Fix/scores

app/.env.prod

@@ -37,3 +37,5 @@ JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
 JWT_PASSPHRASE=c6be11833f7971fab179b813c964d616
 JWT_TOKEN_TTL=3600000
 ###< lexik/jwt-authentication-bundle ###
+REDIS_HOST=redis
+REDIS_PORT=6379

app/Makefile

@@ -1,28 +1,38 @@
 include .env
 
-.PHONY: --
+.PHONY: -- redis-sh fixtures fixtures-dev
 
 CYAN := \033[0;36m
 RESET := \033[0m
 
 # Test environment uses isolated containers
-TEST_COMPOSE := docker compose -f docker-compose.test.yml -p flags-test
+TEST_COMPOSE := docker compose -f docker-compose.test.yml -p flags-api-test
+COMPOSE_DEV := docker compose
+COMPOSE_PROD_LOCAL := docker compose -f docker-compose.yml -p flags-api-prod
 
 # Default target
 help: ## Show this help message
 	@printf "\\nUsage: make $(CYAN)[target]$(RESET)\\n\\n"
 	@echo 'Targets:'
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  $(CYAN)%-22s$(RESET) %s\n", $$1, $$2}' $(MAKEFILE_LIST) | sort -f
 
-init: build up composer import-db ## Full dev setup
+init: build db up  ## Full dev setup
 run: up ## Start containers
 
 build: ## Build all containers
 	@docker compose build
-
 up: ## Start all containers
 	@docker compose up -d
 
+dev: build up
+
+prod-local: build-prod-local up-prod-local
+build-prod-local: ## Start all containers
+	@docker compose -f docker-compose.yml build
+up-prod-local: ## Start all containers
+	@docker compose -f docker-compose.yml up -d
+
+
 down: ## Stop all containers
 	@docker compose down
 
@@ -32,8 +42,18 @@ db: ## Create database and run migrations
 	@docker compose exec php bin/console d:d:c --if-not-exists
 	@docker compose exec php bin/console d:m:m -n
 
-import-db: ## Import flags database
-	@bin/console d:d:i flags.sql
+fixtures-dev:
+	@$(COMPOSE_DEV) exec php bin/console app:populate:users 1 -f Timo -l Maas
+	@$(COMPOSE_DEV) exec php bin/console app:populate:capitals --purge -n
+	@$(COMPOSE_DEV) exec php bin/console app:populate:flags --purge -n
+
+fixtures:
+	@$(COMPOSE) exec php bin/console app:populate:users test_user_1 -f FirstName -l LastName
+	@$(COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(COMPOSE) exec php bin/console app:populate:flags --purge -n
+
+#import-db: ## Import flags database
+	@#bin/console d:d:i flags.sql
 
 composer: ## Install PHP dependencies
 	@docker compose exec php composer install
@@ -155,6 +175,9 @@ clean: ## Clean generated files
 sh: ## Access PHP container shell
 	@docker compose exec php sh
 
+redis-sh: ## Access PHP container shell
+	@docker compose exec redis redis-cli
+
 dumper: ## Start var-dump server
 	@docker compose exec php vendor/bin/var-dump-server
 
@@ -170,5 +193,4 @@ t: ## Quick test filter (uses test containers): make t -- CorrectFlagEndpointTes
 cc: ## Delete all cache folders
 	rm -rf var/cache
 
-%:
-	@
+%: @

app/config/packages/framework.yaml

@@ -6,10 +6,15 @@ framework:
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
-        handler_id: null
-        cookie_secure: auto
-        cookie_samesite: lax
-
+        name: FLAGS_API_SESS
+        cookie_path: /
+        cookie_domain: null # Ensures it defaults to the current host
+#        handler_id: App\Shared\Session\RedisSessionHandler
+        handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
+#        cookie_samesite: lax
+        cookie_samesite: null
+#        cookie_secure: auto
+        cookie_secure: false
     # Trust proxy headers (k8s, Caddy, ngrok)
     trusted_proxies: '127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
     trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-port', 'x-forwarded-proto']
@@ -18,3 +23,5 @@ framework:
     #fragments: true
     php_errors:
         log: true
+
+#    trust_proxy_set_remote_addr: true

