# Tonehaus — Music Ratings

Discover albums from Spotify, read and write reviews, and manage your account. Built with Symfony 7, Twig, Doctrine, and Bootstrap.

## Quick start

1) Start the stack

```bash
docker compose up -d --build
```

2) Create the database schema

```bash
docker compose exec php php bin/console doctrine:database:create --if-not-exists
docker compose exec php php bin/console doctrine:migrations:diff --no-interaction
docker compose exec php php bin/console doctrine:migrations:migrate --no-interaction
```

3) Promote an admin (to access Site Settings)

```bash
docker compose exec php php bin/console app:promote-admin you@example.com
```

4) Configure Spotify API credentials (admin only)

- Open `http://localhost:8000/admin/settings` and enter your Spotify Client ID/Secret.
- Alternatively, set env vars for the PHP container: `SPOTIFY_CLIENT_ID`, `SPOTIFY_CLIENT_SECRET`.

5) Visit `http://localhost:8000` to search for albums.

## Features

- Spotify search with Advanced filters (album, artist, year range) and per-album aggregates (avg/count)
- Album page with details, reviews list, and inline new review (logged in)
- Auth modal (Login/Sign up) with remember-me cookie, no separate pages
- Role-based access: authors manage their own reviews, admins can manage any
- Admin Site Settings to manage Spotify credentials in DB
- User Dashboard to update profile and change password (requires current password)
- Light/Dark theme toggle in Settings (cookie-backed)
- Bootstrap UI

## Rate limiting & caching

- Server-side Client Credentials; access tokens are cached.
- Requests pass through a throttle and 429 Retry-After backoff. GET responses are cached.
- Tunables (optional):

```bash
# seconds per window (default 30)
SPOTIFY_RATE_WINDOW_SECONDS=30
# max requests per window (default 50)
SPOTIFY_RATE_MAX_REQUESTS=50
# max requests for sensitive endpoints (default 20)
SPOTIFY_RATE_MAX_REQUESTS_SENSITIVE=20
```

## Docs

See `/docs` for how-tos and deeper notes:

- Setup and configuration: `docs/01-setup.md`
- Features and UX: `docs/02-features.md`
- Authentication and users: `docs/03-auth-and-users.md`
- Spotify integration: `docs/04-spotify-integration.md`
- Reviews and albums: `docs/05-reviews-and-albums.md`
- Admin & site settings: `docs/06-admin-and-settings.md`
- Rate limits & caching: `docs/07-rate-limits-and-caching.md`
- Troubleshooting: `docs/08-troubleshooting.md`

## License

MIT