admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
485 Commits 1 Branch 0 Tags
2987dbfd2871a75dbc6fedf7bb957e835669ed5c
Commit Graph

12 Commits

Author SHA1 Message Date
Serreau Jovann
2987dbfd28 Fix Redis session DSN, remove LibreTranslate from prod, track all translations 
- Fix SESSION_HANDLER_DSN: use Redis db index (/1) instead of /sessions
  which caused "dbindex must be a number" error
- Remove LibreTranslate service and volume from docker-compose prod
- Remove gitignore rules for translation files (en, es, de, it)
  so all languages are tracked in git
- Apply PHP CS Fixer style fixes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 09:35:13 +01:00
Serreau Jovann
d44e75e3fd Fix SonarQube issues, store sessions in Redis, use direct analytics URLs 
- ApiSandboxController: reduce scan() returns from 4 to 3 via ternary
- ApiDocController: add MIME_JSON constant, extract buildInsomniaRequest()
  and buildInsomniaBody() to reduce cognitive complexity
- Store sessions in Redis to fix SSO disconnect with 2 PHP replicas
  (round-robin load balancing caused session loss on filesystem storage)
- Configure session cookie: 24h lifetime, secure auto, samesite lax
- Replace Caddy analytics proxies (/stats/*, /assets/perf.js, /sperf)
  with direct URLs to tools-security.esy-web.dev and cloudflareinsights.com
- Update JS tests for new direct analytics URLs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 09:21:19 +01:00
Serreau Jovann
04927ec988 Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 11:14:06 +01:00
Serreau Jovann
3e8eed4edb Split Stripe webhooks: /stripe/webhook for payouts, /stripe/webhook/connect for v2 Connect 
- Separate webhook routes with different secrets
- Add verifyConnectWebhookSignature() to StripeService
- Add STRIPE_WEBHOOK_SECRET_CONNECT env var
- Update vault with prod secrets for both endpoints

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 22:31:00 +01:00
Serreau Jovann
8cdd825e32 Add symfony/amazon-mailer via composer require for SES email transport 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 16:03:06 +01:00
Serreau Jovann
5b62a270d7 Remove S3/Minio: delete s3_client service, env vars, Minio container, and AWS S3 package 
- Remove s3_client service from services.yaml
- Remove S3_* env vars from .env and env.local.j2
- Remove Minio service and volume from docker-compose-dev.yml
- Remove league/flysystem-aws-s3-v3 from composer.json

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 15:04:49 +01:00
Serreau Jovann
9bcb41306b Add conformite page, SonarQube badge proxy, coverage fixes, and code quality 
- Add /conformite page: PSD2/3DS/Stripe, SonarQube badges, CI/CD, security
- Create SonarBadgeController proxy to serve SonarQube badges without exposing token
- Store SonarQube badge token in ansible/vault.yml instead of env files
- Add Meilisearch coverage tests: search with results, search error, sync, delete
- Fix MeilisearchService delete catch block with comment
- Fix ESLint: use globalThis.confirm instead of window.confirm
- Fix accessibility: add for/id attributes to buyer creation form labels
- Add conformite link to site footer
- Add SonarBadgeControllerTest and LegalControllerTest for /conformite

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 14:25:04 +01:00
Serreau Jovann
2405fcc2da Add SSO E-Cosplay (Keycloak OIDC) and dynamic navbar active state 
- Install knpuniversity/oauth2-client-bundle and stevenmaguire/oauth2-keycloak
- Register KnpUOAuth2ClientBundle in bundles.php
- Configure Keycloak OIDC client (realm e-cosplay, auth.esy-web.dev)
- Add keycloakId field to User entity with migration
- Create KeycloakAuthenticator with group-to-role mapping (/superadmin -> ROLE_ROOT)
- Create OAuthController with SSO routes (/connection/sso/login, logout, check)
- Add custom_authenticator to security firewall with form_login entry point
- Add auth.esy-web.dev to nelmio external_redirects whitelist and CSP form-action
- Add SSO button and error flash messages to login page
- Make navbar active state dynamic based on current route (desktop + mobile)
- Add Keycloak env vars to .env, .env.local, and ansible/env.local.j2

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 10:38:19 +01:00
Serreau Jovann
2d02ba4cbb Add S3/MinIO storage, nelmio security and CSP config 
- Flysystem S3 adapter configured for MinIO
- Vich uploader switched to Flysystem S3 storage
- Liip imagine loader/resolver on S3
- S3 client service with path style endpoint for MinIO
- Nelmio security: CSP, clickjacking, permissions policy, external redirects
- CSP dev: allow Vite HMR (localhost:5173)
- CSP prod: nonce scripts, restricted form-action and connect-src
- composer: flysystem-bundle, flysystem-aws-s3-v3, nelmio/security-bundle

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 21:10:45 +01:00
Serreau Jovann
8193930f60 Add application source code, configs and assets 
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 20:16:01 +01:00
Serreau Jovann
9341647acf Add webapp packages 2026-03-04 21:52:29 +01:00
Serreau Jovann
7e95e82f6e Add initial set of files 2026-03-04 21:52:21 +01:00