Merge pull request 'set-correct-screens-for-players' (#9) from set-correct-screens-for-players into main

Reviewed-on: #9

.env

@@ -57,7 +57,7 @@ MERCURE_URL=http://mercure/.well-known/mercure
 # Public hub URL used by browsers
 MERCURE_PUBLIC_URL=http://localhost:8090/.well-known/mercure
 # Shared secret for signing JWTs (dev only). In prod, set via real env/secrets.
-MERCURE_JWT_SECRET=!ChangeThisMercureJWT!
+MERCURE_JWT_SECRET=!ChangeThisMercureJWTSignedBySymfonySecretKey!
 # Base URL for Mercure topics. Use .dev in development; override to .com in prod via .env.prod or real env.
 MERCURE_TOPIC_BASE=https://escapepage.dev
 ###< mercure ###

assets/game1.js

@@ -1,7 +1,10 @@
 /* Game1 entry point built with Webpack Encore */
 import './styles/game1.css';
 
-function subscribeToMercure(mercurePublicUrl, topic) {
+let sequenceFinished = false;
+let stillPlayingSound = true;
+
+function subscribeToMercure(mercurePublicUrl, topic, myScreen) {
   try {
     const url = mercurePublicUrl + '?topic=' + encodeURIComponent(topic);
     const es = new EventSource(url);
@@ -10,6 +13,33 @@ function subscribeToMercure(mercurePublicUrl, topic) {
       try {
         const data = JSON.parse(event.data);
         console.log('[Mercure][game1] Update:', data);
+
+        // data is [sendTo, message]
+        if (Array.isArray(data) && data.length >= 2) {
+          const sendTo = parseInt(data[0]);
+          // Filter: 0 means everyone, otherwise must match myScreen
+          if (sendTo !== 0 && sendTo !== parseInt(myScreen)) {
+            console.log('[Mercure][game1] Message not for this player, skipping.');
+            return;
+          }
+
+          const messageContainer = document.getElementById('message-container');
+          if (messageContainer) {
+            const msgEl = document.createElement('div');
+            msgEl.className = 'message';
+            msgEl.textContent = data[1];
+            msgEl.style.color = '#0F0'; // Green for incoming messages
+            msgEl.style.marginBottom = '10px';
+            messageContainer.appendChild(msgEl);
+            window.scrollTo(0, document.body.scrollHeight);
+            if(stillPlayingSound)
+            playSound();
+            console.log('[Mercure][game1] sequenceFinished status:', sequenceFinished);
+            if (sequenceFinished) {
+              flashRed();
+            }
+          }
+        }
       } catch (e) {
         console.log('[Mercure][game1] Raw event:', event.data);
       }
@@ -25,6 +55,28 @@ function subscribeToMercure(mercurePublicUrl, topic) {
   }
 }
 
+function playSound() {
+  const sound = document.getElementById('message-sound');
+  if (sound) {
+    sound.currentTime = 0;
+    sound.play().catch(e => console.warn('[Audio] Playback failed:', e));
+  }
+}
+
+function flashRed() {
+  console.log('[Game1] Triggering flashRed');
+  const body = document.body;
+  body.classList.remove('flash-red');
+  void body.offsetWidth; // Trigger reflow to restart animation
+  body.classList.add('flash-red');
+
+  // Also remove it after animation finishes so it's clean for inspection
+  setTimeout(() => {
+    body.classList.remove('flash-red');
+    console.log('[Game1] Removed flash-red class');
+  }, 150);
+}
+
 async function fetchJson(url, options = {}) {
   const opts = { ...options };
   const headers = new Headers(opts.headers || {});
@@ -76,11 +128,12 @@ document.addEventListener('DOMContentLoaded', async () => {
 
   const mercurePublicUrl = cfgEl.dataset.mercurePublicUrl;
   const topic = cfgEl.dataset.topic;
+  const screen = cfgEl.dataset.screen;
   const apiPingUrl = cfgEl.dataset.apiPingUrl;
   const apiEchoUrl = cfgEl.dataset.apiEchoUrl;
 
   if (mercurePublicUrl && topic) {
-    subscribeToMercure(mercurePublicUrl, topic);
+    subscribeToMercure(mercurePublicUrl, topic, screen);
   } else {
     console.warn('[Mercure][game1] Missing data attributes on #mercure-config');
   }
@@ -125,16 +178,27 @@ document.addEventListener('DOMContentLoaded', async () => {
 
     const printNextMessage = () => {
       if (currentMessageIndex < messages.length) {
+
         const msg = messages[currentMessageIndex];
         const msgEl = document.createElement('div');
-        msgEl.className = 'message';
+
+        let extraClass = '';
+        if(msg[2])
+          extraClass = msg[2];
+
+        msgEl.className = 'message ' + extraClass;
         msgEl.textContent = msg[0];
-        msgEl.style.color = '#F00';
         msgEl.style.marginBottom = '10px';
         messageContainer.appendChild(msgEl);
+        window.scrollTo(0, document.body.scrollHeight);
+
+        playSound();
 
         currentMessageIndex++;
         setTimeout(printNextMessage, msg[1]);
+        if (sequenceFinished) {
+          flashRed();
+        }
       } else {
         // After it has printed a set of messages, it has to start a timer of 2 seconds
         console.log('[Game1] All messages printed. Starting 2s timer to expand message-container height...');
@@ -146,7 +210,16 @@ document.addEventListener('DOMContentLoaded', async () => {
           // Add event listener for Enter key
           inputField.addEventListener('keypress', async (e) => {
             if (e.key === 'Enter') {
+              stillPlayingSound = false;
+              sequenceFinished = false;
               const message = inputField.value.trim();
+
+              const msgEl = document.createElement('div');
+              msgEl.className = 'message';
+              msgEl.textContent = message;
+              msgEl.style.marginBottom = '10px';
+              messageContainer.appendChild(msgEl);
+
               if (message && apiEchoUrl) {
                 inputField.value = '';
                 try {
@@ -155,6 +228,16 @@ document.addEventListener('DOMContentLoaded', async () => {
                     body: { message, ts: new Date().toISOString() },
                   });
                   console.log('[API][game1] message sent →', response);
+                  if (response && response.result && Array.isArray(response.result.result)) {
+                    response.result.result.forEach(text => {
+                      const msgEl = document.createElement('div');
+                      msgEl.className = 'message';
+                      msgEl.textContent = text;
+                      msgEl.style.marginBottom = '10px';
+                      messageContainer.appendChild(msgEl);
+                    });
+                    window.scrollTo(0, document.body.scrollHeight);
+                  }
                 } catch (err) {
                   console.error('[API][game1] Failed to send message:', err);
                 }
@@ -163,6 +246,8 @@ document.addEventListener('DOMContentLoaded', async () => {
           });
 
           console.log('[Game1] message-container height changed to 400vh and input enabled');
+          sequenceFinished = true;
+          console.log('[Game1] sequenceFinished is now TRUE');
         }, 2000);
       }
     };

assets/styles/game1.css

@@ -29,8 +29,11 @@ body {
 
 div#game-timer {
     position: fixed;
-    top: 20px;
+    top: 0;
-    left: 20px;
+    left: 0;
+    width: 100%;
+    padding: 20px;
+    background-color: #000;
     color: #F00;
     font-size: 28px;
     z-index: 100;
@@ -38,7 +41,7 @@ div#game-timer {
 
 div#message-container {
     padding: 20px;
-    padding-top: 60px; /* Space for fixed timer */
+    padding-top: 80px; /* Space for fixed timer */
     display: flex;
     flex-direction: column;
     justify-content: flex-end;
@@ -47,6 +50,11 @@ div#message-container {
     font-size: 20px;
 }
 
+div.message {
+    color: #C0C0C0;
+    white-space: pre-wrap;
+}
+
 div#input {
     padding: 20px;
 }
@@ -54,10 +62,32 @@ div#input {
 input#input-message {
     width: 100%;
     padding: 10px;
-    background: #000;
+    background: #111;
-    border: 1px solid #F00;
+    border: 1px solid #A00000;
-    color: #F00;
+    color: #C0C0C0;
     font-size: 18px;
     box-sizing: border-box;
     font-family: monospace;
 }
+
+.flash-red::after {
+    content: '';
+    position: fixed;
+    bottom: 0;
+    left: 0;
+    right: 0;
+    height: 100px;
+    pointer-events: none;
+    background: linear-gradient(to top, rgba(255, 0, 0, 0.8), transparent);
+    animation: flash-red-anim 0.1s linear forwards;
+    z-index: 9999;
+}
+
+@keyframes flash-red-anim {
+    0% {
+        opacity: 1;
+    }
+    100% {
+        opacity: 0;
+    }
+}

compose.yaml

@@ -7,11 +7,11 @@ services:
     environment:
       # Uncomment the following line to disable HTTPS,
       #SERVER_NAME: ':80'
-      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
+      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureJWTSignedBySymfonySecretKey!'
-      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
+      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureJWTSignedBySymfonySecretKey!'
       # Set the URL of your Symfony project (without trailing slash!) as value of the cors_origins directive
       MERCURE_EXTRA_DIRECTIVES: |
-        cors_origins http://127.0.0.1:8000
+        cors_origins http://localhost:8080
     # Comment the following line to disable the development mode
     command: /usr/bin/caddy run --config /etc/caddy/dev.Caddyfile
     healthcheck:

config/packages/mercure.yaml

@@ -3,4 +3,6 @@ mercure:
         default:
             url: '%env(MERCURE_URL)%'
             public_url: '%env(MERCURE_PUBLIC_URL)%'
-            jwt: '%env(MERCURE_JWT_SECRET)%'
+            jwt:
+                secret: '%env(MERCURE_JWT_SECRET)%'
+                publish: ['*']

docker/compose.yaml

@@ -63,8 +63,8 @@ services:
     container_name: escapepage-mercure
     environment:
       SERVER_NAME: ":80"
-      MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_JWT_SECRET:-!ChangeThisMercureJWT!}
+      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureJWTSignedBySymfonySecretKey!'
-      MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_JWT_SECRET:-!ChangeThisMercureJWT!}
+      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureJWTSignedBySymfonySecretKey!'
       MERCURE_CORS_ALLOWED_ORIGINS: http://localhost:8080
       MERCURE_PUBLISH_ALLOWED_ORIGINS: http://localhost:8080
       MERCURE_EXTRA_DIRECTIVES: |

src/Game/Controller/GameController.php

@@ -3,17 +3,111 @@ declare(strict_types=1);
 
 namespace App\Game\Controller;
 
