senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
178 commits 37 branches 94 tags 1.5 GiB
Commit graph

16 commits

Author SHA1 Message Date
senke
a4b3cd9fa4 [FE-PAGE-001] fe-page: Complete Dashboard page implementation 
- Created dashboardService.ts to fetch real stats and activity from API
- Created useDashboard hook for managing dashboard data
- Updated DashboardPage to use real data instead of hardcoded values
- Added loading states and skeletons for better UX
- Made quick actions functional with navigation
- Added activity timeline with real timestamps
- Formatted numbers with K/M suffixes for readability
- Added relative time formatting using date-fns
 2025-12-24 12:35:38 +01:00
senke
0cd500e468 [BE-SEC-011] be-sec: Implement security headers 
- Enhanced security headers middleware with additional headers
- Added X-Permitted-Cross-Domain-Policies: none
- Added Cross-Origin-Embedder-Policy: require-corp
- Added Cross-Origin-Opener-Policy: same-origin
- Added Cross-Origin-Resource-Policy: same-origin
- Enhanced Permissions-Policy with additional restrictions
- Enhanced CSP with frame-ancestors directive
- HSTS now only set in production (not in development)
- Updated tests to verify all new headers
 2025-12-24 12:24:54 +01:00
senke
a94ac41228 [BE-SEC-008] be-sec: Implement session timeout and refresh 
- Added automatic session refresh mechanism in auth middleware
- Sessions are refreshed when they reach 25% of lifetime remaining
- Refresh happens asynchronously to avoid blocking requests
- Applied to both RequireAuth and OptionalAuth middlewares
- Session timeout enforced through ValidateSession checks
 2025-12-24 12:12:29 +01:00
senke
f7baf67741 [BE-SEC-005] security: Implement rate limiting for authentication endpoints 
- Applied RegisterRateLimit to POST /auth/register (3 attempts/hour)
- Applied PasswordResetRateLimit to password reset endpoints (3 attempts/hour)
- Added VerifyEmailRateLimit for POST /auth/verify-email (5 attempts/hour)
- Added ResendVerificationRateLimit for POST /auth/resend-verification (3 attempts/hour)
- Login endpoint already had rate limiting (5 attempts/15min)
- All rate limits are IP-based and use Redis for persistence
- Rate limiting disabled in test/e2e environments

Phase: PHASE-4
Priority: P1
Progress: 7/267 (2.6%)
 2025-12-24 12:05:35 +01:00
senke
1203e51760 fix(MVP-014): Add CORS credentials configuration validation 2025-12-22 23:17:24 +01:00
senke
34f3468c89 fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 22:56:37 +01:00
senke
bacaded324 stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
senke
df06693508 stabilizing apps/web: SECOND BATCH - FIXING Playwright 2025-12-17 12:20:42 -05:00
senke
54a570bb74 stabilizing veza-backend-api: P0 2025-12-16 11:59:56 -05:00
senke
3c534a59a0 stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
senke
de191cf0fc refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
okinrev
e9e306c347 report generation and future tasks selection 2025-12-08 19:57:54 +01:00
okinrev
843dff3c92 STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
okinrev
76f2677c17 fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
okinrev
1ef0e0d6d6 P0: stabilisation backend/chat/stream + nouvelle base migrations v1 
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.

Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.

Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).

Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.

Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
 2025-12-06 11:14:38 +01:00
okinrev
2425c15b09 adding initial backend API (Go) 2025-12-03 20:29:37 +01:00