626 commits

Author	SHA1	Message	Date
senke	01378a06a5	fix(v0.12.6.1): update in-memory UserRepositoryImpl to accept context.Context ... Aligns the in-memory implementation with the updated services.UserRepository interface for consistency (HIGH-003 context propagation). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 05:47:47 +01:00
senke	24b29d229d	fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings ... Security fixes implemented: CRITICAL: - CRIT-001: IDOR on chat rooms — added IsRoomMember check before returning room data or message history (returns 404, not 403) - CRIT-002: play_count/like_count exposed publicly — changed JSON tags to "-" so they are never serialized in API responses HIGH: - HIGH-001: TOCTOU race on marketplace downloads — transaction + SELECT FOR UPDATE on GetDownloadURL - HIGH-002: HS256 in production docker-compose — replaced JWT_SECRET with JWT_PRIVATE_KEY_PATH / JWT_PUBLIC_KEY_PATH (RS256) - HIGH-003: context.Background() bypass in user repository — full context propagation from handlers → services → repository (29 files) - HIGH-004: Race condition on promo codes — SELECT FOR UPDATE - HIGH-005: Race condition on exclusive licenses — SELECT FOR UPDATE - HIGH-006: Rate limiter IP spoofing — SetTrustedProxies(nil) default - HIGH-007: RGPD hard delete incomplete — added cleanup for sessions, settings, follows, notifications, audit_logs anonymization - HIGH-008: RTMP callback auth weak — fail-closed when unconfigured, header-only (no query param), constant-time compare - HIGH-009: Co-listening host hijack — UpdateHostState now takes *Conn and verifies IsHost before processing - HIGH-010: Moderator self-strike — added issuedBy != userID check MEDIUM: - MEDIUM-001: Recovery codes used math/rand — replaced with crypto/rand - MEDIUM-005: Stream token forgeable — resolved by HIGH-002 (RS256) Updated REMEDIATION_MATRIX: 14 findings marked ✅ CORRIGÉ. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 05:40:53 +01:00
senke	8f4ba0c284	Merge branch 'feat/v0.12.4-performance-scalabilite' ... # Conflicts: # VEZA_VERSIONS_ROADMAP.md	2026-03-11 23:04:31 +01:00
senke	02d1846141	feat(v0.12.3): F276-F305 video upload, HLS transcoding, education tests ... - Add video upload endpoint POST /courses/:id/lessons/:lesson_id/video - Add VideoTranscodeService for multi-bitrate HLS (720p/480p/360p) - Add VideoTranscodeWorker for async lesson video processing - Add SetLessonVideoPath and UpdateLessonTranscoding to education service - Add uploadLessonVideo to frontend educationService with progress - Add comprehensive handler tests (video upload, auth, validation) - Add service-level tests (models, slugs, clamping, errors, UUIDs) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 19:20:48 +01:00
senke	ade46fc70f	feat(v0.12.4): Redis response cache and CDN cache headers middleware ... - ResponseCache: Redis-backed HTTP response caching for public GET endpoints with configurable TTLs per endpoint prefix (tracks 15m, search 5m, etc.) - CacheHeaders: CDN-optimized Cache-Control headers per asset type (static 1yr immutable, audio 7d, HLS 60s, images 30d, API no-cache) - Integrated both middlewares into the router middleware stack - Unit tests for cache key generation, header rules, and config Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:57:06 +01:00
senke	65f2104458	feat(v0.12.4): database performance indexes migration ... Critical indexes for users, tracks, messages, playlists, follows, comments, notifications, analytics, marketplace, education, and full-text search GIN indexes. Reference: ORIGIN_PERFORMANCE_TARGETS.md §8.4 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:56:04 +01:00
senke	506195f4e0	feat(v0.12.3): F276-F305 education backend service, handler, and routes ... - Course CRUD with slug generation, publish/archive lifecycle - Lesson management with ordering and transcoding status - Enrollment system with duplicate prevention - Progress tracking with auto-completion at 90% - Certificate issuance requiring full course completion - Course reviews with rating aggregation - Unit tests for service and handler layers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:45:26 +01:00
senke	329f53ada3	feat(v0.12.3): database migrations for education courses ... Tables: courses, lessons, course_enrollments, lesson_progress, certificates, course_reviews with proper indexes and constraints. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 09:44:54 +01:00
senke	6063bfdeea	feat(v0.12.2): F501-F510 distribution service, handler, and routes ... - Distribution module: submit tracks to Spotify, Apple Music, Deezer - Subscription eligibility check (Creator/Premium only) - Distribution status tracking with platform-specific statuses - Status history audit trail - External streaming royalties import and aggregation - Distributor provider interface for DistroKid/TuneCore integration - Handler and service unit tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 19:54:26 +01:00
