Add cookie consent widget with analytics tunnel bypass for adblock

- Create cookie-consent.js module: banner show/hide, cookie management, conditional analytics loading - Add cookie banner widget in base.html.twig (accept/refuse buttons) - Analytics script loaded from /stats/ tunnel (bypass adblock) with data-host-url - Add Caddy reverse proxy tunnel /stats/* -> tools-security.esy-web.dev - Add tools-security.esy-web.dev to CSP connect-src - Add 9 JS tests for cookie consent - Revert manual composer.json edit for amazon-mailer (needs composer require) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 16:02:36 +01:00
parent 99e5428208
commit 518642551c
7 changed files with 168 additions and 1 deletions
--- a/tests/js/cookie-consent.test.js
+++ b/tests/js/cookie-consent.test.js
@@ -0,0 +1,79 @@
+import { describe, it, expect, beforeEach } from 'vitest'
+import { initCookieConsent } from '../../assets/modules/cookie-consent.js'
+
+describe('initCookieConsent', () => {
+    beforeEach(() => {
+        document.cookie = 'e_ticket_consent=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/'
+        document.querySelectorAll('script[data-analytics]').forEach(s => s.remove())
+        document.body.innerHTML = `
+            <div id="cookie-banner" class="hidden">
+                <button id="cookie-accept"></button>
+                <button id="cookie-refuse"></button>
+            </div>
+        `
+    })
+
+    it('shows banner when no consent cookie', () => {
+        initCookieConsent()
+        const banner = document.getElementById('cookie-banner')
+        expect(banner.classList.contains('hidden')).toBe(false)
+    })
+
+    it('hides banner and sets cookie on accept', () => {
+        initCookieConsent()
+        document.getElementById('cookie-accept').click()
+        const banner = document.getElementById('cookie-banner')
+        expect(banner.classList.contains('hidden')).toBe(true)
+        expect(document.cookie).toContain('e_ticket_consent=accepted')
+    })
+
+    it('hides banner and sets cookie on refuse', () => {
+        initCookieConsent()
+        document.getElementById('cookie-refuse').click()
+        const banner = document.getElementById('cookie-banner')
+        expect(banner.classList.contains('hidden')).toBe(true)
+        expect(document.cookie).toContain('e_ticket_consent=refused')
+    })
+
+    it('does not show banner if already accepted', () => {
+        document.cookie = 'e_ticket_consent=accepted;path=/'
+        initCookieConsent()
+        const banner = document.getElementById('cookie-banner')
+        expect(banner.classList.contains('hidden')).toBe(true)
+    })
+
+    it('does not show banner if already refused', () => {
+        document.cookie = 'e_ticket_consent=refused;path=/'
+        initCookieConsent()
+        const banner = document.getElementById('cookie-banner')
+        expect(banner.classList.contains('hidden')).toBe(true)
+    })
+
+    it('does nothing without banner element', () => {
+        document.body.innerHTML = ''
+        expect(() => initCookieConsent()).not.toThrow()
+    })
+
+    it('loads analytics script on accept', () => {
+        initCookieConsent()
+        document.getElementById('cookie-accept').click()
+        const script = document.querySelector('script[data-analytics]')
+        expect(script).not.toBeNull()
+        expect(script.src).toContain('/stats/script.js')
+        expect(script.dataset.websiteId).toBe('a1f85dd5-741f-4df7-840a-7ef0931ed0cc')
+    })
+
+    it('does not load analytics on refuse', () => {
+        initCookieConsent()
+        document.getElementById('cookie-refuse').click()
+        const script = document.querySelector('script[data-analytics]')
+        expect(script).toBeNull()
+    })
+
+    it('loads analytics immediately if already accepted', () => {
+        document.cookie = 'e_ticket_consent=accepted;path=/'
+        initCookieConsent()
+        const script = document.querySelector('script[data-analytics]')
+        expect(script).not.toBeNull()
+    })
+})