6 Commits

Author	SHA1	Message	Date
matthieu	8986f3cb0e	feat(mail) : security.yaml - access_control ^/api/mail (IS_AUTHENTICATED_FULLY) ... - ajoute la regle ^/api/mail avant ^/api pour expliciter l'authentification requise - les checks fins ROLE_USER vs ROLE_CLIENT restent dans MailAccessChecker (chaque controller) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-20 00:15:49 +02:00
Matthieu	fd3097cc26	chore(backend) : rate limiting, cache-control, remove twig, clean deps ... - Add login_throttling on /login_check (5 attempts/min) with symfony/rate-limiter - Add Cache-Control: public, max-age=86400 on avatar responses - Remove symfony/twig-bundle (unused in API-only project) - Remove unused dev deps: symfony/browser-kit, symfony/css-selector - Rename API Platform title to "Lesstime API" Tickets: T-010, T-016, T-022, T-024, T-025 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-17 15:27:16 +01:00
Matthieu	3d4b7fad12	fix(mcp) : allow unauthenticated GET on /_mcp for SSE streaming ... Claude Code MCP HTTP client sends GET SSE requests without the Authorization header, breaking the streamable HTTP transport. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 09:15:29 +01:00
matthieu	e16fd2053e	feat : MCP server infrastructure setup ... Install symfony/mcp-bundle, add STDIO + HTTP transport config, API token auth on User entity with custom authenticator and firewall, generate-api-token console command, Nginx /_mcp location, fixture token. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-15 19:33:52 +01:00
matthieu	05e24db6ca	feat(security) : add role hierarchy for client portal ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-15 19:21:28 +01:00
tristan	47562fbdec	feat : config + login	2026-03-08 19:47:19 +01:00