fix: cleaner monitor logging

.env

@@ -42,3 +42,20 @@ REDIS_HOST=redis://redis
 ###> symfony/mailer ###
 MAILER_DSN=null://null
 ###< symfony/mailer ###
+
+AUTH_METHOD=form_login
+
+###> drenso/symfony-oidc-bundle ###
+OIDC_WELL_KNOWN_URL="https://oidc/.well-known"
+OIDC_CLIENT_ID="Enter your OIDC client id"
+OIDC_CLIENT_SECRET="Enter your OIDC client secret"
+OIDC_BYPASS_FORM_LOGIN=false
+###< drenso/symfony-oidc-bundle ###
+
+
+SMTP_HOST=
+SMTP_USER=
+SMTP_PASS=
+SMTP_PORT=
+SMTP_FROM=
+SMTP_FROM_NAME=""

assets/controllers.json

@@ -1,5 +1,23 @@
 {
     "controllers": {
+        "@spomky-labs/pwa-bundle": {
+            "connection-status": {
+                "enabled": true,
+                "fetch": "eager"
+            },
+            "backgroundsync-form": {
+                "enabled": true,
+                "fetch": "eager"
+            },
+            "sync-broadcast": {
+                "enabled": true,
+                "fetch": "eager"
+            },
+            "prefetch-on-demand": {
+                "enabled": true,
+                "fetch": "eager"
+            }
+        },
         "@symfony/ux-autocomplete": {
             "autocomplete": {
                 "enabled": true,

bash/caddy/Caddyfile

@@ -1,6 +1,11 @@
-dev.caldwell.digital:443
+{
+    log {
+        level DEBUG
+    }
+}
 
-tls /etc/ssl/wildcard.crt /etc/ssl/wildcard.pem
-
-reverse_proxy app:80
+dev.caldwell.digital:443 {
+    tls /etc/ssl/wildcard.crt /etc/ssl/wildcard.pem
 
+    reverse_proxy app:80
+}

compose.yml

@@ -2,6 +2,7 @@ services:
   caddy:
     image: caddy:2.9.1
     restart: unless-stopped
+    tty: true
     cap_add:
       - NET_ADMIN
     ports:

composer.json

@@ -16,6 +16,7 @@
         "doctrine/doctrine-migrations-bundle": "^3.4",
         "doctrine/orm": "^3.3",
         "dragonmantank/cron-expression": "^3.4",
+        "drenso/symfony-oidc-bundle": "^4.2",
         "guzzlehttp/guzzle": "^7.9",
         "league/pipeline": "^1.1",
         "nesbot/carbon": "^3.9",
@@ -26,6 +27,7 @@
         "php-tmdb/api": "^4.1",
         "predis/predis": "^2.4",
         "runtime/frankenphp-symfony": "^0.2.0",
+        "spomky-labs/pwa-bundle": "^1.2",
         "stof/doctrine-extensions-bundle": "^1.14",
         "symfony/asset": "7.3.*",
         "symfony/console": "7.3.*",
@@ -36,10 +38,12 @@
         "symfony/flex": "^2",
         "symfony/form": "7.3.*",
         "symfony/framework-bundle": "7.3.*",
+        "symfony/http-client": "7.3.*",
         "symfony/ldap": "7.3.*",
         "symfony/mailer": "7.3.*",
         "symfony/mercure-bundle": "^0.3.9",
         "symfony/messenger": "7.3.*",
+        "symfony/monolog-bundle": "^3.10",
         "symfony/runtime": "7.3.*",
         "symfony/scheduler": "7.3.*",
         "symfony/security-bundle": "7.3.*",
@@ -54,7 +58,8 @@
         "symfonycasts/reset-password-bundle": "^1.23",
         "symfonycasts/tailwind-bundle": "^0.10.0",
         "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0"
+        "twig/twig": "^2.12|^3.0",
+        "web-token/jwt-library": "^4.0"
     },
     "config": {
         "allow-plugins": {

config/bundles.php

@@ -21,4 +21,7 @@ return [
     Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true],
     Symfony\UX\Autocomplete\AutocompleteBundle::class => ['all' => true],
     SymfonyCasts\Bundle\ResetPassword\SymfonyCastsResetPasswordBundle::class => ['all' => true],
+    Drenso\OidcBundle\DrensoOidcBundle::class => ['all' => true],
+    SpomkyLabs\PwaBundle\SpomkyLabsPwaBundle::class => ['all' => true],
+    Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
 ];

config/packages/drenso_oidc.yaml

@@ -0,0 +1,19 @@
+drenso_oidc:
+    #default_client: default # The default client, will be aliased to OidcClientInterface
+    clients:
+        default: # The client name, each client will be aliased to its name (for example, $defaultOidcClient)
+            # Required OIDC client configuration
+            well_known_url: '%env(OIDC_WELL_KNOWN_URL)%'
+            client_id: '%env(OIDC_CLIENT_ID)%'
+            client_secret: '%env(OIDC_CLIENT_SECRET)%'
+            redirect_route: '/login/oidc/auth'
+
+            # Extra configuration options
+            #redirect_route: '/login_check'
+            #custom_client_headers: []
+
+        # Add any extra client
+        #link: # Will be accessible using $linkOidcClient
+            #well_known_url: '%env(LINK_WELL_KNOWN_URL)%'
+            #client_id: '%env(LINK_CLIENT_ID)%'
+            #client_secret: '%env(LINK_CLIENT_SECRET)%'

config/packages/monolog.yaml

@@ -0,0 +1,78 @@
+monolog:
+    channels:
+        - deprecation # Deprecations are logged in the dedicated "deprecation" channel when it exists
+        - monitor
+
+when@dev:
+    monolog:
+        handlers:
+            main:
+                type: stream
+                path: "%kernel.logs_dir%/%kernel.environment%.log"
+                level: debug
+                channels: ["!event"]
+            # uncomment to get logging in your browser
+            # you may have to allow bigger header sizes in your Web server configuration
+            #firephp:
+            #    type: firephp
+            #    level: info
+            #chromephp:
+            #    type: chromephp
+            #    level: info
+            console:
+                type: console
+                process_psr_3_messages: false
+                channels: ["!event", "!doctrine", "!console"]
+            monitor:
+                type: stream
+                action_level: debug
+                path: "%kernel.logs_dir%/monitors.log"
+                channels: [monitor]
+
+when@test:
+    monolog:
+        handlers:
+            main:
+                type: fingers_crossed
+                action_level: error
+                handler: nested
+                excluded_http_codes: [404, 405]
+                channels: ["!event"]
+            nested:
+                type: stream
+                path: "%kernel.logs_dir%/%kernel.environment%.log"
+                level: debug
+            monitor:
+                type: stream
+                action_level: info
+                path: "%kernel.logs_dir%/monitors.log"
+                channels: [monitor]
+
+when@prod:
+    monolog:
+        handlers:
+            main:
+                type: fingers_crossed
+                action_level: error
+                handler: nested
+                excluded_http_codes: [404, 405]
+                buffer_size: 50 # How many messages should be saved? Prevent memory leaks
+            nested:
+                type: stream
+                path: php://stderr
+                level: debug
+                formatter: monolog.formatter.json
+            console:
+                type: console
+                process_psr_3_messages: false
+                channels: ["!event", "!doctrine"]
+            deprecation:
+                type: stream
+                channels: [deprecation]
+                path: php://stderr
+                formatter: monolog.formatter.json
+            monitor:
+                type: stream
+                action_level: info
+                path: "%kernel.logs_dir%/monitors.log"
+                channels: [monitor]

config/packages/pwa.yaml

@@ -0,0 +1,21 @@
+pwa:
+  manifest:
+    enabled: true
+    name: "Torsearch"
+    short_name: "torsearch"
+    start_url: "/"
+    display: "standalone"
+    id: "/"
+    background_color: "#f98e44"
+    theme_color: "#083344"
+    description: Torsearch provides a simple and intuitive way to manage your personal media library.
+    icons:
+      - src: "icon.png"
+        sizes: [ 192 ]
+      - src: "icon.png"
+        sizes: [ 192 ]
+        purpose: maskable
+    categories:
+      - entertainment
+      - multimedia
+      - utilities

config/packages/security.yaml

@@ -10,6 +10,9 @@ security:
                 class: App\User\Framework\Entity\User
                 property: email
 
+        app_oidc:
+            id: App\User\Framework\Security\OidcUserProvider
+
         app_ldap:
             id: App\User\Framework\Security\LdapUserProvider
 
