admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
508 Commits 1 Branch 0 Tags
b2f1110a4331ac72b06fd267b201ea48b8314a5b
Commit Graph

21 Commits

Author SHA1 Message Date
Serreau Jovann
b2f1110a43 Add app:stripe:sync to cron every 6 hours 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 09:57:33 +01:00
Serreau Jovann
ee2cc6d0d7 Fix $order undefined warning, add codeCoverageIgnore on requireStripeReady calls, explicit USER in cron Dockerfile 
- Restructure createInvitation to ensure $order is always defined
- Mark all requireStripeReady guard blocks as codeCoverageIgnore
- Add explicit USER root in cron Dockerfile with justification comment

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 13:27:03 +01:00
Serreau Jovann
ca13660aea Remove unused $user variables, add cron container for dev 
- Remove 11 unused $user assignments from requireEventOwnership calls
- Add cron container to docker-compose-dev.yml with scheduled tasks:
  expire-pending orders (5min), messenger monitor (hourly),
  meilisearch consistency (daily 3am)
- Cron logs show registered tasks at startup and timestamps per execution

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 11:52:31 +01:00
Serreau Jovann
04927ec988 Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 11:14:06 +01:00
Serreau Jovann
0860c1b08c Fix /sperf tunnel: keep rewrite to /cdn-cgi/rum (original Cloudflare endpoint) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 21:40:42 +01:00
Serreau Jovann
13321edd8e Rename /rum to /sperf tunnel, exclude editor.js and event-map.js from coverage 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 21:39:39 +01:00
Serreau Jovann
361548d65c Add /rum tunnel to bypass adblock for Cloudflare RUM endpoint 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 21:38:17 +01:00
Serreau Jovann
33ae25390c Add PHP exif extension to prod Dockerfile for PWA image processing 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 20:09:50 +01:00
Serreau Jovann
e2797e9731 Add analytics tunnels to dev Caddyfile: /stats/* and /assets/perf.js 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 18:31:36 +01:00
Serreau Jovann
14214b4df5 Remove pgbouncer.ini and userlist.txt from git, now generated by Ansible templates 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 14:13:11 +01:00
Serreau Jovann
a34fed7efd Fix slave PGDATA permissions: set 700 and postgres ownership before basebackup 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 14:03:58 +01:00
Serreau Jovann
492e080059 Fix slave init: run pg_basebackup and postgres as postgres user via su-exec 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 14:03:32 +01:00
Serreau Jovann
932535e6aa Fix slave replication auth: add .pgpass for passwordless pg_basebackup 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 14:02:50 +01:00
Serreau Jovann
08704c9824 Fix PostgreSQL replication: add pg_hba.conf entries for replicator user 
- Create init-master.sh that runs SQL and appends replication rules to pg_hba.conf
- Switch docker-compose-prod template from init-master.sql to init-master.sh
- Fixes "no pg_hba.conf entry for replication connection" error

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-20 13:45:58 +01:00
Serreau Jovann
a047cfa787 Merge consecutive RUN instructions in Dockerfiles into single layer 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 15:14:21 +01:00
Serreau Jovann
ac677175d3 Add non-root user to PHP Docker images for security 
- Create appuser (UID 1000) in dev and prod Dockerfiles
- Set USER appuser to avoid running as root

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 15:06:49 +01:00
Serreau Jovann
456e0afed8 Fix Hadolint warnings: add --no-install-recommends to apt-get install 
- Add --no-install-recommends to both dev and prod Dockerfiles (DL3015)
- Add .hadolint.yaml to ignore DL3008 (pin versions)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 14:59:45 +01:00
Serreau Jovann
8e34a5b3a6 Fix WORKDIR, rename DB to e_ticket, simplify purge_dev 
- Add WORKDIR /app to dev and prod Dockerfiles
- Rename database from e-ticket to e_ticket (PostgreSQL compat)
- purge_dev: remove only containers and volumes, keep images

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 21:12:42 +01:00
Serreau Jovann
e3de0da1bf Add Cloudflare automation, ngrok tunnel, fix Dockerfiles 
- Ansible cloudflare.yml: DNS, SSL, HSTS, Brotli, bot fight, SEO bots allow
- Vault: add cloudflare_zone_id
- Workflow: run cloudflare config before deploy
- docker-compose-dev: add ngrok tunnel, vault, minio
- Ngrok sync script: writes OUTSIDE_URL to .env.local
- Fix Dockerfiles: remove mbstring/xml (built-in PHP 8.4), fix libfreetype-dev
- Makefile: maintenance_on/off, clear_prod
- Playbook: stop_prod, install_prod, start_prod, migrate, clear steps

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 21:06:11 +01:00
Serreau Jovann
8193930f60 Add application source code, configs and assets 
- Controllers, Entity, Repository, Services, Twig extensions
- Templates (account, emails, home, legal, security, unsubscribe)
- Symfony config updates (bundles, security, framework, services)
- Vite + Bun setup with PostCSS
- Caddy config, CLAUDE.md, README
- Update .gitignore (node_modules, .idea, cert)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 20:16:01 +01:00
Serreau Jovann
653d7b4729 Add Docker infrastructure for dev and prod environments 
- Separate PHP Dockerfiles (dev/prod) with extensions and prod opcache/php.ini optimization
- docker-compose-dev: PHP, PostgreSQL, Redis, Messenger, Mailpit, RedisInsight
- docker-compose-prod: 2x PHP replicas, PgSQL master/slave with PgBouncer, 2x Messenger, Redis
- Makefile with build/start/stop/purge commands
- AGENT.md to restrict AI access to the repository

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 20:12:09 +01:00