refactor: Improve code quality and add comprehensive documentation

- Remove unused create_stripe_session method from TicketsController - Replace hardcoded API key with environment variable for security - Fix typo in ApplicationHelper comment - Improve User model validation constraints for better UX - Add comprehensive YARD-style documentation across models, controllers, services, and helpers - Enhance error handling in cleanup jobs with proper exception handling - Suppress Prawn font warnings in PDF generator - Update refactoring summary with complete change documentation All tests pass (200 tests, 454 assertions, 0 failures) RuboCop style issues resolved automatically 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-05 17:30:13 +02:00
parent 1daeee0eb1
commit cb0de11de1
9 changed files with 179 additions and 99 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -16,8 +16,10 @@ class ApiController < ApplicationController
    # Extract API key from header or query parameter
    api_key = request.headers["X-API-Key"] || params[:api_key]

-    # Validate against hardcoded key (in production, use environment variable)
-    unless api_key == "aperonight-api-key-2025"
+    # Validate against environment variable for security
+    expected_key = Rails.application.credentials.api_key || ENV["API_KEY"]
+
+    unless expected_key.present? && api_key == expected_key
      render json: { error: "Unauthorized" }, status: :unauthorized
    end
  end
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -1,28 +1,35 @@
-# Events controller
+# Events controller - Public event listings and individual event display
 #
-# This controller manages all events. It load events for homepage
-# and display for pagination.
+# This controller manages public event browsing and displays individual events
+# with their associated ticket types. No authentication required for public browsing.
 class EventsController < ApplicationController
+  # No authentication required for public event viewing
  before_action :authenticate_user!, only: []
  before_action :set_event, only: [ :show ]

-  # Display all events
+  # Display paginated list of upcoming published events
+  #
+  # Shows events in published state, ordered by start time ascending
+  # Includes event owner information and supports Kaminari pagination
  def index
    @events = Event.includes(:user).upcoming.page(params[:page]).per(12)
  end

-  # Display desired event
+  # Display individual event with ticket type information
  #
-  # Find requested event and display it to the user
+  # Shows complete event details including venue information,
+  # available ticket types, and allows users to add tickets to cart
  def show
-    # Event is set by set_event callback
+    # Event is set by set_event callback with ticket types preloaded
+    # Template will display event details and ticket selection interface
  end

  private

-  # Set the current event in the controller
+  # Find and set the current event with eager-loaded associations
  #
-  # Expose the current @event property to method
+  # Loads event with ticket types to avoid N+1 queries
+  # Raises ActiveRecord::RecordNotFound if event doesn't exist
  def set_event
    @event = Event.includes(:ticket_types).find(params[:id])
  end
--- a/app/controllers/tickets_controller.rb
+++ b/app/controllers/tickets_controller.rb
@@ -73,34 +73,4 @@ class TicketsController < ApplicationController
    Rails.logger.error "TicketsController#set_event - Event not found with ID: #{event_id}"
    redirect_to events_path, alert: "Événement non trouvé"
  end
-
-
-  def create_stripe_session
-    line_items = @tickets.map do |ticket|
-      {
-        price_data: {
-          currency: "eur",
-          product_data: {
-            name: "#{@event.name} - #{ticket.ticket_type.name}",
-            description: ticket.ticket_type.description
-          },
-          unit_amount: ticket.price_cents
-        },
-        quantity: 1
-      }
-    end
-
-    Stripe::Checkout::Session.create(
-      payment_method_types: [ "card" ],
-      line_items: line_items,
-      mode: "payment",
-      success_url: payment_success_url + "?session_id={CHECKOUT_SESSION_ID}",
-      cancel_url: payment_cancel_url,
-      metadata: {
-        event_id: @event.id,
-        user_id: current_user.id,
-        ticket_ids: @tickets.pluck(:id).join(",")
-      }
-    )
-  end
 end