senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2174 commits 37 branches 94 tags 1.5 GiB
Commit graph

2174 commits

This branch
This branch
All branches
Author SHA1 Message Date
senke
fbe1894f15 chore(web): update .env.local and .env.storybook for domain config 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:20:31 +01:00
senke
b733f47a33 chore: playwright workflow, docs, rapports audit, visual-tests, tmt unit 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:34 +01:00
senke
82fff00130 test(web): player, playlists, tracks tests; feat(playlists): permissions utils 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:24 +01:00
senke
368d2a40aa chore(rust): chat server env, veza-common auth, stream server routes/websocket 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:17 +01:00
senke
916bff002f chore(backend): config, router, auth, stream service, sanitizer, tests 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:09 +01:00
senke
d846ceeccf chore: update docker-compose, make, tmt config 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:18:57 +01:00
senke
769e6cb1b5 ci: add npm audit and govulncheck to main CI (P3.4) 
- Add govulncheck to backend-go job
- Add npm audit --audit-level=high to frontend job
- Both use || true to avoid blocking CI on existing vulns

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:15:22 +01:00
senke
178ea79d17 test(web): add unit tests for chat feature (P3.3) 
- ChatMessages: fix mock structure, align with store shape (messages Record, conversations)
- ChatInput: add tests for render, submit, disabled state
- ChatMessage: add tests for content, reactions, addReaction
- fix ChatMessage.tsx: remove stray // ... comment

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:15:13 +01:00
senke
4096949e43 feat(web): externalize feature flags via VITE_FEATURE_* env vars (P3.2) 
- Parse VITE_FEATURE_* from env with fallback to current defaults
- Add all flags to .env.example and ENV_CONFIG.md
- parseFeatureEnv accepts true/1/yes for enabled

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:11:38 +01:00
senke
9b3de7a522 feat(stream): add JWT revocation persistante Redis (P3.1) 
- Add SessionRevocationStore trait with InMemoryRevocationStore and RedisRevocationStore
- Wire Redis store when REDIS_URL in config.cache, fallback in-memory
- Session revocation by session_id persists across restarts when using Redis

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:10:07 +01:00
senke
38c3cb9fb0 feat(chat): add JWT revocation persistante Redis (P3.1) 
- Add JwtRevocationStore trait with InMemoryRevocationStore and RedisRevocationStore
- Wire Redis store when REDIS_URL is set (fallback in-memory if Redis unavailable)
- JWT blacklist persists across restarts when using Redis

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:06:25 +01:00
senke
fde65e11dc fix(chat): restore compilation - add reactions module, imports, request_id param 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:04:11 +01:00
senke
d534c4e857 ci: add npm audit, govulncheck, cargo audit to CI 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:33:27 +01:00
senke
80b7c93c9e fix(security): validate exec.Command paths in Go services 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:32:38 +01:00
senke
ffd578befd docs: mark veza-mobile as abandoned, document ghost features 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:31:22 +01:00
senke
b3e703cac7 fix(deps): upgrade gin to 1.11 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:31:00 +01:00
senke
8464026094 fix(security): validate OAuth redirect URL against allowlist, require auth for internal transcode endpoint 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:28:26 +01:00
senke
1b7b8976cf fix(security): upgrade axios to fix CVE 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:51:39 +01:00
senke
f44045eaa3 fix(security): remove hardcoded credentials from stream server auth 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:50:17 +01:00
senke
af6fca112b chore(incus): add env template, document setup 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:49:01 +01:00
senke
702ef968e4 fix(security): stop tracking veza-stream-server/.env and config/incus env files 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:48:51 +01:00
senke
4a25f6b6e3 docs: baseline pré-remédiation 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:48:01 +01:00
senke
22a4095db3 fix(tests): cycle 20 – PlaylistForm flaky tests 
- fireEvent.change/click au lieu de userEvent pour create/update/custom onSubmit
- description max length: fireEvent pour éviter timeout (2001 chars)
- expect.objectContaining pour assertions plus résilientes
- RAPPORT: cycle 20

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 09:51:44 +01:00
senke
0f117ab637 fix(tests): cycle 19 – playlistService MSW et handlers 
- Supprimer handler wildcard playlists* qui masquait les spécifiques
- Réordonner: search et recommendations avant :id (évite id=search/recommendations)
- Handlers: GET recommendations, POST :id/share, search avec query empty
- list items: ajout title
- create: body.title → data.title/name, track_count, like_count
- Tests: addTrack(plId,trackId), removeTrack, createShareLink(plId)
- Assertions: getRecommendations.playlists, update retourne objet
- RAPPORT: cycle 19

