a2c2ffc - docs: Add docs for bib validation and CSV upload Author: google-labs-jules[bot] Date: 2025-09-18 Updates the API documentation and guide to include the new bib number validation feature and the CSV bulk registration flow. - `API_DOCUMENTATION.md` is updated with the new `bib_number_min` and `bib_number_max` parameters. - `API_GUIDE.md` is updated with a new use case and Mermaid diagram for CSV upload. - `API_GUIDE.md` is updated with a new use case and Mermaid diagram for bib number validation. f8cf60e - Merge branch 'feat/add-live-stage-location-test' into feat/multiple-stage-types Author: Louis Marec Date: 2025-09-18 87025a5 - fix: Reroute getRecords endpoint and fix GPX ranking logic Author: google-labs-jules[bot] Date: 2025-09-18 This commit applies two important fixes discovered during final review: 1. The GPX ranking logic in `RankingService.php` is updated to read from the new `ranking_checkins` table, ensuring it receives live data. 2. The legacy `GET /v1/rankings/{id}/records` endpoint is re-routed to read from `ranking_checkins` to maintain backward compatibility. 82f7a02 - fix: Ensure GPX ranking logic uses the correct check-in table Author: google-labs-jules[bot] Date: 2025-09-17 This commit corrects a bug where the ranking logic for GPX-type stages was still querying the old `ranking_records` table after the check-in creation was migrated to the new `ranking_checkins` table. The `_updateGpxRanking` method in `RankingService.php` has been updated to read from `ranking_checkins`, ensuring that all ranking calculations now use a single, consistent source of truth for live timing data. eda4c95 - docs: Add documentation for new stage types Author: google-labs-jules[bot] Date: 2025-09-17 Updates the API documentation and guide to reflect the new stage types feature. - `API_DOCUMENTATION.md` is updated with the new parameters for the stage creation and update endpoints. - `API_GUIDE.md` now includes a section explaining the different stage types (`gpx`, `laps`, `point_to_point`) with examples. 75c490d - chore: Add SQL script for production test data Author: google-labs-jules[bot] Date: 2025-09-15 Adds a utility SQL script `add_prod_test_data.sql` to help with manual testing in a production-like environment. This script inserts a test event and two stages (one live, one future) to allow for manual verification of the `/stages/live` endpoint. It includes a placeholder that must be replaced with a valid user UUID before execution. 6318cb4 - Merge pull request #76 from ViadexConseil/fix/fatal-error-and-docs Author: Viadex Date: 2025-09-04 Feat: Add live stages endpoint and other improvements 4933bfa - Feat: Add live stages endpoint and other improvements Author: google-labs-jules[bot] Date: 2025-09-04 This commit introduces a new endpoint to find live stages near a GPS coordinate and includes a comprehensive set of other features and fixes. New Features: - Adds `GET /v1/events/{id}/stages/live` to find live stages for an event near a given `lat` and `long`. Reuses existing GPX parsing and distance calculation logic from `RankingService`. - Adds support for `?include=images` on the list endpoints for events, clubs, and stages to optionally embed image arrays in the response. Fixes & Improvements: - **Fatal Error:** Fixes a 500 error by moving the `aws/aws-sdk-php` dependency to `require` in `composer.json` and updating the lock file. - **Routing Error:** Fixes a 404 error by adding the missing `POST /v1/upload` route. - **Error Handling:** Improves file upload error handling in `EventController`. - **PHP Deprecation:** Fixes nullable parameter warnings. - **Test Failures:** Corrects the test execution order in `run_tests.sh`. - **Documentation:** Updates `API_DOCUMENTATION.md` and `API_GUIDE.md` to reflect all new features and correct previous inaccuracies. 36bf59c - Merge pull request #75 from ViadexConseil/fix/fatal-error-and-docs Author: Viadex Date: 2025-09-04 Feat: Add `?include=images` and fix various issues 111ba4e - Feat: Add `?include=images` and fix various issues Author: google-labs-jules[bot] Date: 2025-09-04 This commit introduces a new feature to include an array of images in the list endpoints for events, clubs, and stages via the `?include=images` query parameter. It also includes a comprehensive set of fixes for several previously identified issues: 1. **Fatal Error:** Fixes a 500 error by correcting the `aws/aws-sdk-php` dependency in `composer.json` and updating the `composer.lock` file. 2. **Routing Error:** Fixes a 404 error by adding the missing `POST /v1/upload` route. 3. **Error Handling:** Improves file upload error handling in `EventController`. 4. **PHP Deprecation:** Fixes nullable parameter warnings. 5. **Test Failures:** Corrects the test execution order in `run_tests.sh`. 6. **Documentation:** Updates `API_DOCUMENTATION.md` and `API_GUIDE.md` to reflect all changes and correct previous inaccuracies. 50f2975 - Merge pull request #74 from ViadexConseil/fix/fatal-error-and-docs Author: Viadex Date: 2025-09-04 Fix API errors, tests, and update documentation 605f6f6 - Fix API errors, tests, and update documentation Author: google-labs-jules[bot] Date: 2025-09-04 This commit provides a comprehensive set of fixes for several issues: 1. **Fatal Error:** Fixes a 500 error caused by the `Aws\S3\S3Client` class not being found by moving the `aws/aws-sdk-php` dependency to the `require` section of `composer.json` and updating the lock file. 2. **Routing Error:** Fixes a 404 error for the `POST /v1/upload` endpoint by adding the missing route definition in `public/index.php`. 3. **Improved Error Handling:** Improves the file upload error handling in `EventController.php` to provide more specific error messages to the client. 4. **PHP Deprecation Warnings:** Fixes warnings in `EventController.php` by adding explicit nullable type hints to parameters. 5. **Test Failures:** Fixes S3 live integration tests in `run_tests.sh` by correcting the test execution order and ensuring necessary test data is created. 6. **Documentation:** Updates `API_DOCUMENTATION.md` and `API_GUIDE.md` to correct inaccuracies and improve clarity. 268bd98 - Merge pull request #73 from ViadexConseil/fix/fatal-error-and-docs Author: Viadex Date: 2025-09-04 Fix 500 error, test failures, and update documentation e6fa7a2 - Fix fatal error, tests, and update documentation Author: google-labs-jules[bot] Date: 2025-09-04 This commit provides a comprehensive set of fixes for several issues: 1. **Fatal Error:** Fixes a 500 error caused by the `Aws\S3\S3Client` class not being found. The `aws/aws-sdk-php` dependency has been moved from `require-dev` to `require` in `composer.json` and the `composer.lock` file has been updated. 2. **PHP Deprecation Warnings:** Fixes warnings in `EventController.php` by adding explicit nullable type hints (`?`) to parameters. 3. **Test Failures:** Fixes S3 live integration tests in `run_tests.sh` by correcting the test execution order and ensuring necessary test data is created. 4. **Documentation:** Updates `API_DOCUMENTATION.md` and `API_GUIDE.md` to correct inaccuracies and improve clarity. 435e4fb - Fix 500 error, test failures, and update documentation Author: google-labs-jules[bot] Date: 2025-09-04 This commit addresses several issues: 1. **Fatal Error:** Fixes a 500 error caused by the `Aws\S3\S3Client` class not being found. The `aws/aws-sdk-php` dependency has been moved from `require-dev` to `require` in `composer.json` to make it available in production environments. 2. **PHP Deprecation Warnings:** Fixes warnings in `EventController.php` by adding explicit nullable type hints (`?`) to parameters, aligning the code with modern PHP standards. 3. **Test Failures:** Fixes the S3 live integration tests in `run_tests.sh` by correcting the test execution order and ensuring necessary test data is created. 4. **Documentation:** Updates `API_DOCUMENTATION.md` and `API_GUIDE.md` to correct inaccuracies regarding authentication, clarify file upload mechanisms, and improve the precision of role descriptions. 110df96 - Merge pull request #72 from ViadexConseil/fix/club-image-test-ordering Author: Viadex Date: 2025-09-03 Fix/club image test ordering 1e73bd3 - Fix S3 tests and update API documentation Author: google-labs-jules[bot] Date: 2025-09-03 This commit includes two main changes: 1. Fixes for the S3 live integration tests in `run_tests.sh`: - The club deletion test is moved to the end of the script to prevent the club from being deleted before the S3 club image test is run. - A new stage is created for the S3 stage image test to ensure a valid stage ID is used. 2. Updates to the API documentation (`API_DOCUMENTATION.md` and `API_GUIDE.md`): - Corrected inaccurate information about authentication for club management. - Clarified the distinction between the generic and entity-specific file upload endpoints. - Made the role description for event deletion more precise. a973200 - Fix S3-related test failures in `run_tests.sh` Author: google-labs-jules[bot] Date: 2025-09-03 This commit addresses two separate issues that were causing failures in the S3 live integration tests: 1. The "S3 Live Test: Club Image Management" test was failing because the club it depended on was being deleted before the test was run. This has been fixed by moving the club deletion test case to the end of the script, after all other tests have completed. 2. The "S3 Live Test: Stage Image Management" test was failing because it was trying to use a stage with an uninitialized ID (`$STAGE_ID_IMG`). This has been fixed by adding a new test case that creates a stage specifically for this test and assigns its ID to the `STAGE_ID_IMG` variable. 68ccfe4 - Fix club image management test failure Author: google-labs-jules[bot] Date: 2025-09-03 The "S3 Live Test: Club Image Management" was failing with an authorization error. This was because the club used in the test was deleted before the test was run. This change moves the "Delete Club" test case to the end of the `run_tests.sh` script, after the S3 live tests have been executed. This ensures that the club still exists when the S3 tests are run, which resolves the authorization error. 