senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1897 commits 37 branches 94 tags 1.5 GiB
Commit graph

1897 commits

This branch
This branch
All branches
Author SHA1 Message Date
senke
4409022d55 fix(build): unify Go version to 1.24 across Dockerfile and CI 
SEC-09: go.mod declares Go 1.24.0 but Dockerfile.production used 1.23
and backend-ci.yml used 1.23. Aligned both to 1.24.
 2026-02-22 17:32:17 +01:00
senke
4efd5d1d07 fix(security): require Hyperswitch webhook secret in production when payments enabled 
SEC-08: If HYPERSWITCH_ENABLED=true in production, startup now fails
unless HYPERSWITCH_WEBHOOK_SECRET is set. This prevents webhook
signature verification from being silently bypassed.
 2026-02-22 17:31:52 +01:00
senke
142d1576be fix(security): add SSRF protection for webhook URL registration 
SEC-07: Strengthened ValidateWebhookURL to require HTTPS only (was
allowing HTTP). Private IP ranges, localhost, and cloud metadata
endpoints remain blocked.
 2026-02-22 17:31:10 +01:00
senke
72d15f60b5 fix(security): add ownership check to GetUploadStatus handler (IDOR fix) 
SEC-06: GetUploadStatus now verifies that the authenticated user owns the
upload before returning status. Returns 404 for non-owners to prevent
information disclosure.
 2026-02-22 17:30:30 +01:00
senke
5d840d2ebe fix(infra): add JWT_SECRET to stream-server in production compose 
SEC-05: stream-server was missing JWT_SECRET while chat-server had it.
Both services need the shared secret to validate tokens.
 2026-02-22 17:28:37 +01:00
senke
c47b2cc5bf fix(infra): remove docker-compose.hybrid.yml (network_mode host + default credentials) 
SEC-04: File used network_mode: host on all services and had default
Grafana password 'admin'. Removed entirely; if needed in the future,
recreate without host networking.
 2026-02-22 17:28:17 +01:00
senke
de5b3bc542 feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication 
SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies.
New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with
both stream server (Claims struct) and chat server (JwtClaims struct).
Frontend hlsService and websocket updated to use fetchStreamToken() fallback.
 2026-02-22 17:28:00 +01:00
senke
a462a1d3fd fix(infra): add Redis authentication in production compose 2026-02-22 17:24:12 +01:00
senke
3da269875e fix(ci): repair CD pipeline -- use vars.* instead of secrets.* in if conditions, target Dockerfile.production 2026-02-22 17:23:43 +01:00
senke
901b1ce2ce feat(marketplace): wire RefundRequestModal to API, add refund button to SellerDashboard (v0.403 R2) 
- RefundRequestModal: call marketplaceService.refundOrder, loading state, onSuccess callback
- PurchasesView: pass loadPurchases as onSuccess to refetch after refund
- SellerDashboardView: add Refund button on each sale, RefundRequestModal with fetchData onSuccess
- MSW: add POST /marketplace/orders/:id/refund handler
 2026-02-22 16:19:31 +01:00
senke
952520dd7f feat(marketplace): add license revoked_at migration 2026-02-22 16:18:01 +01:00
senke
bf57d58f5a feat(hyperswitch): add CreateRefund to client 2026-02-22 16:17:54 +01:00
senke
3ff3784946 feat(marketplace): add invoice download link to PurchasesView and LicensesView 2026-02-22 16:15:55 +01:00
senke
5b023ae895 chore(backend): add PDF library for invoices 
feat(marketplace): add invoice generation service and download endpoint
 2026-02-22 16:11:42 +01:00
senke