senke	9f5ffbe569	feat(v0.12.2): database migrations for distribution platforms ... Add migration 950 with track_distributions, track_distribution_status_history, and external_streaming_royalties tables for F501-F510. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 19:54:00 +01:00
senke	f6ca52c3dc	feat(v0.12.1): subscription plans service, handler, and routes ... - Add subscription module (models, service, tests) - Plans: Free, Creator ($9.99/mo), Premium ($19.99/mo) - Features: subscribe, cancel, reactivate, change billing cycle - 14-day trial for Premium plan - Upgrade immediate, downgrade at period end - Invoice tracking and history - Handler tests for auth and validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 19:36:57 +01:00
senke	11432dac7f	feat(v0.12.1): database migrations for subscription plans ... Add migration 949 with subscription_plans, user_subscriptions, and subscription_invoices tables. Includes default plan data (Free, Creator $9.99/mo, Premium $19.99/mo with 14-day trial). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 19:36:29 +01:00
senke	38530b5a52	feat(v0.12.0): F252-F254 marketplace service enhancements ... - F252: Enable download count decrement on GetDownloadURL - F253: Differentiated commission rates (creator 15%, premium 10%) - F254: Seller balance tracking, payout scheduling, manual payout request - Enforce 14-day refund window on RefundOrder - Credit seller balance on completed sales - New payout handler with balance/payouts/request endpoints - 15 new tests (payout, refund window, commission) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 18:52:06 +01:00
senke	848087aee7	feat(v0.12.0): F252-F254 database migrations for marketplace completion ... - seller_balances table for balance tracking - seller_payouts table for payout scheduling - commission_rate column on seller_transfers - refund_deadline column on orders (14-day window) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 18:51:26 +01:00
senke	ec2792118f	feat(v0.11.3): F421-F424 admin platform handler and routes ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 18:19:45 +01:00
senke	8078345f24	feat(v0.11.3): F421-F424 admin platform service with metrics, user mgmt, content, payments ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 18:16:27 +01:00
senke	025c7aae45	feat(v0.11.2): F411-F420 moderation handler and routes ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 17:49:51 +01:00
senke	e6f1d7f18a	feat(v0.11.2): F411-F420 moderation service with queue, spam, fingerprints, strikes ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 17:45:34 +01:00
senke	0002af1a3a	feat(v0.11.2): F411-F420 database migrations and models for advanced moderation ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 17:41:38 +01:00
senke	c756cb9e65	feat(v0.11.1): F396-F399 advanced analytics service, handler and routes ... - F396: Track listening heatmap (segment-level aggregated data) - F397: Period comparison (week/month/quarter with % changes) - F398: Marketplace analytics (product views, conversion rates, revenue) - F399: Metric alerts (opt-in thresholds, preferences, CRUD) - Unit tests for service (percent change calculations) and handler (auth, validation) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 17:12:26 +01:00
senke	80d54527b9	feat(v0.11.1): F396-F399 database migrations for advanced analytics ... Add tables: track_segment_stats (heatmap), product_views (marketplace conversion), metric_alerts, metric_alert_preferences. Add segment_positions JSONB column to playback_analytics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 17:12:01 +01:00
senke	8b6f0bb430	feat(v0.11.0): F381-F385 creator analytics handler and routes ... Add CreatorAnalyticsHandler with endpoints: - GET /api/v1/creator/analytics/dashboard (F381) - GET /api/v1/creator/analytics/plays (F382) - GET /api/v1/creator/analytics/sales (F383) - GET /api/v1/creator/analytics/discovery (F381) - GET /api/v1/creator/analytics/geographic (F381) - GET /api/v1/creator/analytics/audience (F384) - GET /api/v1/creator/analytics/live/:streamId (F385) - GET /api/v1/creator/analytics/tracks (F381) - GET /api/v1/creator/analytics/export (F383) All endpoints require authentication and only return data for the authenticated creator. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:28:22 +01:00
senke	41a447224a	feat(v0.11.0): F381-F385 creator analytics service ... Implement CreatorAnalyticsService with: - GetCreatorDashboard: aggregated plays, listeners, revenue (F381) - GetPlayEvolution: temporal data by day/week/month (F382) - GetSalesSummary: revenue and sales history (F383) - GetDiscoverySources: how listeners find tracks (F381) - GetGeographicBreakdown: anonymized geographic data (F381) - GetAudienceProfile: aggregated audience demographics, min 10 users (F384) - GetLiveStreamMetrics: real-time viewer count (F385) - GetPerTrackStats: per-track analytics with pagination All data is private to the creator, never exposed publicly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:25:30 +01:00