+use App\Game\Entity\Session;
+use App\Game\Repository\GameRepository;
+use App\Game\Repository\SessionRepository;
+use App\Game\Service\GameDashboardService;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
+use Symfony\Component\ExpressionLanguage\Expression;
 
 final class GameController extends AbstractController
 {
-    #[Route(path: '', name: 'game')]
+    #[Route(path: '', name: 'game_dashboard', methods: ['GET', 'POST'])]
-    public function index(): Response
+    #[IsGranted(new Expression("is_granted('ROLE_PLAYER') or is_granted('ROLE_ADMIN')"))]
+    public function dashboard(
+        Request $request,
+        GameRepository $gameRepository,
+        SessionRepository $sessionRepository,
+        GameDashboardService $dashboardService,
+        Security $security
+    ): Response {
+        $user = $security->getUser();
+        $isAdmin = $this->isGranted('ROLE_ADMIN');
+
+        if ($request->isMethod('POST')) {
+            if ($request->request->has('create_session')) {
+                $gameId = $request->request->get('game_id');
+                $game = $gameRepository->find($gameId);
+
+                if ($game) {
+                    if ($dashboardService->createSession($game, $user, $isAdmin)) {
+                        $this->addFlash('success', 'New session created!');
+                    }
+                }
+            } elseif ($request->request->has('join_session')) {
+                $inviteCode = $request->request->get('invite_code');
+                if ($dashboardService->joinSession($inviteCode, $user)) {
+                    $this->addFlash('success', 'Joined session successfully!');
+                } else {
+                    $this->addFlash('error', 'Invalid invite code or session full.');
+                }
+            } elseif ($request->request->has('create_invite')) {
+                $sessionId = $request->request->get('session_id');
+                $session = $sessionRepository->find($sessionId);
+
+                if (!$session) {
+                    $this->addFlash('error', 'Session not found.');
+                    return $this->redirectToRoute('game_dashboard');
+                }
+
+                $inviteCode = $dashboardService->generateInviteCode($session, $user, $isAdmin);
+                if ($inviteCode) {
+                    $this->addFlash('success', 'Invite link created: ' . $inviteCode);
+                }
+            } elseif ($request->request->has('leave_session')) {
+                $sessionId = $request->request->get('session_id');
+                $session = $sessionRepository->find($sessionId);
+
+                if ($session) {
+                    if ($dashboardService->leaveSession($session, $user)) {
+                        $this->addFlash('success', 'Left session successfully.');
+                    } else {
+                        $this->addFlash('error', 'Could not leave session (game might have started).');
+                    }
+                }
+            } elseif ($request->request->has('start_session')) {
+                $sessionId = $request->request->get('session_id');
+                $session = $sessionRepository->find($sessionId);
+
+                if ($session) {
+                    if ($dashboardService->startSession($session)) {
+                        $this->addFlash('success', 'Session started! Screens have been assigned.');
+                    } else {
+                        $this->addFlash('error', 'Could not start session. Make sure all players have joined.');
+                    }
+                }
+            }
+
+            return $this->redirectToRoute('game_dashboard');
+        }
+
+        return $this->render('game/dashboard.html.twig', [
+            'sessions' => $dashboardService->getSessionsForUser($user),
+            'availableGames' => $dashboardService->getAvailableGames($isAdmin),
+        ]);
+    }
+
+    #[Route(path: '/{session}', name: 'game')]
+    #[IsGranted(new Expression("is_granted('ROLE_PLAYER') or is_granted('ROLE_ADMIN')"))]
+    #[IsGranted('SESSION_VIEW', subject: 'session')]
+    public function index(
+        Session $session,
+        Security $security,
+        \App\Game\Repository\PlayerRepository $playerRepository
+    ): Response
     {
+        $user = $security->getUser();
+        $player = $playerRepository->findOneBy(['session' => $session, 'user' => $user]);
+        $screen = $player ? $player->getScreen() : 0;
+
         return $this->render('game/index.html.twig', [
-            'user_id' => $this->getUser()?->getId(),
+            'session' => $session,
+            'screen' => $screen,
         ]);
     }
 }

src/Game/Entity/Player.php

@@ -23,7 +23,7 @@ class Player
     #[ORM\JoinColumn(nullable: false)]
     private ?User $user = null;
 
-    #[ORM\Column]
+    #[ORM\Column(nullable: true)]
     private ?int $screen = null;
 
     public function getId(): ?int

src/Game/Enum/SessionSettingType.php

@@ -7,7 +7,57 @@ enum SessionSettingType: string
     case PWD_FOR_PLAYER1 = 'PwdForPlayer1';
     case PWD_FOR_PLAYER2 = 'PwdForPlayer2';
     case PWD_FOR_PLAYER3 = 'PwdForPlayer3';
+    case PWD_FOR_PLAYER4 = 'PwdForPlayer4';
+    case PWD_FOR_PLAYER5 = 'PwdForPlayer5';
+    case PWD_FOR_PLAYER6 = 'PwdForPlayer6';
+    case PWD_FOR_PLAYER7 = 'PwdForPlayer7';
+    case PWD_FOR_PLAYER8 = 'PwdForPlayer8';
+    case PWD_FOR_PLAYER9 = 'PwdForPlayer9';
+    case PWD_FOR_PLAYER10 = 'PwdForPlayer10';
     case RIGHTS_FOR_PLAYER1 = 'RightsForPlayer1';
     case RIGHTS_FOR_PLAYER2 = 'RightsForPlayer2';
     case RIGHTS_FOR_PLAYER3 = 'RightsForPlayer3';
+    case RIGHTS_FOR_PLAYER4 = 'RightsForPlayer4';
+    case RIGHTS_FOR_PLAYER5 = 'RightsForPlayer5';
+    case RIGHTS_FOR_PLAYER6 = 'RightsForPlayer6';
+    case RIGHTS_FOR_PLAYER7 = 'RightsForPlayer7';
+    case RIGHTS_FOR_PLAYER8 = 'RightsForPlayer8';
+    case RIGHTS_FOR_PLAYER9 = 'RightsForPlayer9';
+    case RIGHTS_FOR_PLAYER10 = 'RightsForPlayer10';
+    case INVITE_CODE = 'InviteCode';
+    case SET_OF_DELETED_FILES = 'SetOfDeletedFiles';
+    case CHAT_TRACKING_FOR_PLAYER1 = 'ChatTrackingForPlayer1';
+    case CHAT_TRACKING_FOR_PLAYER2 = 'ChatTrackingForPlayer2';
+    case CHAT_TRACKING_FOR_PLAYER3 = 'ChatTrackingForPlayer3';
+    case CHAT_TRACKING_FOR_PLAYER4 = 'ChatTrackingForPlayer4';
+    case CHAT_TRACKING_FOR_PLAYER5 = 'ChatTrackingForPlayer5';
+    case CHAT_TRACKING_FOR_PLAYER6 = 'ChatTrackingForPlayer6';
+    case CHAT_TRACKING_FOR_PLAYER7 = 'ChatTrackingForPlayer7';
+    case CHAT_TRACKING_FOR_PLAYER8 = 'ChatTrackingForPlayer8';
+    case CHAT_TRACKING_FOR_PLAYER9 = 'ChatTrackingForPlayer9';
+    case CHAT_TRACKING_FOR_PLAYER10 = 'ChatTrackingForPlayer10';
+    case VERIFY_CODES_FOR_PLAYER1 = 'VerifyCodesForPlayer1';
+    case VERIFY_CODES_FOR_PLAYER2 = 'VerifyCodesForPlayer2';
+    case VERIFY_CODES_FOR_PLAYER3 = 'VerifyCodesForPlayer3';
+    case VERIFY_CODES_FOR_PLAYER4 = 'VerifyCodesForPlayer4';
+    case VERIFY_CODES_FOR_PLAYER5 = 'VerifyCodesForPlayer5';
+    case VERIFY_CODES_FOR_PLAYER6 = 'VerifyCodesForPlayer6';
+    case VERIFY_CODES_FOR_PLAYER7 = 'VerifyCodesForPlayer7';
+    case VERIFY_CODES_FOR_PLAYER8 = 'VerifyCodesForPlayer8';
+    case VERIFY_CODES_FOR_PLAYER9 = 'VerifyCodesForPlayer9';
+    case VERIFY_CODES_FOR_PLAYER10 = 'VerifyCodesForPlayer10';
+    case VERIFICATION_PROGRESS_FOR_PLAYER1 = 'VerificationProgressForPlayer1';
+    case VERIFICATION_PROGRESS_FOR_PLAYER2 = 'VerificationProgressForPlayer2';
+    case VERIFICATION_PROGRESS_FOR_PLAYER3 = 'VerificationProgressForPlayer3';
+    case VERIFICATION_PROGRESS_FOR_PLAYER4 = 'VerificationProgressForPlayer4';
+    case VERIFICATION_PROGRESS_FOR_PLAYER5 = 'VerificationProgressForPlayer5';
+    case VERIFICATION_PROGRESS_FOR_PLAYER6 = 'VerificationProgressForPlayer6';
+    case VERIFICATION_PROGRESS_FOR_PLAYER7 = 'VerificationProgressForPlayer7';
+    case VERIFICATION_PROGRESS_FOR_PLAYER8 = 'VerificationProgressForPlayer8';
+    case VERIFICATION_PROGRESS_FOR_PLAYER9 = 'VerificationProgressForPlayer9';
+    case VERIFICATION_PROGRESS_FOR_PLAYER10 = 'VerificationProgressForPlayer10';
+    case EVERYONE_VERIFIED = 'EveryoneVerified';
+    case SPECIAL_REPORT_CODE_DOYLE = 'SpecialReportCodeDoyle';
+    case SPECIAL_REPORT_CODE_VEGA = 'SpecialReportCodeVega';
+    case SPECIAL_REPORT_CODE_LENNOX = 'SpecialReportCodeLennox';
 }