76f6db5 - Update ci.yml Author: Viadex Date: 2025-09-03 211938a - Add files via upload Author: Viadex Date: 2025-09-03 4a9ae25 - Delete dummy_image.png Author: Viadex Date: 2025-09-03 17844e1 - test: Add S3 image management integration tests Author: google-labs-jules[bot] Date: 2025-09-03 This commit adds end-to-end tests to the `run_tests.sh` script for the S3 image upload and deletion functionality. - Adds a conditional `run_s3_live_tests` function that only executes if S3 credentials are provided in the environment. - Inside this function, adds tests for the full upload-verify-delete-verify cycle for images associated with events, clubs, and stages. - These tests will run against the live S3 service in the CI/CD workflow, providing a high level of confidence in the feature. - Includes the `dummy_image.png` file used for the upload tests. 042b5b8 - Update ci.yml Author: Viadex Date: 2025-09-03 eb4b47d - test: Add integration tests for image management Author: google-labs-jules[bot] Date: 2025-09-03 This commit adds integration tests to the `run_tests.sh` script to cover the new image upload and deletion functionality for events, clubs, and stages. - Creates a `dummy_image.png` file to be used for upload tests. - Adds a new test case to `run_tests.sh` for "Event Image Management" that uploads, verifies, and deletes an image. - Adds a new test case for "Club Image Management". - Adds a new test case for "Stage Image Management". - Fixes a bug in the dummy URL generation in `StorageService` to ensure consistency in the test environment. - Re-implements the `deleteImage` methods in the controllers that were lost during a previous debugging session. These tests provide end-to-end coverage for the image management features. f8c7f0f - feat: Implement image deletion, fix auth, and update docs Author: google-labs-jules[bot] Date: 2025-09-03 This commit delivers several key features and fixes: 1. **S3 Image Deletion:** - Implements image deletion from S3 storage for events, clubs, and stages. - Adds `deleteImage` methods to the relevant controllers. - Adds corresponding `DELETE` API routes. - Includes comprehensive PHPUnit tests for the new deletion functionality. 2. **Authorization Bug Fix:** - Fixes a critical permission bug that allowed non-admin users to create categories. - Corrects the application's control flow to ensure `exit()` is called on authorization failure, which was necessary for the integration tests to behave correctly. - Adds `@runInSeparateProcess` to the relevant PHPUnit tests to allow them to handle the `exit()` call without terminating the test suite. 3. **Documentation Update:** - Updates `API_DOCUMENTATION.md` with detailed descriptions of the new `DELETE` endpoints. - Updates `API_GUIDE.md` with a new use case section for managing entity images. 4. **Test Suite Improvements:** - Fixes numerous issues in the test environment (`TestCase.php` and `run_tests.sh`) to ensure stability and correctness. - Adds `.phpunit.result.cache` to `.gitignore`. cff2264 - Merge pull request #68 from ViadexConseil/fix-user-info-creation Author: Louis Marec Date: 2025-09-03 Fix user info creation and encryption key handling efe621b - Fix user info creation and encryption key handling Author: google-labs-jules[bot] Date: 2025-09-03 This commit fixes two issues: 1. A bug where a `user_informations` record was not being created when a new user registered. This was causing errors when trying to update user information later. 2. An encryption error caused by using a base64-encoded key directly without decoding it first. The fix involves: - Wrapping the user and user_informations creation in a database transaction in `AuthController.php`. - Updating `schema.sql` to add a `UNIQUE` constraint on the `user_id` column in the `user_informations` table. - Adding a migration file for the schema change. - Decoding the base64-encoded encryption key and IV in `Encryption.php`. - Fixing the test suite to work with the new changes. e9e4849 - Merge pull request #67 from ViadexConseil/fix-user-info-creation Author: Louis Marec Date: 2025-09-03 Fix automatic creation of user information on registration 43180cb - Fix automatic creation of user information on registration Author: google-labs-jules[bot] Date: 2025-09-03 This commit fixes a bug where a `user_informations` record was not being created when a new user registered. This was causing errors when trying to update user information later. The fix involves: - Wrapping the user and user_informations creation in a database transaction in `AuthController.php` to ensure atomicity. - Updating `schema.sql` to add a `UNIQUE` constraint on the `user_id` column in the `user_informations` table to prevent duplicate entries. - Adding a migration file for the schema change. - Fixing the test suite to work with the new changes. cf22c50 - Merge pull request #66 from ViadexConseil/fix-auth-jwt-secret Author: Louis Marec Date: 2025-09-02 Fix auth jwt secret 18fa48f - Fix(app): Resolve auth, db, and storage issues Author: google-labs-jules[bot] Date: 2025-09-02 This commit addresses several critical issues to improve the stability and reliability of the application. 1. **Authentication Failures:** The authentication system was failing due to an inconsistent JWT secret. The `AuthController` and `AuthMiddleware` were using different logic to retrieve the secret, causing a mismatch. This has been resolved by centralizing the JWT secret management in a new `config/jwt.php` file. 2. **Database Schema Inconsistencies:** The `database/init.sql` file (used for testing) was significantly out of sync with the `database/migration.sql` file (used for production). This caused test failures and could have led to bugs in production. The `init.sql` file has been updated to be a SQLite-compatible version of the production schema, ensuring that the test environment accurately reflects production. 3. **Storage Service Consolidation:** There were two `StorageService.php` files in the project, one in `src/Service` and one in `src/Services`. This was due to a typo in the directory name. The two files have been merged into a single, correct `StorageService` in `src/Service`, and the duplicate has been removed. 4. **Incorrect Namespaces:** Several controllers (`EventController`, `StageController`, `ClubController`) were using the incorrect namespace for the `StorageService`. These have all been updated to point to the correct `App\Service\StorageService`. 5. **S3 Configuration in Tests:** The application was crashing in the test environment because the `StorageService` required S3 configuration to be present. The `StorageService` has been made more robust and now operates in a "dummy" mode when S3 is not configured, preventing crashes and allowing the tests to run without requiring S3 credentials. After implementing these fixes and installing all the required dependencies, the test suite now passes successfully. This ensures that the authentication system is working correctly, the database schema is consistent, and the application is more resilient to configuration issues. fae608c - Merge branch 'main' into fix-auth-jwt-secret Author: Louis Marec Date: 2025-09-02 c5887cf - Fix(app): Resolve auth, db, and storage issues Author: google-labs-jules[bot] Date: 2025-09-02 This commit addresses several critical issues to improve the stability and reliability of the application. 1. **Authentication Failures:** The authentication system was failing due to an inconsistent JWT secret. The `AuthController` and `AuthMiddleware` were using different logic to retrieve the secret, causing a mismatch. This has been resolved by centralizing the JWT secret management in a new `config/jwt.php` file. 2. **Database Schema Inconsistencies:** The `database/init.sql` file (used for testing) was significantly out of sync with the `database/migration.sql` file (used for production). This caused test failures and could have led to bugs in production. The `init.sql` file has been updated to be a SQLite-compatible version of the production schema, ensuring that the test environment accurately reflects production. 3. **Storage Service Consolidation:** There were two `StorageService.php` files in the project, one in `src/Service` and one in `src/Services`. This was due to a typo in the directory name. The two files have been merged into a single, correct `StorageService` in `src/Service`, and the duplicate has been removed. 4. **Incorrect Namespaces:** Several controllers (`EventController`, `StageController`, `ClubController`) were using the incorrect namespace for the `StorageService`. These have all been updated to point to the correct `App\Service\StorageService`. 