senke	b955a3c0b4	feat(v0.11.0): F381-F385 database migrations and models for creator analytics ... Add daily_track_stats, geographic_play_stats, track_discovery_sources tables. Add source and country_code columns to track_plays. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 16:21:01 +01:00
senke	19fec9e40a	feat(gdpr): v0.10.8 portabilité données - export ZIP async, suppression compte, hard delete cron ... - Export: table data_exports, POST /me/export (202), GET /me/exports, messages+playback_history - Notification email quand ZIP prêt, rate limit 3/jour - Suppression: keep_public_tracks, anonymisation PII complète (users, user_profiles) - HardDeleteWorker: final anonymization après 30 jours - Frontend: POST export, checkbox keep_public_tracks - MSW handlers pour Storybook	2026-03-10 13:57:04 +01:00
senke	871a0f2a05	feat(v0.10.7): Collaboration Temps Réel F481-F483 ... - F481: Co-listening sessions (WebSocket sync, ListenTogether page) - F482: Stem sharing (upload/list/download wav,aiff,flac) - F483: Collaborative rooms (type collaborative, max 10, invite-only) - Roadmap: v0.10.7 → DONE	2026-03-10 13:34:16 +01:00
senke	eb2862092d	feat(v0.10.6): Livestreaming basique F471-F476 ... - Backend: callbacks on_publish/on_publish_done, UpdateStreamURL, GetByStreamKey - Nginx-RTMP: config infra, docker-compose service (profil live) - Frontend: stream_url dans LiveStream, HLS.js dans LiveViewPlayer, état Stream terminé - Chat: rate limit send_live_message 1 msg/3s pour rooms live_streams - Env: RTMP_CALLBACK_SECRET, STREAM_HLS_BASE_URL, NGINX_RTMP_HOST - Roadmap v0.10.6 marquée DONE	2026-03-10 10:21:57 +01:00
senke	dd23805401	feat(v0.10.5): Notifications Complètes (F551-F555) ... - Phase 1: Default prefs — push_message & push_follow only; migration 941 - Phase 2: Digest = new tracks from followed artists (ORIGIN §8.1), not unread notifications - Phase 3: Toggle 'désactiver marketing' + button 'Tout désactiver sauf messages et follows' - Phase 4: PushPreferencesSection first in NotificationSettings (source of truth) - Roadmap: v0.10.5 → DONE	2026-03-10 10:09:32 +01:00
senke	7cd01e4216	feat(v0.10.5): Notifications complètes — F551-F555 ... F555: Backend pagination/filter GetNotifications (type, page, limit) + frontend pagination F551: WebSocket real-time — backend inject chat hub, send on CreateNotification; frontend useChat invalidates F553: Quiet hours — migration 132, CreateNotification skips push/WS, UI in PushPreferencesSection F554: Notification grouping — migration 133, group_key/actor_count for like/comment, UI format F552: Weekly digest — migration 134, NotificationDigestWorker, email template, prefs UI Acceptance: no gamification notif; defaults unchanged; individual toggles for marketing	2026-03-10 10:02:21 +01:00
senke	22f0c04b3f	stabilisation commit: while implementing v0.10.5	2026-03-09 19:36:33 +01:00
senke	ac182d9f35	feat(v0.10.4): Playlists collaboratives - F136, F140, F141, F143, F145 ... Backend: - F141: GET /discover/playlists/editorial for editorial playlists - F143: GET /playlists/shared/:token (public, no auth) - F145: POST /playlists/import (JSON), GET /playlists/:id/export/m3u - F136: GET /playlists/favoris (creates Favoris playlist if needed) - Repo: GetFavorisByUserID, service GetOrCreateFavorisPlaylist Frontend: - SharedPlaylistPage at /playlists/shared/:token (public route) - Editorial playlists section in DiscoverPage - Export M3U in ExportPlaylistButton dropdown - Import JSON via ImportPlaylistButton (PlaylistListPage) - Favoris sidebar link, FavorisRedirectPage, AddToFavorisButton on tracks Roadmap: v0.10.4 marked DONE	2026-03-09 16:49:05 +01:00
senke	6111ae6136	feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 ... - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek	2026-03-09 10:30:47 +01:00
senke	171a154763	feat(v0.10.2): Recherche fulltext Elasticsearch - F361-F365 ... - Elasticsearch 8.x dans docker-compose.dev - Package internal/elasticsearch: client, config, mappings, indices - Sync PG→ES: reindex tracks/users/playlists, IndexTrack/DeleteTrack - SearchService ES: multi_match + fuzziness (typo tolerance), highlighting - Fallback gracieux: PostgreSQL si ELASTICSEARCH_URL absent - Routes: GET /search, GET /search/suggestions, POST /admin/search/reindex - Frontend: searchApi cursor/limit params (extensibilité) - docs/ENV_VARIABLES: ELASTICSEARCH_URL, ELASTICSEARCH_INDEX, ELASTICSEARCH_AUTO_INDEX - Roadmap v0.10.2 → DONE	2026-03-09 10:13:18 +01:00
senke	4a422fc4c3	feat(v0.10.1): Tags & Genres discover - F351-F355 ... - Tags déclaratifs (max 10, 30 chars) via track_tags + tags - Genres normalisés (max 3) via track_genres + taxonomy - GET /api/v1/discover/genre/:genre, tag/:tag (browse chrono) - POST/DELETE follow genre/tag - Section feed "Nouvelles sorties dans vos genres" - Track update: SyncTrackTags, SyncTrackGenres via discover service - Frontend: discoverService, FeedPage by_genres, DiscoverPage - Migration 126_tags_genres_discover - MSW handlers for discover	2026-03-09 01:52:56 +01:00
