11 commits

Author	SHA1	Message	Date
senke	71c15c2590	fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings ... Security fixes implemented: CRITICAL: - CRIT-001: IDOR on chat rooms — added IsRoomMember check before returning room data or message history (returns 404, not 403) - CRIT-002: play_count/like_count exposed publicly — changed JSON tags to "-" so they are never serialized in API responses HIGH: - HIGH-001: TOCTOU race on marketplace downloads — transaction + SELECT FOR UPDATE on GetDownloadURL - HIGH-002: HS256 in production docker-compose — replaced JWT_SECRET with JWT_PRIVATE_KEY_PATH / JWT_PUBLIC_KEY_PATH (RS256) - HIGH-003: context.Background() bypass in user repository — full context propagation from handlers → services → repository (29 files) - HIGH-004: Race condition on promo codes — SELECT FOR UPDATE - HIGH-005: Race condition on exclusive licenses — SELECT FOR UPDATE - HIGH-006: Rate limiter IP spoofing — SetTrustedProxies(nil) default - HIGH-007: RGPD hard delete incomplete — added cleanup for sessions, settings, follows, notifications, audit_logs anonymization - HIGH-008: RTMP callback auth weak — fail-closed when unconfigured, header-only (no query param), constant-time compare - HIGH-009: Co-listening host hijack — UpdateHostState now takes *Conn and verifies IsHost before processing - HIGH-010: Moderator self-strike — added issuedBy != userID check MEDIUM: - MEDIUM-001: Recovery codes used math/rand — replaced with crypto/rand - MEDIUM-005: Stream token forgeable — resolved by HIGH-002 (RS256) Updated REMEDIATION_MATRIX: 14 findings marked ✅ CORRIGÉ. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 05:40:53 +01:00
senke	2292ecd56b	feat(v0.10.7): Collaboration Temps Réel F481-F483 ... - F481: Co-listening sessions (WebSocket sync, ListenTogether page) - F482: Stem sharing (upload/list/download wav,aiff,flac) - F483: Collaborative rooms (type collaborative, max 10, invite-only) - Roadmap: v0.10.7 → DONE	2026-03-10 13:34:16 +01:00
senke	7df866cd3f	v0.9.7 beta	2026-03-06 18:58:37 +01:00
senke	99136948cb	v0.9.7	2026-03-06 18:52:08 +01:00
senke	05446064ea	v0.9.6	2026-03-06 10:29:30 +01:00
senke	3c5bb018cb	chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline)	2026-03-02 12:35:49 +01:00
senke	e171b657df	[BE-API-012] be-api: Implement conversation update endpoint ... - Added UpdateRoom method to RoomService with ownership check - Only room creator can update the room - Added UpdateRoomRequest type - Added UpdateRoom to RoomServiceInterface and RoomHandler - Added PUT /conversations/:id route - Handler uses standard API response format - Service updates name and/or description fields Phase: PHASE-2 Priority: P1 Progress: 21/267 (7.9%)	2025-12-23 10:51:18 +01:00
senke	8e2efaa65c	[BE-API-011] be-api: Implement conversation participants endpoints ... - Added RemoveMember method to RoomService and RoomServiceInterface - Corrected RemoveMember in RoomRepository to use uuid.UUID - Added AddParticipant and RemoveParticipant handlers - Added POST /conversations/:id/participants route - Added DELETE /conversations/:id/participants/:userId route - Handlers use standard API response format - Handlers reuse AddMember/RemoveMember service methods Phase: PHASE-2 Priority: P1 Progress: 20/267 (7.5%)	2025-12-23 10:49:17 +01:00
senke	ec19ab811b	[BE-API-010] be-api: Implement conversation delete endpoint ... - Added DeleteRoom method to RoomService with ownership check - Only room creator can delete the room - Added DeleteRoom to RoomServiceInterface and RoomHandler - Added DELETE /conversations/:id route - Handler uses standard API response format - Service performs soft delete via GORM Phase: PHASE-2 Priority: P1 Progress: 19/267 (7.1%)	2025-12-23 10:47:17 +01:00
okinrev	8caa2fd7ca	STABILISATION: phase 3–5 – API contract, tests & chat-server hardening	2025-12-06 17:21:59 +01:00
okinrev	2425c15b09	adding initial backend API (Go)	2025-12-03 20:29:37 +01:00