5. **S3 Configuration in Tests:** The application was crashing in the test environment because the `StorageService` required S3 configuration to be present. The `StorageService` has been made more robust and now operates in a "dummy" mode when S3 is not configured, preventing crashes and allowing the tests to run without requiring S3 credentials. After implementing these fixes and installing all the required dependencies, the test suite now passes successfully. This ensures that the authentication system is working correctly, the database schema is consistent, and the application is more resilient to configuration issues. d99d9da - Fix(auth,db): Centralize JWT secret and align database schemas Author: google-labs-jules[bot] Date: 2025-09-02 This commit addresses two critical issues: 1. **Authentication Failures:** The authentication system was failing due to an inconsistent JWT secret. The `AuthController` and `AuthMiddleware` were using different logic to retrieve the secret, causing a mismatch. This has been resolved by centralizing the JWT secret management in a new `config/jwt.php` file. 2. **Database Schema Inconsistencies:** The `database/init.sql` file (used for testing) was significantly out of sync with the `database/migration.sql` file (used for production). This caused test failures and could have led to bugs in production. The `init.sql` file has been updated to be a SQLite-compatible version of the production schema, ensuring that the test environment accurately reflects production. After implementing these fixes and installing all the required dependencies, the test suite now passes successfully. This ensures that the authentication system is working correctly and that the database schema is consistent across all environments. e5b7eb1 - Fix(auth): Centralize JWT secret management Author: google-labs-jules[bot] Date: 2025-09-02 The authentication was failing due to an inconsistency in how the JWT secret was being handled. The `AuthController` required the `JWT_SECRET` environment variable to be set, while the `AuthMiddleware` would fall back to a hardcoded default value if the environment variable was not set. This caused a mismatch in the secret used to sign and verify tokens, leading to authentication failures. This commit centralizes the JWT secret management by introducing a new `config/jwt.php` file. This file provides a single function, `getJwtSecret()`, which retrieves the secret from the environment variable with a consistent fallback. The `AuthController` and `AuthMiddleware` have been updated to use this new function, ensuring that the same secret is used throughout the application. This change resolves the authentication issues and makes the JWT secret management more robust and maintainable. 8b4dd22 - Merge pull request #65 from ViadexConseil/refactor/consolidate-services Author: Louis Marec Date: 2025-09-02 Refactor: Consolidate Service and Services directories 73101fc - Refactor: Consolidate Service and Services directories Author: google-labs-jules[bot] Date: 2025-09-02 - Merged the functionality of `App\Services\StorageService` into `App\Service\StorageService`. - The new `StorageService` now handles both generic S3 uploads and application-specific database entries for images. - Updated all controller and test references to use the consolidated `App\Service\StorageService`. - Removed the redundant `src/Services` directory, cleaning up the project structure. bbd703b - Merge pull request #64 from ViadexConseil/feat/add-user-favorite-categories-migration Author: Louis Marec Date: 2025-09-02 feat: Add migration for user_favorite_categories table 8fb1a1e - feat: Add migration for user_favorite_categories table Author: google-labs-jules[bot] Date: 2025-09-02 This commit introduces a new migration file to create the `user_favorite_categories` table if it does not exist. This table is queried by the `auth/me` endpoint, and its absence caused errors on environments that were set up with an older version of the database schema. By adding this migration, we provide a non-destructive way to update the schema and fix the bug. cef17a9 - Merge pull request #62 from ViadexConseil/document-and-add-ranking-tests Author: Louis Marec Date: 2025-09-02 feat: Implement S3 storage for multiple entity images f27814f - Merge branch 'main' into document-and-add-ranking-tests Author: Louis Marec Date: 2025-09-02 36519f5 - feat: Implement S3 storage for multiple entity images (final migration) Author: google-labs-jules[bot] Date: 2025-09-02 This feature integrates Scaleway S3-compatible object storage to allow for multiple images to be associated with events, clubs, and stages. This commit provides a final, corrected, and consistent `migration.sql` file. The schema has been fixed to remove redundant single-image columns from the `events`, `clubs`, and `stages` tables, making it fully compatible with the new polymorphic `entity_images` table. Key changes include: - **Database Schema**: A new polymorphic `entity_images` table is added to store image URLs and their associated entity. The `database/init.sql` and `database/migration.sql` files have been updated accordingly. - **API Endpoints**: New RESTful API endpoints have been added to handle image uploads and retrieval for events, clubs, and stages (e.g., `POST /v1/events/{id}/image`, `GET /v1/events/{id}/images`). - **Storage Service**: A dedicated `StorageService` has been created to encapsulate all S3 interactions, making the code more modular and testable. - **Controller Refactoring**: The `EventController`, `ClubController`, and `StageController` have been refactored to use the new `StorageService` with dependency injection. Authorization logic has been unified and improved. - **Testing**: A new PHPUnit test suite (`ImageUploadTest.php`) has been created to test the image upload functionality using a mocked `StorageService`. The main test script (`run_tests.sh`) has been updated to conditionally run these new tests based on the presence of S3 credentials. Obsolete upload tests have been removed. - **Documentation**: The `API_DOCUMENTATION.md` file has been updated to reflect the new API endpoints and response structures. 336f21a - feat: Implement S3 storage for multiple entity images Author: google-labs-jules[bot] Date: 2025-09-02 This feature integrates Scaleway S3-compatible object storage to allow for multiple images to be associated with events, clubs, and stages. Key changes include: - **Database Schema**: A new polymorphic `entity_images` table is added to store image URLs and their associated entity. The `database/init.sql` and `database/migration.sql` files have been updated accordingly. - **API Endpoints**: New RESTful API endpoints have been added to handle image uploads and retrieval for events, clubs, and stages (e.g., `POST /v1/events/{id}/image`, `GET /v1/events/{id}/images`). - **Storage Service**: A dedicated `StorageService` has been created to encapsulate all S3 interactions, making the code more modular and testable. - **Controller Refactoring**: The `EventController`, `ClubController`, and `StageController` have been refactored to use the new `StorageService` with dependency injection. Authorization logic has been unified and improved. - **Testing**: A new PHPUnit test suite (`ImageUploadTest.php`) has been created to test the image upload functionality using a mocked `StorageService`. The main test script (`run_tests.sh`) has been updated to conditionally run these new tests based on the presence of S3 credentials. Obsolete upload tests have been removed. - **Documentation**: The `API_DOCUMENTATION.md` file has been updated to reflect the new API endpoints and response structures. 1d556b9 - Merge pull request #61 from ViadexConseil/document-and-add-ranking-tests Author: Louis Marec Date: 2025-09-02 This change adds a new backend endpoint to confirm a Stripe PaymentIn… d36e60e - This change adds a new backend endpoint to confirm a Stripe PaymentIntent, as requested by the user. Author: google-labs-jules[bot] Date: 2025-09-02 A new route, `POST /v1/payment_intents/{id}/confirm`, has been added. This route is handled by a new `confirmIntent` method in the `PaymentController`. The `confirmIntent` method uses the Stripe PHP SDK to retrieve a PaymentIntent by its ID and then calls the `confirm()` method on it. It returns the status of the confirmation attempt to the client. 99126fa - Merge pull request #60 from ViadexConseil/feature/create-api-guide Author: Louis Marec Date: 2025-09-01 Add Mermaid diagrams to API guide 346d77a - Merge branch 'main' into feature/create-api-guide Author: Louis Marec Date: 2025-09-01 00edeab - Add Mermaid diagrams to API guide Author: google-labs-jules[bot] Date: 2025-09-01 4b6a844 - Merge pull request #59 from ViadexConseil/feature/create-api-guide Author: Louis Marec Date: 2025-09-01 Create a comprehensive API guide a91ee20 - Create a comprehensive API guide Author: google-labs-jules[bot] Date: 2025-09-01 7f931aa - Merge pull request #58 from ViadexConseil/document-and-add-ranking-tests Author: Louis Marec Date: 2025-09-01 This change addresses the user's query about testing for the automati… 9880cdf - This change restructures and updates the `migration.sql` file to match the current application schema and follow a robust migration pattern, as per user request. Author: google-labs-jules[bot] Date: 2025-09-01 The `migration.sql` file, intended for MySQL production databases, was previously out of date. This commit brings it up to date and refactors it to: 1. First, `DROP` all tables if they exist to ensure a clean slate. 2. `CREATE` all tables with the modern schema, using `DEFAULT (UUID())` for UUID primary keys and without inline foreign key constraints. 3. `INSERT` the original seed data, rewritten to use MySQL variables (`SET @var = UUID()`) to dynamically generate and link records. 4. `ALTER TABLE` to add all foreign key constraints at the end of the script. This makes the migration script more reliable and aligns it with standard database deployment practices. 8d27911 - The `migration.sql` file was severely out of date. It was written for a MySQL database and was missing numerous tables, columns, and other schema changes that have been made to the project since it was created. Author: google-labs-jules[bot] Date: 2025-09-01 This change overwrites the file with the contents of `database/init.sql`, which contains the correct and up-to-date schema for the project's SQLite environment. This ensures that anyone trying to use the migration file will get a working, modern database schema. a66d604 - This change addresses the user's query about testing for the automatic ranking update feature. Author: google-labs-jules[bot] Date: 2025-09-01 A new, explicit test case, `test_automatic_ranking_update_on_sighting`, has been added to `run_tests.sh`. This test simulates multiple runners, posts sightings (ranking_records) for them at different points in time, and verifies that the `rank_position` in the `rankings` table is automatically and correctly recalculated by the system. In addition, the following improvements have been made: - The `TEST.md` file has been updated to document the automated test suite. - The `.gitignore` file has been improved to exclude the Composer binary and other temporary test files. - The stability of the test script has been improved by increasing the server startup delay. 