|
|
if (max === 0 && current > 0) {
|
|
|
|
|
qtyInput.value = 0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function startStockPolling(stockUrl, items, updateTotals) {
|
|
|
|
|
setInterval(() => {
|
|
|
|
|
globalThis.fetch(stockUrl)
|
|
|
|
|
.then(r => r.json())
|
|
|
|
|
.then(stock => {
|
|
|
|
|
for (const item of items) {
|
|
|
|
|
const qty = stock[item.dataset.billetId]
|
|
|
|
|
if (qty === undefined || qty === null) continue
|
|
|
|
|
|
|
|
|
|
item.dataset.max = String(qty)
|
|
|
|
|
item.querySelector('[data-cart-qty]').max = qty
|
|
|
|
|
updateItemStock(item)
|
|
|
|
|
}
|
|
|
|
|
updateTotals()
|
|
|
|
|
})
|
|
|
|
|
.catch(() => {})
|
|
|
|
|
}, 30000)
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-21 13:46:06 +01:00
|
|
|
export function initCart() {
|
|
|
|
|
const billetterie = document.getElementById('billetterie')
|
|
|
|
|
if (!billetterie) return
|
|
|
|
|
|
|
|
|
|
const items = billetterie.querySelectorAll('[data-cart-item]')
|
|
|
|
|
const totalEl = document.getElementById('cart-total')
|
|
|
|
|
const countEl = document.getElementById('cart-count')
|
|
|
|
|
const checkoutBtn = document.getElementById('cart-checkout')
|
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)
Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin
UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page
Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)
Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config
Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
|
|
|
const errorEl = document.getElementById('cart-error')
|
|
|
|
|
const errorText = document.getElementById('cart-error-text')
|
2026-03-21 13:46:06 +01:00
|
|
|
if (!totalEl || !countEl) return
|
|
|
|
|
|
|
|
|
|
function updateTotals() {
|
|
|
|
|
let total = 0
|
|
|
|
|
let count = 0
|
|
|
|
|
|
|
|
|
|
for (const item of items) {
|
|
|
|
|
const price = Number.parseFloat(item.dataset.price) || 0
|
|
|
|
|
const qtyInput = item.querySelector('[data-cart-qty]')
|
|
|
|
|
const lineTotalEl = item.querySelector('[data-cart-line-total]')
|
|
|
|
|
const qty = Number.parseInt(qtyInput.value, 10) || 0
|
|
|
|
|
|
|
|
|
|
const lineTotal = price * qty
|
|
|
|
|
total += lineTotal
|
|
|
|
|
count += qty
|
|
|
|
|
|
|
|
|
|
lineTotalEl.textContent = formatEur(lineTotal)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
totalEl.textContent = formatEur(total)
|
|
|
|
|
countEl.textContent = String(count)
|
|
|
|
|
|
|
|
|
|
if (checkoutBtn) {
|
|
|
|
|
checkoutBtn.disabled = count === 0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (const item of items) {
|
|
|
|
|
const qtyInput = item.querySelector('[data-cart-qty]')
|
|
|
|
|
const minusBtn = item.querySelector('[data-cart-minus]')
|
|
|
|
|
const plusBtn = item.querySelector('[data-cart-plus]')
|
|
|
|
|
const max = Number.parseInt(item.dataset.max, 10) || 0
|
|
|
|
|
|
|
|
|
|
minusBtn.addEventListener('click', () => {
|
|
|
|
|
const current = Number.parseInt(qtyInput.value, 10) || 0
|
|
|
|
|
if (current > 0) {
|
|
|
|
|
qtyInput.value = current - 1
|
|
|
|
|
updateTotals()
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
plusBtn.addEventListener('click', () => {
|
|
|
|
|
const current = Number.parseInt(qtyInput.value, 10) || 0
|
|
|
|
|
if (max === 0 || current < max) {
|
|
|
|
|
qtyInput.value = current + 1
|
|
|
|
|
updateTotals()
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
Add reservation flow: BilletBuyer, guest checkout, Stripe payment
- Create BilletBuyer entity: event, user (nullable for guests), firstName,
lastName, email, reference (ETICKET-XXXX-XXXX-XXXX), totalHT, status,
stripeSessionId, paidAt, items (OneToMany)
- Create BilletBuyerItem entity: billet, billetName (snapshot), quantity,
unitPriceHT, line total helpers
- OrderController with full checkout flow:
- POST /evenement/{id}/commander: create order from cart JSON
- GET/POST /commande/{id}/informations: guest form (name, email)
- GET /commande/{id}/paiement: payment page with recap
- POST /commande/{id}/stripe: Stripe Checkout on connected account
with application_fee, productId, and quantities
- GET /commande/{id}/confirmation: success page
- Cart JS: POST cart data on Commander click, redirect to guest/payment
- Templates: guest form, payment page, order summary partial, success page
