- .env, .env.test, ansible/env.local.j2: point SONARQUBE_URL to https://sn.e-cosplay.fr
- ansible/vault.yml, .env: rotate sonarqube_badge_token to new value
- .gitea/workflows/ci.yml, sonarqube.yml: remove OWASP Dependency-Check steps and force sonar.host.url via CLI args
- sonar-project.properties: drop dependencyCheck report paths
- .gitea/workflows/deploy.yml: switch SSH target from 34.90.187.4 to 152.228.222.133
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New SECRET_ANALYTICS variable replaces kernel.secret for analytics
- Ansible generates a random 32-char secret at each deploy
- Endpoint token and encryption key change with every deployment
- Existing sessions will get new visitor_id after deploy (expected)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add pgbouncer service to docker-compose-dev.yml with dev config
- Route DATABASE_URL through pgbouncer:6432 in dev (matches prod)
- Add PgBouncer pools and stats tables to /admin/infra with color-coded
avg query/xact times and client waiting indicators
- php, messenger, cron now depend on pgbouncer instead of database directly
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Configure Redis DB 2 as Symfony cache adapter
- Cache Meilisearch search results for 5 minutes (invalidated on writes)
- Cache admin dashboard stats for 10 minutes
- Add invalidateSearchCache() called after each Meilisearch write
- Update tests to support cache mock injection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix SESSION_HANDLER_DSN: use Redis db index (/1) instead of /sessions
which caused "dbindex must be a number" error
- Remove LibreTranslate service and volume from docker-compose prod
- Remove gitignore rules for translation files (en, es, de, it)
so all languages are tracked in git
- Apply PHP CS Fixer style fixes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ApiSandboxController: reduce scan() returns from 4 to 3 via ternary
- ApiDocController: add MIME_JSON constant, extract buildInsomniaRequest()
and buildInsomniaBody() to reduce cognitive complexity
- Store sessions in Redis to fix SSO disconnect with 2 PHP replicas
(round-robin load balancing caused session loss on filesystem storage)
- Configure session cookie: 24h lifetime, secure auto, samesite lax
- Replace Caddy analytics proxies (/stats/*, /assets/perf.js, /sperf)
with direct URLs to tools-security.esy-web.dev and cloudflareinsights.com
- Update JS tests for new direct analytics URLs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Admin panel (/admin, ROLE_ROOT):
- Dashboard with CA HT Global/Commission cards and Meilisearch sync button
- Buyers page with search (Meilisearch), create form, pagination (KnpPaginator)
- Buyer actions: resend verification, force verify, reset password, delete
- Organizers page with tabs (pending/approved), approve/reject with emails
- Neo-brutalist design matching main site theme
- Vite admin entry point with dedicated SCSS
- CSP-compatible confirm dialogs via data-confirm attributes
Meilisearch integration:
- Auto-index buyers on email verification
- Remove from index on buyer deletion
- Manual sync button on dashboard
- Search bar on buyers page
- Add Meilisearch service to CI/SonarQube workflows
- Add MEILISEARCH env vars to .env.test
- Fix MeilisearchMessageHandler infinite loop: use request() directly instead
of service methods that re-dispatch messages
Email templates:
- Redesign base email template to neo-brutalist style (borders, shadows, yellow footer)
- Add E-Cosplay logo, "E-Ticket solution proposee par e-cosplay.fr"
- Add admin_reset_password, organizer_approved, organizer_rejected templates
Other:
- Install knplabs/knp-paginator-bundle
- Add ^/admin access_control for ROLE_ROOT in security.yaml
- Update site footer with E-Ticket branding
- 18 admin tests, updated MeilisearchMessageHandler tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