8dfe83b - Merge pull request #57 from ViadexConseil/fix/test-setup-and-application-logic Author: Louis Marec Date: 2025-08-29 Fix test setup and application logic 8d24366 - Fix test setup and application logic Author: google-labs-jules[bot] Date: 2025-08-29 This change includes several fixes to the test setup and application logic. 1. **Test script:** The `run_tests.sh` script has been updated to use `jq` for parsing JSON responses, which is more reliable than the previous `grep`-based approach. The script now also correctly uses `gpx_file_url` when creating a stage for live ranking tests. 2. **Application logic:** * The `RankingService.php` has been updated to use the correct column name `gpx_file_url` instead of `gpx_file_path` when fetching stage details. * The `StageController.php` has been updated to correctly handle the `gpx_file_url` from the request body. These changes ensure that the test suite runs correctly and that the live ranking feature works as expected. c695a52 - Merge pull request #55 from ViadexConseil/docs/update-ranking-api Author: Louis Marec Date: 2025-08-29 chore: Consolidate schema and add seed data to migration.sql d242555 - chore: Consolidate schema and add seed data to migration.sql Author: google-labs-jules[bot] Date: 2025-08-29 Overhauls `migration.sql` to be the single source of truth for the database schema, as requested. This file now contains all `CREATE TABLE` statements for the application. Additionally, the file has been populated with a comprehensive set of seed data, including multiple users with different roles, past, live, and upcoming events, and associated registrations and volunteer assignments. This provides a rich and realistic dataset for development and testing. a2c311d - Merge pull request #54 from ViadexConseil/docs/update-ranking-api Author: Louis Marec Date: 2025-08-29 docs: Document new volunteer management endpoints f059691 - docs: Document new volunteer management endpoints Author: google-labs-jules[bot] Date: 2025-08-29 Adds a new section to the API documentation for the event volunteer management system. Also updates the user profile and registration endpoints to reflect the changes. 1e717bc - Merge pull request #53 from ViadexConseil/docs/update-ranking-api Author: Louis Marec Date: 2025-08-29 docs: Document the live ranking side effect ee150bb - feat: Add event-level volunteer management system Author: google-labs-jules[bot] Date: 2025-08-29 This feature refactors the volunteer system to associate volunteers with events instead of specific stages. - A new `event_volunteers` table has been added to store volunteer assignments at the event level. - A new `VolunteerController` has been created with endpoints to manage the entire volunteer lifecycle: - `POST /v1/events/{id}/volunteers`: Apply to volunteer for an event. - `GET /v1/events/{id}/volunteers`: List volunteers for an event. - `PATCH /v1/events/{id}/volunteers/{userId}`: Approve, reject, or update a volunteer. - The old system of registering with `type: 'volunteer'` via the `registrations` endpoint has been deprecated. - The user profile endpoint (`/auth/me`) has been updated to include a list of the user's volunteer assignments. - The test database schema (`init.sql`) and the test suite (`run_tests.sh`) have been updated to cover this new functionality. 6df15ad - docs: Document the live ranking side effect Author: google-labs-jules[bot] Date: 2025-08-29 Adds a note to the API documentation for the `/v1/server/records` endpoint to clarify that it triggers a real-time recalculation of the stage's ranking. f2420f1 - Merge pull request #52 from ViadexConseil/fix/admin-permissions Author: Louis Marec Date: 2025-08-28 test(permissions): Add tests for admin access d4459a4 - test(permissions): Add tests for admin access Author: google-labs-jules[bot] Date: 2025-08-28 Adds a new test case to the main test script to verify that an administrator can access resources owned by other users, specifically fetching registrations for a stage created by an organizer. This new test uncovered a bug in the `RegistrationController` where a hardcoded ownership check was preventing admins from accessing stage registrations. This commit includes a fix for this bug, allowing admins to bypass the ownership check. Additionally, the test revealed that the endpoint was not returning the `username` in the response. This has also been fixed. 77d6754 - Merge pull request #51 from ViadexConseil/fix/admin-permissions Author: Viadex Date: 2025-08-28 feat(permissions): Grant admin access to all routes 225e4b9 - feat(permissions): Grant admin access to all routes Author: google-labs-jules[bot] Date: 2025-08-28 The current permission configuration in `config/permissions.php` did not grant administrators access to all routes, despite a comment indicating that it should. This led to permission errors for admin users on certain endpoints, such as viewing stage registrations. This commit updates the `config/permissions.php` file to add the 'admin' role to all routes that were previously restricted to the 'organizer' role. This change ensures that administrators have access to all protected routes, aligning the application's behavior with the user's expectations. 6546f9b - Merge pull request #50 from ViadexConseil/feature/file-upload Author: Viadex Date: 2025-08-28 feat: Add endpoint for organizer's events 81ca1e3 - feat: Add endpoint for organizer's events Author: google-labs-jules[bot] Date: 2025-08-28 This commit adds a new endpoint to support the upcoming Organizer Dashboard. - Creates a new `OrganizerController` to house organizer-specific functionality. - Adds a new route `GET /v1/organizer/events` that is protected by the 'organizer' role. - The endpoint returns a list of all events managed by the authenticated organizer. - This provides an efficient and secure way for the frontend to fetch the data needed for the dashboard, rather than filtering all events on the client-side. - Adds tests for the new endpoint to verify functionality and role protection. - Updates the API documentation with the new "Organizer Endpoints" section. d0a67ab - Merge pull request #49 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-28 feat: Add account management features (change password/email) d8ce2ec - feat: Add account management features (change password/email) Author: google-labs-jules[bot] Date: 2025-08-28 This commit introduces features for users to manage their account credentials. Key functionalities: - Users can change their password via a new protected endpoint. The user must provide their current password to set a new one. Upon successful change, all of their other sessions are invalidated. - Users can initiate a request to change their email address. A verification link is sent to the new email address to confirm ownership. - A separate endpoint is used to verify the token from the email and finalize the email address change. Technical Changes: - **Database**: - Adds an `email_change_requests` table to securely manage the email change process with expiring tokens. - **API**: - Adds `changePassword()` method to `AuthController`. - Adds `requestEmailChange()` and `verifyEmailChange()` methods to `AuthController`. - Adds new routes: `/v1/user/change-password`, `/v1/user/request-email-change`, and `/v1/user/verify-email-change`. - **Testing**: - Adds new test cases to `run_tests.sh` to cover the password and email change flows. - Fixes a bug in the test script's `login_as` function to correctly handle expected failures. - **Documentation**: - Adds a new "Account Management" section to `API_DOCUMENTATION.md` detailing the new endpoints. a0d9f06 - Merge pull request #48 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 docs: Update API documentation for new features b0a4be7 - docs: Update API documentation for new features Author: google-labs-jules[bot] Date: 2025-08-27 This commit updates the `API_DOCUMENTATION.md` file to include documentation for recently added features and corrects the section numbering. Updates include: - Added a new section for the File Uploads endpoint (`/v1/upload`). - Added a new section for the Guest Profiles feature, including all endpoints for managing and claiming guest accounts. - Updated the Stages endpoints to include the `min_age` field. - Updated the Registrations endpoint to include the `registrant_user_id` field for registering guests. - Corrected the numbering of all sections for consistency. c329d7e - Merge pull request #47 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 feat: Add Family Accounts feature 4600b25 - feat: Add Guest Profile feature for managed accounts Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a comprehensive Guest Profile feature, allowing users (managers) to create and manage accounts for others (guests), such as children. This replaces the initial "Family Accounts" concept with more generic and flexible terminology. Key functionalities: - A manager can create 'guest' profiles, which are linked to their own account. Guest profiles are created without an email or password. - Managers can view a list of their linked guest profiles. - Managers can register their linked guests for stages. The system correctly uses the guest's birthdate for minimum age verification. - Guest profiles are prevented from logging in directly until they are claimed. Account Claim Process: - A manager can initiate a 'claim' process for a guest profile by providing an email address. - The system sends a secure, one-time-use link to the guest's email. - The guest can use this link to set their own password and claim their profile, making it a full, independent user account. - Once claimed, the link to the manager's account is severed. Technical Changes: - **Database**: - Modifies the `users` table to allow `NULL` email and password. - Adds a `guest_profiles` table to store the manager-guest relationships. - Adds a `guest_claim_tokens` table to securely manage the account claiming process. - **API**: - Introduces a new `GuestProfileController` with endpoints for creating and managing guest profiles and the account claim process. - Updates `AuthController` to block direct login for guest profiles. - Updates `RegistrationController` to handle registrations on behalf of a guest. - **Testing**: - Adds a new suite of tests to `run_tests.sh` to cover all aspects of the Guest Profile feature. 