senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/models/track.go

79 lines
4.7 KiB
Go
Raw Normal View History

adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
package models
import (
"time"
"github.com/google/uuid"
feat(tracks): add suggested tags endpoint and UI (E4) - Migration 085: tracks.tags TEXT[] - Track model: Tags pq.StringArray - GET /tracks/suggested-tags?genre=X&bpm=Y (static suggestions by genre) - UpdateTrack: support tags - TrackMetadataEditModal: tags chips + suggestions dropdown - TrackDetailPageInfo: display tags - getSuggestedTags, UpdateTrackParams.tags - MSW: suggested-tags handler, tags in mock track
2026-02-20 14:38:51 +00:00
"github.com/lib/pq"
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
"gorm.io/gorm"
)
// Track représente une piste audio dans le système
// MIGRATION UUID: Completée. ID et UserID sont des UUIDs.
type Track struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id" db:"id"`
report generation and future tasks selection
2025-12-08 18:57:54 +00:00
UserID uuid.UUID `gorm:"type:uuid;not null;column:creator_id" json:"creator_id" db:"creator_id"`
stabilizing veza-backend-api: phase 1
2025-12-16 16:23:49 +00:00
FileID *uuid.UUID `gorm:"type:uuid" json:"file_id,omitempty" db:"file_id"` // NULL temporairement avant création fichier
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
Title string `gorm:"not null;size:255" json:"title" db:"title"`
Artist string `gorm:"size:255" json:"artist" db:"artist"`
Album string `gorm:"size:255" json:"album" db:"album"`
Duration int `gorm:"not null" json:"duration" db:"duration"` // seconds
Genre string `gorm:"size:100" json:"genre" db:"genre"`
feat(tracks): add suggested tags endpoint and UI (E4) - Migration 085: tracks.tags TEXT[] - Track model: Tags pq.StringArray - GET /tracks/suggested-tags?genre=X&bpm=Y (static suggestions by genre) - UpdateTrack: support tags - TrackMetadataEditModal: tags chips + suggestions dropdown - TrackDetailPageInfo: display tags - getSuggestedTags, UpdateTrackParams.tags - MSW: suggested-tags handler, tags in mock track
2026-02-20 14:38:51 +00:00
Tags pq.StringArray `gorm:"type:text[]" json:"tags,omitempty" db:"tags"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
Year int `gorm:"default:0" json:"year" db:"year"`
feat(tracks): add BPM field to model and CRUD (E1) - Backend: BPM and MusicalKey in Track model, UpdateTrack handler - track_search_service: enable BPM filter (min_bpm, max_bpm) - Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo - TrackMetadataEditModal: BPM input, edit flow for track creator - MSW: bpm, musical_key in mock track, correct response envelope
2026-02-20 14:34:00 +00:00
BPM *int `gorm:"column:bpm" json:"bpm,omitempty" db:"bpm"`
MusicalKey string `gorm:"size:10" json:"musical_key,omitempty" db:"musical_key"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
FilePath string `gorm:"not null;size:500" json:"file_path" db:"file_path"`
FileSize int64 `gorm:"not null" json:"file_size" db:"file_size"` // bytes
Format string `gorm:"size:10" json:"format" db:"format"` // mp3, flac, wav, etc.
Bitrate int `gorm:"default:0" json:"bitrate" db:"bitrate"` // kbps
SampleRate int `gorm:"default:0" json:"sample_rate" db:"sample_rate"` // Hz
WaveformPath string `gorm:"size:500" json:"waveform_path" db:"waveform_path"`
feat(v0.501): Sprint 1 -- infrastructure foundations - Add MinIO S3-compatible storage to docker-compose (dev, staging, prod) - Create migrations 103-108 (waveform_url, user_folders, user_files, user_storage_quotas, gear_items.is_public, gear_images) - Add Go models: UserFile, UserFolder, StorageQuota, GearImage - Add WaveformURL to Track model, IsPublic + GearImages to GearItem model
2026-02-22 17:10:25 +00:00
WaveformURL *string `gorm:"size:500" json:"waveform_url,omitempty" db:"waveform_url"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
CoverArtPath string `gorm:"size:500" json:"cover_art_path" db:"cover_art_path"`
IsPublic bool `gorm:"default:true" json:"is_public" db:"is_public"`
feat(legal): DMCA notice handler + admin queue + 451 playback gate (W3 Day 14) End-to-end DMCA workflow. Public submission, admin queue, takedown flips track to is_public=false + dmca_blocked=true, playback paths return 451 Unavailable For Legal Reasons. Backend - migrations/988_dmca_notices.sql + rollback : table dmca_notices (id, status, claimant_*, work_description, infringing_track_id FK, sworn_statement_at, takedown_at, counter_notice_at, restored_at, audit_log JSONB, created_at, updated_at). Adds tracks.dmca_blocked BOOLEAN. Partial indexes for the pending queue + per-track lookup. Status enum constrained via CHECK. - internal/models/dmca_notice.go + DmcaBlocked field on Track. - internal/services/dmca_service.go : CreateNotice + ListPending + Takedown + Dismiss. Takedown is a single transaction that flips the track's flags AND appends an audit_log entry — partial state can't happen if the track was deleted between fetch and update. - internal/handlers/dmca_handler.go : POST /api/v1/dmca/notice (public), GET /api/v1/admin/dmca/notices (paginated), POST /:id/takedown, POST /:id/dismiss. sworn_statement=false → 400. Conflict → 409. Track gone after notice → 410. - internal/api/routes_legal.go : route registration. Admin chain : RequireAuth + RequireAdmin + RequireMFA (same as moderation routes). - internal/core/track/track_hls_handler.go : both StreamTrack + DownloadTrack now early-return 451 when track.DmcaBlocked. Owner cannot bypass — only an admin restoring the notice clears the gate. - internal/services/dmca_service_test.go : audit_log append helpers, malformed-JSON rejection, ordering preservation. Frontend - apps/web/src/features/legal/pages/DmcaNoticePage.tsx : public form at /legal/dmca/notice. Validates sworn-statement checkbox client-side. Receipt panel shows the notice ID after submission. - apps/web/src/services/api/dmca.ts : thin client (POST /dmca/notice). - routeConfig + lazy registry updated for the new route. - DmcaPage now links to /legal/dmca/notice instead of saying "form pending". E2E - tests/e2e/29-dmca-notice.spec.ts : 3 tests. (1) anonymous submit yields 201 + pending receipt. (2) sworn_statement=false rejected with 400. (3) admin takedown gates playback with 451 — gated behind E2E_DMCA_ADMIN=1 because admin path requires MFA-bearing seed. Acceptance (Day 14) : public submission produces a pending notice, admin takedown blocks playback at 451. Lab-side validation pending admin MFA seed for the e2e admin pathway. W3 progress : Redis Sentinel ✓ · MinIO distribué ✓ · CDN ✓ · DMCA ✓ · embed ⏳ Day 15. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 13:39:33 +00:00
// v1.0.9 W3 Day 14 — DMCA takedown gate. When TRUE, no playback path
// serves the track regardless of is_public. Only an admin restoring
// the corresponding dmca_notices row clears this flag.
DmcaBlocked bool `gorm:"default:false;not null" json:"-" db:"dmca_blocked"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
Status TrackStatus `gorm:"default:'uploading'" json:"status" db:"status"`
StatusMessage string `gorm:"type:text" json:"status_message,omitempty" db:"status_message"`
StreamStatus string `gorm:"default:'pending'" json:"stream_status" db:"stream_status"` // pending, processing, ready, error
StreamManifestURL string `gorm:"size:500" json:"stream_manifest_url" db:"stream_manifest_url"`
feat(storage): add track storage_backend column + config prep (v1.0.8 P0) Phase 0 of the MinIO upload migration (FUNCTIONAL_AUDIT §4 item 2). Schema + config only — Phase 1 will wire TrackService.UploadTrack() to actually route writes to S3 when the flag is flipped. Schema (migration 985): - tracks.storage_backend VARCHAR(16) NOT NULL DEFAULT 'local' CHECK in ('local', 's3') - tracks.storage_key VARCHAR(512) NULL (S3 object key when backend=s3) - Partial index on storage_backend = 's3' (migration progress queries) - Rollback drops both columns + index; safe only while all rows are still 'local' (guard query in the rollback comment) Go model (internal/models/track.go): - StorageBackend string (default 'local', not null) - StorageKey *string (nullable) - Both tagged json:"-" — internal plumbing, never exposed publicly Config (internal/config/config.go): - New field Config.TrackStorageBackend - Read from TRACK_STORAGE_BACKEND env var (default 'local') - Production validation rule #11 (ValidateForEnvironment): - Must be 'local' or 's3' (reject typos like 'S3' or 'minio') - If 's3', requires AWS_S3_ENABLED=true (fail fast, do not boot with TrackStorageBackend=s3 while S3StorageService is nil) - Dev/staging warns and falls back to 'local' instead of fail — keeps iteration fast while still flagging misconfig. Docs: - docs/ENV_VARIABLES.md §13 restructured as "HLS + track storage backend" with a migration playbook (local → s3 → migrate-storage CLI) - docs/ENV_VARIABLES.md §28 validation rules: +2 entries for new rules - docs/ENV_VARIABLES.md §29 drift findings: TRACK_STORAGE_BACKEND added to "missing from template" list before it was fixed - veza-backend-api/.env.template: TRACK_STORAGE_BACKEND=local with comment pointing at Phase 1/2/3 plans No behavior change yet — TrackService.UploadTrack() still hardcodes the local path via copyFileAsync(). Phase 1 wires it. Refs: - AUDIT_REPORT.md §9 item (deferrals v1.0.8) - FUNCTIONAL_AUDIT.md §4 item 2 "Stockage local disque only" - /home/senke/.claude/plans/audit-fonctionnel-wild-hickey.md Item 3 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 17:54:28 +00:00
// v1.0.8 Phase 0 — multi-backend storage. Schema added in migration 985.