senke	9024fa92a0	v0.9.8 beta	2026-03-07 00:54:35 +01:00
senke	2a4de3ce21	v0.9.8	2026-03-06 19:13:16 +01:00
senke	41d55e107d	v0.9.7 beta	2026-03-06 18:58:37 +01:00
senke	05467c1c2f	v0.9.7	2026-03-06 18:52:08 +01:00
senke	257077ad49	v0.9.6	2026-03-06 10:29:30 +01:00
senke	f5bca2b642	v0.9.5	2026-03-06 10:02:53 +01:00
senke	2ed2bb9dcf	v0.9.4	2026-03-05 23:03:43 +01:00
senke	b6c004319c	v0.9.2	2026-03-05 19:27:34 +01:00
senke	2df921abd5	v0.9.1	2026-03-05 19:22:31 +01:00
senke	ecf8d73e55	fix(release): v1.0.2 — Conformité complète V1_SIGNOFF (21 critères) ... - Couverture Go: script coverage_report.sh, 39% mesuré - Vitest thresholds frontend 50% - Load test WebSocket: CHAT_ORIGIN→backend, WS_URL=/api/v1/ws - Tests: chat_service (WSUrl), password_service (hash/expired) - V1_SIGNOFF: 14 PASS, 7 N/A documentés - PERFORMANCE_BASELINE, RGPD, PWA tables v1.0.2 - Runbooks, Grafana, Secrets validés	2026-03-03 21:18:53 +01:00
senke	7cfd48a82a	fix(release): v1.0.1 — Conformité complète ROADMAP checklist ... - Sécurité: npm 0 CRITICAL, cargo audit 0 vulnérabilités - OpenAPI: @Param id corrigé pour /tracks/quota/{id} - Tests: Payment E2E passe, OAuth DATABASE_URL fallback - Migrations: 000_mark_consolidated.sql - veza-stream-server: prometheus 0.14, validator 0.19 - docs: SECURITY_SCAN_RC1, V1_SIGNOFF, PROJECT_STATE	2026-03-03 20:17:54 +01:00
senke	354c747cce	feat(security): add global and per-IP DDoS rate limiting (1000/s, 100/s) ... SEC1-04: Redis sliding window 1s, excluded paths (health, swagger, auth)	2026-03-03 09:25:08 +01:00
senke	d577f8c9be	chore(release): v0.971 — Phantom (gamification removal, WebRTC Beta, limits doc)	2026-03-02 19:25:37 +01:00
senke	da837fc085	chore(release): v0.951 — Loadtest (500 req/s, 1000 WS, 50 uploads, perf indexes)	2026-03-02 19:22:38 +01:00
senke	d92b7fd975	chore(release): v0.943 — Refactor (split track batch ops to track_batch_service)	2026-03-02 19:07:49 +01:00
senke	40fba3cbbf	chore(release): v0.942 — Compress (migration consolidation procedure, mark script)	2026-03-02 19:05:54 +01:00
senke	7e015f8e73	chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes)	2026-03-02 19:04:30 +01:00
senke	1318a53a64	chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline)	2026-03-02 12:35:49 +01:00
senke	2a0a6a1ec9	chore(release): v0.922 — Greenlight (handler tests: dashboard, presence)	2026-03-02 12:30:51 +01:00
senke	72d40990c5	feat(v0.923): API contract tests, OpenAPI generation, CI type sync check	2026-02-27 20:23:10 +01:00
senke	7cb4ef56e1	feat(v0.912): Cashflow - payment E2E integration tests ... - Add MarketplaceServiceOverride and AuthMiddlewareOverride to config for tests - Wire overrides in routes_webhooks and routes_marketplace (authForMarketplaceInterface) - payment_flow_test: cart -> checkout -> webhook -> order completed, license, transfer - webhook_idempotency_test: 3 identical webhooks -> 1 order, 1 license - webhook_security_test: empty secret 500, invalid sig 401, valid sig 200 - refund_flow_test: completed order -> refund -> order refunded, license revoked - Shared computeWebhookSignature helper in webhook_test_helpers.go - SetMaxOpenConns(1) for sqlite :memory: in idempotency test to avoid flakiness Ref: docs/ROADMAP_V09XX_TO_V1.md v0.912 Cashflow	2026-02-27 20:00:51 +01:00
senke	4720bb20b2	feat(auth): v0.911 Keystone - OAuth and auth integration tests ... - Add access token blacklist on logout (VEZA-SEC-006) - Extend OAuthService for mock provider injection in tests - Add oauth_google_test.go: full OAuth Google flow with mocked provider - Add oauth_github_test.go: OAuth GitHub flow with PKCE verification - Add token_refresh_test.go: E2E refresh via httpOnly cookies - Add logout_blacklist_test.go: E2E logout + token blacklist - Fix testutils import path in resume_upload_test, track_quota_test - Fix CreatorID -> UserID in track_quota_test - Add test:integration script to package.json Release: v0.911 Keystone	2026-02-27 09:58:53 +01:00
senke	f9120c322b	release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 ... - ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus	2026-02-27 09:43:25 +01:00
senke	6823e5a30d	release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET ... - PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL - CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest - OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS - CHAT_JWT_SECRET must differ from JWT_SECRET in production - Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens - Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010	2026-02-26 19:49:15 +01:00
senke	51984e9a1f	feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities ... - OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)	2026-02-26 19:34:45 +01:00
