- Add responsive breakpoints (sm/md) to event_detail.html.twig: adaptive titles, stacked ticket layout on mobile, reduced padding/spacing
- Add responsive breakpoints to order templates (guest, summary, public, payment, success): adaptive typography, padding, and layouts
- Fix BreadcrumbList JSON-LD: escape names with json_encode, remove item URL from last breadcrumb
- Update deploy.yml cron schedule from 3h/13h/19h/23h to 1h/22h
- Add <title> tags to rgpd_deletion.html.twig and rgpd_access.html.twig
- Add scope attributes to all <th> tags in rgpd_access.html.twig
- Replace deprecated width/cellpadding/cellspacing HTML attributes with CSS in scan_force_notification email
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Labels and card text: text-gray-400 -> text-gray-600 on #fbfbfb bg
- Empty state message: text-gray-400 -> text-gray-600 on white bg
- Add explicit width/height to navbar logo to prevent CLS
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- text-yellow-500 on white bg had ratio ~1.9 (need 4.5), now text-yellow-700
- text-indigo-600 links on white bg had ratio ~3.8, now text-indigo-800
with permanent underline for link visibility (WCAG 1.4.1)
- Cookie banner link also updated
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The endpoint path is now /t/<8-char hash of APP_SECRET> instead of
static /t. Token is injected via data-e attribute on body, read by JS.
Server validates token on every hit, returns 404 if invalid.
Changes with each APP_SECRET = impossible to hardcode in a blocker.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Core system:
- AnalyticsUniqId entity (visitor identity with device/os/browser parsing)
- AnalyticsEvent entity (page views linked to visitor)
- POST /t endpoint with AES-256-GCM encrypted payloads
- HMAC-SHA256 visitor hash for anti-tampering
- Async processing via Messenger
- JS module: auto page_view tracking, setAuth for logged users
- Encryption key shared via data-k attribute on body
- setAuth only triggers when cookie consent is accepted
- Clean CSP: remove old tracker domains (Cloudflare, Umami)
100% first-party, no cookies, invisible to adblockers, RGPD-friendly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Desktop: yellow "Inscription" button next to login icon (hidden on mobile)
- Mobile menu: yellow "Inscription" block after "Connexion" link
- Registration was already functional at /inscription, just missing from navbar
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- base.html.twig: add og:url (dynamic), twitter:card, twitter:title, twitter:description
- event_detail: og:type = event
- All public pages already have title + description blocks that propagate to OG
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PaymentIntent instead of Checkout Session on connected account
- Stripe Elements Payment Element with neo-brutalist theme
- stripe-payment.js module with waitForStripe() for deferred loading
- No inline scripts (CSP compliant), data attributes on container
- Add order_number (YYYY-MM-DD-increment) to BilletBuyer
- Payment page redesign: full-width vertical layout with event info,
buyer info, billet listing with images/descriptions, payment form
- CSP: add js.stripe.com to script-src, api.stripe.com to connect-src
- Add stripe_pk parameter in services.yaml
- Add head block to base.html.twig for page-specific scripts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Skip loading /stats/script.js and /assets/perf.js when data-env=dev
- Add data-env="{{ app.environment }}" to body tag
- Redirect to edit event page instead of events list after saving
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create pwa.yaml with manifest: name, icons (favicon.png), theme color
- Add {{ pwa() }} before stylesheets in base.html.twig head
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add favicon.png link and apple-touch-icon in base.html.twig
- Add theme-color meta tag (#fabf04)
- Add pwa_dev and pwa_prod Makefile commands
- Add PWA asset generation step in Ansible playbook after cache clear
- Update Caddy static paths for favicon.png, marker.png, manifest.json, sw.js
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /evenements public page with Meilisearch search, KnpPaginator (12/page), event cards grid
- Add /evenement/{orgaSlug}/{id}-{eventSlug} public route with slug redirect
- Add Event::getSlug() method
- Update homepage stats with real event count
- Update organizer detail page to list their public events
- Update navbar: link Evenements to /evenements with active state
- Add copy URL button on edit event page (visible only when online)
- Add initCopyUrl() in app.js with clipboard API
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add public organizers list page (/organisateurs) with neo-brutalist card grid, social icons, and logo display
- Add organizer detail page (/organisateur/{id}-{slug}) with company info, SIRET, email, address, social links, and events placeholder
- Add slug-based URLs with 301 redirect on wrong slug, getSlug() method on User entity