src/Game/Security/Voter/SessionVoter.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Game\Security\Voter;
+
+use App\Game\Entity\Session;
+use App\Tech\Entity\User;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+
+class SessionVoter extends Voter
+{
+    public const VIEW = 'SESSION_VIEW';
+
+    public function __construct(
+        private readonly Security $security,
+    ) {
+    }
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        return $attribute === self::VIEW && $subject instanceof Session;
+    }
+
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        if ($this->security->isGranted('ROLE_ADMIN')) {
+            return true;
+        }
+
+        /** @var Session $session */
+        $session = $subject;
+
+        foreach ($session->getPlayers() as $player) {
+            if ($player->getUser() === $user) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

src/Game/Service/GameDashboardService.php

@@ -0,0 +1,297 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Game\Service;
+
+use App\Game\Entity\Game;
+use App\Game\Entity\Player;
+use App\Game\Entity\Session;
+use App\Game\Entity\SessionSetting;
+use App\Game\Enum\GameStatus;
+use App\Game\Enum\SessionSettingType;
+use App\Game\Enum\SessionStatus;
+use App\Game\Repository\GameRepository;
+use App\Game\Repository\SessionRepository;
+use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+final class GameDashboardService
+{
+    public function __construct(
+        private readonly GameRepository $gameRepository,
+        private readonly SessionRepository $sessionRepository,
+        private readonly EntityManagerInterface $entityManager,
+    ) {
+    }
+
+    /**
+     * @return Session[]
+     */
+    public function getSessionsForUser(UserInterface $user): array
+    {
+        return $this->sessionRepository->createQueryBuilder('s')
+            ->innerJoin('s.players', 'p')
+            ->where('p.user = :user')
+            ->setParameter('user', $user)
+            ->getQuery()
+            ->getResult();
+    }
+
+    /**
+     * @return Game[]
+     */
+    public function getAvailableGames(bool $isAdmin): array
+    {
+        if ($isAdmin) {
+            return $this->gameRepository->findAll();
+        }
+
+        return $this->gameRepository->findBy(['status' => GameStatus::OPEN]);
+    }
+
+    public function createSession(Game $game, UserInterface $user, bool $isAdmin): ?Session
+    {
+        if ($game->getStatus() !== GameStatus::OPEN && !$isAdmin) {
+            return null;
+        }
+
+        if(!$user instanceof User)
+            return null;
+
+        $session = new Session();
+        $session->setGame($game);
+        $session->setStatus(SessionStatus::CREATED);
+        $session->setTimer(0);
+
+        $player = new Player();
+        $player->setUser($user);
+        $player->setSession($session);
+
+        $this->entityManager->persist($session);
+        $this->entityManager->persist($player);
+
+        $this->entityManager->flush();
+
+        return $session;
+    }
+
+    public function joinSession(string $inviteCode, UserInterface $user): bool
+    {
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        $setting = $this->entityManager->getRepository(SessionSetting::class)->findOneBy([
+            'name' => SessionSettingType::INVITE_CODE,
+            'value' => $inviteCode,
+        ]);
+
+        if (!$setting) {
+            return false;
+        }
+
+        $session = $setting->getSession();
+
+        // Check if user is already in this session
+        foreach ($session->getPlayers() as $player) {
+            if ($player->getUser() === $user) {
+                return true; // Already joined
+            }
+        }
+
+        $playerCount = count($session->getPlayers());
+        if ($playerCount >= $session->getGame()->getNumberOfPlayers()) {
+            return false; // Session full
+        }
+
+        $player = new Player();
+        $player->setUser($user);
+        $player->setSession($session);
+
+        $this->entityManager->persist($player);
+
+        $this->entityManager->flush();
+
+        return true;
+    }
+
+    public function leaveSession(Session $session, UserInterface $user): bool
+    {
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        if ($session->getStatus() !== SessionStatus::CREATED || $session->getTimer() > 0) {
+            return false;
+        }
+
+        $playerToDelete = null;
+        foreach ($session->getPlayers() as $player) {
+            if ($player->getUser() === $user) {
+                $playerToDelete = $player;
+                break;
+            }
+        }
+
+        if (!$playerToDelete) {
+            return false;
+        }
+
+        // Remove player specific settings (like rights)
+        foreach ($session->getSettings() as $setting) {
+            if ($setting->getPlayer() === $playerToDelete) {
+                $session->removeSetting($setting);
+                $this->entityManager->remove($setting);
+            }
+        }
+
+        $session->removePlayer($playerToDelete);
+        $this->entityManager->remove($playerToDelete);
+
+        // If no players left, we might want to delete the session and its remaining settings
+        if ($session->getPlayers()->isEmpty()) {
+            foreach ($session->getSettings() as $setting) {
+                $this->entityManager->remove($setting);
+            }
+            $this->entityManager->remove($session);
+        }
+
+        $this->entityManager->flush();
+
+        return true;
+    }
+
+    private function initializePlayerSettings(Player $player): void
+    {
+        $screen = $player->getScreen();
+        $rightsSettingName = SessionSettingType::tryFrom('RightsForPlayer' . $screen);
+
+        if ($rightsSettingName) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($rightsSettingName);
+            $setting->setValue(json_encode(['chat', 'help', 'ls', 'pwd']));
+            $this->entityManager->persist($setting);
+        }
+
+        $pwdSettingName = SessionSettingType::tryFrom('PwdForPlayer' . $screen);
+
+        if ($pwdSettingName) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($pwdSettingName);
+            $setting->setValue('var/home/' . $player->getUser()->getUsername());
+            $this->entityManager->persist($setting);
+        }
+
+        $chatTrackingSettingName = SessionSettingType::tryFrom('ChatTrackingForPlayer' . $screen);
+
+        if ($chatTrackingSettingName) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($chatTrackingSettingName);
+            $setting->setValue(json_encode([]));
+            $this->entityManager->persist($setting);
+        }
+
+        $verifyCodesSettingName = SessionSettingType::tryFrom('VerifyCodesForPlayer' . $screen);
+
+        if ($verifyCodesSettingName) {
+            $codes = [];
+            $numPlayers = $player->getSession()->getGame()->getNumberOfPlayers();
+            for ($i = 1; $i <= $numPlayers; $i++) {
+                if ($i !== $screen) {
+                    $codes[$i] = bin2hex(random_bytes(3)); // 6 characters code
+                }
+            }
+
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($verifyCodesSettingName);
+            $setting->setValue(json_encode($codes));
+            $this->entityManager->persist($setting);
+        }
+
+        $verificationProgressSettingName = SessionSettingType::tryFrom('VerificationProgressForPlayer' . $screen);
+
+        if ($verificationProgressSettingName) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($verificationProgressSettingName);
+            $setting->setValue(json_encode([]));
+            $this->entityManager->persist($setting);
+        }
+    }
+
+    public function startSession(Session $session): bool
+    {
+        if ($session->getStatus() !== SessionStatus::CREATED) {
+            return false;
+        }
+
+        $players = $session->getPlayers()->toArray();
+        if (count($players) < $session->getGame()->getNumberOfPlayers()) {
+            return false;
+        }
+
+        // Shuffle players to assign random screens
+        shuffle($players);
+
+        foreach ($players as $index => $player) {
+            $screen = $index + 1;
+            $player->setScreen($screen);
+            $this->initializePlayerSettings($player);
+            $this->entityManager->persist($player);
+        }
+
+        $session->setStatus(SessionStatus::READY);
+        $this->entityManager->persist($session);
+        $this->entityManager->flush();
+
+        return true;
+    }
+
+    public function generateInviteCode(Session $session, UserInterface $user, bool $isAdmin): ?string
+    {
+        // Security check: is user part of this session?
+        $isPlayer = false;
+        foreach ($session->getPlayers() as $player) {
+            if ($player->getUser() === $user) {
+                $isPlayer = true;
+                break;
+            }
+        }
+
+        if (!$isPlayer && !$isAdmin) {
+            return null;
+        }
+
+        $inviteCode = bin2hex(random_bytes(4));
+
+        $setting = null;
+        foreach ($session->getSettings() as $s) {
+            if ($s->getName() === SessionSettingType::INVITE_CODE) {
+                $setting = $s;
+                break;
+            }
+        }
+
+        if (!$setting) {
+            $setting = new SessionSetting();
+            $setting->setSession($session);
+            $setting->setName(SessionSettingType::INVITE_CODE);
+        }
+
+        $setting->setValue($inviteCode);
+        $this->entityManager->persist($setting);
+        $this->entityManager->flush();
+
+        return $inviteCode;
+    }
+}