app/config/packages/knpu_oauth2_client.yaml

@@ -13,6 +13,16 @@ knpu_oauth2_client:
       # Your OAuth2 server's base URL
       provider_options:
         domain: '%env(OAUTH_SERVER_URL)%'
-        urlAuthorize: '%env(OAUTH_SERVER_URL)%/oauth2/authorize'
-        urlAccessToken: '%env(OAUTH_SERVER_URL)%/oauth2/token'
-        urlResourceOwnerDetails: '%env(OAUTH_SERVER_URL)%/oauth2/me'
+        urlAuthorize: '%env(OAUTH_SERVER_URL)%/oauth2/authorize' # Browser-facing
+        urlAccessToken: '%env(OAUTH_SERVER_URL)%/oauth2/token' # Back-channel
+        urlResourceOwnerDetails: '%env(OAUTH_SERVER_URL)%/oauth2/userinfo'
+
+#      provider_options:
+#        domain: 'http://localhost:8547'
+        # BROWSER REALITY: The user's browser needs to hit your host port
+#        urlAuthorize: 'http://localhost:8547/oauth2/authorize'
+#        urlAuthorize: 'http://openid_caddy/oauth2/authorize'
+#         DOCKER REALITY: PHP container talks directly to the other Caddy container
+        # We use port 80 because openid_caddy is listening on 80 inside the network
+#        urlAccessToken: 'http://openid_caddy/oauth2/token'
+#        urlResourceOwnerDetails: 'http://openid_caddy/oauth2/me'

app/config/services.yaml

@@ -55,4 +55,30 @@ services:
     App\Flags\Security\JwksJwtEncoder: ~
 
     Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface:
-      alias: App\Flags\Security\JwksJwtEncoder
+      alias: App\Flags\Security\JwksJwtEncoder
+
+
+    ### REDIS START ###
+    # 1. Define the Redis connection service
+    # This represents the physical connection to your Redis container/server
+    Redis:
+      class: Redis
+      calls:
+        - method: connect
+          arguments:
+            - '%env(REDIS_HOST)%'
+            - '%env(int:REDIS_PORT)%' # 'int:' ensures the port is passed as an integer
+
+        # Uncomment if you added a password to your Redis K8s/Docker setup
+        # - method: auth
+        #   arguments:
+        #       - '%env(REDIS_PASSWORD)%'
+
+    # 2. Register the Session Handler
+    # This tells Symfony how to use the Redis service above for sessions
+    Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
+      arguments:
+        - '@Redis'
+        # Optional: Add a prefix to avoid collisions with other apps using the same Redis
+        - { prefix: 'flags_sess_', ttl: 3600 }
+   ### REDIS END ###

app/docker-compose.override.yml

@@ -10,6 +10,9 @@ services:
     db:
         ports:
             - "33060:3306"
+    redis:
+        ports:
+            - "6379:6379"
     caddy:
         ports:
             - "8000:80"

app/docker-compose.test.yml

@@ -17,7 +17,7 @@ services:
                 condition: service_healthy
     db:
         build:
-            context: ..
+            context: ..host.docker.internal
             dockerfile: .docker/mysql/Dockerfile
         environment:
             MYSQL_ROOT_PASSWORD: root

app/docker-compose.yml

@@ -34,6 +34,12 @@ services:
         restart: always
         networks:
             - backend-flags
+    redis:
+        image: "redis:7-alpine"
+        container_name: "redis-flags-api"
+        restart: always
+        networks:
+            - backend-flags
 networks:
     backend-flags:
         external: true