@@ -18,14 +21,20 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
-            lazy: true
-            provider: app_local
+            logout:
+                path: /logout
+            provider: app_oidc
             form_login:
                 login_path: app_login
                 check_path: app_login
                 enable_csrf: true
-            logout:
-                path: app_logout
+            oidc:
+                login_path: '/login/oidc'
+                check_path: '/login/oidc/auth'
+                enable_end_session_listener: true
+            http_basic:
+                realm: Secured Area
+            entry_point: form_login
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall

config/security.yaml

@@ -1,61 +0,0 @@
-security:
-    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
-    password_hashers:
-        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
-    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
-    providers:
-        users_in_memory: { memory: null }
-        app_local:
-            entity:
-                class: App\User\Framework\Entity\User
-                property: email
-
-        app_ldap:
-            id: App\User\Framework\Security\LdapUserProvider
-
-    firewalls:
-        dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js)/
-            security: false
-        main:
-            lazy: true
-            provider: app_ldap
-            entry_point: form_login_ldap
-            form_login_ldap:
-                login_path: app_login
-                check_path: app_login
-                enable_csrf: true
-                service: Symfony\Component\Ldap\Ldap
-                dn_string: '%env(LDAP_DN_STRING)%'
-            form_login:
-                login_path: app_login
-                check_path: app_login
-                enable_csrf: true
-            logout:
-                path: app_logout
-
-            # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#the-firewall
-
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
-
-    # Easy way to control access for large sections of your site
-    # Note: Only the *first* access control that matches will be used
-    access_control:
-        - { path: ^/reset-password, roles: PUBLIC_ACCESS }
-        - { path: ^/login, roles: PUBLIC_ACCESS }
-        - { path: ^/, roles: ROLE_USER } # Or ROLE_ADMIN, ROLE_SUPER_ADMIN,
-
-when@test:
-    security:
-        password_hashers:
-            # By default, password hashers are resource intensive and take time. This is
-            # important to generate secure password hashes. In tests however, secure hashes
-            # are not important, waste resources and increase test times. The following
-            # reduces the work factor to the lowest possible values.
-            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
-                algorithm: auto
-                cost: 4 # Lowest possible value for bcrypt
-                time_cost: 3 # Lowest possible value for argon
-                memory_cost: 10 # Lowest possible value for argon

config/services.yaml

@@ -6,6 +6,8 @@
 parameters:
     # App
     app.url: '%env(APP_URL)%'
+    app.env: '%env(default:app.default.env:APP_ENV)%'
+    app.version: '%env(default:app.default.version:APP_VERSION)%'
 
     # Debrid Services
     app.debrid.real_debrid.key: '%env(REAL_DEBRID_KEY)%'
@@ -31,10 +33,18 @@ parameters:
     app.cache.redis.host.default: 'redis://redis'
 
     # Various configs
+    app.default.env: 'prod'
     app.default.version: '0.dev'
     app.default.timezone: 'America/Chicago'
 
-    app.version: '%env(default:app.default.version:APP_VERSION)%'
+    # Auth
+    auth.default.method: 'form_login'
+    auth.method: '%env(default:auth.default.method:AUTH_METHOD)%'
+
+    auth.oidc.well_known_url: '%env(OIDC_WELL_KNOWN_URL)%'
+    auth.oidc.client_id: '%env(OIDC_CLIENT_ID)%'
+    auth.oidc.client_secret: '%env(OIDC_CLIENT_SECRET)%'
+    auth.oidc.bypass_form_login: '%env(bool:OIDC_BYPASS_FORM_LOGIN)%'
 
 services:
     # default configuration for services in *this* file

docs/examples/.env

@@ -7,6 +7,11 @@ APP_URL="https://dev.caldwell.digital"
 APP_SECRET="70169beadfbc8101c393cbfbba27a313"
 APP_ENV=prod
 
+# Mercure is a Caddy module built into the webserver
+# that facilitates the usage of websockets to transmit
+# real time data (download progress, etc.)
+MERCURE_JWT_SECRET="!ChangeThisMercureHubJWTSecretKey!"
+
 # Use the DATABASE_URL below to use the MariaDB container
 # provided in the example.compose.yml file, or remove this
 # line and fill in the details of your own MySQL/MariaDB server
@@ -19,39 +24,48 @@ DATABASE_URL="mysql://root:password@database:3306/app?serverVersion=10.6.19.2-Ma
 # This key is never saved anywhere
 # else and is passed to Torrentio
 # to retrieve download options
-#REAL_DEBRID_KEY=""
+REAL_DEBRID_KEY=""
 
-# Enter you TMDB API key
+# Enter your TMDB API key
 # This is used to provide rich search results
 # when searching for media and rendering the
 # Popular Movies and TV Shows section.
-#TMDB_API=
-
-REAL_DEBRID_KEY=""
-TMDB_API=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiI0ZTJjYjJhOGUzOGJhNjdiNjVhOGU1NGM0ZWI1MzhmOCIsIm5iZiI6MTczNzkyNjA0NC41NjQsInN1YiI6IjY3OTZhNTljYzdiMDFiNzJjNzIzZWM5YiIsInNjb3BlcyI6WyJhcGlfcmVhZCJdLCJ2ZXJzaW9uIjoxfQ.e8DbNe9qrSBC1y-ANRv-VWBAtls-ZS2r7aNCiI68mpw
-
-
-MERCURE_JWT_SECRET="!ChangeThisMercureHubJWTSecretKey!"
+TMDB_API=""
 
 # Use your own Redis instance or use the
 # below value to use the container included
 # in the example compose.yml file.
 REDIS_HOST="redis://redis"
 
+### Auth ###
+# Change to "oidc" to and provide the required
+# environment variables below to use OIDC auth.
+AUTH_METHOD=form_login
+
+# OIDC
+OIDC_WELL_KNOWN_URL=
+OIDC_CLIENT_ID=
+OIDC_CLIENT_SECRET=
+# Allows you to skip the login page and directly
+# rely on your IdP for auth.
+OIDC_BYPASS_FORM_LOGIN=
+
+
 # LDAP Config: To use LDAP, enter the below fields
 # and run 'php bin/console config:set auth.method ldap'
-LDAP_HOST=
-LDAP_PORT=
-LDAP_ENCRYPTION=
-LDAP_BASE_DN=
-LDAP_BIND_USER=
-LDAP_BIND_PASS=
-LDAP_DN_STRING=
-LDAP_UID_KEY="uid"
+# (LDAP is still in progress and not ready for use)
+#LDAP_HOST=
+#LDAP_PORT=
+#LDAP_ENCRYPTION=
+#LDAP_BASE_DN=
+#LDAP_BIND_USER=
+#LDAP_BIND_PASS=
+#LDAP_DN_STRING=
+#LDAP_UID_KEY="uid"
 # LDAP group that identifies an Admin
 # Users with this LDAP group will automatically
 # get the admin role in this system.
-LDAP_ADMIN_ROLE_DN=""
-LDAP_EMAIL_ATTRIBUTE=mail
-LDAP_USERNAME_ATTRIBUTE=uid
-LDAP_NAME_ATTRIBUTE=displayname
+#LDAP_ADMIN_ROLE_DN=""
+#LDAP_EMAIL_ATTRIBUTE=mail
+#LDAP_USERNAME_ATTRIBUTE=uid
+#LDAP_NAME_ATTRIBUTE=displayname

src/Base/Config/AppConfig.php

@@ -0,0 +1,105 @@
+<?php
+
+namespace App\Base\Config;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+class AppConfig implements ConfigInterface
+{
+    private array $messages = [];
+
+    public function __construct(
+        #[Autowire(param: 'app.env')]
+        private readonly ?string $appEnv = null,
+
+        #[Autowire(param: 'app.url')]
+        private readonly ?string $appUrl = null,
+
+        #[Autowire(param: 'app.debrid.real_debrid.key')]
+        private readonly ?string $realDebridApiKey = null,
+
+        #[Autowire(param: 'app.meta_provider.tmdb.key')]
+        private readonly ?string $tmdbApiKey = null,
+
+        #[Autowire(param: 'media.movies_path')]
+        private readonly ?string $moviesPath = null,
+
+        #[Autowire(param: 'media.tvshows_path')]
+        private readonly ?string $tvshowsPath = null,
+    ) {}
+
+    public function isValid(): bool
+    {
+        $valid = true;
+
+        if (false === $this->isVariableValid('APP_ENV', $this->appEnv)) {
+            $valid = false;
+        }
+
+        if (false === $this->isVariableValid('APP_URL', $this->appUrl)) {
+            $valid = false;
+        }
+
+        if (false === $this->isVariableValid('REAL_DEBRID_KEY', $this->realDebridApiKey)) {
+            $valid = false;
+        }
+
+        if (false === $this->isVariableValid('TMDB_API', $this->tmdbApiKey)) {
+            $valid = false;
+        }
+
+        if (false === $this->isVariableValid('MOVIES_PATH', $this->moviesPath)) {
+            $valid = false;
+        }
+
+        if (false === $this->isVariableValid('TVSHOWS_PATH', $this->tvshowsPath)) {
+            $valid = false;
+        }
+
+        return $valid;
+    }
+
+    public function getMessages(): array
+    {
+        return $this->messages;
+    }
+
+    private function isVariableValid($key, $value): bool
+    {
+        if ("" === $value || null === $value) {
+            $this->messages[] = "Your system is misconfigured. Please set the $key environment variable appropriately.";
+            return false;
+        }
+        return true;
+    }
+
+    public function getAppEnv(): ?string
+    {
+        return $this->appEnv;
+    }
+
+    public function getAppUrl(): ?string
+    {
+        return $this->appUrl;
+    }
+
+    public function getRealDebridApiKey(): ?string
+    {
+        return $this->realDebridApiKey;
+    }
+
+    public function getTmdbApiKey(): ?string
+    {
+        return $this->tmdbApiKey;
+    }
+
+    public function getMoviesPath(): ?string
+    {
+        return $this->moviesPath;
+    }
+
+    public function getTvshowsPath(): ?string
+    {
+        return $this->tvshowsPath;
+    }
+}