senke	62e3e96884	test(v0.803): unit tests for CCPA, reports, announcements, feature flags	2026-02-25 20:02:24 +01:00
senke	c782bcb5b3	feat(admin): feature flags CRUD with DB persistence	2026-02-25 19:56:24 +01:00
senke	99b7cd8d97	feat(admin): global announcements CRUD and public banner endpoint	2026-02-25 19:55:21 +01:00
senke	f30a9562a9	feat(admin): maintenance mode middleware with 503 responses	2026-02-25 19:54:22 +01:00
senke	911fc525a2	feat(admin): moderation queue with reports CRUD	2026-02-25 19:53:04 +01:00
senke	d35b7d37fb	feat(api): add Swagger annotations for privacy opt-out and account deletion	2026-02-25 19:51:54 +01:00
senke	9636613eaa	feat(users): account deletion hardening with anonymization, S3 cleanup, session revocation	2026-02-25 19:51:21 +01:00
senke	3f56e49791	feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint	2026-02-25 19:49:25 +01:00
senke	470162ade8	feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE	2026-02-25 19:48:03 +01:00
senke	7692c4b8b9	feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive ... - Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView - Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab - MSW: cloud versions/share, gear documents/repairs, tags suggest - Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants - gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair - cloudService: listVersions, restoreVersion, shareFile, getSharedFile - gear_warranty_notifier: 24h ticker, notifications for expiring warranty - tag_handler_test: unit tests - docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802 - SCOPE_CONTROL, .cursorrules: scope v0.803 - archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802	2026-02-25 14:00:58 +01:00
senke	596233aaaf	feat(upload): tags auto-suggest endpoint and additional audio formats	2026-02-25 13:39:59 +01:00
senke	8162d1b419	feat(cloud): GDPR data export and automatic backup cron	2026-02-25 13:35:16 +01:00
senke	dced768c01	feat(cloud): file versioning, restore, and sharing	2026-02-25 13:33:08 +01:00
senke	689d9164f6	feat(db): add migrations 119-122 for cloud versions, gear warranty/documents/repairs	2026-02-25 13:30:49 +01:00
senke	d161a3739d	feat(users): add user_preferences migration with appearance fields	2026-02-25 09:45:03 +01:00
senke	63867f1d09	feat(v0.703): Go Live & Streaming Complet ... - Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms - LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room - LiveViewPlayer: real-time viewer count via polling (5s) - Media Session: seekbackward/seekforward handlers (10s step) - GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible - Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703 - SCOPE_CONTROL, .cursorrules: update to v0.801 - Archive V0_703_RELEASE_SCOPE.md	2026-02-25 09:35:22 +01:00
senke	038f6d4991	test(live): add live stream service unit tests ... Use serializer:json for LiveStream.Tags to support SQLite in-memory tests.	2026-02-24 09:56:08 +01:00
senke	b49045073e	feat(monitoring): add live stream Prometheus metrics	2026-02-24 09:53:29 +01:00
senke	8062ec685c	feat(live): add handler endpoints for Go Live (me, key, regenerate, update)	2026-02-24 09:53:01 +01:00
senke	083fe2e50d	feat(live): stream key generation, ListByUser, RegenerateStreamKey	2026-02-24 09:52:04 +01:00
senke	076a132c0f	feat(live): add migration 117 and model fields for Go Live	2026-02-24 09:51:21 +01:00
senke	7895e7ed50	test(marketplace): add refund order unit tests	2026-02-24 00:19:42 +01:00
senke	c22866fe8c	test(marketplace): add invoice generation unit tests	2026-02-24 00:19:10 +01:00
senke	a40c27bcc9	test(marketplace): add product review unit tests	2026-02-24 00:18:45 +01:00
senke	c785e61e69	feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 ... - Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers - Step 14: MSW handlers admin transfers - Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading) - Step 16-17: DeepHealth handler (disk, config), GET /health/deep - Step 19: health_deep_test.go (4 tests) - Step 20: docs/API_REFERENCE.md - Step 21: Archive V0_604, MIGRATIONS.md migration 116 - Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701 - Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules - Step 24: Archive V0_701_RELEASE_SCOPE - Fix: AdminTransfersView Select component (use options API)	2026-02-23 23:42:02 +01:00
senke	b3a74d6740	test(admin): add admin transfer handler tests	2026-02-23 23:35:11 +01:00
senke	7d530f9612	feat(routes): wire admin transfer endpoints in /admin group	2026-02-23 23:33:54 +01:00
senke	9ee4b18c33	feat(admin): add admin transfer handler (GET list, POST retry)	2026-02-23 23:33:35 +01:00
senke	06db7d6936	test(marketplace): add transfer retry worker tests	2026-02-23 23:32:59 +01:00
senke	b83a650279	feat(server): start TransferRetryWorker on boot (v0.701)	2026-02-23 23:32:23 +01:00
senke	8272f4770a	feat(marketplace): add TransferRetryWorker background goroutine	2026-02-23 23:32:03 +01:00