src/Game/Service/GameResponseService.php

@@ -5,9 +5,13 @@ namespace App\Game\Service;
 use App\Game\Enum\DecodeMessage;
 use App\Game\Enum\SessionSettingType;
 use App\Game\Entity\Player;
+use App\Game\Entity\SessionSetting;
 use App\Game\Repository\SessionSettingRepository;
 use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Mercure\HubInterface;
+use Symfony\Component\Mercure\Update;
 
 class GameResponseService
 {
@@ -15,10 +19,12 @@ class GameResponseService
         private Security $security,
         private PlayerService $playerService,
         private SessionSettingRepository $sessionSettingRepository,
+        private HubInterface $hub,
+        private EntityManagerInterface $entityManager,
     ) {
     }
 
-    public function getGameResponse(string $raw)
+    public function getGameResponse(string $raw) : array
     {
         $info = json_decode($raw, true);
 
@@ -53,12 +59,7 @@ class GameResponseService
 
     private function getRechten(Player $player): array
     {
-        $settingName = match($player->getScreen()) {
+        $settingName = SessionSettingType::tryFrom('RightsForPlayer' . $player->getScreen());
-            1 => SessionSettingType::RIGHTS_FOR_PLAYER1,
-            2 => SessionSettingType::RIGHTS_FOR_PLAYER2,
-            3 => SessionSettingType::RIGHTS_FOR_PLAYER3,
-            default => null,
-        };
 
         if (!$settingName) {
             return [];
@@ -83,8 +84,10 @@ class GameResponseService
                 if(!in_array('chat', $rechten))
                     return ['result' => ['Unknown command']];
 
-                $this->handleChatMessage($message);
+                if($this->handleChatMessage($message, $player))
-                break;
+                    return ['result' => ['succesfully send']];
+                else
+                    return ['result' => ['Error sending']];
             case '/help':
                 return ['result' => $this->getHelpCommand($rechten)];
             case '/decode':
@@ -96,12 +99,11 @@ class GameResponseService
                 if(!in_array('verify', $rechten))
                     return ['result' => ['Unknown command']];
 
-                $result = $this->handleVerifyMessage($message);
+                $result = $this->handleVerifyMessage($message, $player);
                 return ['result' => [$result]];
             default:
                 return ['result' => ['Unknown command']];
         }
-        return [];
     }
 
     private function checkConsoleCommando(string $message, Player $player, bool $sudo = false) : array
@@ -112,8 +114,15 @@ class GameResponseService
             case 'help':
                 return ['result' => $this->getHelpCommand($rechten)];
             case 'ls':
-                break;
+                if(!in_array('ls', $rechten))
+                    return ['result' => ['Unknown command']];
+
+                $files = $this->getAllCurrentFilesInDirectory($player);
+                return ['result' => $files];
             case 'cd':
+                if(!in_array('cd', $rechten))
+                    return ['result' => ['Unknown command']];
+
                 $pwd = $this->playerService->getCurrentPwdOfPlayer($player);
                 if(!$pwd)
                     return ['result' => ['Unknown command']];
@@ -124,14 +133,52 @@ class GameResponseService
 
                 $this->playerService->saveCurrentPwdOfPlayer($player, $newLocation);
                 return ['result' => ['Path: ' . $newLocation]];
+            case 'cat':
+                if(!in_array('cat', $rechten))
+                    return ['result' => ['Unknown command']];
+
+                $pwd = $this->playerService->getCurrentPwdOfPlayer($player);
+
+                $fileContent = $this->getFileContent($player, $pwd.'/'.$messagePart[1]);
+
+                return ['result' => $fileContent];
+            case 'pwd':
+                if(!in_array('pwd', $rechten))
+                    return ['result' => ['Unknown command']];
+
+                $pwd = $this->playerService->getCurrentPwdOfPlayer($player);
+                return ['result' => ['Path: ' . $pwd]];
             case 'rm':
-                break;
+                if(!in_array('rm', $rechten))
+                    return ['result' => ['Unknown command']];
+
+                $pwd = $this->playerService->getCurrentPwdOfPlayer($player);
+                if(!$pwd)
+                    return ['result' => ['Unknown command']];
+
+                if (!isset($messagePart[1])) {
+                    return ['result' => ['Usage: rm {filename}']];
+                }
+
+                $filename = $messagePart[1];
+                $fullPath = ($pwd === '/' ? '' : $pwd) . '/' . $filename;
+
+                if(!$this->isAllowedToRemove($fullPath, $player, $sudo))
+                    return ['result' => ['You are not allowed to remove this file.']];
+
+                $this->playerService->addDeletedFileToSession($player, $fullPath);
+                return ['result' => ['File removed: ' . $filename]];
             case 'sudo':
-                break;
+                if(!in_array('sudo', $rechten))
+                    return ['result' => ['Unknown command']];
+
+                $sudo = array_shift($messagePart);
+                $message = implode(' ', $messagePart);
+
+                return $this->checkConsoleCommando($message, $player, true);
             default:
                 return ['result' => ['Unknown command']];
         }
-        return [];
     }
 
     private function getHelpCommand(mixed $rechten) : array
@@ -146,6 +193,7 @@ class GameResponseService
                     $messages[] = '   If you want to send a message specifically to one other agent, use the id of the agent after /chat, like /chat 6 {message}';
                     $messages[] = '   This will send the message only to agent with id 6.';
                     $messages[] = '   USAGE: /chat {message}';
+                    $messages[] = '   USAGE: /chat 6 {message}';
                     $messages[] = '';
                     break;
                 case 'help':
@@ -161,6 +209,13 @@ class GameResponseService
                     $messages[] = '   USAGE: /decode {message}';
                     $messages[] = '';
                     break;
+                case 'pwd':
+                    $messages[] = 'pwd';
+                    $messages[] = '   This message will let you know what your current location is.';
+                    $messages[] = '   It will show you the folder you are in so you can continue navigating the server.';
+                    $messages[] = '   USAGE: pwd';
+                    $messages[] = '';
+                    break;
                 case 'cat':
                     $messages[] = 'cat';
                     $messages[] = '   To read a file, use cat {filename}.';
@@ -210,9 +265,166 @@ class GameResponseService
         return $messages;
     }
 
-    private function handleChatMessage(string $message)
+    private function handleChatMessage(string $message, Player $player) : bool
     {
+        $messageParts = explode(' ', $message);
+        $toSingle = false;
 