src/Base/Config/Auth/OidcConfig.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace App\Base\Config\Auth;
+
+use App\Base\Config\ConfigInterface;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+class OidcConfig implements ConfigInterface
+{
+    private array $messages = [];
+
+    public function __construct(
+        #[Autowire(param: 'auth.method')]
+        private readonly ?string $authMethod = null,
+
+        #[Autowire(param: 'auth.oidc.well_known_url')]
+        private readonly ?string $wellKnownUrl = null,
+
+        #[Autowire(param: 'auth.oidc.client_id')]
+        private readonly ?string $clientId = null,
+
+        #[Autowire(param: 'auth.oidc.client_secret')]
+        private readonly ?string $clientSecret = null,
+
+        #[Autowire(param: 'auth.oidc.bypass_form_login')]
+        private readonly ?bool $bypassFormLogin = null,
+    ) {}
+
+    public function isEnabled(): bool
+    {
+        return "oidc" === strtolower($this->authMethod);
+    }
+
+    public function isValid(): bool
+    {
+        $valid = true;
+
+        if (true === $this->isEnabled()) {
+            if (false === $this->isVariableValid("OIDC_CLIENT_ID", $this->clientId)) {
+                $valid = false;
+            }
+
+            if (false === $this->isVariableValid("OIDC_CLIENT_SECRET", $this->clientSecret)) {
+                $valid = false;
+            }
+
+            if (false === $this->isVariableValid("OIDC_WELL_KNOWN_URL", $this->wellKnownUrl)) {
+                $valid = false;
+            }
+        }
+
+        return $valid;
+    }
+
+    public function getWellKnownUrl(): ?string
+    {
+        return $this->wellKnownUrl;
+    }
+
+    public function getClientId(): ?string
+    {
+        return $this->clientId;
+    }
+
+    public function getClientSecret(): ?string
+    {
+        return $this->clientSecret;
+    }
+
+    public function getBypassFormLogin(): ?bool
+    {
+        return $this->bypassFormLogin;
+    }
+
+    public function getMessages(): array
+    {
+        return $this->messages;
+    }
+
+    private function isVariableValid(string $key, mixed $value): bool
+    {
+        if ("" === $value || null === $value) {
+            $this->messages[] = "Your OIDC is misconfigured. Please set the $key environment variable to the required value.";
+            return true;
+        }
+        return false;
+    }
+}

src/Base/Config/AuthConfig.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Base\Config;
+
+use App\Base\Config\Auth\OidcConfig;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+class AuthConfig implements ConfigInterface
+{
+    const AUTH_METHODS = ['form_login', 'oidc'];
+
+    private array $messages = [];
+
+    public function __construct(
+        #[Autowire(param: 'auth.method')]
+        private readonly ?string $authMethod,
+        private readonly OidcConfig $oidcConfig,
+    ) {}
+
+    public function isMethod(string $method): bool
+    {
+        return $this->getAuthMethod() === strtolower($method);
+    }
+
+    public function getAuthMethod(): string
+    {
+        return strtolower($this->authMethod);
+    }
+
+    public function getOidcConfig(): OidcConfig
+    {
+        return $this->oidcConfig;
+    }
+
+    public function isValid(): bool
+    {
+        $valid = true;
+        if (null === $this->getAuthMethod() || "" === $this->getAuthMethod()) {
+            $this->messages[] = "Your auth method is missing. Please set the AUTH_METHOD environment variable to your desired value. Valid options: [form_login, oidc].";
+            return false;
+        }
+
+        if (!in_array($this->getAuthMethod(), self::AUTH_METHODS, true)) {
+            $this->messages[] = "Your auth method is incorrect. Please set the AUTH_METHOD environment variable to your desired value. Valid options: [form_login, oidc].";
+            return false;
+        }
+
+        if ("oidc" === $this->getAuthMethod()) {
+            if (false === $this->oidcConfig->isValid()) {
+                $this->messages += $this->oidcConfig->getMessages();
+                $valid = false;
+            }
+        }
+
+        return $valid;
+    }
+
+    public function getMessages(): array
+    {
+        return $this->messages;
+    }
+}

src/Base/Config/ConfigInterface.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Base\Config;
+
+interface ConfigInterface
+{
+    /** Validates the config values are present and as expected */
+    public function isValid(): bool;
+
+    /** Holds the error messages so they can be logged */
+    public function getMessages(): array;
+}

src/Base/Config/SmtpConfig.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace App\Base\Config;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+class SmtpConfig implements ConfigInterface
+{
+    private array $messages = [];
+
+    /*
+     * SMTP is considered enabled if any of
+     * the parameters are set. If none are set,
+     * then the User must not need it.
+     */
+    private bool $isEnabled = false;
+
+    public function __construct(
+        #[Autowire(env: 'SMTP_HOST')]
+        private readonly ?string $smtpHost,
+        #[Autowire(env: 'SMTP_USER')]
+        private readonly ?string $smtpUser,
+        #[Autowire(env: 'SMTP_PASS')]
+        private readonly ?string $smtpPass,
+        #[Autowire(env: 'SMTP_PORT')]
+        private readonly ?string $smtpPort,
+        #[Autowire(env: 'SMTP_FROM')]
+        private readonly ?string $smtpFrom,
+        #[Autowire(env: 'SMTP_FROM_NAME')]
+        private readonly ?string $smtpFromName,
+    ) {
+        foreach (func_get_args() as $key => $value) {
+            if ("" !== $value && $value !== null) {
+                $this->isEnabled = true;
+            }
+        }
+    }
+
+    public function isEnabled(): bool
+    {
+        return $this->isEnabled;
+    }
+
+    public function getMessages(): array
+    {
+        return $this->messages;
+    }
+
+    public function isValid(): bool
+    {
+        if (false === $this->isEnabled) {
+            return true;
+        }
+
+        $valid = true;
+
+        $params = [
+            'SMTP_HOST' => $this->smtpHost,
+            'SMTP_USER' => $this->smtpUser,
+            'SMTP_PASS' => $this->smtpPass,
+            'SMTP_PORT' => $this->smtpPort,
+            'SMTP_FROM' => $this->smtpFrom,
+            'SMTP_FROM_NAME' => $this->smtpFromName,
+        ];
+
+        foreach ($params as $key => $value) {
+            if (false === $this->isVariableValid($key, $value)) {
+                $valid = false;
+            }
+        }
+
+        return $valid;
+    }
+
+    private function isVariableValid($key, $value): bool
+    {
+        if ("" === $value || null === $value) {
+            $this->messages[] = "Your SMTP is misconfigured. Please set the $key environment variable appropriately.";
+            return false;
+        }
+        return true;
+    }
+
+    public function getSmtpHost(): ?string
+    {
+        return $this->smtpHost;
+    }
+
+    public function getSmtpUser(): ?string
+    {
+        return $this->smtpUser;
+    }
+
+    public function getSmtpPass(): ?string
+    {
+        return $this->smtpPass;
+    }
+
+    public function getSmtpPort(): ?string
+    {
+        return $this->smtpPort;
+    }
+
+    public function getSmtpFrom(): ?string
+    {
+        return $this->smtpFrom;
+    }
+
+    public function getSmtpFromName(): ?string
+    {
+        return $this->smtpFromName;
+    }
+}

src/Base/ConfigResolver.php

@@ -2,43 +2,60 @@
 
 namespace App\Base;
 
-use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use App\Base\Config\AppConfig;
+use App\Base\Config\AuthConfig;
+use App\Base\Config\SmtpConfig;
+use Psr\Log\LoggerInterface;
+use Symfony\Contracts\Cache\TagAwareCacheInterface;
 
 final class ConfigResolver
 {
     private array $messages = [];
 
     public function __construct(
-        #[Autowire(param: 'app.url')]
-        private readonly ?string $appUrl = null,
-
-        #[Autowire(param: 'app.debrid.real_debrid.key')]
-        private readonly ?string $realDebridApiKey = null,
-
-        #[Autowire(param: 'app.meta_provider.tmdb.key')]
-        private readonly ?string $tmdbApiKey = null,
-
-        #[Autowire(param: 'media.movies_path')]
-        private readonly ?string $moviesPath = null,
-
-        #[Autowire(param: 'media.tvshows.path')]
-        private readonly ?string $tvshowsPath = null,
+        private readonly LoggerInterface $logger,
+        private readonly TagAwareCacheInterface $cache,
+        private readonly AuthConfig $authConfig,
+        private readonly SmtpConfig $smtpConfig,
+        private readonly AppConfig $appConfig,
     ) {}
 
     public function validate(): bool
+    {
+        if ("prod" === strtolower($this->appConfig->getAppEnv())) {
+            return $this->cache->get('app.valid_config', function () {
+                return $this->doValidate();
+            });
+        } else {
+            return $this->doValidate();
+        }
+    }
+
+    private function doValidate(): bool
     {
         $valid = true;
 
