chg: usr: add notification on activation too #4

.env.dist

@@ -9,10 +9,11 @@ APP_NAME=mineseeker
 # APP_PUBLIC_HOSTNAME: The public hostname for your application (used for generating absolute URLs in emails)
 # For production, set this to your domain (e.g., mineseeker.com)
 APP_PUBLIC_HOSTNAME=localhost
-# TRUSTED_PROXIES: IPs/CIDRs of trusted reverse proxies (needed for correct URL scheme detection in emails)
+# TRUSTED_PROXIES: Only needed for bare-metal dev behind a reverse proxy
-# For Docker development, this is overridden in compose.override.yaml to "0.0.0.0/0"
+# For Docker development, this is set in compose.override.yaml
-# For production, set to your proxy's IP or Docker network CIDR (e.g., 172.18.0.0/16)
+# For production, set in PROD_ENV_FILE Gitea secret (use 172.18.0.0/16 initially)
-TRUSTED_PROXIES=127.0.0.1
+#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
+#TRUSTED_HOSTS=localhost,example.com
 ###< symfony/framework-bundle ###
 
 ###> doctrine/doctrine-bundle ###

config/packages/framework.yaml

@@ -10,6 +10,8 @@ framework:
 
   # Trust headers from reverse proxy (Caddy)
   # This ensures absolute_url() uses HTTPS scheme when behind a reverse proxy
+  # Production: TRUSTED_PROXIES from .env (Gitea secret)
+  # Development: TRUSTED_PROXIES from compose.override.yaml
   trusted_proxies: '%env(TRUSTED_PROXIES)%'
   trusted_headers: ['x-forwarded-for', 'x-forwarded-proto', 'x-forwarded-host', 'x-forwarded-port']
 

config/packages/prod/framework.yaml

@@ -0,0 +1,8 @@
+framework:
+  # In production with FrankenPHP, the reverse proxy (Caddy) is in the same container
+  # Requests come from 127.0.0.1, so we must trust that IP to process X-Forwarded-Proto headers
+  # TRUSTED_PROXIES is set in the .env file (stored in Gitea secrets)
+  # Typical value for Docker: 172.18.0.0/16 (or the specific Docker network CIDR)
+  # This must be provided by the PROD_ENV_FILE secret in Gitea
+  trusted_proxies: '%env(TRUSTED_PROXIES)%'
+  trusted_headers: ['x-forwarded-for', 'x-forwarded-proto', 'x-forwarded-host', 'x-forwarded-port']

src/Controller/SecurityController.php

@@ -19,6 +19,7 @@ use DateTime;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Attribute\AsController;
@@ -41,6 +42,12 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 #[AsController]
 class SecurityController extends AbstractController
 {
+    public function __construct(
+        #[Autowire(env: 'APP_CONTACT_MAIL_ADDRESS')]
+        private readonly string $appContactMailAddress,
+    ) {
+    }
+
     #[Route('/login', name: 'MineSeekerBundle_login')]
     public function login(AuthenticationUtils $authenticationUtils): Response
     {
@@ -92,6 +99,11 @@ class SecurityController extends AbstractController
                 UrlGeneratorInterface::ABSOLUTE_URL,
             );
 
+            /** Ensure HTTPS scheme in production */
+            if ($this->getParameter('kernel.environment') === 'prod') {
+                $activationUrl = str_replace('http://', 'https://', $activationUrl);
+            }
+
             $mailer->send(
                 new TemplatedEmail()
                     ->from('noreply@mineseeker.hu')
@@ -104,6 +116,19 @@ class SecurityController extends AbstractController
                     ])
             );
 
+            /** Send admin notification about new user registration */
+            $mailer->send(
+                new TemplatedEmail()
+                    ->from('noreply@mineseeker.hu')
+                    ->to($this->appContactMailAddress)
+                    ->subject('🎉 New User Registration: ' . $user->getUsername())
+                    ->htmlTemplate('emails/user_registration_notification.html.twig')
+                    ->context([
+                        'user'         => $user,
+                        'registeredAt' => new DateTime(),
+                    ])
+            );
+
             $this->addFlash('verify_email', $user->getEmail());
 
             return $this->redirectToRoute('MineSeekerBundle_register');
@@ -143,6 +168,11 @@ class SecurityController extends AbstractController
                     UrlGeneratorInterface::ABSOLUTE_URL,
                 );
 
+                /** Ensure HTTPS scheme in production */
+                if ($this->getParameter('kernel.environment') === 'prod') {
+                    $resetUrl = str_replace('http://', 'https://', $resetUrl);
+                }
+
                 $mailer->send(
                     new TemplatedEmail()
                         ->from('noreply@mineseeker.hu')
@@ -199,7 +229,7 @@ class SecurityController extends AbstractController
     }
 
     #[Route('/activate/{token}', name: 'MineSeekerBundle_activate')]
-    public function activate(string $token, EntityManagerInterface $em): Response
+    public function activate(string $token, EntityManagerInterface $em, MailerInterface $mailer): Response
     {
         $user = $em->getRepository(User::class)->findOneBy(['verificationToken' => $token]);
 
@@ -211,6 +241,19 @@ class SecurityController extends AbstractController
         $user->setIsVerified(true)->setVerificationToken(null);
         $em->flush();
 