// Values: "local" (default, file_path is the local FS path) or "s3"
// (storage_key is the S3/MinIO object key inside config.S3Bucket).
// Hidden from JSON responses — internal plumbing only.
StorageBackend string `gorm:"size:16;default:'local';not null" json:"-" db:"storage_backend"`
StorageKey *string `gorm:"size:512" json:"-" db:"storage_key"`
fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings Security fixes implemented: CRITICAL: - CRIT-001: IDOR on chat rooms — added IsRoomMember check before returning room data or message history (returns 404, not 403) - CRIT-002: play_count/like_count exposed publicly — changed JSON tags to "-" so they are never serialized in API responses HIGH: - HIGH-001: TOCTOU race on marketplace downloads — transaction + SELECT FOR UPDATE on GetDownloadURL - HIGH-002: HS256 in production docker-compose — replaced JWT_SECRET with JWT_PRIVATE_KEY_PATH / JWT_PUBLIC_KEY_PATH (RS256) - HIGH-003: context.Background() bypass in user repository — full context propagation from handlers → services → repository (29 files) - HIGH-004: Race condition on promo codes — SELECT FOR UPDATE - HIGH-005: Race condition on exclusive licenses — SELECT FOR UPDATE - HIGH-006: Rate limiter IP spoofing — SetTrustedProxies(nil) default - HIGH-007: RGPD hard delete incomplete — added cleanup for sessions, settings, follows, notifications, audit_logs anonymization - HIGH-008: RTMP callback auth weak — fail-closed when unconfigured, header-only (no query param), constant-time compare - HIGH-009: Co-listening host hijack — UpdateHostState now takes *Conn and verifies IsHost before processing - HIGH-010: Moderator self-strike — added issuedBy != userID check MEDIUM: - MEDIUM-001: Recovery codes used math/rand — replaced with crypto/rand - MEDIUM-005: Stream token forgeable — resolved by HIGH-002 (RS256) Updated REMEDIATION_MATRIX: 14 findings marked ✅ CORRIGÉ. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 04:40:53 +00:00
// SECURITY(CRIT-002): play_count and like_count are PRIVATE — visible only to the creator
// in their analytics dashboard. Never exposed in public API responses.
// Ref: CLAUDE.md rule #4, ORIGIN_UI_UX_SYSTEM.md §13
style(backend): gofmt -w on 85 files (whitespace only) backend-ci.yml's `test -z "$(gofmt -l .)"` strict gate (added in 13c21ac11) failed on a backlog of unformatted files. None of the 85 files in this commit had been edited since the gate was added because no push touched veza-backend-api/** in between, so the gate never fired until today's CI fixes triggered it. The diff is exclusively whitespace alignment in struct literals and trailing-space comments. `go build ./...` and the full test suite (with VEZA_SKIP_INTEGRATION=1 -short) pass identically.
2026-04-14 10:22:14 +00:00
PlayCount int64 `gorm:"default:0" json:"-" db:"play_count"`
LikeCount int64 `gorm:"default:0" json:"-" db:"like_count"`
CreatedAt time.Time `gorm:"autoCreateTime" json:"created_at" db:"created_at"`
UpdatedAt time.Time `gorm:"autoUpdateTime" json:"updated_at" db:"updated_at"`
DeletedAt gorm.DeletedAt `json:"-" db:"deleted_at"`
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
// Relations
User User `gorm:"foreignKey:UserID;constraint:OnDelete:CASCADE" json:"-"`
Playlists []Playlist `gorm:"many2many:playlist_tracks;" json:"-"`
Likes []TrackLike `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
Shares []TrackShare `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
Versions []TrackVersion `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
HLSStreams []HLSStream `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
}
// TableName définit le nom de la table pour GORM
func (Track) TableName() string {
return "tracks"
}
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 16:21:59 +00:00
adding initial backend API (Go)
2025-12-03 19:29:37 +00:00
// BeforeCreate hook GORM pour générer UUID si non défini
func (m *Track) BeforeCreate(tx *gorm.DB) error {
if m.ID == uuid.Nil {
m.ID = uuid.New()
}
return nil
}
Reference in a new issue Copy permalink