-        if (null === $this->realDebridApiKey || "" === $this->realDebridApiKey) {
-            $this->messages[] = "Your Real Debrid API key is missing. Please set it to the 'REAL_DEBRID_KEY' environment variable.";
+        if (false === $this->appConfig->isValid()) {
+            $this->messages += $this->appConfig->getMessages();
             $valid = false;
         }
 
-        if (null === $this->tmdbApiKey || "" === $this->tmdbApiKey) {
-            $this->messages[] = "Your TMDB API key is missing. Please set it to the 'TMDB_API' environment variable.";
+        if (false === $this->authConfig->isValid()) {
+            $this->messages += $this->authConfig->getMessages();
             $valid = false;
         }
 
+        if (false === $this->smtpConfig->isValid()) {
+            $this->messages += $this->smtpConfig->getMessages();
+            $valid = false;
+        }
+
+        if (false === $valid) {
+            foreach ($this->messages as $message) {
+                $this->logger->error('> [ConfigResolver] ' . $message);
+            }
+        }
+
         return $valid;
     }
 
@@ -46,4 +63,19 @@ final class ConfigResolver
     {
         return $this->messages;
     }
+
+    public function getAuthConfig(): AuthConfig
+    {
+        return $this->authConfig;
+    }
+
+    public function authIs(string $method): bool
+    {
+        return $this->authConfig->isMethod($method);
+    }
+
+    public function getAuthMethod(): string
+    {
+        return $this->authConfig->getAuthMethod();
+    }
 }

src/Base/Framework/Command/ConfigSetCommand.php

@@ -11,7 +11,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'config:set',
-    description: 'Add a short description for your command',
+    description: '[deprecated] This command currently serves no use. It may be re-purposed or removed in the future.',
 )]
 class ConfigSetCommand extends Command
 {

src/Base/Framework/Command/SeedDatabaseCommand.php

@@ -15,7 +15,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'db:seed',
-    description: 'Seed the database with required data.',
+    description: 'Seeds the database with required data. This command is run every time a new container is created from the torsearch-app image and is part of the init process.',
 )]
 class SeedDatabaseCommand extends Command
 {

src/Base/Framework/Command/StartupStatusCommand.php

@@ -11,7 +11,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 
 #[AsCommand(
     name: 'startup:status',
-    description: 'Add a short description for your command',
+    description: 'Used by the Docker healthcheck system to signal when the container is healthy.',
 )]
 class StartupStatusCommand extends Command
 {

src/Base/Framework/Command/UserResetPasswordCommand.php

@@ -0,0 +1,112 @@
+<?php
+
+namespace App\Base\Framework\Command;
+
+use App\User\Framework\Repository\UserRepository;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+use Symfony\Component\Console\Style\SymfonyStyle;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+#[AsCommand(name: 'user:reset-password', description: 'Resets the password for the given user. Requires either the ID or email of the User. You will be asked for the password after running the command.')]
+class UserResetPasswordCommand extends Command
+{
+    private readonly Security $security;
+    private readonly UserRepository $userRepository;
+    private readonly UserPasswordHasherInterface $hasher;
+
+    public function __construct(
+        Security $security,
+        UserRepository $userRepository,
+        UserPasswordHasherInterface $hasher,
+    ) {
+        parent::__construct();
+        $this->security = $security;
+        $this->userRepository = $userRepository;
+        $this->hasher = $hasher;
+    }
+
+    protected function configure(): void
+    {
+        $this
+            ->addOption('id', null, InputOption::VALUE_REQUIRED, 'The ID of the user in the database.')
+            ->addOption('email', null, InputOption::VALUE_REQUIRED, 'The email of the user.')
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $queryParams = $this->parseInput($input, $io);
+        if ([] === $queryParams) {
+            $io->error('No ID or Email specified. Please run again and pass the "--id" or "--email" option.');
+            return Command::FAILURE;
+        }
+
+        $user = $this->userRepository->findOneBy($queryParams);
+        if (null === $user) {
+            $io->error('No such user exists.');
+            return Command::FAILURE;
+        }
+
+        try {
+            $newPassword = $this->askForPassword($input, $output);
+            $this->updateUsersPassword($user, $newPassword);
+        } catch (\Throwable $exception) {
+            $io->error($exception->getMessage());
+            return Command::FAILURE;
+        }
+
+        $io->success('Success. The password has been reset.');
+
+        return Command::SUCCESS;
+    }
+
+    private function parseInput(InputInterface $input, SymfonyStyle $io): array
+    {
+        if ($input->getOption('id')) {
+            return ['id' => $input->getOption('id')];
+        } elseif ($input->getOption('email')) {
+            return ['email' => $input->getOption('email')];
+        }
+
+        return [];
+    }
+
+    private function askForPassword(InputInterface $input, OutputInterface $output): ?string
+    {
+        $questionHelper = new QuestionHelper();
+        $question = new Question('New password (input is hidden): ')
+            ->setHidden(true)
+            ->setHiddenFallback(false)
+            ->setNormalizer(function (?string $value): string {
+                return $value ?? '';
+            })
+            ->setValidator(function (string $value): string {
+                if ('' === trim($value)) {
+                    throw new \Exception('The password cannot be empty');
+                }
+                return $value;
+            })
+            ->setMaxAttempts(5)
+        ;
+
+        return $questionHelper->ask($input, $output, $question);
+    }
+
+    private function updateUsersPassword(UserInterface $user, string $newPassword): void
+    {
+        $user->setPassword(
+            $this->hasher->hashPassword($user, $newPassword)
+        );
+        $this->userRepository->getEntityManager()->flush();
+    }
+}

src/Base/Framework/Controller/AlertController.php

@@ -2,7 +2,7 @@
 
 namespace App\Base\Framework\Controller;
 
-use App\Base\Util\Broadcaster;
+use App\Base\Service\Broadcaster;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;

src/Base/Framework/EventListener/KernelRequestValidateConfig.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Base\Framework\EventListener;
+
+use App\Base\ConfigResolver;
+use App\Base\Service\Broadcaster;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+
+final class KernelRequestValidateConfig
+{
+    public function __construct(
+        private readonly ConfigResolver $configResolver,
+        private readonly Broadcaster $broadcaster,
+    ) {}
+
+    #[AsEventListener(event: 'kernel.request', priority: 20)]
+    public function validateConfig(RequestEvent $event): void
+    {
+        if (false === $this->configResolver->validate()) {
+            $this->broadcaster->systemAlert('Ruh-roh', 'It looks like your system is misconfigured. Please search the application logs for strings starting with "[error] > [ConfigResolver]" to find more information.');
+        }
+    }
+}

src/Base/Service/Broadcaster.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Base\Util;
+namespace App\Base\Service;
 
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -15,7 +15,8 @@ readonly class Broadcaster
         private Environment $renderer,
         private HubInterface $hub,
         private RequestStack $requestStack,
-    ) {}
+    ) {
+    }
 
     public function alert(string $title, string $message, string $type = "success"): void
     {
@@ -31,4 +32,18 @@ readonly class Broadcaster
         );
         $this->hub->publish($update);
     }
+
+    public function systemAlert(string $title, string $message, string $type = "warning"): void
+    {
+        $update = new Update(
+            'system_alerts',
+            $this->renderer->render('broadcast/Alert.stream.html.twig', [
+                'alert_id' => uniqid(),
+                'title' => $title,
+                'message' => $message,
+                'type' => $type,
+            ])
+        );
+        $this->hub->publish($update);
+    }
 }

src/Download/Framework/Controller/ApiController.php

@@ -2,9 +2,8 @@
 
 namespace App\Download\Framework\Controller;
 