7352b3b - feat: Add Family Accounts feature Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a comprehensive Family Accounts feature, allowing parents to create and manage accounts for their children. Key functionalities: - Parents can create 'child' accounts, which are linked to their own. Child accounts are created without an email or password. - Parents can view a list of their linked child accounts. - Parents can register their linked children for stages. The system correctly uses the child's birthdate for minimum age verification. - Child accounts are prevented from logging in directly until they are upgraded. Account Upgrade/Claim Process: - A parent can initiate an 'upgrade' process for a child's account by providing an email address. - The system sends a secure, one-time-use link to the child's email. - The child can use this link to set their own password and claim their account, making it a full, independent user account. - Once claimed, the link to the parent's account is severed. Technical Changes: - **Database**: - Modifies the `users` table to allow `NULL` email and password, accommodating child accounts. - Adds a `linked_accounts` table to store the parent-child relationships. - Adds an `account_upgrade_tokens` table to securely manage the account claiming process. - **API**: - Introduces a new `FamilyController` with endpoints for creating children, listing children, and managing the account upgrade process. - Updates `AuthController` to block direct login for child accounts. - Updates `RegistrationController` to handle registrations on behalf of a child. - **Testing**: - Adds a new suite of tests to `run_tests.sh` to cover all aspects of the Family Accounts feature, including child creation, registration by a parent, login restrictions, and the upgrade initiation. a469457 - Merge pull request #46 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 feat: Add minimum age requirement for stages ea47141 - feat: Add minimum age requirement for stages Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new feature to set a minimum age requirement for stage registrations. - Adds a `min_age` column to the `stages` table. - Updates the Stage API (`/v1/stages`) to allow setting `min_age` when creating or updating a stage. - Modifies the Registration API (`/v1/registrations`) to enforce the age limit. - When a user attempts to register, the system now checks their age (calculated from their `birthdate` in `user_informations`) against the stage's `min_age`. - If the user is underage or their birthdate is not set, the registration is blocked with a 403 Forbidden error. Testing: - Adds new test cases to `run_tests.sh` to verify the age limit functionality. - Tests include creating a stage with `min_age`, blocking an underage user, and allowing an eligible user. 02f46f3 - Merge pull request #45 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 feat: Add secure file upload route c2e89be - feat: Add secure file upload route Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new, secure file upload feature. - Creates a new `/v1/upload` endpoint to handle file uploads. - The endpoint is protected by authentication. - It accepts a `file` and a `type` (`gpx` or `img`). - Uploaded files are stored in `public/uploads/gpx` or `public/uploads/img`. - The endpoint returns the public URL of the uploaded file. Security enhancements: - Adds a file size limit of 5MB. - Validates file MIME type and extension. - For GPX files, verifies that the file is a valid XML. - Adds a secure `.htaccess` file to the uploads directory to prevent directory listing and script execution. Error Handling: - Improves server-side error handling for file uploads, correctly identifying and reporting size-related errors with a 400 status code. Testing: - Adds functional and security test cases to `run_tests.sh`. - The tests cover successful uploads, auth failures, and various security checks (file size, MIME type, invalid format). - The test for image uploads now uses a valid GIF file. - Fixes a bug in the test script that prevented it from correctly parsing the uploaded file URL. 46c39bb - feat: Add secure file upload route Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new, secure file upload feature. - Creates a new `/v1/upload` endpoint to handle file uploads. - The endpoint is protected by authentication. - It accepts a `file` and a `type` (`gpx` or `img`). - Uploaded files are stored in `public/uploads/gpx` or `public/uploads/img`. - The endpoint returns the public URL of the uploaded file. Security enhancements: - Adds a file size limit of 5MB. - Validates file MIME type and extension. - For GPX files, verifies that the file is a valid XML. - Adds a secure `.htaccess` file to the uploads directory to prevent directory listing and script execution. Testing: - Adds functional and security test cases to `run_tests.sh`. - The tests cover successful uploads, auth failures, and various security checks (file size, MIME type, invalid format). - The test for image uploads now uses a valid GIF file. - Fixes a bug in the test script that prevented it from correctly parsing the uploaded file URL. 9b5c85d - Merge pull request #44 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 feat: Add secure file upload route 32857db - feat: Add secure file upload route Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new, secure file upload feature. - Creates a new `/v1/upload` endpoint to handle file uploads. - The endpoint is protected by authentication. - It accepts a `file` and a `type` (`gpx` or `img`). - Uploaded files are stored in `public/uploads/gpx` or `public/uploads/img`. - The endpoint returns the public URL of the uploaded file. Security enhancements: - Adds a file size limit of 5MB. - Validates file MIME type and extension. - For GPX files, verifies that the file is a valid XML. - Adds a secure `.htaccess` file to the uploads directory to prevent directory listing and script execution. Testing: - Adds a test case to `run_tests.sh` to cover the new functionality. - The test now uses a valid GIF image to correctly test image uploads. - Fixes a bug in the test script that prevented it from correctly parsing the uploaded file URL. a7f7b6e - feat: Add secure file upload route Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new, secure file upload feature. - Creates a new `/v1/upload` endpoint to handle file uploads. - The endpoint is protected by authentication. - It accepts a `file` and a `type` (`gpx` or `img`). - Uploaded files are stored in `public/uploads/gpx` or `public/uploads/img`. - The endpoint returns the public URL of the uploaded file. Security enhancements: - Adds a file size limit of 5MB. - Validates file MIME type and extension. - For GPX files, verifies that the file is a valid XML. - Adds a secure `.htaccess` file to the uploads directory to prevent directory listing and script execution. Testing: - Adds a test case to `run_tests.sh` to cover the new functionality. - The test now uses a valid GIF image to correctly test image uploads. e358278 - Merge pull request #43 from ViadexConseil/feature/file-upload Author: Louis Marec Date: 2025-08-27 feat: Add file upload route 5012ee1 - feat: Add file upload route Author: google-labs-jules[bot] Date: 2025-08-27 This commit introduces a new file upload feature. - Creates a new `/v1/upload` endpoint to handle file uploads. - The endpoint is protected by authentication. - It accepts a `file` and a `type` (`gpx` or `img`). - Uploaded files are stored in `public/uploads/gpx` or `public/uploads/img`. - The endpoint returns the public URL of the uploaded file. - Adds a `.htaccess` file to the uploads directory to prevent directory listing. - Adds a test case to `run_tests.sh` to cover the new functionality. 8b2a7e4 - Merge pull request #42 from Toastaspiring/feat/server-ranking-endpoint Author: Louis Marec Date: 2025-08-27 feat: Implement full club management feature c9f3683 - feat: Implement full club management feature Author: google-labs-jules[bot] Date: 2025-08-27 This commit adds a comprehensive feature set for creating and managing clubs within the application. Key features include: - Users can create, update, and delete clubs. - A new database schema is introduced with `federations`, `clubs`, and `club_memberships` tables to support this. The test database initialization script (`init.sql`) has been updated accordingly. - A role-based permission system is implemented for clubs, where the creator is automatically an admin and has exclusive rights to manage the club and its members. - A full membership lifecycle is supported: users can request to join, club admins can approve requests, and members can be removed or can leave. - The concept of federations and licenses is now supported in the database. A comprehensive suite of automated tests has been added to `run_tests.sh` to ensure the correctness of all new functionality. The production smoke test (`run_test_prod.sh`) has also been updated to include a check for the new public clubs endpoint. ad8938d - Merge pull request #41 from Toastaspiring/feat/server-ranking-endpoint Author: Louis Marec Date: 2025-08-26 fix: Correct user role for verification in test suite c22ee5c - fix: Correct user role for verification in test suite Author: google-labs-jules[bot] Date: 2025-08-26 The test case for server-to-server ranking record creation was failing due to an authorization issue. The test attempted to verify the created record using an 'organizer' token, but the permission system requires a stage-specific organizer role that the test setup did not provide. This commit corrects the test by using the 'admin' user's token for the verification step. The 'admin' role has global access and is expected to be able to view these records, making the test logic sound and fixing the failure. dc3d65d - Merge pull request #40 from Toastaspiring/feat/server-ranking-endpoint Author: Louis Marec Date: 2025-08-26 Feat/server ranking endpoint 50312b4 - feat: Implement full club management feature Author: google-labs-jules[bot] Date: 2025-08-26 This commit adds a comprehensive feature set for creating and managing clubs within the application. Key features include: - Users can create, update, and delete clubs. - A new database schema is introduced with `federations`, `clubs`, and `club_memberships` tables to support this. - A role-based permission system is implemented for clubs, where the creator is automatically an admin and has exclusive rights to manage the club and its members. - A full membership lifecycle is supported: users can request to join, club admins can approve requests, and members can be removed or can leave. - The concept of federations and licenses is now supported in the database. A comprehensive suite of automated tests has been added to `run_tests.sh` to ensure the correctness of all new functionality. The production smoke test (`run_test_prod.sh`) has also been updated to include a check for the new public clubs endpoint. 