+        if (isset($messageParts[1]) &&
+                is_numeric($messageParts[1]) &&
+                $messageParts[1] >= 1 &&
+                $messageParts[1] <= $player->getSession()->getGame()->getNumberOfPlayers()) {
+
+            $toSingle = true;
+        }
+
+        $chatMessage = array_shift($messageParts);
+        $sendTo = 0;
+
+        if ($toSingle) {
+            $sendTo = array_shift($messageParts);
+            $chatMessage = array_shift($messageParts);
+        }
+
+        $message = $player->getUser()->getUsername() . ': ' . $chatMessage . ' ';
+        foreach($messageParts as $messagePart) {
+            $message .= $messagePart . ' ';
+        }
+
+        $message = trim($message);
+
+        $activeGame = $player->getSession()?->getId();
+
+        if(is_null($activeGame))
+            return false;
+
+        $topic = $_ENV['MERCURE_TOPIC_BASE'] . '/game/hub-' . $activeGame;
+        $this->hub->publish(new Update($topic, json_encode([$sendTo, $message])));
+
+        $this->updateChatTracking($player, (int)$sendTo);
+
+        $this->checkAndRegenerateVerifyCodes($player, $chatMessage . ' ' . implode(' ', $messageParts));
+
+        return true;
+    }
+
+    private function checkAndRegenerateVerifyCodes(Player $player, string $messageContent): void
+    {
+        $screen = $player->getScreen();
+        $session = $player->getSession();
+
+        $verifyCodesSettingName = SessionSettingType::tryFrom('VerifyCodesForPlayer' . $screen);
+
+        if (!$verifyCodesSettingName) {
+            return;
+        }
+
+        $setting = $this->sessionSettingRepository->getSetting($session, $verifyCodesSettingName, $player);
+        if (!$setting) {
+            return;
+        }
+
+        $codes = json_decode($setting->getValue() ?? '[]', true) ?? [];
+        $regenerated = false;
+
+        foreach ($codes as $targetPlayerScreen => $code) {
+            if (str_contains($messageContent, (string)$code)) {
+                $codes[$targetPlayerScreen] = bin2hex(random_bytes(3));
+                $regenerated = true;
+            }
+        }
+
+        if ($regenerated) {
+            $setting->setValue(json_encode($codes));
+            $this->entityManager->persist($setting);
+            $this->entityManager->flush();
+
+            // Notify the player that their codes have changed
+            $topic = $_ENV['MERCURE_TOPIC_BASE'] . '/game/hub-' . $session->getId();
+            $notification = "Security Alert: One of your verify codes was shared and has been regenerated.";
+            // We send it only to this player (screen)
+            $this->hub->publish(new Update($topic, json_encode([$screen, $notification])));
+        }
+    }
+
+    private function updateChatTracking(Player $player, int $sendTo): void
+    {
+        $rights = $this->getRechten($player);
+        if(in_array('verify', $rights))
+            return;
+
+        $trackingSettingName = SessionSettingType::tryFrom('ChatTrackingForPlayer' . $player->getScreen());
+
+        if (!$trackingSettingName) {
+            return;
+        }
+
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), $trackingSettingName, $player);
+        if (!$setting) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($player);
+            $setting->setName($trackingSettingName);
+            $setting->setValue(json_encode([]));
+        }
+
+        $tracking = json_decode($setting->getValue() ?? '[]', true) ?? [];
+        if (!in_array($sendTo, $tracking)) {
+            $tracking[] = $sendTo;
+            $setting->setValue(json_encode($tracking));
+            $this->entityManager->persist($setting);
+            $this->entityManager->flush();
+
+            $this->checkAndGrantVerifyRight($player, $tracking);
+        }
+    }
+
+    private function checkAndGrantVerifyRight(Player $player, array $tracking): void
+    {
+        $screen = $player->getScreen();
+        $requiredTargets = [0]; // Everyone
+        $numPlayers = $player->getSession()->getGame()->getNumberOfPlayers();
+        for ($i = 1; $i <= $numPlayers; $i++) {
+            if ($i !== $screen) {
+                $requiredTargets[] = $i;
+            }
+        }
+
+        // Check if all required targets are in tracking
+        foreach ($requiredTargets as $target) {
+            if (!in_array($target, $tracking)) {
+                return;
+            }
+        }
+
+        // Grant verify right
+        $rightsSettingName = SessionSettingType::tryFrom('RightsForPlayer' . $screen);
+
+        if (!$rightsSettingName) {
+            return;
+        }
+
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), $rightsSettingName, $player);
+        if (!$setting) {
+            return; // Should have been initialized
+        }
+
+        $rights = json_decode($setting->getValue() ?? '[]', true) ?? [];
+        $newRights = ['verify', 'cat'];
+
+        $updated = false;
+        foreach ($newRights as $newRight) {
+            if (!in_array($newRight, $rights)) {
+                $rights[] = $newRight;
+                $updated = true;
+            }
+        }
+
+        if ($updated) {
+            $setting->setValue(json_encode($rights));
+            $this->entityManager->persist($setting);
+            $this->entityManager->flush();
+        }
     }
 
     private function handleDecodeMessage(string $message, Player $player)
@@ -247,9 +459,178 @@ class GameResponseService
         return $randomString;
     }
 
-    private function handleVerifyMessage(string $message) : string
+    private function generateSpecialCode(int $firstDigit, int $min, int $max): string
     {
-        return '';
+        $code = $this->generateRandomString($min, $max);
+
+        // Ensure the first numeric digit is the specified $firstDigit
+        $found = false;
+        $codeArray = str_split($code);
+        for ($i = 0; $i < count($codeArray); $i++) {
+            if (ctype_digit($codeArray[$i])) {
+                $codeArray[$i] = (string)$firstDigit;
+                $found = true;
+                break;
+            }
+        }
+        $code = implode('', $codeArray);
+
+        // If no digit was found (highly unlikely given the character set), prepend it
+        if (!$found) {
+            $code = (string)$firstDigit . substr($code, 1);
+        }
+
+        return $code;
+    }
+
+    private function handleVerifyMessage(string $message, Player $player) : string
+    {
+        $messageParts = explode(' ', $message);
+        if (count($messageParts) < 2) {
+            return 'Usage: /verify {code}';
+        }
+
+        $code = $messageParts[1];
+        $screen = $player->getScreen();
+        $session = $player->getSession();
+
+        $progressSettingName = SessionSettingType::tryFrom('VerificationProgressForPlayer' . $screen);
+
+        if (!$progressSettingName) {
+            return 'Error: Invalid player screen.';
+        }
+
+        $progressSetting = $this->sessionSettingRepository->getSetting($session, $progressSettingName, $player);
+        if (!$progressSetting) {
+            return 'Error: Verification progress setting not found.';
+        }
+
+        $progress = json_decode($progressSetting->getValue() ?? '[]', true) ?? [];
+
+        $verifiedBy = null;
+        foreach ($session->getPlayers() as $otherPlayer) {
+            if ($otherPlayer->getId() === $player->getId()) {
+                continue;
+            }
+
+            $otherScreen = $otherPlayer->getScreen();
+            $codesSettingName = SessionSettingType::tryFrom('VerifyCodesForPlayer' . $otherScreen);
+
+            if (!$codesSettingName) {
+                continue;
+            }
+
+            $codesSetting = $this->sessionSettingRepository->getSetting($session, $codesSettingName, $otherPlayer);
+            if (!$codesSetting) {
+                continue;
+            }
+
+            $codes = json_decode($codesSetting->getValue() ?? '[]', true) ?? [];
+            if (isset($codes[$screen]) && $codes[$screen] === $code) {
+                $verifiedBy = $otherScreen;
+                break;
+            }
+        }
+
+        if ($verifiedBy !== null) {
+            if (!in_array($verifiedBy, $progress)) {
+                $progress[] = $verifiedBy;
+                $progressSetting->setValue(json_encode($progress));
+                $this->entityManager->persist($progressSetting);
+                $this->entityManager->flush();
+
+                $response = 'You have been successfully verified by Agent ' . $verifiedBy . '.';
+
+                if (count($progress) >= 2) {
+                    $this->grantVerificationRights($player);
+                    $response .= ' You have received additional rights!';
+                }
+
+                return $response;
+            } else {
+                return 'You were already verified by Agent ' . $verifiedBy . '.';
+            }
+        }
+
+        return 'Invalid verification code.';
+    }
+
+    private function grantVerificationRights(Player $player): void
+    {
+        $screen = $player->getScreen();
+        $rightsSettingName = SessionSettingType::tryFrom('RightsForPlayer' . $screen);
+
+        if (!$rightsSettingName) {
+            return;
+        }
+
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), $rightsSettingName, $player);
+        if (!$setting) {
+            return;
+        }
+
+        $rights = json_decode($setting->getValue() ?? '[]', true) ?? [];
+        $newRights = ['cd', 'decode'];
+
+        $updated = false;
+        foreach ($newRights as $newRight) {
+            if (!in_array($newRight, $rights)) {
+                $rights[] = $newRight;
+                $updated = true;
+            }
+        }
+
+        if ($updated) {
+            $setting->setValue(json_encode($rights));
+            $this->entityManager->persist($setting);
+            $this->entityManager->flush();
+
+            $this->checkIfAllPlayersVerified($player);
+        }
+    }
+
+    private function checkIfAllPlayersVerified(Player $player): void
+    {
+        $session = $player->getSession();
+        $everyoneVerifiedSetting = $this->sessionSettingRepository->getSetting($session, SessionSettingType::EVERYONE_VERIFIED, $player);
+
+        if ($everyoneVerifiedSetting && $everyoneVerifiedSetting->getValue() === 'true') {
+            return;
+        }
+
+        $allVerified = true;
+        foreach ($session->getPlayers() as $otherPlayer) {
+            $otherScreen = $otherPlayer->getScreen();
+            $progressSettingName = SessionSettingType::tryFrom('VerificationProgressForPlayer' . $otherScreen);
+
+            if (!$progressSettingName) {
+                continue;
+            }
+
+            $progressSetting = $this->sessionSettingRepository->getSetting($session, $progressSettingName, $otherPlayer);
+            $progress = json_decode($progressSetting?->getValue() ?? '[]', true) ?? [];
+
+            if (count($progress) < $session->getGame()->getNumberOfPlayers() - 1) {
+                $allVerified = false;
+                break;
+            }
+        }
+
+        if ($allVerified) {
+            if (!$everyoneVerifiedSetting) {
+                $everyoneVerifiedSetting = new SessionSetting();
+                $everyoneVerifiedSetting->setSession($session);
+                $everyoneVerifiedSetting->setPlayer($player);
+                $everyoneVerifiedSetting->setName(SessionSettingType::EVERYONE_VERIFIED);
+            }
+            $everyoneVerifiedSetting->setValue('true');
+            $this->entityManager->persist($everyoneVerifiedSetting);
+            $this->entityManager->flush();
+
+            $topic = $_ENV['MERCURE_TOPIC_BASE'] . '/game/hub-' . $session->getId();
+            $message = "Mainframe Help Modus: Agents Doyle, Vega and Lennox rapports have been updated with coded messages.";
+            $this->hub->publish(new Update($topic, json_encode([0, $message])));
+        }
     }
 
     private function goToNewDir(string $pwd, string $newPwd, Player $player) : string|bool
@@ -311,22 +692,282 @@ class GameResponseService
         $paths[] = '/etc/freak';
         $paths[] = '/etc/host';
 