-use App\Base\Util\Broadcaster;
+use App\Base\Service\Broadcaster;
 use App\Download\Action\Handler\DeleteDownloadHandler;
-use App\Download\Action\Handler\DownloadSeasonHandler;
 use App\Download\Action\Handler\PauseDownloadHandler;
 use App\Download\Action\Handler\ResumeDownloadHandler;
 use App\Download\Action\Input\DeleteDownloadInput;
@@ -13,8 +12,6 @@ use App\Download\Action\Input\DownloadSeasonInput;
 use App\Download\Action\Input\PauseDownloadInput;
 use App\Download\Action\Input\ResumeDownloadInput;
 use App\Download\Framework\Repository\DownloadRepository;
-use App\User\Dto\UserPreferencesFactory;
-use Nihilarr\PTN;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Messenger\MessageBusInterface;

src/Monitor/Action/Handler/MonitorMovieHandler.php

@@ -1,76 +0,0 @@
-<?php
-
-namespace App\Monitor\Action\Handler;
-
-use App\Download\Action\Command\DownloadMediaCommand;
-use App\Monitor\Action\Command\MonitorMovieCommand;
-use App\Monitor\Action\Result\MonitorMovieResult;
-use App\Monitor\Framework\Entity\Monitor;
-use App\Monitor\Framework\Repository\MonitorRepository;
-use App\Monitor\Service\MonitorOptionEvaluator;
-use App\Torrentio\Action\Command\GetMovieOptionsCommand;
-use App\Torrentio\Action\Handler\GetMovieOptionsHandler;
-use DateTimeImmutable;
-use Doctrine\ORM\EntityManagerInterface;
-use OneToMany\RichBundle\Contract\CommandInterface;
-use OneToMany\RichBundle\Contract\HandlerInterface;
-use OneToMany\RichBundle\Contract\ResultInterface;
-use Psr\Log\LoggerInterface;
-use Symfony\Bundle\SecurityBundle\Security;
-use Symfony\Component\Messenger\MessageBusInterface;
-
-/** @implements HandlerInterface<MonitorMovieCommand> */
-readonly class MonitorMovieHandler implements HandlerInterface
-{
-    public function __construct(
-        private MonitorRepository $movieMonitorRepository,
-        private GetMovieOptionsHandler $getMovieOptionsHandler,
-        private EntityManagerInterface $entityManager,
-        private MessageBusInterface $bus,
-        private LoggerInterface $logger,
-        private Security $security,
-    ) {}
-
-    public function handle(CommandInterface $command): ResultInterface
-    {
-        $this->logger->info('> [MonitorMovieHandler] Executing MonitorMovieHandler');
-        /** @var Monitor $monitor */
-        $monitor = $this->movieMonitorRepository->find($command->movieMonitorId);
-        $monitor->setStatus('In Progress');
-
-        $this->logger->info('> [MonitorMovieHandler] Searching for "' . $monitor->getTitle() . '" download options');
-        $results = $this->getMovieOptionsHandler->handle(
-            new GetMovieOptionsCommand($monitor->getTmdbId(), $monitor->getImdbId())
-        );
-        $this->logger->info('> [MonitorMovieHandler] Found ' . count($results->results) . ' download options');
-
-        $result = $this->monitorOptionEvaluator->evaluateOptions($monitor, $results->results);
-
-        if (null !== $result) {
-            $this->logger->info('> [MonitorMovieHandler] 1 result found: dispatching DownloadMediaCommand for "' . $result->title . '"');
-            $this->bus->dispatch(new DownloadMediaCommand(
-                $result->url,
-                $monitor->getTitle(),
-                $result->filename,
-                'movies',
-                $monitor->getImdbId(),
-                $monitor->getUser()->getId(),
-            ));
-            $monitor->setStatus('Complete');
-            $monitor->setDownloadedAt(new DateTimeIMmutable());
-        } else {
-            $monitor->setStatus('Active');
-        }
-
-        $monitor->setLastSearch(new DateTimeImmutable());
-        $monitor->incrementSearchCount();
-        $this->entityManager->flush();
-
-        return new MonitorMovieResult(
-            status: 'OK',
-            result: [
-                'monitor' => $monitor,
-            ]
-        );
-    }
-}

src/Monitor/Action/Handler/MonitorTvEpisodeHandler.php

@@ -5,7 +5,6 @@ namespace App\Monitor\Action\Handler;
 use App\Base\Util\EpisodeId;
 use App\Download\Action\Command\DownloadMediaCommand;
 use App\Download\DownloadOptionEvaluator;
-use App\Download\Framework\Entity\Download;
 use App\Download\Framework\Repository\DownloadRepository;
 use App\Monitor\Action\Command\MonitorMovieCommand;
 use App\Monitor\Action\Result\MonitorTvEpisodeResult;
@@ -16,7 +15,6 @@ use App\Torrentio\Action\Handler\GetTvShowOptionsHandler;
 use App\User\Dto\UserPreferencesFactory;
 use Carbon\Carbon;
 use DateTimeImmutable;
-use Doctrine\ORM\EntityManagerInterface;
 use OneToMany\RichBundle\Contract\CommandInterface;
 use OneToMany\RichBundle\Contract\HandlerInterface;
 use OneToMany\RichBundle\Contract\ResultInterface;
@@ -29,7 +27,6 @@ readonly class MonitorTvEpisodeHandler implements HandlerInterface
     public function __construct(
         private GetTvShowOptionsHandler $getTvShowOptionsHandler,
         private DownloadOptionEvaluator $downloadOptionEvaluator,
-        private EntityManagerInterface $entityManager,
         private MessageBusInterface $bus,
         private LoggerInterface $logger,
         private MonitorRepository $monitorRepository,

src/Monitor/Action/Handler/MonitorTvShowHandler.php

@@ -18,19 +18,22 @@ use OneToMany\RichBundle\Contract\CommandInterface;
 use OneToMany\RichBundle\Contract\HandlerInterface;
 use OneToMany\RichBundle\Contract\ResultInterface;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\DependencyInjection\Attribute\Target;
 
 /** @implements HandlerInterface<MonitorMovieCommand> */
 readonly class MonitorTvShowHandler implements HandlerInterface
 {
     public function __construct(
+        #[Target('monitorLogger')]
+        private LoggerInterface $logger,
         private MonitorRepository $monitorRepository,
         private EntityManagerInterface $entityManager,
         private MonitorTvEpisodeHandler $monitorTvEpisodeHandler,
         private MediaFiles $mediaFiles,
-        private LoggerInterface $logger,
         private Tmdb $tmdb,
     ) {}
 
+
     public function handle(CommandInterface $command): ResultInterface
     {
         $this->logger->info('> [MonitorTvShowHandler] Executing MonitorTvShowHandler');

src/Monitor/Framework/Controller/ApiController.php

@@ -2,7 +2,7 @@
 
 namespace App\Monitor\Framework\Controller;
 
-use App\Base\Util\Broadcaster;
+use App\Base\Service\Broadcaster;
 use App\Monitor\Action\Handler\AddMonitorHandler;
 use App\Monitor\Action\Handler\DeleteMonitorHandler;
 use App\Monitor\Action\Input\AddMonitorInput;

src/Monitor/Framework/Scheduler/MonitorDispatcher.php

@@ -9,6 +9,7 @@ use App\Monitor\Action\Command\MonitorTvShowCommand;
 use App\Monitor\Framework\Repository\MonitorRepository;
 use Carbon\Carbon;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\DependencyInjection\Attribute\Target;
 use Symfony\Component\Messenger\MessageBusInterface;
 use Symfony\Component\Scheduler\Attribute\AsCronTask;
 
@@ -16,13 +17,14 @@ use Symfony\Component\Scheduler\Attribute\AsCronTask;
 class MonitorDispatcher
 {
     public function __construct(
+        #[Target('monitorLogger')]
         private readonly LoggerInterface $logger,
         private readonly MonitorRepository $monitorRepository,
         private readonly MessageBusInterface $bus,
     ) {}
 
     public function __invoke() {
-        $this->logger->info('[MonitorDispatcher] Executing MonitorDispatcher');
+        $this->logger->info('[MonitorDispatcher] > Executing MonitorDispatcher');
 
         $this->cleanupStuckMonitors();
 
@@ -34,15 +36,19 @@ class MonitorDispatcher
         ];
 
         $monitors = $this->monitorRepository->findBy(['status' => ['New', 'Active']]);
+        $this->logger->info('[MonitorDispatcher]   ' . count($monitors) . ' monitors found');
 
         foreach ($monitors as $monitor) {
+            $this->logger->info('[MonitorDispatcher]   - Evaluating monitor ' . $monitor->getId() . ' for "' . $monitor->getTitle() . '"');
             $monitor->setStatus('In Progress');
             $this->monitorRepository->getEntityManager()->flush();
 
             $command = $monitorHandlers[$monitor->getMonitorType()];
-            $this->logger->info('[MonitorDispatcher] Dispatching ' . $command . ' for ' . $monitor->getTitle());
+            $this->logger->info('[MonitorDispatcher]     Dispatching ' . $command . ' for ' . $monitor->getTitle());
             $this->bus->dispatch(new $command($monitor->getId()));
         }
+
+        $this->logger->info('[MonitorDispatcher] < Complete');
     }
 
     private function cleanupStuckMonitors(): void

src/Torrentio/Framework/Controller/WebController.php

@@ -2,7 +2,7 @@
 
 namespace App\Torrentio\Framework\Controller;
 
-use App\Base\Util\Broadcaster;
+use App\Base\Service\Broadcaster;
 use App\Torrentio\Action\Handler\GetMovieOptionsHandler;
 use App\Torrentio\Action\Handler\GetTvShowOptionsHandler;
 use App\Torrentio\Action\Input\GetMovieOptionsInput;

src/Torrentio/Result/ResultFactory.php

@@ -2,7 +2,7 @@
 
 namespace App\Torrentio\Result;
 