senke	2a9e6084fc	feat(monitoring): add transfer retry Prometheus metrics	2026-02-23 23:31:35 +01:00
senke	42764110f0	feat(config): add transfer retry configuration (v0.701)	2026-02-23 23:31:09 +01:00
senke	706a97b824	feat(marketplace): add retry fields to SellerTransfer model	2026-02-23 23:30:51 +01:00
senke	c46a7202aa	feat(marketplace): add migration 116 — retry columns for seller_transfers	2026-02-23 23:30:41 +01:00
senke	5e7e506fe3	test(commerce): add transfer tests — success, multi-seller, transfer-fails	2026-02-23 22:58:16 +01:00
senke	fdd750d772	feat(seller): add transfers history card to SellerDashboard	2026-02-23 22:57:28 +01:00
senke	b3c74428d8	feat(commerce): add GET /sell/transfers endpoint	2026-02-23 22:56:26 +01:00
senke	22ce89f3da	feat(commerce): trigger seller transfers on payment succeeded	2026-02-23 22:56:01 +01:00
senke	6d1d861a52	feat(commerce): wire TransferService in marketplace and webhook routes	2026-02-23 22:55:39 +01:00
senke	31833c01f1	feat(commerce): add TransferService interface and WithTransferService option	2026-02-23 22:55:18 +01:00
senke	6a468e5ffb	feat(commerce): add SellerTransfer model	2026-02-23 22:55:08 +01:00
senke	553bd87d85	feat(commerce): add 115_seller_transfers migration	2026-02-23 22:54:56 +01:00
senke	535e76adfe	feat(commerce): add PLATFORM_FEE_RATE config (default 10%)	2026-02-23 22:54:50 +01:00
senke	83ed4f315b	chore(release): v0.602 — Payout, Dette Technique & Tests E2E ... - Stripe Connect: onboarding, balance, SellerDashboardView - Interceptors: auth.ts, error.ts extracted, facade - Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce) - E2E commerce: product->order->review->invoice - SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL - Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603 - Fix sanitizer regex (Go no backreferences) - Marketplace test schema: product_licenses, product_images, orders, licenses	2026-02-23 22:32:01 +01:00
senke	941f6e6f3e	feat(seller): add seller_stripe_accounts migration and model	2026-02-23 22:11:11 +01:00
senke	ae81e171c7	feat(seller): add Stripe Connect config	2026-02-23 22:09:23 +01:00
senke	cc9fbf4f24	feat(commerce): Hyperswitch LIVE_MODE configuration ... - config: HyperswitchLiveMode (HYPERSWITCH_LIVE_MODE) - routes_marketplace: warn when production + LiveMode=false - docker-compose.prod: HYPERSWITCH_LIVE_MODE env var	2026-02-23 19:56:52 +01:00
senke	218b4b33d6	feat(streaming): wire HLS pipeline end-to-end with serving routes ... - Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env) - Register HLS serving routes (master.m3u8, quality playlist, segments) behind HLSEnabled feature flag on existing track routes - Add GetHLSStatus and TriggerHLSTranscode methods to StreamService for stream server communication - Update docker-compose (dev, staging, prod) with HLS env vars and shared hls-data volume between backend and stream-server - Stream callback already correctly updates stream_manifest_url	2026-02-22 21:20:35 +01:00
senke	1ed7fe2ebb	feat(chat): Redis rate limiter, persistent presence, PostgreSQL full-text search ... - Rewrite chat rate limiter with Redis sliding window (sorted sets) and automatic in-memory fallback when Redis is unavailable - Add ChatPresenceService with Redis-backed online/offline/heartbeat tracking (2min TTL), integrated into Hub register/unregister - Add migration 113: tsvector column with GIN index and auto-update trigger on messages table for full-text search - Update Search repository method to use ts_rank ordering instead of ILIKE - Wire Redis client into chat WebSocket setup in router.go - Add comprehensive tests: rate limiter, presence, 100-user concurrent benchmark	2026-02-22 21:17:51 +01:00
senke	02605b0405	test(chat): Sprint 5 -- unit tests, E2E tests, feature parity validation ... - Add hub_test.go: register/unregister, join/leave room, broadcast, exclude sender, send to user, multiple clients same user (6 tests) - Add handler_messages_test.go: send message, missing fields, edit ownership check, soft delete (4 tests) - Add handler_realtime_test.go: typing broadcast, read receipts, reactions add/remove, delivered status (5 tests) - Add e2e_chat_ws_test.go: auth valid, missing token, invalid token, ping/pong - Add e2e_chat_messages_test.go: 2-client message flow, typing indicator - Create CHAT_FEATURE_PARITY.md: 25-feature checklist (all OK or IMPROVED)	2026-02-22 20:49:32 +01:00
senke	c7fb240dc3	feat(chat): Sprint 3 -- message handlers, real-time features, permissions ... - Implement full MessageHandler dispatch with all 18 incoming message types - Add handler_messages.go: SendMessage, EditMessage, DeleteMessage with ownership checks - Add handler_rooms.go: JoinConversation, LeaveConversation - Add handler_history.go: FetchHistory (cursor-based), SearchMessages (ILIKE), SyncMessages - Add handler_realtime.go: Typing, MarkAsRead, Delivered, AddReaction, RemoveReaction - Add handler_calls.go: WebRTC signaling relay (CallOffer/Answer/ICE/Hangup/Reject) - Add PermissionService: CanRead/CanSend/CanJoin/CanModerate based on room_members - Add RateLimiter: per-user per-action sliding window (in-memory) - Wire all dependencies in router.go setupChatWebSocket	2026-02-22 20:43:44 +01:00