- Stripe payment uses organizer connected account, application_fee based
on commissionRate, existing productId when available
- Tests: BilletBuyerTest (12), BilletBuyerItemTest (6), cart.test.js (13)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 13:54:17 +01:00
|
|
|
if (checkoutBtn) {
|
Reduce cognitive complexity, improve test coverage, fix SonarQube issues
Cognitive complexity refactors:
- cart.js: extract buildCart, handleCheckout, updateStockLabel, updateItemStock, startStockPolling (21→~8)
- tabs.js: use .at(-1) instead of [length-1]
- MeilisearchConsistencyCommand: extract checkAllIndexes, accumulate, reportSummary (18→~8)
- TranslateCommand: extract processDomain, processLanguage, loadExisting, findMissingKeys, removeObsoleteKeys, handleUpToDate, mergeAndOrder (36→~10)
- AccountController::index: extract computeFinanceStats with statusMap pattern (19→~12)
Test coverage additions:
- HomeController: expired invitation view, stock not found, stock with billets, search+city with mock results
- AdminController: delete/resend invitation not found (404)
- AccountController: item without billet (codeCoverageIgnore - NOT NULL in DB)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 12:57:00 +01:00
|
|
|
checkoutBtn.addEventListener('click', () => handleCheckout(checkoutBtn, items, errorEl, errorText))
|
Add reservation flow: BilletBuyer, guest checkout, Stripe payment
- Create BilletBuyer entity: event, user (nullable for guests), firstName,
lastName, email, reference (ETICKET-XXXX-XXXX-XXXX), totalHT, status,
stripeSessionId, paidAt, items (OneToMany)
- Create BilletBuyerItem entity: billet, billetName (snapshot), quantity,
unitPriceHT, line total helpers
- OrderController with full checkout flow:
- POST /evenement/{id}/commander: create order from cart JSON
- GET/POST /commande/{id}/informations: guest form (name, email)
- GET /commande/{id}/paiement: payment page with recap
- POST /commande/{id}/stripe: Stripe Checkout on connected account
with application_fee, productId, and quantities
- GET /commande/{id}/confirmation: success page
- Cart JS: POST cart data on Commander click, redirect to guest/payment
- Templates: guest form, payment page, order summary partial, success page
- Stripe payment uses organizer connected account, application_fee based
on commissionRate, existing productId when available
- Tests: BilletBuyerTest (12), BilletBuyerItemTest (6), cart.test.js (13)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 13:54:17 +01:00
|
|
|
}
|
|
|
|
|
|
2026-03-21 13:46:06 +01:00
|
|
|
updateTotals()
|
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)
Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin
UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page
Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)
Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config
Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
|
|
|
|
|
|
|
|
const stockUrl = billetterie.dataset.stockUrl
|
|
|
|
|
if (stockUrl) {
|
Reduce cognitive complexity, improve test coverage, fix SonarQube issues
Cognitive complexity refactors:
- cart.js: extract buildCart, handleCheckout, updateStockLabel, updateItemStock, startStockPolling (21→~8)
- tabs.js: use .at(-1) instead of [length-1]
- MeilisearchConsistencyCommand: extract checkAllIndexes, accumulate, reportSummary (18→~8)
- TranslateCommand: extract processDomain, processLanguage, loadExisting, findMissingKeys, removeObsoleteKeys, handleUpToDate, mergeAndOrder (36→~10)
- AccountController::index: extract computeFinanceStats with statusMap pattern (19→~12)
Test coverage additions:
- HomeController: expired invitation view, stock not found, stock with billets, search+city with mock results
- AdminController: delete/resend invitation not found (404)
- AccountController: item without billet (codeCoverageIgnore - NOT NULL in DB)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 12:57:00 +01:00
|
|
|
startStockPolling(stockUrl, items, updateTotals)
|
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)
Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin
UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page
Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)
Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config
Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
|
|
|
}
|
2026-03-21 13:46:06 +01:00
|
|
|
}
|