Fetches charges_enabled and payouts_enabled from Stripe API for each
organizer with a connected account and updates the local database.
Also adds retrieveAccountStatus() to StripeService for testability.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Show charges/payouts acceptance status and Stripe connection state
when an admin views an organizer's event. Pass owner to template
and use it for Stripe checks instead of app.user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously, missing indexes were silently skipped. Now with --fix,
the command creates the index and indexes all documents from the database.
Without --fix, missing indexes are reported. Also checks all organizer
and event indexes regardless of whether they already exist in Meilisearch.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The getmeili/meilisearch image (Debian slim) has neither curl nor wget,
so healthcheck commands always fail. Use condition: service_started
and rely on Messenger retry mechanism for brief startup delays.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The getmeili/meilisearch image does not include curl, causing the
healthcheck to fail and blocking messenger startup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add toggle online/offline and delete routes in AdminController
- Add action buttons (En ligne, Modifier, Supprimer) in admin events template
- Bypass requireEventOwnership and requireStripeReady for ROLE_ROOT so admin can edit any event
- Add Meilisearch healthcheck and depends_on in messenger service (prod + dev)
- Add tests for all new admin routes and ROLE_ROOT bypass
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add nullable debt field to User entity with addDebt/reduceDebt helpers
- On refund webhook: add refunded amount to organizer debt
- On dispute webhook (charge.dispute.created): add disputed amount to debt
- OrderController: if organizer has debt > 0, payment goes to main Stripe
account instead of connected account, debt reduced on payment success
- Display debt amount on organizer dashboard with warning message
- Add dispute notification email template
- Migration for debt column on user table
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add billing fields to User (isBilling, billingAmount, billingState,
billingStripeSubscriptionId) and OrganizerInvitation (billingAmount)
- Registration: organizer gets billingState="poor" (pending review)
- Admin approval: sets isBilling=true, billingAmount from form, state="good"
- Invitation: billingAmount from invitation, if 0 then isBilling=false
- ROLE_ROOT accounts: billing free (amount=0, state="good")
- Block Stripe Connect creation and all organizer features if state is
"poor" or "suspendu"
- Hide Stripe configuration section if billing not settled
- Add billing checkout via Stripe subscription with success route
- Webhooks: checkout.session.completed activates billing,
invoice.payment_failed and customer.subscription.deleted suspend
account and disable online events
- Show billing alert on /mon-compte with amount and subscribe button
- Display billing info in invitation email and landing page
- Add email templates for billing activated/failed/cancelled
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restructure createInvitation to ensure $order is always defined
- Mark all requireStripeReady guard blocks as codeCoverageIgnore
- Add explicit USER root in cron Dockerfile with justification comment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extract requireEventOwnership() to deduplicate event owner checks (18 occurrences)
- Extract requireCategory() to deduplicate category validation (2 occurrences)
- Reduce createInvitation() returns from 4 to 3 by merging validation errors
- Mark requireStripeReady() as codeCoverageIgnore
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Hide organizer tabs (events, subaccounts, payouts) if Stripe not ready
- Redirect organizer tab content and all organizer routes to /mon-compte
- Add requireStripeReady() guard on all ROLE_ORGANIZER routes
- Force default tab to 'tickets' when Stripe is not validated
- Update test fixtures: approved organizers get Stripe enabled by default
- Add tests for blocked tabs and blocked event creation without Stripe
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Direct script loading requires the domain in script-src,
not just connect-src. Added to both base and prod config.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove Start/Wait/Translate LibreTranslate tasks from deploy.yml
- Add SESSION_HANDLER_DSN with Redis in env.local.j2 for prod sessions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix SESSION_HANDLER_DSN: use Redis db index (/1) instead of /sessions
which caused "dbindex must be a number" error
- Remove LibreTranslate service and volume from docker-compose prod
- Remove gitignore rules for translation files (en, es, de, it)
so all languages are tracked in git
- Apply PHP CS Fixer style fixes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ApiSandboxController: reduce scan() returns from 4 to 3 via ternary
- ApiDocController: add MIME_JSON constant, extract buildInsomniaRequest()
and buildInsomniaBody() to reduce cognitive complexity
- Store sessions in Redis to fix SSO disconnect with 2 PHP replicas
(round-robin load balancing caused session loss on filesystem storage)
- Configure session cookie: 24h lifetime, secure auto, samesite lax
- Replace Caddy analytics proxies (/stats/*, /assets/perf.js, /sperf)
with direct URLs to tools-security.esy-web.dev and cloudflareinsights.com
- Update JS tests for new direct analytics URLs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- refresh: merge empty headers check into verifyJwt call (ternary with INVALID_JWT fallback)
- ssoValidate: merge user null + not organizer into single condition, use null coalescing for findOneBy chain
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Desktop: yellow "Inscription" button next to login icon (hidden on mobile)
- Mobile menu: yellow "Inscription" block after "Connexion" link
- Registration was already functional at /inscription, just missing from navbar
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ApiAuthTrait:
- authenticateRequest(): verify JWT from headers, return User or JsonResponse error
- success()/error(): standard JSON response helpers
ApiSandboxController (/api/sandbox):
- GET /events: returns fixture events