-use App\Base\Util\CountryLanguages;
+use App\User\Database\CountryLanguages;
 use Nihilarr\PTN;
 
 class ResultFactory

src/Twig/Components/Filter.php

@@ -3,7 +3,7 @@
 namespace App\Twig\Components;
 
 use Aimeos\Map;
-use App\Base\Util\QualityList;
+use App\User\Database\QualityList;
 use App\User\Framework\Repository\PreferencesRepository;
 use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\UX\LiveComponent\Attribute\AsLiveComponent;

src/User/Database/CountryCodes.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Base\Util;
+namespace App\User\Database;
 
 class CountryCodes
 {

src/User/Database/CountryLanguages.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Base\Util;
+namespace App\User\Database;
 
 class CountryLanguages
 {
@@ -137,4 +137,13 @@ class CountryLanguages
 
         return $countryLanguages[$countryName] ?? null;
     }
+
+    public static function asSelectOptions(): array
+    {
+        $result = [];
+        foreach (static::$languages as $language) {
+            $result[$language] = $language;
+        }
+        return $result;
+    }
 }

src/User/Database/ProviderList.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Base\Util;
+namespace App\User\Database;
 
 class ProviderList
 {
@@ -23,4 +23,13 @@ class ProviderList
     {
         return self::$providers;
     }
+
+    public static function asSelectOptions(): array
+    {
+        $result = [];
+        foreach (static::$providers as $provider) {
+            $result[$provider] = $provider;
+        }
+        return $result;
+    }
 }

src/User/Database/QualityList.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Base\Util;
+namespace App\User\Database;
 
 class QualityList
 {
@@ -100,6 +100,15 @@ class QualityList
         return array_search($key, self::$qualities) ?? null;
     }
 
+    public static function asSelectOptions(): array
+    {
+        $result = [];
+        foreach (array_keys(static::$qualities) as $quality) {
+            $result[$quality] = $quality;
+        }
+        return $result;
+    }
+
     public static function getAsReverseMap(): array
     {
         $results = [];

src/User/Framework/Controller/Web/LoginController.php

@@ -2,22 +2,30 @@
 
 namespace App\User\Framework\Controller\Web;
 
+use App\Base\ConfigResolver;
 use App\User\Framework\Repository\UserRepository;
 use Doctrine\Common\Collections\ArrayCollection;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 
 class LoginController extends AbstractController
 {
     #[Route(path: '/login', name: 'app_login')]
-    public function login(AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
+    public function login(ConfigResolver $config, AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
     {
         if ((new ArrayCollection($userRepository->findAll()))->count() === 0) {
             return $this->redirectToRoute('app_getting_started');
         }
 
+        if ($config->authIs('oidc') && true === $config->getAuthConfig()->getOidcConfig()->getBypassFormLogin()) {
+            return $this->redirectToRoute('app_login_oidc');
+        }
+
         // get the login error if there is one
         $error = $authenticationUtils->getLastAuthenticationError();
 
@@ -25,13 +33,14 @@ class LoginController extends AbstractController
         $lastUsername = $authenticationUtils->getLastUsername();
 
         return $this->render('user/login.html.twig', [
+            'show_oidc_button' => $config->authIs('oidc'),
             'last_username' => $lastUsername,
             'error' => $error,
         ]);
     }
 
     #[Route(path: '/logout', name: 'app_logout')]
-    public function logout(): void
+    public function logout(Security $security, Request $request): void
     {
         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
     }

src/User/Framework/Controller/Web/LoginOidcController.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\User\Framework\Controller\Web;
+
+use App\Base\ConfigResolver;
+use App\Base\Service\Broadcaster;
+use Drenso\OidcBundle\OidcClientInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Attribute\Route;
+
+class LoginOidcController extends AbstractController
+{
+
+    public function __construct(
+        private ConfigResolver $configResolver,
+        private Broadcaster $broadcaster,
+    ) {}
+
+    #[Route('/login/oidc', name: 'app_login_oidc')]
+    public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
+    {
+        if (false === $this->configResolver->authIs('oidc')) {
+            $this->broadcaster->systemAlert('Your authentication must be set to "oidc" in order to login with OIDC.', 'warning');
+            return $this->redirectToRoute('app_login');
+        }
+
+        // Redirect to authorization @ OIDC provider
+        return $oidcClient->generateAuthorizationRedirect(scopes: ['openid', 'profile']);
+    }
+
+    #[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
+    public function oidcAuthenticate(): RedirectResponse
+    {
+        if (false === $this->configResolver->authIs('oidc')) {
+            throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
+        }
+
+        throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
+    }
+
+    #[Route('/logout/oidc', 'app_logout_oidc')]
+    public function oidcLogout(OidcClientInterface $oidcClient, Request $request, Security $security): RedirectResponse
+    {
+        // ToDo: Configure multiple authentication methods and redirect to the form login here
+    }
+}

src/User/Framework/Controller/Web/PreferencesController.php

@@ -4,14 +4,16 @@ declare(strict_types=1);
 
 namespace App\User\Framework\Controller\Web;
 
-use App\Base\Util\Broadcaster;
-use App\Base\Util\CountryLanguages;
-use App\Base\Util\ProviderList;
-use App\Base\Util\QualityList;
+use App\Base\Service\Broadcaster;
 use App\User\Action\Handler\SaveUserDownloadPreferencesHandler;
 use App\User\Action\Handler\SaveUserMediaPreferencesHandler;
 use App\User\Action\Input\SaveUserDownloadPreferencesInput;
 use App\User\Action\Input\SaveUserMediaPreferencesInput;
+use App\User\Database\CountryLanguages;
+use App\User\Database\ProviderList;
+use App\User\Database\QualityList;
+use App\User\Dto\UserPreferencesFactory;
+use App\User\Framework\Form\GettingStartedFilterForm;
 use App\User\Framework\Repository\PreferencesRepository;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
@@ -41,6 +43,7 @@ class PreferencesController extends AbstractController
                 'qualities' => QualityList::getBaseQualities(),
                 'mediaPreferences' => $mediaPreferences,
                 'downloadPreferences' => $downloadPreferences,
+                'filterForm' => $this->createForm(GettingStartedFilterForm::class, (array) UserPreferencesFactory::createFromUser($this->getUser())),
             ]
         );
     }
@@ -72,6 +75,7 @@ class PreferencesController extends AbstractController
                 'qualities' => QualityList::getBaseQualities(),
                 'mediaPreferences' => $mediaPreferences,
                 'downloadPreferences' => $downloadPreferences,
+                'filterForm' => $this->createForm(GettingStartedFilterForm::class ?? null),
             ]
         );
     }

src/User/Framework/Controller/Web/RegistrationController.php

@@ -5,30 +5,22 @@ namespace App\User\Framework\Controller\Web;
 use App\User\Action\Command\RegisterUserCommand;
 use App\User\Action\Handler\RegisterUserHandler;
 use App\User\Framework\Entity\User;
+use App\User\Framework\Form\GettingStartedFilterForm;
 use App\User\Framework\Form\RegistrationFormType;
-use App\User\Framework\Pipeline\GettingStarted\AddPreferencesToDatabase;
-use App\User\Framework\Pipeline\GettingStarted\GettingStartedInput;
-use App\User\Framework\Pipeline\GettingStarted\MigrateDatabase;
-use App\User\Framework\Repository\PreferencesRepository;
 use App\User\Framework\Repository\UserRepository;
 use Doctrine\Common\Collections\ArrayCollection;
-use League\Pipeline\Pipeline;
-use Psr\Log\LoggerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\Routing\Attribute\Route;
 
 class RegistrationController extends AbstractController
 {
     public function __construct(private readonly RegisterUserHandler $registerUserHandler,
-        private readonly RequestStack $requestStack
-    )
-    {
-    }
+        private readonly RequestStack $requestStack,
+    ) {}
 
     #[Route('/register', name: 'app_register')]
     public function register(
@@ -57,7 +49,7 @@ class RegistrationController extends AbstractController
     }
 
     #[Route(path: '/getting-started', name: 'app_getting_started')]
-    public function gettingStarted(Request $request, Security $security, UserRepository $userRepository, PreferencesRepository $preferencesRepository, KernelInterface $kernel, LoggerInterface $logger): Response
+    public function gettingStarted(Request $request, Security $security, UserRepository $userRepository): Response
     {
         if ((new ArrayCollection($userRepository->findAll()))->count() !== 0) {
             return $this->redirectToRoute('app_index');
@@ -73,14 +65,42 @@ class RegistrationController extends AbstractController
                 password: $form->get('plainPassword')->getData(),
             ));
 
-            $security->login($user->user);
+            $security->login($user->user, 'form_login');
             $this->requestStack->getCurrentRequest()->getSession()->set('mercure_alert_topic', 'alerts_' . uniqid());
 
-            return $this->redirectToRoute('app_index');
+            return $this->redirectToRoute('app_getting_started_filter');
         }
 