senke	e8d97741e4	feat(chat): Sprint 2 -- WebSocket hub, client, message types, route ... - Create Hub with register/unregister/broadcast, room/user index - Create Client with readPump/writePump goroutines, 30s ping keepalive - Define all 18 incoming + 18 outgoing message types matching Rust protocol - Add ValidateChatToken to ChatService for JWT validation - Update WSUrl from /ws to /api/v1/ws - Register GET /api/v1/ws endpoint in router - Create ChatWebSocketHandler for WebSocket upgrade and auth	2026-02-22 20:41:39 +01:00
senke	4d4d07836c	feat(chat): Sprint 1 -- migrations, models, repositories for chat rewrite ... - Add migrations 109-112: read_receipts, delivered_status, message_reactions, messages extra columns - Create ReadReceipt, DeliveredStatus, MessageReaction GORM models - Update Message model with EditedAt, Status, IsPinned, Metadata fields - Enrich ChatMessageRepository with cursor pagination, search, soft delete - Create ReadReceiptRepository, DeliveredStatusRepository, ReactionRepository - Create ChatPubSubService with Redis PubSub and in-memory fallback	2026-02-22 20:38:20 +01:00
senke	43309327e6	feat(v0.501): Sprint 5 -- integration, tests, and cleanup ... - INT-01: Add E2E streaming tests (upload -> HLS auth) - INT-02: Add E2E cloud tests (CRUD auth, public gear) - INT-03: Split track/handler.go into 4 focused sub-handlers - INT-04: Create migration squash script + MIGRATIONS.md - INT-05: Add Trivy container image scanning CI workflow - INT-06: Replace production console.log with structured logger	2026-02-22 18:40:07 +01:00
senke	edde637c8e	feat(v0.501): Sprint 4 -- Cloud frontend + Gear advanced ... - C1-09: Create CloudPage with folder tree, file list, and /cloud route - C1-10: Create CloudUploadModal with drag-and-drop and progress - C1-11: Create CloudFilePreview mini player inline - C1-12: Add Cloud stories (loading, empty, populated, quota full) - G1-01: Add is_public toggle, public gear endpoint, GearShowcase - G1-02: Add gear image upload endpoints, GearImageGallery component - G1-03: Add gear search with ILIKE + SearchBar in toolbar - G1-04: Add stories for GearShowcase and GearImageGallery	2026-02-22 18:30:49 +01:00
senke	ec4564fb37	feat(v0.501): Sprint 3 -- Cloud Storage MVP backend ... - C1-01: Create CloudService with CRUD folders/files, quota, ownership - C1-02: Create CloudHandler with 11 REST endpoints - C1-03: Register cloud routes in Go router - C1-04: Implement file streaming with HTTP Range support - C1-05: Add publish cloud file as track endpoint - C1-06: Add MSW mock handlers for cloud API - C1-07: Auto-init 5GB storage quota on user registration - C1-08: Add 12 unit tests for CloudService	2026-02-22 18:23:58 +01:00
senke	73533bea77	feat(v0.501): Sprint 2 -- HLS production-ready ... - S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k) - S1-02: Update master.m3u8 endpoint with 3-tier quality system - S1-03: Integrate hls.js with ABR + useHLSPlayer hook - S1-04: Add Cache-Control headers on HLS segments and manifests - S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform) - S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache - S1-07: Create WaveformDisplay component with story - S1-08: Add 4 Prometheus metrics for streaming monitoring	2026-02-22 18:16:37 +01:00
senke	89cc015e54	feat(v0.501): Sprint 1 -- infrastructure foundations ... - Add MinIO S3-compatible storage to docker-compose (dev, staging, prod) - Create migrations 103-108 (waveform_url, user_folders, user_files, user_storage_quotas, gear_items.is_public, gear_images) - Add Go models: UserFile, UserFolder, StorageQuota, GearImage - Add WaveformURL to Track model, IsPublic + GearImages to GearItem model	2026-02-22 18:10:25 +01:00
senke	80492a4644	refactor(websocket): replace gorilla/websocket with coder/websocket ... INT-06: Migrated playback_websocket_handler.go from deprecated gorilla/websocket to coder/websocket v1.8.14. Uses context-based reads/writes and websocket.Accept instead of Upgrader.	2026-02-22 17:53:10 +01:00
senke	a6cf20e614	fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others ... INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests). Added INT-04 comments explaining skip reasons for tests requiring PostgreSQL, real file headers, or external services.	2026-02-22 17:53:00 +01:00
senke	0907446958	test: add 5 cross-service E2E integration tests ... INT-03: Tests for health endpoint, auth flow, track upload auth, webhook HTTPS-only, and rate limit headers. Build-tagged 'integration' to avoid running in regular test suite.	2026-02-22 17:52:50 +01:00
senke	ee32aec970	feat(streaming): trigger HLS transcoding after track upload ... INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing after successful file copy. Wires the stream server integration into all track route registrations.	2026-02-22 17:52:39 +01:00