- GET /events/{id}: returns single fixture event
- GET /events/{id}/categories: returns fixture categories by event
- GET /categories/{id}/billets: returns fixture billets by category
- GET /billets/{id}: returns fixture billet detail
- POST /scan: returns fixture scan result by reference
- All routes authenticated via JWT, data from data/sandbox/fixtures.json
ApiLiveController (/api/live):
- GET /events: real events from DB, filtered by authenticated organizer
- GET /events/{id}: real event detail with ownership check
- GET /events/{id}/categories: real categories with isActive computed
- GET /categories/{id}/billets: real billets with sold count from BilletOrder
- GET /billets/{id}: full billet detail with image URL, category, event
- POST /scan: real ticket scan with state machine:
- invalid → refused (reason: invalid)
- expired → refused (reason: expired)
- already scanned + hasDefinedExit → refused (reason: exit_definitive)
- valid → accepted (sets firstScannedAt if first scan)
- unlimited entry/exit if !hasDefinedExit
- All routes check event/billet ownership against authenticated user
- Image URLs use request hostname (dynamic)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Flow:
1. GET /api/auth/login/sso → redirect to Keycloak login page
2. User authenticates on Keycloak
3. Keycloak redirects to GET /api/auth/login/sso/validate?code=xxx&state=xxx
4. Validate exchanges OAuth code for Keycloak token, finds user, returns JWT
- Finds user by keycloakId first, then by email fallback
- Only ROLE_ORGANIZER can get a JWT
- Response includes token + expiresAt + email
- API doc updated with both SSO routes
- SSO validate marked @codeCoverageIgnore (requires live Keycloak)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Only login skips auth headers (isLogin), refresh and all other routes include them
- afterResponseScript applies to both login and refresh (isAuthRoute)
- Refresh in Insomnia now works: sends expired token → gets new token → auto-stored
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- verifyJwt now returns {userId, expired} instead of just userId
- Expired token with valid signature can be refreshed (new 24h token)
- POST /api/auth/refresh: send expired token in ETicket-JWT header → get new token
- Returns 400 if token is still valid (no need to refresh)
- Returns 401 if signature invalid or user not found
- API doc: refresh endpoint documented with statuses
- Insomnia: both login and refresh auto-store jwt_token via afterResponseScript
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Login body uses {{ _.email }} and {{ _.password }} from environment
- afterResponseScript: auto-extracts token from response and sets jwt_token env var
- All other requests use {{ _.jwt_token }} automatically
- Flow: set email+password in env → send login → jwt_token is set → all routes work
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Insomnia export (/api/doc/insomnia.json):
- Generates Insomnia v4 export format with all API routes
- Workspace with environment variables (base_url, env, email, password, jwt_token)
- Folders per section (Auth, Events, Categories, Billets, Scanner)
- Each request with correct method, URL with Insomnia template vars, headers, body
- Auth routes use base_url directly, others use base_url/api/{env}/...
- Download button (indigo) next to Spec JSON button
Dynamic hostname:
- Insomnia export uses request.getSchemeAndHttpHost() (not hardcoded)
- Template passes host via data-host attribute
- JS env switcher reads host from data-host or falls back to location.origin
- Base URLs update dynamically when switching sandbox/live
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Controllers:
- ApiAuthController: POST /api/auth/login with JWT generation (HS256, 24h TTL)
- Validates email + password against DB
- Returns JWT token with userId, email, roles, iat, exp
- Static verifyJwt() for use by live/sandbox controllers
- Only ROLE_ORGANIZER can authenticate
- ApiLiveController: empty shell at /api/live (routes to implement)
- ApiSandboxController: empty shell at /api/sandbox (routes to implement)
Auth is shared: one /api/auth/login for both environments using real credentials.
Sandbox fixtures (data/sandbox/fixtures.json):
- 2 events (Brocante + Convention Cosplay)
- 4 categories across events
- 6 billets with varied types (billet, reservation_brocante)
- 6 billet details with descriptions, images, categories, events
- 4 scan results (2 accepted, 2 refused with different reasons)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove: orders, orders/{id}, events/{id}/orders, events/{id}/stats,
events/{id}/tickets, events/{id}/scan-stats, events/{id}/billets,
export CSV routes
Keep only 7 routes:
- POST /api/auth/login (auth)
- GET /api/events (list)
- GET /api/events/{id} (detail)
- GET /api/events/{id}/categories (categories of event)
- GET /api/categories/{id}/billets (billets of category)
- GET /api/billets/{id} (billet detail with image)
- POST /api/scan (scan ticket: accepted/refused)
API is focused on: browse events → load categories → load billets → scan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove POST /api/scan/verify (redundant with /api/scan)
- POST /api/scan now returns state: "accepted" or "refused" with reason
- Refused reasons: already_scanned, invalid, expired, exit_definitive, wrong_event
- Accepted response includes details object (for future additional data)
- Template: render extra section (refusal reasons table in red)
- Only 2 POST routes remain: /api/auth/login + /api/scan (all others are GET)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Returns all billet fields: name, description, priceHT, quantity, sold, type, isGeneratedBillet, hasDefinedExit, notBuyable, position
- Includes imageUrl (absolute URL to billet picture if present, null otherwise)
- Includes nested category (id, name) and event (id, title)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Security:
- Move env switcher logic to assets/modules/api-env-switcher.js (no inline script)
- Register in app.js via initApiEnvSwitcher()
- Compliant with CSP script-src (no unsafe-inline needed for this page)
API doc:
- Add CSP policy section showing all authorized origins per directive
- Table: script-src, connect-src, style-src, img-src, font-src, frame-src, form-action, object-src, worker-src
- Note: inline scripts not allowed, must use nonce or external file
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