-        $paths[] = '/home';
+        $paths[] = '/var/home';
 
         $playerNames = ['root', 'Luke', 'Charles', 'William', 'Peter'];
 
         $players = $player->getSession()->getPlayers();
 
-        foreach($players as $player) {
+        foreach($players as $p) {
-            $playerNames[] = $player->getUser()->getUsername();
+            $playerNames[] = $p->getUser()->getUsername();
         }
 
         $playerNames = array_unique($playerNames);
 
         foreach($playerNames as $name) {
-            $paths[] = '/home/' . $name;
+            $paths[] = '/var/home/' . $name;
         }
 
         return $paths;
     }
+
+    private function isAllowedToRemove(string $file, Player $player, bool $sudo) : bool
+    {
+        if(!$this->fileExists($file, $player))
+            return false;
+
+        if(str_starts_with($file, '/var/rapports/'))
+            return false;
+
+        $rights = $this->getRechten($player);
+
+        if(in_array('sudo', $rights) || $sudo)
+            return true;
+
+        $sudoFiles = [
+            '/var/arrest/handle.sh',
+            '/var/arrest/cell.sh',
+            '/var/marriage/divorce.sh',
+        ];
+
+        return !in_array($file, $sudoFiles);
+    }
+
+    private function fileExists(string $file, Player $player) : bool
+    {
+        $files = $this->getAllPossibleFiles($player);
+
+        if(in_array($file, $files))
+            return true;
+
+        return false;
+    }
+
+    private function getAllPossibleFiles(Player $player = null) : array
+    {
+        $files = [];
+
+        $files[] = '/var/arrest/handle.sh';
+        $files[] = '/var/arrest/bars.sh';
+        $files[] = '/var/arrest/cell.sh';
+        $files[] = '/var/marriage/share.sh';
+        $files[] = '/var/marriage/divorce.sh';
+        $files[] = '/var/rapports/095_07-14.txt';
+        $files[] = '/var/rapports/007_19-52.txt';
+        $files[] = '/var/rapports/083_25-39.txt';
+        $files[] = '/var/rapports/019_31-11.txt';
+        $files[] = '/var/rapports/075_46-77.txt';
+        $files[] = '/var/rapports/031_53-28.txt';
+        $files[] = '/var/rapports/072_61-05.txt';
+        $files[] = '/var/rapports/064_72-90.txt';
+        $files[] = '/var/rapports/091_81-33.txt';
+        $files[] = '/var/rapports/079_89-47.txt';
+        $files[] = '/var/rapports/098_92-14.txt';
+        $files[] = '/var/rapports/012_94-31.txt';
+        $files[] = '/var/rapports/016_98-07.txt';
+        $files[] = '/var/rapports/087_102-45.txt';
+        $files[] = '/var/rapports/094_110-19.txt';
+        $files[] = '/var/rapports/063_117-56.txt';
+        $files[] = '/var/rapports/017_123-88.txt';
+        $files[] = '/var/rapports/093_138-24.txt';
+        $files[] = '/var/rapports/001_145-93.txt';
+        $files[] = '/var/rapports/011_130-62.txt';
+        $files[] = '/var/rapports/index.txt';
+
+        if ($player === null) {
+            return $files;
+        }
+
+        $players = $player->getSession()->getPlayers();
+
+        foreach($players as $p) {
+            $files[] = '/var/home/' . $p->getUser()->getUsername() . '/verifyCodes.txt';
+        }
+
+        return $files;
+    }
+
+    private function getAllCurrentFilesInDirectory(Player $player) : array
+    {
+        $pwd = $this->playerService->getCurrentPwdOfPlayer($player);
+        if (!$pwd) {
+            return [];
+        }
+
+        $allPaths = $this->getAllPossiblePaths($player);
+        $allFiles = $this->getAllPossibleFiles($player);
+        $deletedFiles = $this->playerService->getDeletedFilesOfSession($player);
+
+        $entries = [];
+
+        // Find directories in current pwd
+        foreach ($allPaths as $path) {
+            if ($path === $pwd) {
+                continue;
+            }
+
+            // Check if $path is a direct child of $pwd
+            $parent = $this->getPrevPath($path);
+            if ($parent === $pwd) {
+                $parts = explode('/', $path);
+                $entries[] = [end($parts) . '/', 'dir'];
+            }
+        }
+
+        // Find files in current pwd
+        foreach ($allFiles as $file) {
+            if (in_array($file, $deletedFiles)) {
+                continue;
+            }
+
+            $parent = $this->getPrevPath($file);
+            if ($parent === $pwd) {
+                $parts = explode('/', $file);
+                $entries[] = [end($parts), 'file'];
+            }
+        }
+
+        sort($entries);
+        return $entries;
+    }
+
+    public function getFileContent(Player $player, string $file) : array
+    {
+        $allPossibleFiles = $this->getAllPossibleFiles($player);
+        if (!in_array($file, $allPossibleFiles)) {
+            return ['File does not exist'];
+        }
+
+        if (str_ends_with($file, '.sh')) {
+            return ['It is not possible to read this file'];
+        }
+
+        if (str_ends_with($file, 'verifyCodes.txt')) {
+            return $this->readVerificationFile($player, $file);
+        }
+
+        $physicalPath = 'assets/game1/filesystem' . $file;
+        if (!file_exists($physicalPath)) {
+            return ['File does not exist'];
+        }
+
+        $content = file($physicalPath);
+        if ($content === false) {
+            return ['Error reading file'];
+        }
+
+        $specialFiles = [
+            '/var/rapports/083_25-39.txt' => [
+                'setting' => SessionSettingType::SPECIAL_REPORT_CODE_DOYLE,
+                'digit' => 1
+            ],
+            '/var/rapports/019_31-11.txt' => [
+                'setting' => SessionSettingType::SPECIAL_REPORT_CODE_VEGA,
+                'digit' => 2
+            ],
+            '/var/rapports/011_130-62.txt' => [
+                'setting' => SessionSettingType::SPECIAL_REPORT_CODE_LENNOX,
+                'digit' => 3
+            ],
+        ];
+
+        if (isset($specialFiles[$file])) {
+            $everyoneVerifiedSetting = $this->sessionSettingRepository->getSetting($player->getSession(), SessionSettingType::EVERYONE_VERIFIED);
+            if ($everyoneVerifiedSetting && $everyoneVerifiedSetting->getValue() === 'true') {
+                $settingInfo = $specialFiles[$file];
+                $codeSetting = $this->sessionSettingRepository->getSetting($player->getSession(), $settingInfo['setting']);
+
+                if (!$codeSetting) {
+                    $codeSetting = new SessionSetting();
+                    $codeSetting->setSession($player->getSession());
+                    $codeSetting->setName($settingInfo['setting']);
+                    $codeSetting->setValue($this->generateSpecialCode($settingInfo['digit'], 75, 100));
+
+                    $this->entityManager->persist($codeSetting);
+                    $this->entityManager->flush();
+                }
+
+                $specialCode = $codeSetting->getValue();
+
+                $newContent = [];
+                foreach ($content as $line) {
+                    $newContent[] = $line;
+                    if (str_starts_with(trim($line), 'Date:')) {
+                        $newContent[] = $specialCode . "\n";
+                    }
+                }
+                $content = $newContent;
+            }
+        }
+
+        return $content;
+    }
+
+    private function readVerificationFile(Player $player, string $file)
+    {
+        $parts = explode('/', $file);
+        $ownerUsername = $parts[3] ?? null;
+
+        $ownerPlayer = null;
+        foreach ($player->getSession()->getPlayers() as $p) {
+            if ($p->getUser()->getUsername() === $ownerUsername) {
+                $ownerPlayer = $p;
+                break;
+            }
+        }
+
+        if (!$ownerPlayer) {
+            return 'File does not exist';
+        }
+
+        $screen = $ownerPlayer->getScreen();
+        $settingName = SessionSettingType::tryFrom('VerifyCodesForPlayer' . $screen);
+
+        if (!$settingName) {
+            return 'Error: Invalid player screen.';
+        }
+
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), $settingName, $ownerPlayer);
+        if (!$setting) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setPlayer($ownerPlayer);
+            $setting->setName($settingName);
+        }
+
+        $codes = json_decode($setting->getValue() ?? '[]', true) ?? [];
+
+        $playerNames = ['Luke', 'Charles', 'William', 'Peter'];
+        foreach ($player->getSession()->getPlayers() as $p) {
+            $playerNames[] = $p->getUser()->getUsername();
+        }
+        $playerNames = array_unique($playerNames);
+        sort($playerNames);
+
+        $content = [];
+
+        $content[] = "Verification codes:";
+        $content[] = "";
+
+        foreach ($playerNames as $name) {
+            $key = null;
+            foreach ($player->getSession()->getPlayers() as $p) {
+                if ($p->getUser()->getUsername() === $name) {
+                    $key = (string)$p->getScreen();
+                    break;
+                }
+            }
+            if ($key === null) {
+                $key = $name;
+            }
+
+            if (!isset($codes[$key])) {
+                $codes[$key] = bin2hex(random_bytes(3));
+            }
+
+            $content[] = $name . ": " . $codes[$key] . "\n";
+        }
+
+        return $content;
+    }
 }