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 09:48:36 +01:00
senke
b4d7ad9c4c fix(tests): cycles 12–18 – corrections services, mocks et design tokens 
- chatService: getChannels → getServers
- commerceService: getOrders/getOrderDetails/getSalesStats → getPurchases/getSellerStats
- marketplaceService: mock réponse, params API, getDownloadLink → listOrders
- config/env.test: vi.stubEnv, import dynamique
- useAuth.test: mock useAuthStore
- TrackStatsDisplay, UploadQuota: mock du bon service (analyticsService, uploadService)
- TrackListEmpty, TrackListRow, TrackSearch: design tokens, assertions
- trackDownloadService, chunkedUploadService: MSW/server.use
- trackListService, trackSearchService, trackShareService: assertions
- ErrorBoundary, LoginForm, PlaylistErrorBoundary, PlaylistRecommendations
- RAPPORT_RESOLUTION_TESTS_CYCLE1.md

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 09:43:55 +01:00
senke
7b315df86c style(ui): pixel-perfect alignment for Sidebar, Header, Player via Spotify/Discord standard 
- PlayerBarGlass: use semantic tokens (--player-glass-bg, --player-glass-border)
- Replace arbitrary OKLCH with CSS vars; backdrop-blur-md; rounded-xl
- Transitions: duration-[var(--duration-*)], ease-[var(--ease-out)]
- Sidebar: add border-r border-[var(--sidebar-border)] for depth
- Header: border-[var(--glass-border)] for subtle separation
- index.css: add --player-glass-bg, --player-glass-border (light + dark)
- visual baselines updated (0% diff Playwright)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 23:09:24 +01:00
senke
a42d9e0d1d feat(ui): DeveloperDashboard skeleton, EmptyState, ErrorDisplay, Header transitions 
- DeveloperDashboardViewSkeleton: premium skeleton for loading state
- EmptyState for API keys when none exist (variant card, Create action)
- ErrorDisplay with retry on fetch failure
- Header: duration-[var(--duration-fast)] on all interactive elements
- DeveloperDashboardView: table row hover, copy button transitions

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:59:51 +01:00
senke
85a40aeed1 refactor(ui): Design tokens - gradients, duration, textarea 
- Replace cyan/magenta/purple gradients with primary/secondary
- duration-200/300 → duration-[var(--duration-normal)]
- Textarea: min-h-[100px] → min-h-24
- SearchPageHeader, DashboardPage, PlaylistHeader
- UserProfilePageHeader/Hero, PlaylistDetailPageHero
- SocialViewFeedItem, WishlistView, PostCard, ProductCard, CourseCard
- SearchPageResults, MarketplaceHome

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:56:30 +01:00
senke
91d6b08393 refactor(ui): SearchPageHeader use primary/secondary tokens 
- Replace cyan-400/magenta-500 with from-primary to-secondary
- Add duration token for clear button transition

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:53:15 +01:00
senke
67775dc2bb refactor(ui): Design tokens in PlaylistCard + TrackCard polish 
- PlaylistCard: duration tokens, primary/secondary gradient (KŌDŌ)
- TrackCard: hover:-translate-y-0.5, ease-out token
- Remove arbitrary purple-500/pink-500, duration-200/300

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:52:57 +01:00
senke
087e18ab77 feat(ui): Header search navigates to /search on Enter 
- Press Enter in header search → navigate to /search?q=query
- Add role=search, aria-label, focus-visible ring
- Use duration token for transition

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:52:31 +01:00
senke
13476dda6e feat(ui): Sidebar refactor, premium skeletons, ContentFadeIn transitions 
- Sidebar: useSidebarNavigation hook, ARIA, token-based layout
- Layout: lg:ml-main-expanded/collapsed (replace arbitrary ml-64)
- TrackCardSkeleton + PlaylistCardSkeleton: KŌDŌ tokens, min-heights for CLS
- ContentFadeIn: 200ms fade-in with --ease-out
- TrackGrid, PlaylistList, LibraryPage: integrate skeletons + fade-in
- Player: player-bar subcomponents, useAudioAnalyser
- Tests: TrackGrid wrapper (QueryClient, ToastProvider)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 22:51:51 +01:00
senke
795b1c5891 fix(webhooks): add DB migration and avoid 500 toast on developer portal 
Backend:
- Add migrations/075_create_webhooks.sql: webhooks + webhook_failures tables
- Fixes GET /webhooks 500 (relation "webhooks" did not exist)