app/makefile.old

@@ -0,0 +1,174 @@
+include .env
+
+.PHONY: --
+
+CYAN := \033[0;36m
+RESET := \033[0m
+
+# Test environment uses isolated containers
+TEST_COMPOSE := docker compose -f docker-compose.test.yml -p flags-test
+
+# Default target
+help: ## Show this help message
+	@printf "\\nUsage: make $(CYAN)[target]$(RESET)\\n\\n"
+	@echo 'Targets:'
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  $(CYAN)%-22s$(RESET) %s\n", $$1, $$2}' $(MAKEFILE_LIST) | sort -f
+
+init: build up composer import-db ## Full dev setup
+run: up ## Start containers
+
+build: ## Build all containers
+	@docker compose build
+
+up: ## Start all containers
+	@docker compose up -d
+
+down: ## Stop all containers
+	@docker compose down
+
+rebuild: down build up ## Rebuild and restart containers
+
+db: ## Create database and run migrations
+	@docker compose exec php bin/console d:d:c --if-not-exists
+	@docker compose exec php bin/console d:m:m -n
+
+import-db: ## Import flags database
+	@bin/console d:d:i flags.sql
+
+composer: ## Install PHP dependencies
+	@docker compose exec php composer install
+
+cache: ## Clear Symfony cache
+	@docker compose exec php bin/console c:c
+
+test-build: ## Build test images
+	@$(TEST_COMPOSE) build
+test: ## Run PHPUnit tests (isolated test containers)
+	@echo "Starting test containers..."
+	@$(TEST_COMPOSE) up -d
+	@echo "Setting up test database..."
+	@$(TEST_COMPOSE) exec php bin/console d:d:c -n --if-not-exists
+	@$(TEST_COMPOSE) exec php bin/console d:m:m -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:users test_user_1 -f Test -l User
+	@$(TEST_COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:flags --purge -n
+	@echo "Running tests..."
+	@$(TEST_COMPOSE) exec php vendor/bin/phpunit
+	@$(TEST_COMPOSE) down
+
+test-up: ## Start test containers (keep running)
+	@$(TEST_COMPOSE) up -d
+	@$(TEST_COMPOSE) exec php bin/console d:d:c -n --if-not-exists
+	@$(TEST_COMPOSE) exec php bin/console d:m:m -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:users -n test_user_1 -f Test -l User
+	@$(TEST_COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:flags --purge -n
+
+test-down: ## Stop test containers
+	@$(TEST_COMPOSE) down
+
+test-sh: ## Shell into test PHP container
+	@$(TEST_COMPOSE) exec php sh
+
+coverage: ## Generate code coverage report (HTML) - requires PCOV or Xdebug
+	@echo "Checking for coverage driver..."
+	@docker compose exec php php -r "if (!extension_loaded('pcov') && !extension_loaded('xdebug')) { echo 'Error: No coverage driver found. Install PCOV or Xdebug.\n'; echo 'In Docker, add to Dockerfile: RUN install-php-extensions pcov\n'; exit(1); }"
+	@echo "Starting test environment..."
+	@$(TEST_COMPOSE) up -d --build --wait
+	@$(TEST_COMPOSE) exec php bin/console d:d:c -n --if-not-exists
+	@$(TEST_COMPOSE) exec php bin/console d:m:m -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:users -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:flags --purge -n
+	@echo "Generating coverage report..."
+	@$(TEST_COMPOSE) exec php php -d pcov.enabled=1 vendor/bin/phpunit --coverage-html coverage/html --coverage-text
+	@echo "Coverage report: coverage/html/index.html"
+	@$(TEST_COMPOSE) down
+
+coverage-text: ## Show code coverage in terminal
+	@echo "Checking for coverage driver..."
