assets/modules/tabs.js

export function initTabs() {
    const buttons = document.querySelectorAll('[data-tab]')
    if (buttons.length === 0) return

    const tablist = buttons[0].parentElement
    if (tablist) {
        tablist.setAttribute('role', 'tablist')
    }

    buttons.forEach(button => {
        const targetId = button.dataset.tab
        const panel = document.getElementById(targetId)

        button.setAttribute('role', 'tab')
        button.setAttribute('aria-controls', targetId)
        if (!button.id) {
            button.id = 'tab-btn-' + targetId
        }

        if (panel) {
            panel.setAttribute('role', 'tabpanel')
            panel.setAttribute('aria-labelledby', button.id)
        }

        const isActive = panel && panel.style.display !== 'none'
        button.setAttribute('aria-selected', isActive ? 'true' : 'false')
        button.setAttribute('tabindex', isActive ? '0' : '-1')

        button.addEventListener('click', () => activateTab(buttons, button))

        button.addEventListener('keydown', (e) => {
            const tabs = Array.from(buttons)
            const index = tabs.indexOf(button)

            let target = null
            if (e.key === 'ArrowRight' || e.key === 'ArrowDown') {
                e.preventDefault()
                target = tabs[(index + 1) % tabs.length]
            } else if (e.key === 'ArrowLeft' || e.key === 'ArrowUp') {
                e.preventDefault()
                target = tabs[(index - 1 + tabs.length) % tabs.length]
            } else if (e.key === 'Home') {
                e.preventDefault()
                target = tabs[0]
            } else if (e.key === 'End') {
                e.preventDefault()
                target = tabs[tabs.length - 1]
            }

            if (target) {
                activateTab(buttons, target)
                target.focus()
            }
        })
    })
}

function activateTab(buttons, activeButton) {
    buttons.forEach(b => {
        const isActive = b === activeButton
        b.style.backgroundColor = isActive ? '#111827' : 'white'
        b.style.color = isActive ? 'white' : '#111827'
        b.setAttribute('aria-selected', isActive ? 'true' : 'false')
        b.setAttribute('tabindex', isActive ? '0' : '-1')

        const panel = document.getElementById(b.dataset.tab)
        if (panel) {
            panel.style.display = isActive ? 'block' : 'none'
        }
    })
}
Add JS tests, refactor SitemapController, extract JS modules - Extract mobile-menu.js and tabs.js from app.js - Add Vitest tests with happy-dom and v8 coverage (100% on modules) - Add JS test step to CI frontend and SonarQube workflows - SonarQube: add JS lcov coverage report path - SitemapController: extract URLSET_TEMPLATE constant, deduplicate methods Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-19 00:19:34 +01:00			`export function initTabs() {`
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization Billetterie: - Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration) - Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction - Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set - Disable checkout when event ended (server 400 + template hide) - Webhook deduplication via cache (24h TTL on stripe event.id) - Email validation (filter_var) in OrderController guest flow - JSON cart validation (structure check before processing) - Invitation expiration after 7 days (isExpired method + landing page message) - Stripe Checkout fallback when JS fails to load (noscript + redirect) Config externalization: - Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml - Replace all hardcoded contact@e-cosplay.fr across 13 files - MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin UX & Accessibility: - ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End) - aria-label on cart +/- buttons and editor toolbar buttons - tabindex=0 on editor toolbar buttons for keyboard access - data-confirm handler in app.js (was only in admin.js) - Cart error feedback on checkout failure - Billet designer save feedback (loading/success/error states) - Stock polling every 30s with rupture/low stock badges - Back to event link on payment page Security: - HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed - Stripe polling timeout (15s max) with fallback redirect - Rate limiting on public order access (20/5min) - .catch() on all fetch() calls (sortable, billet-designer) Tests (92% PHP, 100% JS lines): - PCOV added to dev Dockerfile - Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key - Rate limiter disabled in test env - Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js - New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4) - New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest - New tests: Stripe webhook payment_failed (6) + charge.refunded (6) - New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration - JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9) - ESLint + PHP CS Fixer: 0 errors - SonarQube exclusions aligned with vitest coverage config Infra: - Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am - MeilisearchService: getAllDocumentIds(), listIndexes() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-23 11:14:06 +01:00			`const buttons = document.querySelectorAll('[data-tab]')`
			`if (buttons.length === 0) return`