+        /** Send admin notification about account activation */
+        $mailer->send(
+            new TemplatedEmail()
+                ->from('noreply@mineseeker.hu')
+                ->to($this->appContactMailAddress)
+                ->subject('✅ User Account Activated: ' . $user->getUsername())
+                ->htmlTemplate('emails/user_activation_notification.html.twig')
+                ->context([
+                    'user'        => $user,
+                    'activatedAt' => new DateTime(),
+                ])
+        );
+
         $this->addFlash('success', 'Your account is now active. Welcome, ' . $user->getUsername() . '!');
 
         return $this->redirectToRoute('MineSeekerBundle_login');

templates/emails/activation.html.twig

@@ -77,7 +77,7 @@
 <body>
 <div class="wrapper">
     <div class="logo">
-        <img src="{{ absolute_url(asset('images/mine-logo-txt.png')) }}" alt="MineSeeker"/>
+        <img src="{{ absolute_url(asset('images/mine-logo-txt.png')) | replace({'http://': 'https://'}) }}" alt="MineSeeker"/>
     </div>
     <div class="card">
         <h1>One step to go</h1>
@@ -100,4 +100,4 @@
     </div>
 </div>
 </body>
-</html>
+</html>

templates/emails/reset_password.html.twig

@@ -91,7 +91,7 @@
 <body>
 <div class="wrapper">
   <div class="logo">
-    <img src="{{ absolute_url(asset('images/mine-logo-txt.png')) }}" alt="MineSeeker"/>
+    <img src="{{ absolute_url(asset('images/mine-logo-txt.png')) | replace({'http://': 'https://'}) }}" alt="MineSeeker"/>
   </div>
   <div class="card">
     <h1>Reset your password</h1>

templates/emails/user_activation_notification.html.twig

@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>User Account Activated</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+            line-height: 1.6;
+            color: #333;
+            max-width: 600px;
+            margin: 0 auto;
+            padding: 20px;
+        }
+        .header {
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            color: white;
+            padding: 30px;
+            border-radius: 8px 8px 0 0;
+            text-align: center;
+        }
+        .header h1 {
+            margin: 0;
+            font-size: 24px;
+        }
+        .content {
+            background: #f9f9f9;
+            padding: 30px;
+            border-radius: 0 0 8px 8px;
+        }
+        .field {
+            margin-bottom: 20px;
+        }
+        .field-label {
+            font-weight: 600;
+            color: #666;
+            font-size: 12px;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+            margin-bottom: 5px;
+        }
+        .field-value {
+            background: white;
+            padding: 12px;
+            border-radius: 4px;
+            border-left: 3px solid #667eea;
+        }
+        .footer {
+            margin-top: 20px;
+            padding-top: 20px;
+            border-top: 1px solid #ddd;
+            font-size: 12px;
+            color: #999;
+            text-align: center;
+        }
+    </style>
+</head>
+<body>
+    <div class="header">
+        <h1>✅ User Account Activated</h1>
+    </div>
+    <div class="content">
+        <div class="field">
+            <div class="field-label">Username</div>
+            <div class="field-value">
+                <strong>{{ user.username }}</strong>
+            </div>
+        </div>
+
+        <div class="field">
+            <div class="field-label">Email</div>
+            <div class="field-value">
+                <a href="mailto:{{ user.email }}">{{ user.email }}</a>
+            </div>
+        </div>
+
+        <div class="field">
+            <div class="field-label">Details</div>
+            <div class="field-value">
+                <strong>Activated:</strong> {{ activatedAt|date('Y-m-d H:i:s') }}<br>
+                <strong>Status:</strong> ✓ Email Verified - Account Active<br>
+                <strong>Email Verified:</strong> Yes
+            </div>
+        </div>
+
+        <div class="footer">
+            A user has successfully verified their email and activated their account on MineSeeker.<br>
+            They can now play games immediately.
+        </div>
+    </div>
+</body>
+</html>

templates/emails/user_registration_notification.html.twig

@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>New User Registration</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+            line-height: 1.6;
+            color: #333;
+            max-width: 600px;
+            margin: 0 auto;
+            padding: 20px;
+        }
+        .header {
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            color: white;
+            padding: 30px;
+            border-radius: 8px 8px 0 0;
+            text-align: center;
+        }
+        .header h1 {
+            margin: 0;
+            font-size: 24px;
+        }
+        .content {
+            background: #f9f9f9;
+            padding: 30px;
+            border-radius: 0 0 8px 8px;
+        }
+        .field {
+            margin-bottom: 20px;
+        }
+        .field-label {
+            font-weight: 600;
+            color: #666;
+            font-size: 12px;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+            margin-bottom: 5px;
+        }
+        .field-value {
+            background: white;
+            padding: 12px;
+            border-radius: 4px;
+            border-left: 3px solid #667eea;
+        }
+        .footer {
+            margin-top: 20px;
+            padding-top: 20px;
+            border-top: 1px solid #ddd;
+            font-size: 12px;
+            color: #999;
+            text-align: center;
+        }
+    </style>
+</head>
+<body>
+    <div class="header">
+        <h1>👤 New User Registration</h1>
+    </div>
+    <div class="content">
+        <div class="field">
+            <div class="field-label">Username</div>
+            <div class="field-value">
+                <strong>{{ user.username }}</strong>
+            </div>
+        </div>
+
+        <div class="field">
+            <div class="field-label">Email</div>
+            <div class="field-value">
+                <a href="mailto:{{ user.email }}">{{ user.email }}</a>
+            </div>
+        </div>
+
+        <div class="field">
+            <div class="field-label">Details</div>
+            <div class="field-value">
+                <strong>Registered:</strong> {{ registeredAt|date('Y-m-d H:i:s') }}<br>
+                <strong>Status:</strong> {% if user.isVerified %}✓ Verified{% else %}⏳ Awaiting Email Verification{% endif %}<br>
+                <strong>Email Verified:</strong> {% if user.isVerified %}Yes{% else %}No - activation link sent{% endif %}
+            </div>
+        </div>
+
+        <div class="footer">
+            A new user has registered on MineSeeker.<br>
+            User must verify their email before account is fully activated.
+        </div>
+    </div>
+</body>
+</html>