senke	872e42d81c	refactor(backend): replace 40 fmt.Printf calls with zap structured logging ... CLN-03: router.go, track/service.go, upload_validator.go, cors.go, playlist_handler.go, and mfa.go now use zap.L() or local logger for structured logging instead of fmt.Printf.	2026-02-22 17:44:38 +01:00
senke	834fa1f979	refactor: remove dead code (api_manager.go, unused templates) ... CLN-01: Deleted archived api_manager.go (~789 LOC, build-tag ignore) and dev-environment/templates/ (~806 LOC, never used by generator).	2026-02-22 17:44:19 +01:00
senke	763aea15cb	fix(security): hash password reset tokens before database storage ... INF-10: Reset tokens are now SHA-256 hashed before INSERT. Validation hashes the received token and compares against stored hash. Plain tokens never persisted.	2026-02-22 17:36:10 +01:00
senke	c29edd099b	feat(security): implement Redis-backed rate limiter with in-memory fallback ... INF-01: RedisRateLimiter uses atomic Lua script (INCR+EXPIRE) for distributed rate limiting. Falls back to in-memory SimpleRateLimiter when Redis is unavailable. Same X-RateLimit-* headers and 429 format.	2026-02-22 17:35:21 +01:00
senke	d3245b2e4b	fix(build): unify Go version to 1.24 across Dockerfile and CI ... SEC-09: go.mod declares Go 1.24.0 but Dockerfile.production used 1.23 and backend-ci.yml used 1.23. Aligned both to 1.24.	2026-02-22 17:32:17 +01:00
senke	368c78c102	fix(security): require Hyperswitch webhook secret in production when payments enabled ... SEC-08: If HYPERSWITCH_ENABLED=true in production, startup now fails unless HYPERSWITCH_WEBHOOK_SECRET is set. This prevents webhook signature verification from being silently bypassed.	2026-02-22 17:31:52 +01:00
senke	f14574322c	fix(security): add SSRF protection for webhook URL registration ... SEC-07: Strengthened ValidateWebhookURL to require HTTPS only (was allowing HTTP). Private IP ranges, localhost, and cloud metadata endpoints remain blocked.	2026-02-22 17:31:10 +01:00
senke	da3bad1b0e	fix(security): add ownership check to GetUploadStatus handler (IDOR fix) ... SEC-06: GetUploadStatus now verifies that the authenticated user owns the upload before returning status. Returns 404 for non-owners to prevent information disclosure.	2026-02-22 17:30:30 +01:00
senke	5e4291ecba	feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication ... SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies. New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with both stream server (Claims struct) and chat server (JwtClaims struct). Frontend hlsService and websocket updated to use fetchStreamToken() fallback.	2026-02-22 17:28:00 +01:00
senke	bab3f38c4a	feat(marketplace): add license revoked_at migration	2026-02-22 16:18:01 +01:00
senke	51373b653f	feat(hyperswitch): add CreateRefund to client	2026-02-22 16:17:54 +01:00
senke	166acc6069	chore(backend): add PDF library for invoices ... feat(marketplace): add invoice generation service and download endpoint	2026-02-22 16:11:42 +01:00
senke	c6611c3d8f	feat(marketplace): add avg_rating and review_count to Product	2026-02-22 16:07:06 +01:00
senke	85daf595a8	feat(marketplace): add create and list reviews endpoints	2026-02-22 16:06:18 +01:00
senke	d6d49dbfc3	feat(marketplace): add ProductReview model and service	2026-02-22 16:05:16 +01:00
senke	4ac1bf7c25	feat(marketplace): add product_reviews migration	2026-02-22 16:04:14 +01:00
senke	5ac4c3988a	fix(checkout): handle cancelled status in Hyperswitch webhook	2026-02-22 14:42:57 +01:00
senke	5233a5b7f2	feat(checkout): add order_id to Hyperswitch return URL	2026-02-22 14:40:13 +01:00
senke	0adc212719	feat(seller): add GET /sell/stats/evolution, top-products, sales, SalesEvolutionChart, real commerceService	2026-02-22 14:21:21 +01:00
senke	1fef428ce0	feat(marketplace): add migration 098 product_licenses, ProductLicense model, GET /licenses/mine	2026-02-22 14:16:24 +01:00
senke	31a27e4724	feat(marketplace): add playable preview and image gallery to ProductDetailView	2026-02-22 14:14:38 +01:00
senke	a8549add70	feat(marketplace): add rich text description with sanitization	2026-02-22 14:14:27 +01:00
senke	d292270d4e	feat(marketplace): add bpm, musical_key, category filters to ListProducts	2026-02-22 14:08:41 +01:00
senke	aec22b596c	feat(marketplace): add product images management endpoint	2026-02-22 14:08:13 +01:00
senke	c6f094a3d5	feat(marketplace): add POST /products/:id/preview for audio preview upload	2026-02-22 14:07:30 +01:00
senke	f6c02afbf8	feat(marketplace): accept bpm, musical_key, category in CreateProduct and UpdateProduct	2026-02-22 14:06:20 +01:00
senke	8de3dcdc27	feat(marketplace): add ProductPreview, ProductImage models and Product enrichment fields	2026-02-22 14:05:37 +01:00
senke	e8ad5b5f4b	feat(marketplace): add migrations 095-097 for products enrichment, previews, images	2026-02-22 14:05:19 +01:00