29 commits

Author	SHA1	Message	Date
senke	1cab2a1d56	fix(middleware): persist maintenance flag via platform_settings table ... The maintenance toggle lived in a package-level `bool` inside `middleware/maintenance.go`. Flipping it via `PUT /admin/maintenance` only updated the pod handling that request — the other N-1 pods stayed open for traffic. In practice this meant deploys-in-progress or incident playbooks silently failed to put the fleet into maintenance. New storage: * Migration `976_platform_settings.sql` adds a typed key/value table (`value_bool` / `value_text` to avoid string parsing in the hot path) and seeds `maintenance_mode=false`. Idempotent on re-run. * `middleware/maintenance.go` rewritten around a `maintenanceState` with a 10s TTL cache. `InitMaintenanceMode(db, logger)` primes the cache at boot; `MaintenanceModeEnabled()` refreshes lazily when the next request lands after the TTL. Startup `MAINTENANCE_MODE` env is still honoured for fresh pods. * `router.go` calls `InitMaintenanceMode` before applying the `MaintenanceGin()` middleware so the first request sees DB truth. * `PUT /api/v1/admin/maintenance` in `routes_core.go` now does an `INSERT ... ON CONFLICT DO UPDATE` on the table *before* the in-memory setter, so the flip survives restarts and propagates to every pod within ~10s (one TTL window). Tests: `TestMaintenanceGin_DBBacked` flips the DB row, waits past a shrunk-for-test TTL, and asserts the cache picked up the change. All four pre-existing tests preserved (`Disabled`, `Enabled_Returns503`, `HealthExempt`, `AdminExempt`). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 14:57:06 +02:00
senke	73eca4f6ad	feat: backend, stream server & infra improvements ... Backend (Go): - Config: CORS, RabbitMQ, rate limit, main config updates - Routes: core, distribution, tracks routing changes - Middleware: rate limiter, endpoint limiter, response cache hardening - Handlers: distribution, search handler fixes - Workers: job worker improvements - Upload validator and logging config additions - New migrations: products, orders, performance indexes - Seed tooling and data Stream Server (Rust): - Audio processing, config, routes, simple stream server updates - Dockerfile improvements Infrastructure: - docker-compose.yml updates - nginx-rtmp config changes - Makefile improvements (config, dev, high, infra) - Root package.json and lock file updates - .env.example updates Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-18 11:36:06 +01:00
senke	7a0819f69a	feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days ... TASK-SFIX-001: MFA enforcement for privileged roles - Add RequireMFA() middleware, TwoFactorChecker interface, SetTwoFactorChecker() - Apply to all 3 admin route groups (platform, moderation, core) - Returns 403 "mfa_setup_required" if admin/moderator without 2FA - Regular users bypass the check - Ref: ORIGIN_SECURITY_FRAMEWORK.md Rule 5 TASK-SFIX-002: Refresh token TTL alignment - jwt_service.go: RefreshTokenTTL 14d→7d, RememberMeRefreshTokenTTL 30d→7d - handlers/auth.go: Cookie max-age and session expiresIn → 7d across Login, LoginWith2FA, Register, Refresh handlers - middleware/auth.go: Session auto-refresh default 30d→7d - Ref: ORIGIN_SECURITY_FRAMEWORK.md Rule 4 TASK-SFIX-003: 5 unit tests — all PASS - TestRequireMFA_AdminWithoutMFA, TestRequireMFA_AdminWithMFA - TestRequireMFA_RegularUserNotAffected - TestRefreshTokenTTL_Is7Days, TestAccessTokenTTL_Is5Minutes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 06:53:27 +01:00
senke	171a154763	feat(v0.10.2): Recherche fulltext Elasticsearch - F361-F365 ... - Elasticsearch 8.x dans docker-compose.dev - Package internal/elasticsearch: client, config, mappings, indices - Sync PG→ES: reindex tracks/users/playlists, IndexTrack/DeleteTrack - SearchService ES: multi_match + fuzziness (typo tolerance), highlighting - Fallback gracieux: PostgreSQL si ELASTICSEARCH_URL absent - Routes: GET /search, GET /search/suggestions, POST /admin/search/reindex - Frontend: searchApi cursor/limit params (extensibilité) - docs/ENV_VARIABLES: ELASTICSEARCH_URL, ELASTICSEARCH_INDEX, ELASTICSEARCH_AUTO_INDEX - Roadmap v0.10.2 → DONE	2026-03-09 10:13:18 +01:00
senke	41d55e107d	v0.9.7 beta	2026-03-06 18:58:37 +01:00
senke	05467c1c2f	v0.9.7	2026-03-06 18:52:08 +01:00
senke	257077ad49	v0.9.6	2026-03-06 10:29:30 +01:00
senke	2ed2bb9dcf	v0.9.4	2026-03-05 23:03:43 +01:00