src/Game/Service/PlayerService.php

@@ -4,6 +4,7 @@ namespace App\Game\Service;
 
 use App\Game\Entity\Game;
 use App\Game\Entity\Player;
+use App\Game\Entity\SessionSetting;
 use App\Game\Enum\SessionSettingType;
 use App\Game\Enum\SessionStatus;
 use App\Game\Repository\PlayerRepository;
@@ -39,12 +40,7 @@ class PlayerService
     }
 
     public function getCurrentPwdOfPlayer(Player $player) : ?string {
-        $settingName = match($player->getScreen()) {
+        $settingName = SessionSettingType::tryFrom('PwdForPlayer' . $player->getScreen());
-            1 => SessionSettingType::PWD_FOR_PLAYER1,
-            2 => SessionSettingType::PWD_FOR_PLAYER2,
-            3 => SessionSettingType::PWD_FOR_PLAYER3,
-            default => null,
-        };
 
         if (!$settingName) {
             return null;
@@ -56,12 +52,7 @@ class PlayerService
 
     public function saveCurrentPwdOfPlayer(Player $player, string $newLocation)
     {
-        $settingName = match($player->getScreen()) {
+        $settingName = SessionSettingType::tryFrom('PwdForPlayer' . $player->getScreen());
-            1 => SessionSettingType::PWD_FOR_PLAYER1,
-            2 => SessionSettingType::PWD_FOR_PLAYER2,
-            3 => SessionSettingType::PWD_FOR_PLAYER3,
-            default => null,
-        };
 
         if (!$settingName) {
             return;
@@ -73,4 +64,33 @@ class PlayerService
         $this->entityManager->persist($setting);
         $this->entityManager->flush();
     }
+
+    public function getDeletedFilesOfSession(Player $player): array
+    {
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), SessionSettingType::SET_OF_DELETED_FILES);
+        if (!$setting || !$setting->getValue()) {
+            return [];
+        }
+
+        return json_decode($setting->getValue(), true) ?? [];
+    }
+
+    public function addDeletedFileToSession(Player $player, string $filename): void
+    {
+        $setting = $this->sessionSettingRepository->getSetting($player->getSession(), SessionSettingType::SET_OF_DELETED_FILES);
+        if (!$setting) {
+            $setting = new SessionSetting();
+            $setting->setSession($player->getSession());
+            $setting->setName(SessionSettingType::SET_OF_DELETED_FILES);
+        }
+
+        $deletedFiles = json_decode($setting->getValue() ?? '[]', true) ?? [];
+        if (!in_array($filename, $deletedFiles)) {
+            $deletedFiles[] = $filename;
+            $setting->setValue(json_encode($deletedFiles));
+
+            $this->entityManager->persist($setting);
+            $this->entityManager->flush();
+        }
+    }
 }

src/Tech/Controller/RegistrationController.php

@@ -31,6 +31,8 @@ class RegistrationController extends AbstractController
                 )
             );
 
+            $user->setRoles(['ROLE_USER', 'ROLE_PLAYER']);
+
             $entityManager->persist($user);
             $entityManager->flush();
 

templates/base.html.twig

@@ -14,7 +14,7 @@
     <nav>
         {% set pathinfo = app.request.pathinfo %}
         <a href="/">{{ 'nav.home'|trans }}</a> |
-        <a href="/game">{{ 'nav.game'|trans }}</a> |
+        <a href="{{ path('game_dashboard') }}">{{ 'nav.game'|trans }}</a> |
         {% if app.user %}
             <a href="{{ path('app_logout') }}">Logout</a>
         {% else %}

templates/game/dashboard.html.twig

@@ -0,0 +1,94 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Game Dashboard{% endblock %}
+
+{% block body %}
+    <h1>Game Dashboard</h1>
+
+    <h2>Create New Session</h2>
+    {% if availableGames is not empty %}
+        <form method="post">
+            <select name="game_id">
+                {% for game in availableGames %}
+                    <option value="{{ game.id }}">
+                        {{ game.name }} ({{ game.numberOfPlayers }} players)
+                        {% if is_granted('ROLE_ADMIN') %}
+                            [{{ game.status.value }}]
+                        {% endif %}
+                    </option>
+                {% endfor %}
+            </select>
+            <button type="submit" name="create_session">Create Session</button>
+        </form>
+    {% else %}
+        <p>No games available to start.</p>
+    {% endif %}
+
+    <h2>Join Session</h2>
+    <form method="post">
+        <input type="text" name="invite_code" placeholder="Enter Invite Code" required>
+        <button type="submit" name="join_session">Join Session</button>
+    </form>
+
+    <h2>Your Sessions</h2>
+    {% if sessions is not empty %}
+        <table>
+            <thead>
+                <tr>
+                    <th>ID</th>
+                    <th>Game</th>
+                    <th>Status</th>
+                    <th>Created At</th>
+                    <th>Invite Code</th>
+                    <th>Actions</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for session in sessions %}
+                    <tr>
+                        <td>{{ session.id }}</td>
+                        <td>{{ session.game.name }}</td>
+                        <td>{{ session.status.value }}</td>
+                        <td>{{ session.created|date('Y-m-d H:i') }}</td>
+                        <td>
+                            {% set inviteCode = '' %}
+                            {% for setting in session.settings %}
+                                {% if setting.name.value == 'InviteCode' %}
+                                    {% set inviteCode = setting.value %}
+                                {% endif %}
+                            {% endfor %}
+
+                            {% if inviteCode %}
+                                <code>{{ inviteCode }}</code>
+                            {% else %}
+                                <form method="post" style="display:inline;">
+                                    <input type="hidden" name="session_id" value="{{ session.id }}">
+                                    <button type="submit" name="create_invite">Generate Invite</button>
+                                </form>
+                            {% endif %}
+                        </td>
+                        <td>
+                            <a href="{{ path('game', {session: session.id}) }}">Enter Game</a>
+                            {% if session.status.value == 'created' %}
+                                {% if session.players|length >= session.game.numberOfPlayers %}
+                                    <form method="post" style="display:inline;">
+                                        <input type="hidden" name="session_id" value="{{ session.id }}">
+                                        <button type="submit" name="start_session">Start Session</button>
+                                    </form>
+                                {% endif %}
+                                {% if session.timer == 0 %}
+                                    <form method="post" style="display:inline;">
+                                        <input type="hidden" name="session_id" value="{{ session.id }}">
+                                        <button type="submit" name="leave_session" onclick="return confirm('Are you sure you want to leave this session?')">Leave Session</button>
+                                    </form>
+                                {% endif %}
+                            {% endif %}
+                        </td>
+                    </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    {% else %}
+        <p>You are not part of any sessions.</p>
+    {% endif %}
+{% endblock %}

templates/game/index.html.twig

@@ -15,10 +15,10 @@
     <div id="game-container">
         <div id="mercure-config"
              data-mercure-public-url="{{ mercure_public_url|e('html_attr') }}"
-             data-topic="{{ (mercure_topic_base ~ '/game/hub')|e('html_attr') }}"
+             data-topic="{{ (mercure_topic_base ~ '/game/hub-' ~ session.id)|e('html_attr') }}"
              data-api-ping-url="{{ path('game_api_ping')|e('html_attr') }}"
              data-api-echo-url="{{ path('game_api_message')|e('html_attr') }}"
-             data-user-id="{{ user_id|e('html_attr') }}"
+             data-screen="{{ screen|e('html_attr') }}"
              style="display:none">
         </div>
 
@@ -28,6 +28,9 @@
         <div id="message-container">
 
         </div>
+        <audio id="message-sound" style="display:none">
+            <source src="{{ asset('audio/message.mp3') }}" type="audio/mpeg">
+        </audio>
         <div id="input">
             <input type="text" disabled id="input-message">
         </div>

templates/website/home/index.html.twig

@@ -5,5 +5,5 @@
 {% block body %}
 <h1>{{ 'home.h1'|trans({'%site%': ('site.name'|trans)}) }}</h1>
 <p>{{ 'home.description'|trans }}</p>
-<p><a href="{{ path('game') }}">{{ 'link.enter_game'|trans }}</a></p>
+<p><a href="{{ path('game_dashboard') }}">{{ 'link.enter_game'|trans }}</a></p>
 {% endblock %}