-        return $this->render('user/getting-started.html.twig', [
+        return $this->render('user/getting_started/register-user.html.twig', [
             'registrationForm' => $form,
         ]);
     }
+
+    #[Route(path: '/getting-started/filter', name: 'app_getting_started_filter')]
+    public function gettingStartedPreferences(Request $request, UserRepository $userRepository): Response
+    {
+        if ((new ArrayCollection($userRepository->findAll()))->count() !== 0) {
+            return $this->redirectToRoute('app_index');
+        }
+
+        $form = $this->createForm(GettingStartedFilterForm::class);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            foreach ($form->getData() as $preference => $value) {
+                if (null !== $value) {
+                    $this->getUser()->updateUserPreference($preference, $value);
+                }
+            }
+            $userRepository->getEntityManager()->flush();
+            return $this->redirectToRoute('app_index');
+        }
+
+        return $this->render(
+            'user/getting_started/filter.html.twig',
+            [
+                'form' => $form,
+            ]
+        );
+    }
 }

src/User/Framework/Controller/Web/ResetPasswordController.php

@@ -2,20 +2,21 @@
 
 namespace App\User\Framework\Controller\Web;
 
+use App\Base\ConfigResolver;
 use App\User\Framework\Entity\User;
 use App\User\Framework\Form\ChangePasswordForm;
 use App\User\Framework\Form\ResetPasswordRequestForm;
 use Doctrine\ORM\EntityManagerInterface;
+use Psr\Log\LoggerInterface;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Attribute\Route;
-use Symfony\Component\Security\Http\Attribute\IsGranted;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
 use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
@@ -28,7 +29,9 @@ class ResetPasswordController extends AbstractController
 
     public function __construct(
         private ResetPasswordHelperInterface $resetPasswordHelper,
-        private EntityManagerInterface $entityManager
+        private EntityManagerInterface $entityManager,
+        private readonly ConfigResolver $configResolver,
+        private readonly Security $security
     ) {
     }
 
@@ -36,17 +39,25 @@ class ResetPasswordController extends AbstractController
      * Display & process form to request a password reset.
      */
     #[Route('', name: 'app_forgot_password_request')]
-    public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
-    {
+    public function request(
+        Request $request,
+        MailerInterface $mailer,
+        LoggerInterface $logger
+    ): Response {
         $form = $this->createForm(ResetPasswordRequestForm::class);
         $form->handleRequest($request);
 
+        if ($this->configResolver->authIs('oidc')) {
+            $this->addFlash('reset_password_error', 'Your auth method is set to "oidc", so you will need to reset your password with your identity provider.');
+            return $this->render('user/reset_password/request.html.twig', [
+                'requestForm' => $form,
+            ])->setStatusCode(Response::HTTP_ACCEPTED);
+        }
+
         if ($form->isSubmitted() && $form->isValid()) {
             /** @var string $email */
             $email = $form->get('email')->getData();
-
-            return $this->processSendingPasswordResetEmail($email, $mailer, $translator
-            );
+            return $this->processSendingPasswordResetEmail($email, $mailer, $logger);
         }
 
         return $this->render('user/reset_password/request.html.twig', [
@@ -75,8 +86,12 @@ class ResetPasswordController extends AbstractController
      * Validates and process the reset URL that the user clicked in their email.
      */
     #[Route('/reset/{token}', name: 'app_reset_password')]
-    public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator, ?string $token = null): Response
-    {
+    public function reset(
+        Request $request,
+        UserPasswordHasherInterface $passwordHasher,
+        TranslatorInterface $translator,
+        ?string $token = null
+    ): Response {
         if ($token) {
             // We store the token in session and remove it from the URL, to avoid the URL being
             // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
@@ -130,8 +145,11 @@ class ResetPasswordController extends AbstractController
         ]);
     }
 
-    private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer, TranslatorInterface $translator): RedirectResponse
-    {
+    private function processSendingPasswordResetEmail(
+        string $emailFormData,
+        MailerInterface $mailer,
+        LoggerInterface $logger
+    ): RedirectResponse {
         $user = $this->entityManager->getRepository(User::class)->findOneBy([
             'email' => $emailFormData,
         ]);
@@ -144,21 +162,17 @@ class ResetPasswordController extends AbstractController
         try {
             $resetToken = $this->resetPasswordHelper->generateResetToken($user);
         } catch (ResetPasswordExceptionInterface $e) {
-            // If you want to tell the user why a reset email was not sent, uncomment
-            // the lines below and change the redirect to 'app_forgot_password_request'.
-            // Caution: This may reveal if a user is registered or not.
-            //
-            // $this->addFlash('reset_password_error', sprintf(
-            //     '%s - %s',
-            //     $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
-            //     $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
-            // ));
+            $logger->error('> [ResetPasswordController@processSendingPasswordResetEmail] ' . $e->getMessage());
+
+            $this->addFlash(
+                'reset_password_error',
+                'Your password reset token could not be generated. If you\'re the system administrator, check the server logs for more details.'
+            );
 
             return $this->redirectToRoute('app_check_email');
         }
 
         $email = (new TemplatedEmail())
-            ->from(new Address('notify@caldwell.digital', 'Torsearch'))
             ->to((string) $user->getEmail())
             ->subject('Your password reset request')
             ->htmlTemplate('user/reset_password/email.html.twig')

src/User/Framework/EventListener/LoginSuccessListener.php

@@ -3,7 +3,7 @@
 namespace App\User\Framework\EventListener;
 
 use App\Base\ConfigResolver;
-use App\Base\Util\Broadcaster;
+use App\Base\Service\Broadcaster;
 use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;

src/User/Framework/Form/GettingStartedFilterForm.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace App\User\Framework\Form;
+
+use Aimeos\Map;
+use App\User\Database\CountryLanguages;
+use App\User\Database\ProviderList;
+use App\User\Database\QualityList;
+use App\User\Framework\Repository\PreferenceOptionRepository;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+class GettingStartedFilterForm extends AbstractType
+{
+    public function __construct(
+        private readonly PreferenceOptionRepository $preferenceOptionRepository,
+    ) {}
+
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $this->addChoiceField($builder, 'language', CountryLanguages::asSelectOptions());
+        $this->addChoiceField($builder, 'quality', QualityList::asSelectOptions());
+        $this->addChoiceField($builder, 'provider', ProviderList::asSelectOptions());
+        $this->addChoiceField($builder, 'resolution', $this->getPreferenceChoices('resolution'));
+        $this->addChoiceField($builder, 'codec', $this->getPreferenceChoices('codec'));
+    }
+
+    private function addChoiceField(FormBuilderInterface $builder, string $fieldName, array $choices): void
+    {
+        $question = [
+            'attr' => ['class' => 'w-full text-input mb-4'],
+            'label_attr' => ['class' => 'w-full block font-semibold'],
+            'choices' => $this->addDefaultChoice($choices),
+        ];
+        $builder->add($fieldName, ChoiceType::class, $question);
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([]);
+    }
+
+    private function getPreferenceChoices(string $preference): array
+    {
+        $options = $this->preferenceOptionRepository->findBy(['preference' => $preference]);
+        $result = [];
+        foreach ($options as $item) {
+            $result[$item->getName()] = $item->getId();
+        }
+        return $result;
+    }
+
+    private function addDefaultChoice(array $choices): iterable
+    {
+        return ['n/a' => null] + $choices;
+    }
+}

src/User/Framework/Form/RegistrationFormType.php

@@ -27,7 +27,7 @@ class RegistrationFormType extends AbstractType
                         'message' => 'Please enter a password',
                     ]),
                     new Length([
-                        'min' => 6,
+                        'min' => 8,
                         'minMessage' => 'Your password should be at least {{ limit }} characters',
                         // max length allowed by Symfony for security reasons
                         'max' => 4096,

src/User/Framework/Security/OidcUserProvider.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace App\User\Framework\Security;
+
+use App\User\Framework\Entity\User;
+use App\User\Framework\Repository\UserRepository;
+use Drenso\OidcBundle\Model\OidcTokens;
+use Drenso\OidcBundle\Model\OidcUserData;
+use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
+use Symfony\Component\Security\Core\User\OidcUser;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class OidcUserProvider implements OidcUserProviderInterface
+{
+    public function __construct(
+        private readonly UserRepository $userRepository,
+    ) {}
+
+    public function ensureUserExists(string $userIdentifier, OidcUserData $userData, OidcTokens $tokens): void
+    {
+        $user = $this->userRepository->findOneBy(['email' => $userIdentifier]);
+
+        if (null === $user) {
+            $user = new User()
+                ->setEmail(!empty($userData->getEmail()) ? $userData->getEmail() : $userData->getSub())
+                ->setName(!empty($userData->getFullName()) ? $userData->getFullName() : $userData->getGivenName())
+                ->setPassword('n/a')
+                ;
+            $this->userRepository->getEntityManager()->persist($user);
+            $this->userRepository->getEntityManager()->flush();
+        }
+    }
+
+    public function loadOidcUser(string $userIdentifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $userIdentifier]);
+    }
+
+    public function refreshUser(UserInterface $user): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $user->getUserIdentifier()]);
+    }
+
+    public function supportsClass(string $class): bool
+    {
+        return User::class === $class || OidcUser::class === $class || is_subclass_of($class, User::class);
+    }
+
+    public function loadUserByIdentifier(string $identifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $identifier]);
+    }
+}