- Add "Voir les evenements" button on organizer cards linking to detail page
- Add JSON-LD BreadcrumbList to all 17 pages that were missing breadcrumbs (login, forgot_password, register_success, email_verified, legal/*, attestation/*, account/*)
- Add Open Graph meta tags (og:title, og:description, og:image, og:type, og:locale, og:site_name) in base.html.twig with automatic inheritance from title/description blocks
- Add og:image with organizer logo on detail page
- Update sitemap: add /organisateurs to sitemap-main, generate organizer detail URLs in sitemap-orgas with logo images
- Update navbar to highlight "Organisateurs" on detail pages
- Redesign homepage with hero section, marquee, stats counters, how-it-works, and CTA sections
- Add Tailwind v4 @source "../templates" directive to app.scss and admin.scss
- Migrate Flysystem from S3 to local storage (uploads/events, uploads/logos)
- Update Liip Imagine config with FormatExtensionResolver for webp conversion
- Add User entity social fields (website, facebook, instagram, twitter, tiktok), logo upload (Vich), __serialize/__unserialize for session safety
- Add account page settings tab with profile, logo upload, and social media for organizers
- Add Stripe Connect status display and sub-account management in account page
- Delete WebpExtensionSubscriber (replaced by FormatExtensionResolver)
- Add migration for social fields and logo columns
- Add deploy.yml chmod tasks for uploads directories
- Add HomeController tests (detail success, wrong slug redirect, 404 cases)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Admin panel (/admin, ROLE_ROOT):
- Dashboard with CA HT Global/Commission cards and Meilisearch sync button
- Buyers page with search (Meilisearch), create form, pagination (KnpPaginator)
- Buyer actions: resend verification, force verify, reset password, delete
- Organizers page with tabs (pending/approved), approve/reject with emails
- Neo-brutalist design matching main site theme
- Vite admin entry point with dedicated SCSS
- CSP-compatible confirm dialogs via data-confirm attributes
Meilisearch integration:
- Auto-index buyers on email verification
- Remove from index on buyer deletion
- Manual sync button on dashboard
- Search bar on buyers page
- Add Meilisearch service to CI/SonarQube workflows
- Add MEILISEARCH env vars to .env.test
- Fix MeilisearchMessageHandler infinite loop: use request() directly instead
of service methods that re-dispatch messages
Email templates:
- Redesign base email template to neo-brutalist style (borders, shadows, yellow footer)
- Add E-Cosplay logo, "E-Ticket solution proposee par e-cosplay.fr"
- Add admin_reset_password, organizer_approved, organizer_rejected templates
Other:
- Install knplabs/knp-paginator-bundle
- Add ^/admin access_control for ROLE_ROOT in security.yaml
- Update site footer with E-Ticket branding
- 18 admin tests, updated MeilisearchMessageHandler tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Install knpuniversity/oauth2-client-bundle and stevenmaguire/oauth2-keycloak
- Register KnpUOAuth2ClientBundle in bundles.php
- Configure Keycloak OIDC client (realm e-cosplay, auth.esy-web.dev)
- Add keycloakId field to User entity with migration
- Create KeycloakAuthenticator with group-to-role mapping (/superadmin -> ROLE_ROOT)
- Create OAuthController with SSO routes (/connection/sso/login, logout, check)
- Add custom_authenticator to security firewall with form_login entry point
- Add auth.esy-web.dev to nelmio external_redirects whitelist and CSP form-action
- Add SSO button and error flash messages to login page
- Make navbar active state dynamic based on current route (desktop + mobile)
- Add Keycloak env vars to .env, .env.local, and ansible/env.local.j2
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create ContactController with GET/POST handling and MailerService integration
- Create contact page template with name, surname, email, message form
- Create dedicated email template for contact messages
- Update navbar links (desktop + mobile) to point to /contact route
- Add ContactControllerTest with 5 tests covering form submission and validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- JSON-LD: Organization, WebSite with SearchAction, BreadcrumbList
- SitemapController: sitemapindex with main + paginated events (images/videos)
- RobotsController: dynamic robots.txt with sitemap URL
- SearchController: /search with Meilisearch (TODO)
- Meilisearch added to dev and prod docker-compose
- Breadcrumbs added to all controllers
- .well-known: security.txt, humans.txt, dnt-policy.txt
- PGP public key in public/key.asc
- SecurityController: /mot-de-passe + .well-known/change-password route
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Reset templates: clean base.html.twig + new email base template
- Remove old templates (account, legal, security, emails, etc.)
- Add Caddy service to docker-compose-dev
- Add ansible hosts.ini for production deployment
- Add .gitea/CODEOWNERS
- Clean app.scss
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