Frontend:
- Skip toast for 5xx on /webhooks so developer portal shows empty state
  instead of 'Une erreur serveur s'est produite' when table is missing

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 21:11:32 +01:00
senke
841f9b628c fix(web): silence console for expected failures (CSRF, webhooks 5xx) 
- csrf: no log when backend returns HTML (wrong server / not running)
- webhookService: no log for 5xx on list webhooks
- api client: no log for 5xx on /webhooks (main + queued request)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:51:20 +01:00
senke
a266af1d73 fix(web): reduce webhook/CSRF console noise 
- webhookService: treat parsed error.code (500) as 5xx and log at DEBUG
- csrf: log 'backend may not be running' at DEBUG instead of WARN

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:48:48 +01:00
senke
52f767cef9 fix(web): close Create API Key modal after successful key creation 
- handleCreateKey now returns the new key so the modal receives result
- Modal handles undefined result and api_key shape; no more TypeError on result.key
- On error, parent still shows toast and rethrows so modal stays on step 1

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:46:32 +01:00
senke
de1f637b8c fix(web): rename duplicate status variable in api client error handler 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:38:54 +01:00
senke
e67b861da4 fix(web): reduce developer portal console errors 
- CSRF: hint uses VITE_BACKEND_PORT instead of hardcoded 8080
- Proxy: add /swagger to Vite dev server for Swagger doc.json (fixes YAMLException)
- playerService: validate media URL before load to avoid Invalid URI errors
- usePlayer: log invalid URL/network audio errors at DEBUG level
- SwaggerUI: log HTML-instead-of-JSON parse errors at DEBUG
- webhookService: log 5xx backend errors at DEBUG
- api client: log 5xx /webhooks errors at DEBUG (reduces duplicate noise)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:38:13 +01:00
senke
eb652394d8 fix(web): reduce console noise when backend unavailable 
- Skip retry for ERR_BAD_RESPONSE / HTML instead of JSON (wrong server)
- Log only first API retry attempt instead of all 3
- CSRF: friendly warn when wrong server, avoid duplicate logs
- App init: skip CSRF warn when wrong server (already shown)
- API client: skip CSRF refresh error log when wrong server
- ReactQuerySync: INFO → DEBUG for enable/disable messages

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:29:10 +01:00
senke
9f40182ad1 ui(design): Phase 3 - rounded tokens, min-w/min-h, stories, NavigationProgress 
- rounded-[var(--radius-xl/md/lg/sm)] → rounded-xl, rounded-md, rounded-lg, rounded-sm
- Timeline: min-w-[200px] → min-w-50
- AddEquipmentView, MetadataForm: min-h-[100px] → min-h-25
- NavigationProgress: shadow-[...] → shadow-button-primary-glow
- Stories: ActivityGraph, StatCard, NotificationBell, LoadingState, ScrollArea, Skeleton, FileUploadZone
- Reduced arbitrary values from ~60+ to 11 (5 files, exceptions documented)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 19:24:07 +01:00
senke
c25448e284 ui(design): migrate ImageCropper, PlaybackSummary to layout tokens 
- ImageCropper: h-[80vh] → h-layout-modal-sm (80vh)
- PlaybackSummary: h-[200px] → min-h-50 (scale Tailwind)
- Add h-layout-modal-sm utility class

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 14:07:19 +01:00
senke
186e4b47e6 ui(design): migrate layout arbitrary values to tokens - Phase 1 
- Add layout tokens: h-layout-chat, h-layout-chat-main, h-layout-stream, h-layout-modal-full
- ChatPage: use h-layout-chat and h-layout-chat-main instead of calc(100vh-6.25rem/6rem)
- LiveStreamDetailView: use h-layout-stream
- Modal full size: use h-layout-modal-full
- ChatRoom empty state: use h-layout-lyrics-sm (50vh)
- ChatInput attachment: min-w-36 instead of min-w-[150px]
- Update DESIGN_TOKENS.md and add AUDIT_UI_SPOTIFY_DISCORD_20260210.md

