senke
6a675565e1
feat(v0.13.3): complete - Polish Sécurité Avancée
...
TASK-SECADV-001: WebAuthn/Passkeys (F022)
- WebAuthn credential model, service, handler
- Registration/authentication ceremony endpoints
- CRUD operations (list, rename, delete passkeys)
- Routes: GET/POST/PUT/DELETE /auth/passkeys/*
TASK-SECADV-002: Configurable password policy (F015)
- PasswordPolicyConfig with MinLength, MaxLength, RequireUpper/Lower/Number/Special
- NewPasswordValidatorWithPolicy constructor
- PasswordPolicyFromEnv() reads env vars (PASSWORD_MIN_LENGTH, etc.)
- All character class checks now respect policy configuration
TASK-SECADV-003: Géolocalisation connexions (F025)
- GeoIPResolver interface + GeoIPService implementation
- Country/city columns added to login_history table
- LoginHistoryService.Record() performs GeoIP lookup
- GetUserHistory returns geolocation data
- GET /auth/login-history endpoint
TASK-SECADV-004: Password expiration (F016)
- password_changed_at column on users table
- CheckPasswordExpiration() method on PasswordService
- All password change/reset methods now set password_changed_at
- NewPasswordServiceWithPolicy() supports expiration days config
Migration: 971_security_advanced_v0133.sql
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 10:09:01 +01:00
senke
72b732664a
feat(v0.12.6.3): remove ghost modules — gamification, A/B testing, GraphQL stubs
...
Backend API CI / test-unit (push) Failing after 0s
Backend API CI / test-integration (push) Failing after 0s
Deleted 8 dead code modules identified by audit diagnostic:
- api/contest/, sound_design_contest/, production_challenge/, voting_system/
(gamification stubs — violate CLAUDE.md Rule 3: no XP/streaks/leaderboards/badges)
- models/contest.go (314 lines: ContestBadge with rarity, ContestPrize, ContestVote)
- models/user.go: removed orphan JuryMember struct (contest reference)
- services/playback_abtest_service.go + test (476+579 lines: A/B testing on playback
metrics — violates ORIGIN_UI_UX_SYSTEM.md §13 anti-dark-patterns)
- api/graphql/ (REST-only per ORIGIN spec)
Kept: listing/, offer/ (marketplace stubs, ORIGIN-approved), grpc/ (ORIGIN §9 approved).
Verified: go build passes, grep confirms 0 forbidden terms remaining.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 07:29:56 +01:00
senke
9be0e6e14f
feat(profile): add profile banner (B1)
2026-02-20 14:56:25 +01:00
senke
81d08a4680
stabilisation commit
2026-01-04 01:44:23 +01:00
senke
40170e188a
[FIX] PROD-010: Corriger ENUM PostgreSQL dans modèle User - Tests E2E passent
...
- Ajout de type:user_role dans le tag GORM du champ Role
- Amélioration de la détection d'erreurs ENUM dans le service Register
- L'endpoint /auth/register retourne maintenant 201 OK avec tokens
- Score production: 52/70 → 58/70
- PROD-010 marqué comme fixed (P0 blocker résolu)
2026-01-04 01:44:19 +01:00
senke
1b59fbaf34
[AUDIT] Real integration status - 58% pass rate, 2 blocking issues
...
- 19 tests executed (11 pass, 6 fail, 3 skip)
- 2 P0 blocking issues: Login email verification, Register empty tokens
- 4 P1 issues: Protected endpoints cannot be tested (depends on auth)
- 1 P2 issue: Sessions endpoint redirect
- Full test results documented with exact HTTP codes and error messages
- User journey analysis: can register but cannot login
- Recommendations: Fix auth workflow first, then retest protected endpoints
2026-01-04 01:44:13 +01:00
okinrev
2425c15b09
adding initial backend API (Go)
2025-12-03 20:29:37 +01:00
