Core system:
- AnalyticsUniqId entity (visitor identity with device/os/browser parsing)
- AnalyticsEvent entity (page views linked to visitor)
- POST /t endpoint with AES-256-GCM encrypted payloads
- HMAC-SHA256 visitor hash for anti-tampering
- Async processing via Messenger
- JS module: auto page_view tracking, setAuth for logged users
- Encryption key shared via data-k attribute on body
- setAuth only triggers when cookie consent is accepted
- Clean CSP: remove old tracker domains (Cloudflare, Umami)
100% first-party, no cookies, invisible to adblockers, RGPD-friendly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Security:
- Move env switcher logic to assets/modules/api-env-switcher.js (no inline script)
- Register in app.js via initApiEnvSwitcher()
- Compliant with CSP script-src (no unsafe-inline needed for this page)
API doc:
- Add CSP policy section showing all authorized origins per directive
- Table: script-src, connect-src, style-src, img-src, font-src, frame-src, form-action, object-src, worker-src
- Note: inline scripts not allowed, must use nonce or external file
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Public event page:
- Share buttons: X (Twitter), Facebook, Instagram (copy link), TikTok (copy link), copy link
- Buttons use url_encode for share URLs with event title + URL
- Instagram/TikTok copy to clipboard (no direct share URL support)
- Consistent brutal design with aria-labels
Organizer dashboard:
- Share X, Facebook, copy link buttons per event in events list
- QR code download button per event
- Route /mon-compte/evenement/{id}/qrcode: generates 400px PNG QR code via Endroid
- QR code points to public event URL, downloaded as qrcode-{slug}.png
JS module:
- assets/modules/share.js: initShare() handles data-share-copy buttons
- Copies URL to clipboard, shows checkmark for 1.5s then restores icon
- 4 tests (no buttons, copy, checkmark restore, multiple buttons)
Social icons already displayed via _social_icons.html.twig component
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PaymentIntent instead of Checkout Session on connected account
- Stripe Elements Payment Element with neo-brutalist theme
- stripe-payment.js module with waitForStripe() for deferred loading
- No inline scripts (CSP compliant), data attributes on container
- Add order_number (YYYY-MM-DD-increment) to BilletBuyer
- Payment page redesign: full-width vertical layout with event info,
buyer info, billet listing with images/descriptions, payment form
- CSP: add js.stripe.com to script-src, api.stripe.com to connect-src
- Add stripe_pk parameter in services.yaml
- Add head block to base.html.twig for page-specific scripts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Each billet has +/- quantity buttons with max quantity enforcement
- Line total per billet updated in real-time
- Cart total and article count at the bottom
- Commander button disabled when cart is empty
- Full billet description displayed
- JS module cart.js with 10 tests covering all cases
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /mon-compte/evenement/{id}/categorie/{categoryId}/modifier route (GET/POST)
- Create edit_category.html.twig with name and date fields
- Add edit button (pencil icon) on category list items
- Add sortable.js module: native HTML5 drag & drop with fetch reorder API
- Auto-correct endAt < startAt on category edit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add event-map.js module: loads Leaflet dynamically, geocodes address, renders map with marker at zoom 16
- Remove iframe, address text and OSM link below map
- Add CSP entries for unpkg (Leaflet), tile.openstreetmap.org (tiles), nominatim (geocoding)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /evenements public page with Meilisearch search, KnpPaginator (12/page), event cards grid
- Add /evenement/{orgaSlug}/{id}-{eventSlug} public route with slug redirect
- Add Event::getSlug() method
- Update homepage stats with real event count
- Update organizer detail page to list their public events
- Update navbar: link Evenements to /evenements with active state
- Add copy URL button on edit event page (visible only when online)
- Add initCopyUrl() in app.js with clipboard API
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extract mobile-menu.js and tabs.js from app.js
- Add Vitest tests with happy-dom and v8 coverage (100% on modules)
- Add JS test step to CI frontend and SonarQube workflows
- SonarQube: add JS lcov coverage report path
- SitemapController: extract URLSET_TEMPLATE constant, deduplicate methods
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