+	@docker compose exec php php -r "if (!extension_loaded('pcov') && !extension_loaded('xdebug')) { echo '\nError: No coverage driver found.\n'; echo 'Install PCOV: In Docker, add to Dockerfile: RUN install-php-extensions pcov\n'; exit(1); }"
+	@echo "Starting test environment..."
+	@$(TEST_COMPOSE) up -d --build --wait
+	@$(TEST_COMPOSE) exec php bin/console d:d:c -n --if-not-exists
+	@$(TEST_COMPOSE) exec php bin/console d:m:m -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:users -n 1 -f Test -l User
+	@$(TEST_COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:flags --purge -n
+	@$(TEST_COMPOSE) exec php php -d pcov.enabled=1 vendor/bin/phpunit --coverage-text
+	@$(TEST_COMPOSE) down
+
+qa: ## Run full quality assurance pipeline CS-FIXER PSALM PHPUNIT
+	@echo "=== Running Quality Assurance Pipeline ==="
+	@echo ""
+	@echo "1/5 Starting test environment..."
+	@$(TEST_COMPOSE) up -d --build --wait
+	@$(TEST_COMPOSE) exec php bin/console d:d:c -n --if-not-exists
+	@$(TEST_COMPOSE) exec php bin/console d:m:m -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:users -n 1 -f Test -l User
+	@$(TEST_COMPOSE) exec php bin/console app:populate:capitals --purge -n
+	@$(TEST_COMPOSE) exec php bin/console app:populate:flags --purge -n
+	@echo ""
+	@echo "2/5 Checking code style (PHP CS Fixer)..."
+	@$(TEST_COMPOSE) exec php vendor/bin/php-cs-fixer fix --dry-run --diff
+	@echo ""
+	@echo "3/5 Checking PSR-12 compliance (PHPCS)..."
+	@$(TEST_COMPOSE) exec php vendor/bin/phpcs src/ tests/ --standard=phpcs.xml.dist
+	@echo ""
+	@echo "4/5 Running Psalm static analysis..."
+	@$(TEST_COMPOSE) exec php vendor/bin/psalm
+	@echo ""
+	@echo "5/5 Running PHPUnit tests..."
+	@$(TEST_COMPOSE) exec php vendor/bin/phpunit
+	@echo ""
+	@echo "=== Quality Assurance Complete ==="
+	@$(TEST_COMPOSE) down
+
+pipeline: qa ## Alias for qa (run full pipeline like GitHub Actions)
+
+psalm: ## Run Psalm static analysis
+	@docker compose exec php vendor/bin/psalm --no-cache
+
+psalm-baseline-update: ## Update baseline file (new errors will not be added)
+	@docker compose exec php vendor/bin/psalm --no-cache --update-baseline
+
+cs-fix: ## Fix code style (PHP CS Fixer + PHPCS)
+	@echo "Fixing code style with PHP CS Fixer..."
+	@docker compose exec php vendor/bin/php-cs-fixer fix
+
+cs-check: ## Check code style without fixing (PHP CS Fixer only)
+	@echo "Checking code style with PHP CS Fixer..."
+	@docker compose exec php vendor/bin/php-cs-fixer check
+
+phpcs-check: ## Check line length and PSR-12 standards (PHPCS only)
+	@docker compose exec php vendor/bin/phpcs src/ tests/ --standard=phpcs.xml.dist
+
+phpcs-fix: ## Auto-fix line length and PSR-12 standards (PHPCS only)
+	@docker compose exec php vendor/bin/phpcbf src/ tests/ --standard=phpcs.xml.dist
+
+clean: ## Clean generated files
+	@rm -rf coverage/
+	@rm -rf .phpunit.cache/
+	@rm -f .php-cs-fixer.cache
+	@echo "Cleaned generated files"
+
+sh: ## Access PHP container shell
+	@docker compose exec php sh
+
+dumper: ## Start var-dump server
+	@docker compose exec php vendor/bin/var-dump-server
+
+network: ## Create Docker network
+	@docker network create backend-flags
+
+--:
+	@docker compose exec php sh -c "$(filter-out $@,$(MAKECMDGOALS) $(MAKEFLAGS))"
+
+t: ## Quick test filter (uses test containers): make t -- CorrectFlagEndpointTest
+	@$(TEST_COMPOSE) exec php vendor/bin/phpunit --filter "$(filter-out $@,$(MAKECMDGOALS) $(MAKEFLAGS))"
+
+cc: ## Delete all cache folders
+	rm -rf var/cache
+
+%:
+	@