7d29d27 - feat: Add secure endpoint for server-to-server ranking record creation Author: google-labs-jules[bot] Date: 2025-08-26 This commit introduces a new, secure endpoint for creating ranking records via server-to-server communication, bypassing the standard user authentication flow. This is ideal for automated systems, such as timing systems at events, that need to post data without a user session. The new endpoint `POST /v1/server/records` is protected by a new `ApiKeyMiddleware`. This middleware provides two layers of security: 1. It validates a secret API key passed in the `X-API-Key` header. 2. It verifies that the request originates from a whitelisted IP address. The API key and the allowed IP are configured via `RANKING_API_KEY` and `ALLOWED_RANKING_IP` environment variables. The `RankingController`'s `createRecord` method has been refactored to support both the existing user-facing route and the new server-to-server route. Documentation has been updated to include the new endpoint and its usage. 5dc4af0 - Merge pull request #39 from Toastaspiring/docs/update-api-documentation Author: Louis Marec Date: 2025-08-26 docs: Update API documentation to match implementation d63c0a6 - docs: Update API documentation to match implementation Author: google-labs-jules[bot] Date: 2025-08-26 632050e - Update README.md Author: Louis Marec Date: 2025-08-26 c3485e3 - Merge pull request #38 from Toastaspiring/fix/ftp-timeout Author: Louis Marec Date: 2025-08-26 Fix/ftp timeout aa45148 - Update ci.yml Author: Louis Marec Date: 2025-08-26 ef7828a - feat: Comprehensive fixes and features Author: google-labs-jules[bot] Date: 2025-08-26 This commit introduces several improvements and fixes across the application and CI/CD pipeline. 1. **Fixes CI/CD FTP Deployment Timeout:** - Replaces the previous FTP GitHub Action with a more robust `lftp` script configured to handle network interruptions by retrying and resuming uploads. - The overall job timeout has been increased from 5 to 20 minutes. 2. **Adds Production Smoke Tests:** - A new `run_test_prod.sh` script has been added to perform non-destructive checks against the production environment after deployment. - This script is now executed as a new step in the CI/CD workflow. 3. **Refactors MySQL Migration:** - The `migration.sql` file has been restructured to define all foreign key constraints in a single block at the end of the schema definition using `ALTER TABLE` statements. 4. **Fixes Database Schema Inconsistency:** - Corrects a bug where the code and documentation referred to `is_premium` while the database schema used `is_premium_member`. - This has been fixed in the controllers, test database schema (`init.sql`), and API documentation. 9931e2b - Merge pull request #37 from Toastaspiring/fix/ftp-timeout Author: Louis Marec Date: 2025-08-26 feat: Fix CI, refactor migrations, and add production tests fa6c251 - feat: Fix CI, refactor migrations, and add production tests Author: google-labs-jules[bot] Date: 2025-08-26 This commit introduces several improvements and fixes: 1. **Fixes CI/CD FTP Deployment Timeout:** - Replaces the previous FTP GitHub Action with a more robust `lftp` script. - The new script is configured to handle network interruptions by retrying and resuming uploads. - The overall job timeout has been increased from 5 to 20 minutes to prevent premature failures. 2. **Adds Production Smoke Tests:** - A new `run_test_prod.sh` script has been added to perform basic, non-destructive checks against the production environment after deployment. - This script is executed as a new step in the CI/CD workflow to quickly verify that the deployment was successful and the API is responsive. 3. **Refactors MySQL Migration:** - The `migration.sql` file has been restructured to improve organization. - All foreign key constraints are now defined in a single block at the end of the schema definition using `ALTER TABLE` statements. 8a1517c - Merge pull request #36 from Toastaspiring/fix/ftp-timeout Author: Louis Marec Date: 2025-08-26 feat: Refactor MySQL migration and fix CI/CD FTP timeout b339f6c - feat: Refactor MySQL migration and fix CI/CD FTP timeout Author: google-labs-jules[bot] Date: 2025-08-26 This commit includes two main changes: 1. Refactors the `migration.sql` file for MySQL. - All inline foreign key constraints have been removed from the `CREATE TABLE` statements. - Foreign keys are now defined in a single block at the end of the schema definition using `ALTER TABLE` statements. - This improves the organization of the migration script. 2. Fixes a timeout issue in the CI/CD pipeline during FTP deployment. - The `deploy` job timeout in `.github/workflows/ci.yml` has been increased from 5 to 20 minutes. - The `SamKirkland/FTP-Deploy-Action` has been replaced with a more robust `lftp` script that handles retries and continues interrupted uploads. 36896c3 - Merge pull request #35 from Toastaspiring/fix/ftp-timeout Author: Louis Marec Date: 2025-08-26 Fix FTP deployment timeout in CI/CD pipeline d2cc8cd - Fix FTP deployment timeout in CI/CD pipeline Author: google-labs-jules[bot] Date: 2025-08-26 The FTP deployment in the CI/CD pipeline was timing out after 5 minutes. This was caused by a combination of a short job timeout and an FTP action that was not resilient to disconnections. This commit addresses the issue by: - Increasing the deploy job timeout from 5 to 20 minutes. - Replacing the `SamKirkland/FTP-Deploy-Action` with a more robust `lftp` script. - Configuring `lftp` to handle timeouts, retries, and to continue interrupted uploads. 5f7f9ba - Update ci.yml Author: Louis Marec Date: 2025-08-26 7898344 - Merge pull request #34 from Toastaspiring/fix/comprehensive-test-suite Author: Louis Marec Date: 2025-08-26 fix(ci): Ensure test script exits with code 0 on success c4857ef - fix(ci): Ensure test script exits with code 0 on success Author: google-labs-jules[bot] Date: 2025-08-26 The `run_tests.sh` script was previously exiting with code 143, even after a successful test run. This was caused by the `set -e` option combined with the `wait` command inheriting the exit status of the background server process killed by `SIGTERM`. This commit modifies the `wait` command in the `stop_server` cleanup function to `wait $SERVER_PID 2>/dev/null || true`. This ensures that the non-zero exit code from the killed process is ignored, allowing the script to proceed and exit with code 0 as intended. This change is critical for CI/CD pipelines, where any non-zero exit code is treated as a failure. 0f31f2c - Merge pull request #33 from Toastaspiring/fix/comprehensive-test-suite Author: Louis Marec Date: 2025-08-26 feat(tests): Fix and overhaul API test suite 73bbe70 - feat(tests): Fix and overhaul API test suite Author: google-labs-jules[bot] Date: 2025-08-26 This commit resolves a non-functioning test script and significantly expands its scope to provide comprehensive test coverage for the API. The original `run_tests.sh` script was failing due to a cascading series of environment, configuration, and application-level bugs. This change addresses all of them. Key Changes: - **Fixed Application Bugs:** - Resolved multiple fatal errors in controllers (`AuthController`, `RankingController`) caused by discrepancies between the code and the database schema. - Corrected the `RankingController` to properly handle `bib_number` creation. - Modified `public/index.php` to allow for a separate test environment configuration (`.env.test`). - **Rebuilt Test Database Schema:** - The existing `init.sql` was found to be obsolete and missing numerous tables and columns required by the application. - A new, comprehensive `init.sql` was created, translating the schema from the MySQL-flavored `migration.sql` into a compatible format for the SQLite test environment. This new schema includes tables for roles, user information, and all necessary columns. - **Overhauled `run_tests.sh`:** - The script is now robust and self-contained, creating a clean `.env.test` and a fresh SQLite database on every run. - Refactored for readability with color-coded output and helper functions for common tasks like user registration, login, and role assignment. - Expanded to provide comprehensive test coverage for nearly all API endpoints, including: - User registration and login. - Role-based access control checks for creating categories (admin) and stages (organizer). - Full CRUD tests for Categories and Stages. - A multi-user workflow for Event, Stage, Registration, and Ranking creation. - **Repository Hygiene:** - Updated `.gitignore` to exclude test artifacts like the test database, logs, and environment files. This new test suite provides a stable foundation for future development and ensures the application's core functionality is working as expected. 