04927ec988
Billetterie: - Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration) - Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction - Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set - Disable checkout when event ended (server 400 + template hide) - Webhook deduplication via cache (24h TTL on stripe event.id) - Email validation (filter_var) in OrderController guest flow - JSON cart validation (structure check before processing) - Invitation expiration after 7 days (isExpired method + landing page message) - Stripe Checkout fallback when JS fails to load (noscript + redirect) Config externalization: - Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml - Replace all hardcoded contact@e-cosplay.fr across 13 files - MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin UX & Accessibility: - ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End) - aria-label on cart +/- buttons and editor toolbar buttons - tabindex=0 on editor toolbar buttons for keyboard access - data-confirm handler in app.js (was only in admin.js) - Cart error feedback on checkout failure - Billet designer save feedback (loading/success/error states) - Stock polling every 30s with rupture/low stock badges - Back to event link on payment page Security: - HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed - Stripe polling timeout (15s max) with fallback redirect - Rate limiting on public order access (20/5min) - .catch() on all fetch() calls (sortable, billet-designer) Tests (92% PHP, 100% JS lines): - PCOV added to dev Dockerfile - Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key - Rate limiter disabled in test env - Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js - New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4) - New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest - New tests: Stripe webhook payment_failed (6) + charge.refunded (6) - New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration - JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9) - ESLint + PHP CS Fixer: 0 errors - SonarQube exclusions aligned with vitest coverage config Infra: - Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am - MeilisearchService: getAllDocumentIds(), listIndexes() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
E-Ticket
Plateforme destinee aux associations pour la vente de tickets evenementiels, la reservation de tables, l'organisation de brocantes et le vote en ligne.
Stack technique
| Composant | Technologie |
|---|---|
| Backend | Symfony 8 / PHP 8.4 |
| Base de donnees | PostgreSQL 16 |
| Cache / Queue | Redis 7 |
| Async | Symfony Messenger |
| Frontend | Bun / Vite / Tailwind CSS |
| Serveur web | Caddy |
| Amazon SES | |
| DNS / CDN | Cloudflare |
| Deploiement | Ansible / Gitea Actions |
Architecture
Developpement
| Service | Port |
|---|---|
| Caddy (web) | localhost:8000 |
| Vite (HMR) | localhost:5173 |
| PostgreSQL | localhost:5432 |
| Redis | localhost:6379 |
| Mailpit (SMTP) | localhost:1025 |
| Mailpit (UI) | localhost:8025 |
| RedisInsight | localhost:5540 |
Production
- 2x PHP-FPM (load balancing via Caddy)
- PostgreSQL master / slave (replication)
- PgBouncer (connection pooling)
- 2x Messenger workers
- Redis
- Caddy installe sur la machine hote
Prerequis
- Docker & Docker Compose
- Make
Installation
# Build les images
make build_dev
# Lance les containers
make start_dev
# Install les dependances
make install_dev
Commandes disponibles
make help
| Commande | Description |
|---|---|
make build_dev |
Build les images Docker dev |
make build_prod |
Build les images Docker prod |
make start_dev |
Lance les containers dev |
make start_prod |
Lance les containers prod (background) |
make stop_dev |
Arrete les containers dev |
make stop_prod |
Arrete les containers prod |
make purge_dev |
Arrete et purge tout (volumes, images) |
make install_dev |
Install les dependances via Docker |
make install_prod |
Install les dependances et build les assets |
make migration_dev |
Genere une migration |
make migrate_dev |
Execute les migrations en dev |
make migrate_prod |
Execute les migrations en prod |
Base de donnees
Dev
| Param | Valeur |
|---|---|
| Host | localhost |
| Port | 5432 |
| Database | e-ticket |
| User | app |
| Password | secret |
Prod
PostgreSQL master/slave avec PgBouncer. Replication streaming asynchrone.
Deploiement
Le deploiement se fait via Gitea Actions (declenchement manuel) + Ansible.
# Deployer la config Caddy
ansible-playbook -i ansible/hosts.ini ansible/deploy-caddy.yml --ask-vault-pass
Mode maintenance
Pour activer la maintenance :
touch /var/www/e-ticket/public/.update
Pour desactiver :
rm /var/www/e-ticket/public/.update
Licence
Licence proprietaire. Voir LICENSE.md.