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 14:06:30 +01:00
senke
d982a95cf6 fix(web): detect wrong server (HTML instead of JSON) and reduce console noise 
- Detect when API returns HTML (e.g. another app on port 8080): show clear
  toast and reject so callers get an error instead of broken state
- Gate verbose API request/response/slow/error logs on VITE_DEBUG so
  console is quiet by default in dev; set VITE_DEBUG=true for full logs
- Avoid double toast and HTML dump in logs for wrong-server errors
- .env.example: clarify VITE_DEBUG enables API request/response logging

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 13:52:23 +01:00
senke
d39ffcbaad fix(ui): SearchPageHeader input text-foreground for theme consistency 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:55:21 +01:00
senke
401c022844 feat(ui): semantic tokens on library, chat, dashboard, search 
PlaylistDetailView: hero border, overlay, sort buttons, table header, row hover → border-border, bg-background/50, hover:bg-muted/50
ChatMessage: action buttons hover, own/other bubbles, attachment preview, context menu, modal → muted/border/foreground
ChatRoom: header bar, channel item hover, input pill → bg-card/90 border-border, hover:bg-muted/50, bg-muted/30
TrackList: play icon and title when not current → text-foreground
SearchPageHeader: title, search container, input, clear button → text-foreground, bg-card/80 border-border, hover:bg-muted/50
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:53:17 +01:00
senke
f8a0847584 feat(ui): semantic tokens on track detail and profile pages 
Track detail: cover border, overlay, action cards, stats cards, skeleton; tabs list and count badge; back button hover; info metadata row, waveform container, metadata card → border-border, bg-card/80, bg-muted/*
Profile: skeleton card and tabs; tabs list, count badges, card borders; track/playlist/post cards (aspect-video bg, titles, overlay); header card, stats strip, divider → border-border, bg-card/80, text-foreground, muted

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:51:02 +01:00
senke
1e089d8193 feat(ui): semantic tokens on Dashboard and Marketplace 
Dashboard: stat cards (title hover, value), activity rows, recent tracks skeleton and list (hover, borders, text), quick actions (card bg, icon bg, label hover) → foreground/muted/border
Marketplace: skeleton filter bar and cards, glass filters card, search input, filter/clear buttons, active filter badges and remove buttons, expanded filters section → card/80, border, muted, foreground
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:49:07 +01:00
senke
69577e9980 feat(ui): semantic tokens in RolesPage, SettingsPage, Toast, QueueView 
- SecuritySettings: row bg-white/5 → bg-muted/30
- Toast: close button hover:bg-black/10 → hover:bg-muted/50
- QueueView: autoplay toggle thumb bg-white → bg-background
- RolesPage: cards/headers border-white/5, bg-black/40 → border-border, bg-card/80; headings text-white → text-foreground; row hover, inputs, badge → semantic
- SettingsPage: wrapper and tabs border/bg → border-border, bg-card/80, bg-muted/20; section cards; System Config title text-foreground

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:45:30 +01:00
senke
f936b7e07f feat(ui): semantic tokens in settings views + XPBar 
Gamification:
- XPBar: track bg-kodo-void → bg-muted (gold gradient and pattern kept)

Settings:
- CloudIntegrationView, BackupsView: toggle thumb bg-white → bg-background
- AccessibilitySettingsView: hover:bg-white/5 → hover:bg-muted/50
- AppearanceSettingsView: density option hover + kodo-magenta → primary
- IntegrationsView: icon container bg-white → bg-muted/50
- DeleteAccount*: labels/titles text-white → text-foreground, destructive btn → text-destructive-foreground, disabled → bg-muted
- ChangeEmailModal, DataExportModal: titles, labels, text → text-foreground; DataExport input bg-kodo-void → bg-muted
- SessionManagement, LoginHistory, SecuritySettings: headings text-white → text-foreground, row hover → hover:bg-muted/50
- TwoFactorSetupStep2: QR container bg-white → bg-card
- LoginHistory: table cell text-white → text-foreground

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:43:22 +01:00
senke
35b5dc31c5 docs(ui): document typography utility classes in DESIGN_TOKENS 
- Add table for .text-display, .text-heading-1..4, .text-body-lg, .text-body, .text-caption, .text-label
- Update hierarchy section to reference utility classes instead of raw Tailwind

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-10 09:38:09 +01:00