96cdd92 - Update run_tests.sh Author: Louis Marec Date: 2025-08-26 4f3c1fa - fix: Remove all incorrect submodule entries Author: Louis Marec Date: 2025-08-26 cb035e3 - Delete RESPONSE_TO_USER.md Author: Louis Marec Date: 2025-08-26 19e931c - fix: Remove incorrect submodule tracking for php-jwt Author: Louis Marec Date: 2025-08-26 338fbd9 - fix: Remove incorrect submodule tracking for router Author: Louis Marec Date: 2025-08-26 2f57c21 - Update ci.yml Author: Louis Marec Date: 2025-08-26 cdffedd - hope it works Author: Louis Marec Date: 2025-08-26 f4c734a - Update ci.yml Author: Louis Marec Date: 2025-08-26 67444bb - Update composer.json Author: Louis Marec Date: 2025-08-26 21e04f4 - Update ci.yml Author: Louis Marec Date: 2025-08-26 188d618 - Update ci.yml Author: Louis Marec Date: 2025-08-25 5044286 - Merge pull request #32 from Toastaspiring/feat/github-actions-ci-cd Author: Louis Marec Date: 2025-08-25 feat: Add GitHub Actions CI/CD workflow 8edba17 - feat: Add GitHub Actions CI/CD workflow Author: google-labs-jules[bot] Date: 2025-08-25 This commit introduces a new GitHub Actions workflow for continuous integration and deployment. The workflow includes two jobs: - 'test': This job installs dependencies and runs a test script to verify the API's functionality. - 'deploy': This job runs after the tests pass on the main branch. It installs production dependencies and deploys the application to an FTP server. The deployment job uses repository secrets (FTP_SERVER, FTP_USERNAME, FTP_PASSWORD) for configuration. A test script `run_tests.sh` has also been added to automate API testing. 1b00a64 - Merge pull request #31 from Toastaspiring/feature/update-club-member-table Author: Louis Marec Date: 2025-08-25 Refactor club membership and roles 9267160 - Merge pull request #30 from Toastaspiring/refine-roles-and-seed-db Author: Louis Marec Date: 2025-08-25 feat: Implement club feature a2f24b0 - Refactor club membership and roles Author: google-labs-jules[bot] Date: 2025-08-25 a30df06 - feat: Implement club feature Author: google-labs-jules[bot] Date: 2025-08-25 This commit introduces a new club feature to the API. - Adds new database tables for federations, clubs, club members, and club roles. - Seeds the new tables with initial data. - Implements a new ClubController with public GET endpoints for clubs. - Integrates the club feature with event creation, allowing club admins to create events for their clubs. - Updates the API documentation to reflect the new club endpoints and changes to the event creation endpoint. c45948c - Merge pull request #29 from Toastaspiring/refine-roles-and-seed-db Author: Louis Marec Date: 2025-08-25 Refine roles and seed db b3f8473 - This commit introduces a basic rate limiting feature to enhance API security and prevent abuse. Author: google-labs-jules[bot] Date: 2025-08-25 - **Rate Limiting Middleware:** A new `SimpleRateLimitMiddleware` has been created. It uses a basic in-memory, fixed-window algorithm to limit requests to 100 per minute per IP address. This was implemented without external dependencies due to environment constraints. - **Route Protection:** The new middleware has been applied to all `/v1` API routes in `public/index.php`. - **Documentation:** The `API_DOCUMENTATION.md` file has been updated to include a new section explaining the rate limiting policy and the `429 Too Many Requests` response. 17f7199 - This commit allows organizers to view and create ranking records for the stages they manage. Author: google-labs-jules[bot] Date: 2025-08-25 - **Permissions:** The permission configuration has been updated to grant 'organizer' role access to the `GET` and `POST` endpoints for ranking records. - **Authorization:** New authorization logic has been added to the `RankingController`. This ensures that while organizers can access the endpoints, they are restricted to accessing records that belong to a stage they are specifically assigned to as an organizer. Admins retain unrestricted access. - **Documentation:** The `API_DOCUMENTATION.md` file has been updated to reflect these new, more granular permission rules. 8b4270d - This commit fixes a logical flaw in the event update process. Previously, a user needed the 'organizer' role to update an event, even if they were the owner. Author: google-labs-jules[bot] Date: 2025-08-25 - **Permissions:** The `PATCH /v1/events/{id}` endpoint has been updated to only require authentication. The controller logic already ensures that only the owner of the event can perform the update. - **Documentation:** The `API_DOCUMENTATION.md` file has been updated to reflect this corrected permission requirement and to add the missing documentation for this endpoint. b188480 - This commit fixes a logical flaw in the event creation process. Previously, a user needed the 'organizer' role to create an event, but creating an event was the intended way to become an organizer. Author: google-labs-jules[bot] Date: 2025-08-25 - **Permissions:** The `POST /v1/events` endpoint has been updated to only require authentication, not a specific role. Any authenticated user can now create an event. - **Documentation:** The `API_DOCUMENTATION.md` file has been updated to reflect this corrected permission requirement. 9625582 - This commit fixes the response of the `/v1/auth/me` endpoint and updates the API documentation to reflect all recent changes. Author: google-labs-jules[bot] Date: 2025-08-25 - **API Fix:** The `/v1/auth/me` endpoint has been updated to correctly include the new `start_time` and `end_time` fields for events and stages in its response. - **Documentation:** The `API_DOCUMENTATION.md` file has been thoroughly updated with the new, complete request and response examples for all the affected endpoints (Events, Stages, and the User Profile). 08790c5 - Merge pull request #28 from Toastaspiring/refine-roles-and-seed-db Author: Louis Marec Date: 2025-08-25 Refine roles and seed db ce061dd - This commit refactors the database schema to move the `registration_end_time` from the `events` table to the `stages` table. This provides more flexibility, allowing each stage within an event to have its own distinct registration deadline. Author: google-labs-jules[bot] Date: 2025-08-25 - **Schema:** The `migration.sql` file has been updated to reflect the column move. - **API Controllers:** The `EventController` and `StageController` have been modified to handle the `registration_end_time` on the stage level, not the event level. - **Seeding Data:** The database seeding script has been updated to align with the new schema. b1757ce - This commit adds start and end times to both the events and stages tables, providing more detailed scheduling information. Author: google-labs-jules[bot] Date: 2025-08-25 - **Schema:** The `migration.sql` file has been updated to include a nullable `end_time` column in the `events` table, and nullable `start_time` and `end_time` columns in the `stages` table. - **API Controllers:** The `EventController` and `StageController` have been updated to handle these new fields in their create and update methods. - **Seeding Data:** The database seeding script has been updated to include sample start and end times for the created events and stages. c47402d - Merge pull request #27 from Toastaspiring/refine-roles-and-seed-db Author: Louis Marec Date: 2025-08-25 This commit refines the role-based access control system and adds a c… 2e5b4af - This commit refines the role-based access control system and adds a comprehensive database seeding script to `migration.sql`. Author: google-labs-jules[bot] Date: 2025-08-25 Key changes: - **Role Assignment:** New users are no longer assigned a default 'runner' role upon registration. Roles are now intended to be granted based on specific actions. - **Database Seeding:** The `migration.sql` script has been significantly expanded to populate all major tables with a consistent set of sample data. This includes creating multiple users, events, stages, registrations, and assigning an 'organizer' role to a specific user for a specific stage. - **Admin User:** The seeding script creates a default admin user as requested, with global administrative privileges. 9f90357 - Merge pull request #26 from Toastaspiring/refine-roles-and-seed-db Author: Louis Marec Date: 2025-08-25 This commit introduces two main improvements based on user feedback: … 8f99fb9 - This commit introduces two main improvements based on user feedback: refining the user role assignment logic and adding database seeding. Author: google-labs-jules[bot] Date: 2025-08-25 - **Refined Role Assignment:** The `AuthController@register` method no longer automatically assigns the 'runner' role to new users. A user is now created without a default role, and roles like 'runner' or 'volunteer' will be granted based on actions (e.g., registering for a race). - **Database Seeding:** The `migration.sql` script has been updated to include `INSERT` statements for populating the database. This includes seeding the `users` table with a default admin account and assigning the corresponding 'admin' role in the `user_roles` table, which will help standardize the development environment. 