			`const tablist = buttons[0].parentElement`
			`if (tablist) {`
			`tablist.setAttribute('role', 'tablist')`
			`}`

			`buttons.forEach(button => {`
			`const targetId = button.dataset.tab`
			`const panel = document.getElementById(targetId)`

			`button.setAttribute('role', 'tab')`
			`button.setAttribute('aria-controls', targetId)`
			`if (!button.id) {`
			`button.id = 'tab-btn-' + targetId`
			`}`

			`if (panel) {`
			`panel.setAttribute('role', 'tabpanel')`
			`panel.setAttribute('aria-labelledby', button.id)`
			`}`

			`const isActive = panel && panel.style.display !== 'none'`
			`button.setAttribute('aria-selected', isActive ? 'true' : 'false')`
			`button.setAttribute('tabindex', isActive ? '0' : '-1')`

			`button.addEventListener('click', () => activateTab(buttons, button))`

			`button.addEventListener('keydown', (e) => {`
			`const tabs = Array.from(buttons)`
			`const index = tabs.indexOf(button)`

			`let target = null`
			`if (e.key === 'ArrowRight' \|\| e.key === 'ArrowDown') {`
			`e.preventDefault()`
			`target = tabs[(index + 1) % tabs.length]`
			`} else if (e.key === 'ArrowLeft' \|\| e.key === 'ArrowUp') {`
			`e.preventDefault()`
			`target = tabs[(index - 1 + tabs.length) % tabs.length]`
			`} else if (e.key === 'Home') {`
			`e.preventDefault()`
			`target = tabs[0]`
			`} else if (e.key === 'End') {`
			`e.preventDefault()`
			`target = tabs[tabs.length - 1]`
			`}`

			`if (target) {`
			`activateTab(buttons, target)`
			`target.focus()`
			`}`
Add JS tests, refactor SitemapController, extract JS modules - Extract mobile-menu.js and tabs.js from app.js - Add Vitest tests with happy-dom and v8 coverage (100% on modules) - Add JS test step to CI frontend and SonarQube workflows - SonarQube: add JS lcov coverage report path - SitemapController: extract URLSET_TEMPLATE constant, deduplicate methods Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-19 00:19:34 +01:00			`})`
			`})`
			`}`
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization Billetterie: - Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration) - Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction - Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set - Disable checkout when event ended (server 400 + template hide) - Webhook deduplication via cache (24h TTL on stripe event.id) - Email validation (filter_var) in OrderController guest flow - JSON cart validation (structure check before processing) - Invitation expiration after 7 days (isExpired method + landing page message) - Stripe Checkout fallback when JS fails to load (noscript + redirect) Config externalization: - Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml - Replace all hardcoded contact@e-cosplay.fr across 13 files - MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin UX & Accessibility: - ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End) - aria-label on cart +/- buttons and editor toolbar buttons - tabindex=0 on editor toolbar buttons for keyboard access - data-confirm handler in app.js (was only in admin.js) - Cart error feedback on checkout failure - Billet designer save feedback (loading/success/error states) - Stock polling every 30s with rupture/low stock badges - Back to event link on payment page Security: - HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed - Stripe polling timeout (15s max) with fallback redirect - Rate limiting on public order access (20/5min) - .catch() on all fetch() calls (sortable, billet-designer) Tests (92% PHP, 100% JS lines): - PCOV added to dev Dockerfile - Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key - Rate limiter disabled in test env - Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js - New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4) - New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest - New tests: Stripe webhook payment_failed (6) + charge.refunded (6) - New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration - JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9) - ESLint + PHP CS Fixer: 0 errors - SonarQube exclusions aligned with vitest coverage config Infra: - Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am - MeilisearchService: getAllDocumentIds(), listIndexes() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-23 11:14:06 +01:00
			`function activateTab(buttons, activeButton) {`
			`buttons.forEach(b => {`
			`const isActive = b === activeButton`
			`b.style.backgroundColor = isActive ? '#111827' : 'white'`
			`b.style.color = isActive ? 'white' : '#111827'`
			`b.setAttribute('aria-selected', isActive ? 'true' : 'false')`
			`b.setAttribute('tabindex', isActive ? '0' : '-1')`

			`const panel = document.getElementById(b.dataset.tab)`
			`if (panel) {`
			`panel.style.display = isActive ? 'block' : 'none'`
			`}`
			`})`
			`}`