tests/Game/GameDashboardServiceTest.php

@@ -0,0 +1,216 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Tests\Game;
+
+use App\Game\Entity\Game;
+use App\Game\Entity\Player;
+use App\Game\Entity\Session;
+use App\Game\Entity\SessionSetting;
+use App\Game\Enum\GameStatus;
+use App\Game\Enum\SessionSettingType;
+use App\Game\Service\GameDashboardService;
+use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use App\Game\Repository\GameRepository;
+use App\Game\Repository\SessionRepository;
+use PHPUnit\Framework\TestCase;
+
+class GameDashboardServiceTest extends TestCase
+{
+    private $entityManager;
+    private $gameRepository;
+    private $sessionRepository;
+    private $service;
+
+    protected function setUp(): void
+    {
+        $this->entityManager = $this->createMock(EntityManagerInterface::class);
+        $this->gameRepository = $this->createMock(GameRepository::class);
+        $this->sessionRepository = $this->createMock(SessionRepository::class);
+
+        $this->service = new GameDashboardService(
+            $this->gameRepository,
+            $this->sessionRepository,
+            $this->entityManager
+        );
+    }
+
+    public function testCreateSessionDoesNotInitializeSettings(): void
+    {
+        $game = new Game();
+        $game->setStatus(GameStatus::OPEN);
+
+        $user = new User();
+        $user->setUsername('testuser');
+
+        $this->entityManager->expects($this->exactly(2))
+            ->method('persist');
+            // 1. Session, 2. Player
+
+        $session = $this->service->createSession($game, $user, false);
+
+        $this->assertInstanceOf(Session::class, $session);
+    }
+
+    public function testJoinSessionDoesNotInitializeSettings(): void
+    {
+        $user = new User();
+        $user->setUsername('testuser');
+        $game = new Game();
+        $game->setNumberOfPlayers(3);
+        $session = new Session();
+        $session->setGame($game);
+
+        $setting = new SessionSetting();
+        $setting->setSession($session);
+        $setting->setName(SessionSettingType::INVITE_CODE);
+        $setting->setValue('abc-123');
+
+        $repo = $this->createMock(\Doctrine\ORM\EntityRepository::class);
+        $this->entityManager->method('getRepository')
+            ->willReturn($repo);
+
+        $repo->method('findOneBy')
+            ->willReturn($setting);
+
+        $this->entityManager->expects($this->exactly(1))
+            ->method('persist');
+            // 1. Player
+
+        $result = $this->service->joinSession('abc-123', $user);
+
+        $this->assertTrue($result);
+    }
+
+    public function testStartSessionAssignsScreensAndInitializesSettings(): void
+    {
+        $game = new Game();
+        $game->setNumberOfPlayers(2);
+        $session = new Session();
+        $session->setGame($game);
+        $session->setStatus(\App\Game\Enum\SessionStatus::CREATED);
+
+        $user1 = new User();
+        $user1->setUsername('user1');
+        $player1 = new Player();
+        $player1->setUser($user1);
+        $session->addPlayer($player1);
+
+        $user2 = new User();
+        $user2->setUsername('user2');
+        $player2 = new Player();
+        $player2->setUser($user2);
+        $session->addPlayer($player2);
+
+        // For each player (2):
+        // Player (persist)
+        // SessionSetting (rights)
+        // SessionSetting (pwd)
+        // SessionSetting (chat tracking)
+        // SessionSetting (verify codes)
+        // SessionSetting (verification progress)
+        // Total = 2 * 6 = 12
+        // PLUS Session (persist)
+        // Total = 13
+
+        $this->entityManager->expects($this->exactly(13))
+            ->method('persist');
+
+        $result = $this->service->startSession($session);
+
+        $this->assertTrue($result);
+        $this->assertEquals(\App\Game\Enum\SessionStatus::READY, $session->getStatus());
+        $this->assertNotNull($player1->getScreen());
+        $this->assertNotNull($player2->getScreen());
+        $this->assertNotEquals($player1->getScreen(), $player2->getScreen());
+    }
+
+    public function testStartSessionWithFourPlayers(): void
+    {
+        $game = new Game();
+        $game->setNumberOfPlayers(4);
+        $session = new Session();
+        $session->setGame($game);
+        $session->setStatus(\App\Game\Enum\SessionStatus::CREATED);
+
+        for ($i = 1; $i <= 4; $i++) {
+            $user = new User();
+            $user->setUsername('user' . $i);
+            $player = new Player();
+            $player->setUser($user);
+            $session->addPlayer($player);
+        }
+
+        // For each player (4):
+        // Player (persist) + 5 Settings = 6 persists
+        // Total = 4 * 6 = 24
+        // PLUS Session (persist)
+        // Total = 25
+
+        $this->entityManager->expects($this->exactly(25))
+            ->method('persist');
+
+        $result = $this->service->startSession($session);
+
+        $this->assertTrue($result);
+        foreach ($session->getPlayers() as $player) {
+            $this->assertNotNull($player->getScreen());
+            $this->assertGreaterThanOrEqual(1, $player->getScreen());
+            $this->assertLessThanOrEqual(4, $player->getScreen());
+        }
+    }
+
+    public function testLeaveSession(): void
+    {
+        $user = new User();
+        $session = new Session();
+        $session->setStatus(\App\Game\Enum\SessionStatus::CREATED);
+        $session->setTimer(0);
+
+        $player1 = new Player();
+        $player1->setUser($user);
+        $player1->setSession($session);
+        $session->addPlayer($player1);
+
+        $player2 = new Player();
+        $player2->setUser(new User());
+        $player2->setSession($session);
+        $session->addPlayer($player2);
+
+        $setting = new SessionSetting();
+        $setting->setPlayer($player1);
+        $setting->setSession($session);
+        $session->addSetting($setting);
+
+        $this->entityManager->expects($this->exactly(2))
+            ->method('remove');
+            // 1. SessionSetting, 2. Player
+
+        $result = $this->service->leaveSession($session, $user);
+
+        $this->assertTrue($result);
+        $this->assertCount(1, $session->getPlayers());
+    }
+
+    public function testLeaveSessionDeletesSessionIfLastPlayer(): void
+    {
+        $user = new User();
+        $session = new Session();
+        $session->setStatus(\App\Game\Enum\SessionStatus::CREATED);
+        $session->setTimer(0);
+
+        $player = new Player();
+        $player->setUser($user);
+        $player->setSession($session);
+        $session->addPlayer($player);
+
+        $this->entityManager->expects($this->exactly(2))
+            ->method('remove');
+            // 1. Player, 2. Session
+
+        $result = $this->service->leaveSession($session, $user);
+
+        $this->assertTrue($result);
+    }
+}

tests/Game/GameResponseServiceChatVerifyCodeTest.php

@@ -0,0 +1,101 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Tests\Game;
+
+use App\Game\Entity\Player;
+use App\Game\Entity\Session;
+use App\Game\Entity\SessionSetting;
+use App\Game\Enum\SessionSettingType;
+use App\Game\Repository\SessionSettingRepository;
+use App\Game\Service\GameResponseService;
+use App\Game\Service\PlayerService;
+use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Mercure\HubInterface;
+use Symfony\Component\Mercure\Update;
+
+class GameResponseServiceChatVerifyCodeTest extends TestCase
+{
+    private $security;
+    private $playerService;
+    private $sessionSettingRepository;
+    private $hub;
+    private $entityManager;
+    private $service;
+
+    protected function setUp(): void
+    {
+        $this->security = $this->createMock(Security::class);
+        $this->playerService = $this->createMock(PlayerService::class);
+        $this->sessionSettingRepository = $this->createMock(SessionSettingRepository::class);
+        $this->hub = $this->createMock(HubInterface::class);
+        $this->entityManager = $this->createMock(EntityManagerInterface::class);
+
+        $this->service = new GameResponseService(
+            $this->security,
+            $this->playerService,
+            $this->sessionSettingRepository,
+            $this->hub,
+            $this->entityManager
+        );
+
+        $_ENV['MERCURE_TOPIC_BASE'] = 'http://test';
+    }
+
+    public function testChatRegeneratesVerifyCodesIfShared(): void
+    {
+        $user = new User();
+        $user->setUsername('testuser');
+
+        $session = $this->createMock(Session::class);
+        $session->method('getId')->willReturn(123);
+
+        $player = $this->createMock(Player::class);
+        $player->method('getUser')->willReturn($user);
+        $player->method('getScreen')->willReturn(1);
+        $player->method('getSession')->willReturn($session);
+
+        $this->security->method('getUser')->willReturn($user);
+        $this->playerService->method('GetCurrentlyActiveAsPlayer')->willReturn($player);
+
+        // Mock rights
+        $rightsSetting = new SessionSetting();
+        $rightsSetting->setValue(json_encode(['chat']));
+        $this->sessionSettingRepository->method('getSetting')
+            ->willReturnMap([
+                [$session, SessionSettingType::RIGHTS_FOR_PLAYER1, $player, $rightsSetting],
+            ]);
+
+        // Mock verify codes
+        $verifyCodesSetting = new SessionSetting();
+        $initialCodes = ['2' => 'secret123', '3' => 'secret456'];
+        $verifyCodesSetting->setValue(json_encode($initialCodes));
+
+        // Setting repository map for multiple calls
+        $this->sessionSettingRepository->method('getSetting')
+            ->willReturnCallback(function($s, $t, $p = null) use ($rightsSetting, $verifyCodesSetting) {
+                if ($t === SessionSettingType::RIGHTS_FOR_PLAYER1) return $rightsSetting;
+                if ($t === SessionSettingType::VERIFY_CODES_FOR_PLAYER1) return $verifyCodesSetting;
+                return null;
+            });
+
+        // Expect Mercure updates: 1 for chat, 1 for notification
+        $this->hub->expects($this->exactly(2))
+            ->method('publish');
+
+        $this->entityManager->expects($this->once())
+            ->method('flush');
+
+        $raw = json_encode(['message' => '/chat Hello look at my code secret123', 'ts' => '123']);
+        $result = $this->service->getGameResponse($raw);
+
+        $this->assertEquals(['result' => ['succesfully send']], $result);
+
+        $newCodes = json_decode($verifyCodesSetting->getValue(), true);
+        $this->assertNotEquals('secret123', $newCodes['2']);
+        $this->assertEquals('secret456', $newCodes['3']);
+    }
+}