53b3c8a - Fix: Utils.php Author: Louis Marec Date: 2025-08-25 Made the UUID more linient to have more UUID fc31222 - Fix: permission wasn't included in the scope of each route, leading to a errors Author: Louis Marec Date: 2025-08-25 c852645 - Merge pull request #25 from Toastaspiring/feat/configurable-permissions Author: Louis Marec Date: 2025-08-21 Feat/configurable permissions 9b1a1a7 - Merge branch 'main' into feat/configurable-permissions Author: Louis Marec Date: 2025-08-21 babdc12 - docs: Update README.md to act as a changelog Author: google-labs-jules[bot] Date: 2025-08-21 This commit updates the `README.md` file to include a changelog section at the top. This section summarizes the recent major enhancements to the API, including: - Database schema optimization - Role-Based Access Control (RBAC) - Application-level encryption - New API documentation - Secure routing with specific UUID regex ee1c39d - feat: Final version of the database migration and API updates Author: google-labs-jules[bot] Date: 2025-08-21 This commit includes the final, correct version of the database migration script and all the related API enhancements. - **Database Migration:** - The `migration.sql` script is now a full creation script that drops all tables and recreates them with the optimized schema, including RBAC, denormalization, and encryption support. - **API Enhancements:** - A centralized `config/permissions.php` file for managing route permissions. - Role-based access control enforced by the `AuthMiddleware`. - Encryption of sensitive user data. - More specific regex for UUIDs in routes. - **Documentation:** - A comprehensive `API_DOCUMENTATION.md` file. 696531c - Merge pull request #24 from Toastaspiring/feat/configurable-permissions Author: Louis Marec Date: 2025-08-21 docs: Create API documentation 885b0f1 - docs: Create API documentation Author: google-labs-jules[bot] Date: 2025-08-21 This commit adds a new `API_DOCUMENTATION.md` file that provides comprehensive documentation for all API endpoints. The documentation includes: - The HTTP method and endpoint path. - A description of the endpoint's functionality. - The required roles for access. - The JSON format for request bodies. - The JSON format for success and error responses. f107b62 - Merge pull request #23 from Toastaspiring/feat/configurable-permissions Author: Louis Marec Date: 2025-08-21 Add a Configuration File for Route Permissions d93371c - feat: Add a configuration file for route permissions Author: google-labs-jules[bot] Date: 2025-08-21 This commit introduces a new configuration file, `config/permissions.php`, to manage permissions for API routes. - The `permissions.php` file maps routes and HTTP methods to the roles required for access. - The main routing file, `public/index.php`, is refactored to load this configuration and apply the permissions dynamically. - This change removes hardcoded roles from the route definitions, making the permission system more maintainable and centralized. - The regex for matching UUIDs in routes has been updated to be more specific and secure. ae8620c - feat: Add a configuration file for route permissions Author: google-labs-jules[bot] Date: 2025-08-21 This commit introduces a new configuration file, `config/permissions.php`, to manage permissions for API routes. - The `permissions.php` file maps routes and HTTP methods to the roles required for access. - The main routing file, `public/index.php`, is refactored to load this configuration and apply the permissions dynamically. - This change removes hardcoded roles from the route definitions, making the permission system more maintainable and centralized. 900dba2 - Update AuthController.php Author: Louis Marec Date: 2025-08-20 fa3c970 - Merge pull request #22 from Toastaspiring/codex/remove-unnecessary-fields-from-auth/me Author: Louis Marec Date: 2025-08-20 Remove ranking details from auth profile and list created events 641c425 - Remove ranking details from auth profile and list created events Author: Louis Marec Date: 2025-08-20 a86cac0 - Merge pull request #21 from Toastaspiring/codex/investigate-missing-response-body-on-login Author: Louis Marec Date: 2025-08-20 Handle JSON encoding errors in utility responses 50b8361 - Group user registrations and favorite sports Author: Louis Marec Date: 2025-08-20 225acad - Merge pull request #20 from Toastaspiring/codex/investigate-missing-response-body-on-login Author: Louis Marec Date: 2025-08-20 Handle JSON encoding errors in utility responses 70a5117 - Improve JSON response handling Author: Louis Marec Date: 2025-08-20 525ae4d - Merge pull request #19 from Toastaspiring/codex/add-log-file-for-api-debugging Author: Louis Marec Date: 2025-08-20 Log requests and serve full user profile via auth/me 20ebedb - Return full profile data from auth/me Author: Louis Marec Date: 2025-08-20 aa87929 - Update .env Author: Louis Marec Date: 2025-08-20 9681aaf - Update .env Author: Louis Marec Date: 2025-08-20 c556e51 - Merge pull request #18 from Toastaspiring/codex/add-log-file-for-api-debugging Author: Louis Marec Date: 2025-08-20 Add timestamped request logging for API 95ef627 - Log all requests with timestamps Author: Louis Marec Date: 2025-08-20 97626e5 - Update schema.sql Author: Louis Marec Date: 2025-08-20 7fde447 - Merge pull request #17 from Toastaspiring/codex/adapt-api-for-spixerkviadex-changes-and-check-security-lo8ubw Author: Louis Marec Date: 2025-08-19 Allow login by username or email and require username on registration 1c38623 - Allow login via email or username and require username at registration Author: Louis Marec Date: 2025-08-19 1aae36e - Merge pull request #15 from Toastaspiring/codex/adapt-api-for-spixerkviadex-changes-and-check-security Author: Louis Marec Date: 2025-08-19 feat: make sqlite path configurable 24f70c0 - Merge branch 'main' into codex/adapt-api-for-spixerkviadex-changes-and-check-security Author: Louis Marec Date: 2025-08-19 3075aa0 - chore: configure MySQL production env Author: Louis Marec Date: 2025-08-19 83fe4dd - Merge pull request #14 from Toastaspiring/codex/adapt-api-for-spixerkviadex-changes-and-check-security Author: Louis Marec Date: 2025-08-19 Use env-driven configuration for database and JWT secret 27d7017 - Make database config and secrets environment-driven Author: Louis Marec Date: 2025-08-19 f68561b - Update spixerkviadex.sql Author: Louis Marec Date: 2025-08-19 2e2a66e - Rename UserInformations.php to UserInformationsController.php Author: Louis Marec Date: 2025-08-19 340563f - Update index.php Author: Louis Marec Date: 2025-08-19 bd9d6d6 - Rename USerInformations.php to UserInformations.php Author: Louis Marec Date: 2025-08-19 ee220cb - Create USerInformations.php Author: Louis Marec Date: 2025-08-19 5adc537 - Merge pull request #13 from Toastaspiring/codex/add-stripe-backend-for-payments-in-php-dgib6r Author: Louis Marec Date: 2025-08-19 feat: add Stripe payment endpoints 9d9ca47 - Merge branch 'main' into codex/add-stripe-backend-for-payments-in-php-dgib6r Author: Louis Marec Date: 2025-08-19 1f8ce63 - fix: harden Stripe payment handling Author: Louis Marec Date: 2025-08-19 e232cd8 - Merge pull request #12 from Toastaspiring/codex/add-stripe-backend-for-payments-in-php Author: Louis Marec Date: 2025-08-19 feat: add Stripe payment endpoints 1dbb064 - feat: add Stripe payment endpoints Author: Louis Marec Date: 2025-08-19 b4a89b7 - fixed api Author: Louis Marec Date: 2025-07-29 c6c1dcf - Change of plan Author: Louis Marec Date: 2025-07-24 343ec23 - added depencies to match Author: Louis Marec Date: 2025-07-24 8db5c75 - Merge pull request #11 from Toastaspiring/codex/test-login-with-provided-credentials Author: Louis Marec Date: 2025-07-24 Add manual test guide 28b2e58 - Add manual test guide Author: Louis Marec Date: 2025-07-24 bed97f7 - Update and rename .env.example to .env Author: Louis Marec Date: 2025-07-24 9084a06 - Merge pull request #10 from Toastaspiring/codex/update-api-to-match-sql-schema Author: Louis Marec Date: 2025-07-24 Implement basic controllers from SQL schema 26ee5ed - Implement basic API using SQL schema Author: Louis Marec Date: 2025-07-24 fdb5686 - Rename spixerkviadex (9).sql to spixerkviadex.sql Author: Louis Marec Date: 2025-07-24 57dd583 - Add files via upload Author: Louis Marec Date: 2025-07-24 0331e5e - Merge pull request #9 from Toastaspiring/codex/refactor-api-structure-and-implementation Author: Louis Marec Date: 2025-07-24 Rebuild API skeleton b8c3ed0 - Rebuild API structure Author: Louis Marec Date: 2025-07-24 30f634c - Merge pull request #8 from Toastaspiring/codex/update-readme-with-api-documentation-and-curl-testing Author: Louis Marec Date: 2025-07-23 Fix routes and add home page eaadc67 - Merge branch 'main' into codex/update-readme-with-api-documentation-and-curl-testing Author: Louis Marec Date: 2025-07-23 ae85f45 - Fix routes and docs Author: Louis Marec Date: 2025-07-23 c6b7ab6 - Merge pull request #7 from Toastaspiring/codex/update-readme-with-api-documentation-and-curl-testing Author: Louis Marec Date: 2025-07-23 Add README under api folder 51ebcd2 - Merge branch 'main' into codex/update-readme-with-api-documentation-and-curl-testing Author: Louis Marec Date: 2025-07-23 6bc2cc9 - Move docs into api folder and expand setup steps Author: Louis Marec Date: 2025-07-23 900b376 - Merge pull request #6 from Toastaspiring/codex/update-readme-with-api-documentation-and-curl-testing Author: Louis Marec Date: 2025-07-23 Add API documentation and curl examples 819cb0a - Update README with full API docs and curl examples Author: Louis Marec Date: 2025-07-23 166acec - Merge pull request #5 from Toastaspiring/codex/generate-php-rest-api-from-sql-schema Author: Louis Marec Date: 2025-07-23 Add JWT auth and secure API 63dc5e2 - Add JWT-based auth and secure CRUD endpoints Author: Louis Marec Date: 2025-07-23 b91bf1f - Rename database.sql to spixerkviadex.sql Author: Louis Marec Date: 2025-07-23 b4e7936 - Update database.sql Author: Louis Marec Date: 2025-07-23 91c178a - Merge pull request #4 from Toastaspiring/codex/update-api-to-match-database-changes Author: Louis Marec Date: 2025-07-23 API updated for new schema da31469 - Adapt API to new database schema Author: Louis Marec Date: 2025-07-23 235e61a - Update database.sql Author: Louis Marec Date: 2025-07-23 4bbaca2 - Delete .htaccess Author: Louis Marec Date: 2025-07-22 6442a08 - Add files via upload Author: Louis Marec Date: 2025-07-22 c46a09b - Merge pull request #3 from Toastaspiring/codex/add-.htaccess-for-api-functionality Author: Louis Marec Date: 2025-07-22 Add .htaccess with rewrite rules 481d242 - Add rewrite rules for PHP API Author: Louis Marec Date: 2025-07-22 c570b06 - Merge pull request #2 from Toastaspiring/codex/add-postman-example-requests-to-readme Author: Louis Marec Date: 2025-07-22 Add Postman examples 3226eb9 - docs: add postman examples Author: Louis Marec Date: 2025-07-22 af2554e - Updated config.php Author: Louis Marec Date: 2025-07-22 828d53f - Merge pull request #1 from Toastaspiring/codex/add-php-api-folder-for-database.sql Author: Louis Marec Date: 2025-07-22 Improve API documentation 1472f87 - Document PHP API Author: Louis Marec Date: 2025-07-22 0ace755 - uploaded database Author: Louis Marec Date: 2025-07-22 336c73b - Add files via upload Author: Louis Marec Date: 2025-07-22 2f1d04e - Initial commit Author: Louis Marec Date: 2025-07-22