symfony.lock

@@ -50,6 +50,18 @@
             "migrations/.gitignore"
         ]
     },
+    "drenso/symfony-oidc-bundle": {
+        "version": "4.2",
+        "recipe": {
+            "repo": "github.com/symfony/recipes-contrib",
+            "branch": "main",
+            "version": "2.0",
+            "ref": "e2b975158d940a191f48e3ff2c59108a1d7225e6"
+        },
+        "files": [
+            "config/packages/drenso_oidc.yaml"
+        ]
+    },
     "php-http/discovery": {
         "version": "1.20",
         "recipe": {
@@ -74,6 +86,9 @@
             "phpstan.dist.neon"
         ]
     },
+    "spomky-labs/pwa-bundle": {
+        "version": "1.2.5"
+    },
     "stof/doctrine-extensions-bundle": {
         "version": "1.14",
         "recipe": {
@@ -202,6 +217,18 @@
             "config/packages/messenger.yaml"
         ]
     },
+    "symfony/monolog-bundle": {
+        "version": "3.10",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "3.7",
+            "ref": "aff23899c4440dd995907613c1dd709b6f59503f"
+        },
+        "files": [
+            "config/packages/monolog.yaml"
+        ]
+    },
     "symfony/property-info": {
         "version": "7.3",
         "recipe": {

templates/bare.html.twig

@@ -3,6 +3,7 @@
     <head>
         <meta charset="UTF-8">
         <meta name="viewport" content="width=device-width, initial-scale=1" />
+        {{ pwa() }}
         <title>{% block title %}Welcome!{% endblock %}</title>
         <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 128 128%22><text y=%221.2em%22 font-size=%2296%22>⚫️</text><text y=%221.3em%22 x=%220.2em%22 font-size=%2276%22 fill=%22%23fff%22>sf</text></svg>">
         {% block stylesheets %}
@@ -15,12 +16,24 @@
     </head>
     <body class="bg-cyan-950 flex flex-col h-full">
         <h1 class="px-4 py-4 text-3xl font-extrabold text-orange-500">Torsearch</h1>
-        <div class="flex flex-col justify-center items-center">
+        <div class="p-4 flex flex-col justify-center items-center">
             {% block body %}{% endblock %}
             <div class="mt-2 inline-flex gap-4 justify-between text-white">
                 <a class="text-sm" href="{{ path('app_login') }}">Sign In</a>
                 <span class="text-sm">v{{ version }}</span>
             </div>
         </div>
+        <div {{ turbo_stream_listen('system_alerts') }} class="fixed z-40 top-10 right-10">
+            <div class="z-40">
+                <ul id="alert_list" class="flex flex-col gap-2">
+                    {% for message in app.flashes('warning') %}
+                        <twig:Alert :title="'Warning'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
+                    {% endfor %}
+                    {% for message in app.flashes('success') %}
+                        <twig:Alert :title="'Success'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
+                    {% endfor %}
+                </ul>
+            </div>
+        </div>
     </body>
 </html>

templates/base.html.twig

@@ -3,6 +3,7 @@
     <head>
         <meta charset="UTF-8">
         <meta name="viewport" content="width=device-width, initial-scale=1" />
+        {{ pwa() }}
         <title>{% block title %}Welcome!{% endblock %}</title>
         <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 128 128%22><text y=%221.2em%22 font-size=%2296%22>⚫️</text><text y=%221.3em%22 x=%220.2em%22 font-size=%2276%22 fill=%22%23fff%22>sf</text></svg>">
         {% block stylesheets %}

templates/components/Header.html.twig

@@ -1,7 +1,7 @@
 <header {{ attributes }} class="bg-cyan-950 z-40">
     <div class="px-4 sm:px-6 lg:px-8">
         <div class="h-16 flex flex-row items-center justify-between">
-            <a href="{{ path('app_index') }}" class="text-2xl text-orange-500 mr-4 md:hidden">T</a>
+            <a href="{{ path('app_index') }}" class="text-2xl font-extrabold text-orange-500 mr-4 md:hidden">T</a>
             <twig:SearchBar />
             <div class="md:flex md:items-center md:gap-12">
                 <nav aria-label="Global" class="md:block">
@@ -26,12 +26,27 @@
             </div>
         </div>
     </div>
+    <div {{ turbo_stream_listen('system_alerts') }} class="fixed z-40 top-10 right-10">
+        <div class="z-40">
+            <ul id="alert_list" class="flex flex-col gap-2">
+                {% for message in app.flashes('system_warning') %}
+                    <twig:Alert :title="'Warning'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
+                {% endfor %}
+                {% for message in app.flashes('system_success') %}
+                    <twig:Alert :title="'Success'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
+                {% endfor %}
+            </ul>
+        </div>
+    </div>
     <div {{ turbo_stream_listen(app.session.get('mercure_alert_topic')) }} class="fixed z-40 top-10 right-10">
         <div class="z-40">
             <ul id="alert_list" class="flex flex-col gap-2">
                 {% for message in app.flashes('warning') %}
                     <twig:Alert :title="'Warning'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
                 {% endfor %}
+                {% for message in app.flashes('success') %}
+                    <twig:Alert :title="'Success'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
+                {% endfor %}
             </ul>
         </div>
     </div>

templates/user/getting_started/filter.html.twig

@@ -0,0 +1,20 @@
+{% extends 'bare.html.twig' %}
+
+{% block title %}Getting Started — Torsearch{% endblock %}
+
+{% block body %}
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50 animate-fade">
+        <h2 class="text-2xl text-bold text-center text-gray-50">Getting Started</h2>
+        <p class="mb-1">Now let's create your first Filter.</p>
+{#        <p class="mb-2 text-sm">Your filter will be pre-applied to your results, so you're only shown what you want to see. Don't worry, though, you can toggle each filter option afterwards, so you can see the rest of the results.</p>#}
+
+        {{ form_start(form) }}
+        {{ form_row(form.language) }}
+        {{ form_row(form.quality) }}
+        {{ form_row(form.provider) }}
+        {{ form_row(form.resolution) }}
+        {{ form_row(form.codec) }}
+        <button class="submit-button">Save</button>
+        {{ form_end(form) }}
+    </div>
+{% endblock %}

templates/user/getting_started/register-user.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Getting Started — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 min-w-96 border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50 animate-fade">
         <h2 class="text-2xl text-bold text-center text-gray-50">Getting Started</h2>
         <p class="mb-2">Let's get started by creating your first User.</p>
 

templates/user/login.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Log in — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 min-w-96 border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50 animate-fade">
         <h2 class="text-xl font-bold">Login</h2>
         <form method="post" class="flex flex-col gap-2">
             {% if error %}
@@ -52,10 +52,16 @@
             <button type="submit" class="bg-green-600/40 px-1.5 py-1 w-full rounded-md text-gray-50 backdrop-filter backdrop-blur-sm border-2 border-green-500 hover:bg-green-700/40">
                 Sign in
             </button>
-
-            <div class="flex">
-                <a href="{{ path('app_forgot_password_request') }}">Forgot password?</a>
-            </div>
         </form>
+
+        {% if show_oidc_button == "oidc" %}
+        <a href="{{ path('app_login_oidc') }}" class="bg-sky-950/60 px-1.5 py-1 w-full rounded-md text-gray-50 text-center backdrop-filter backdrop-blur-sm border-2 border-gray-950 hover:bg-orange-700/40">
+            Sign in with OIDC
+        </a>
+        {% endif %}
+
+        <div class="flex">
+            <a href="{{ path('app_forgot_password_request') }}">Forgot password?</a>
+        </div>
     </div>
 {% endblock %}

templates/user/reset_password/check_email.html.twig

@@ -1,9 +1,9 @@
 {% extends 'bare.html.twig' %}
 
-{% block title %}Password Reset Email Sent{% endblock %}
+{% block title %}Password Reset Email Sent — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 max-w-[420px] border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
         <h2 class="text-xl font-bold">Head over to your email</h2>
 
         <div class="mb-3 flex flex-col gap-4">

templates/user/reset_password/request.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Reset your password — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 max-w-[420px] border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
         <h2 class="text-xl font-bold">Reset your password</h2>
 
         <div class="mb-3">
@@ -12,7 +12,7 @@
 
         <form name="reset_password_request_form" method="post" class="flex flex-col gap-2">
             {% for flash_error in app.flashes('reset_password_error') %}
-                <div class="mb-3 p-2 bg-rose-500 text-black text-semibold rounded-md" role="alert">{{ flash_error }}</div>
+                <div class="mb-3 p-2 bg-rose-500 text-black font-semibold rounded-md" role="alert">{{ flash_error }}</div>
             {% endfor %}
 
             <label for="reset_password_request_form_email" class="required flex flex-col mb-2">

templates/user/reset_password/reset.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Reset your password — Torsearch{% endblock %}
 
 {% block body %}
-    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 min-w-96 border-orange-500 border-2 text-gray-50">
+    <div class="flex flex-col bg-orange-500/50 p-4 rounded-lg gap-4 w-full md:w-[420px] border-orange-500 border-2 text-gray-50">
         <h2 class="text-xl font-bold text-white">Reset your password</h2>
 
         <div class="mb-2">