senke	b6c004319c	v0.9.2	2026-03-05 19:27:34 +01:00
senke	d577f8c9be	chore(release): v0.971 — Phantom (gamification removal, WebRTC Beta, limits doc)	2026-03-02 19:25:37 +01:00
senke	7e015f8e73	chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes)	2026-03-02 19:04:30 +01:00
senke	c782bcb5b3	feat(admin): feature flags CRUD with DB persistence	2026-02-25 19:56:24 +01:00
senke	99b7cd8d97	feat(admin): global announcements CRUD and public banner endpoint	2026-02-25 19:55:21 +01:00
senke	f30a9562a9	feat(admin): maintenance mode middleware with 503 responses	2026-02-25 19:54:22 +01:00
senke	911fc525a2	feat(admin): moderation queue with reports CRUD	2026-02-25 19:53:04 +01:00
senke	63867f1d09	feat(v0.703): Go Live & Streaming Complet ... - Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms - LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room - LiveViewPlayer: real-time viewer count via polling (5s) - Media Session: seekbackward/seekforward handlers (10s step) - GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible - Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703 - SCOPE_CONTROL, .cursorrules: update to v0.801 - Archive V0_703_RELEASE_SCOPE.md	2026-02-25 09:35:22 +01:00
senke	c785e61e69	feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 ... - Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers - Step 14: MSW handlers admin transfers - Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading) - Step 16-17: DeepHealth handler (disk, config), GET /health/deep - Step 19: health_deep_test.go (4 tests) - Step 20: docs/API_REFERENCE.md - Step 21: Archive V0_604, MIGRATIONS.md migration 116 - Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701 - Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules - Step 24: Archive V0_701_RELEASE_SCOPE - Fix: AdminTransfersView Select component (use options API)	2026-02-23 23:42:02 +01:00
senke	7d530f9612	feat(routes): wire admin transfer endpoints in /admin group	2026-02-23 23:33:54 +01:00
senke	ee32aec970	feat(streaming): trigger HLS transcoding after track upload ... INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing after successful file copy. Wires the stream server integration into all track route registrations.	2026-02-22 17:52:39 +01:00
senke	49e3122e78	feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences ... - N1.1: POST /notifications/push/subscribe, PushService, migration 090 - N1.2: Send Web Push on follow/like/comment/message via CreateNotification - N1.3: GET/PUT /notifications/preferences, migration 093 - Shared NotificationService with PushService for profile, track, comment handlers - Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests	2026-02-21 16:41:39 +01:00
senke	d626e9c533	feat(auth): enrich sessions page with history and revoke (A4)	2026-02-20 14:52:20 +01:00
senke	b103a09a25	chore: consolidate CI, E2E, backend and frontend updates ... - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates	2026-02-17 16:43:21 +01:00
senke	f87923a7bc	fix(security): add rate limiting to POST /validate (A01)	2026-02-16 10:17:28 +01:00
senke	35370330b5	fix(backend): disable pprof endpoints in production ... Conditionally register pprof routes only when APP_ENV is not production. Prevents leaking sensitive runtime information via profiling endpoints. Phase 1 audit - P1.5	2026-02-15 15:55:18 +01:00
senke	9b5d2f7c47	fix(backend): replace panic/Fatal with graceful error when Redis down (audit 1.4, P0) ... - Add early validation in Setup() returning error if Redis nil in production - Remove panic/Fatal from routes_core.go and router.go applyCSRFProtection - Handle Setup() error in cmd/api/main.go and cmd/modern-server/main.go - Mark audit item 1.4 as done	2026-02-15 14:05:20 +01:00
senke	b73387af3c	feat(api): add PostgreSQL read replica support (3.7) ... - Add DATABASE_READ_URL config and InitReadReplica in database package - Add ForRead() helper for read-only handler routing - Update TrackService and TrackSearchService to use read replica for reads - Document setup in DEPLOYMENT_GUIDE.md and .env.template	2026-02-14 22:50:23 +01:00
senke	eb313e83c5	fix(api): add rate limiting on POST /api/v1/logs/frontend	2026-02-14 20:19:56 +01:00
senke	33b4565824	feat(migrations): add down migration scripts for rollback	2026-02-14 18:05:11 +01:00
senke	d1bbd23936	refactor(api): extract route setup functions into dedicated files	2026-02-14 18:04:37 +01:00