cfb270e5a9 feat(marketplace): add review API to frontend 2026-02-22 16:09:04 +01:00
senke
45cbc96fac feat(marketplace): add avg_rating and review_count to Product 2026-02-22 16:07:06 +01:00
senke
25eee5bf91 feat(marketplace): add create and list reviews endpoints 2026-02-22 16:06:18 +01:00
senke
578af84819 feat(marketplace): add ProductReview model and service 2026-02-22 16:05:16 +01:00
senke
c3b8d9198a feat(marketplace): add product_reviews migration 2026-02-22 16:04:14 +01:00
senke
f64c858464 docs: prepare v0.403 implementation (scope, plan, SCOPE_CONTROL) 
- Add V0_403_RELEASE_SCOPE.md: P3 Payout, R1 Reviews, F1 Factures, R2 Remboursements
- Add PLAN_V0_403_IMPLEMENTATION.md: phases détaillées, commits suggérés
- Update SCOPE_CONTROL: reference v0.403, v0.402 taguée
- Update FEATURE_STATUS: section Prévu en v0.403
- Update PROJECT_STATE: prochaines étapes v0.403
 2026-02-22 16:01:03 +01:00
senke
230b35009f feat(checkout): integrate Hyperswitch payment form in Cart 2026-02-22 14:46:06 +01:00
senke
afeec3ae65 fix(checkout): handle cancelled status in Hyperswitch webhook 2026-02-22 14:42:57 +01:00
senke
d502ea83ee docs: update PAYMENTS_SETUP for checkout complete URL 2026-02-22 14:42:44 +01:00
senke
49d1a0f67e feat(checkout): add CheckoutSuccessView, CheckoutErrorView and getOrder 2026-02-22 14:42:15 +01:00
senke
e60354f7ce feat(checkout): add order_id to Hyperswitch return URL 2026-02-22 14:40:13 +01:00
senke
23034cd3a1 docs: update SCOPE_CONTROL for v0.402 2026-02-22 14:26:28 +01:00
senke
ef4afc39d0 docs: add V0_402_RELEASE_SCOPE and PLAN_V0_402_IMPLEMENTATION 2026-02-22 14:26:19 +01:00
senke
c97ebe70e7 test(marketplace): add MSW handlers, update CHANGELOG and docs for v0.401 2026-02-22 14:23:28 +01:00
senke
79ef2f52a0 feat(seller): add GET /sell/stats/evolution, top-products, sales, SalesEvolutionChart, real commerceService 2026-02-22 14:21:21 +01:00
senke
76d38b2718 feat(marketplace): add getMyLicenses, enrich LicenceCard/LicenceDetailsModal, LicensesView 2026-02-22 14:18:05 +01:00
senke
c977681bf8 feat(marketplace): add migration 098 product_licenses, ProductLicense model, GET /licenses/mine 2026-02-22 14:16:24 +01:00
senke
432cabec6f feat(marketplace): add playable preview and image gallery to ProductDetailView 2026-02-22 14:14:38 +01:00
senke
f25956e9e2 feat(marketplace): add rich text description with sanitization 2026-02-22 14:14:27 +01:00
senke
d57c45c32e feat(marketplace): add BPM, key, category filters to MarketplaceHome 2026-02-22 14:14:20 +01:00
senke
854ea0ab03 feat(marketplace): connect CreateProductView to enriched product API 2026-02-22 14:10:26 +01:00
senke
ac795f16bf feat(marketplace): add bpm, musical_key, category to marketplaceService listProducts 2026-02-22 14:08:59 +01:00
senke
f4fff1126f feat(marketplace): add bpm, musical_key, category filters to ListProducts 2026-02-22 14:08:41 +01:00
senke
8ecd66786d feat(marketplace): add product images management endpoint 2026-02-22 14:08:13 +01:00
senke
8e68ca3be0 feat(marketplace): add POST /products/:id/preview for audio preview upload 2026-02-22 14:07:30 +01:00
senke
7a68e3ced2 feat(marketplace): accept bpm, musical_key, category in CreateProduct and UpdateProduct 2026-02-22 14:06:20 +01:00
senke
ef0a928ab4 feat(marketplace): add ProductPreview, ProductImage models and Product enrichment fields 2026-02-22 14:05:37 +01:00
senke
0a00da931e feat(marketplace): add migrations 095-097 for products enrichment, previews, images 2026-02-22 14:05:19 +01:00
senke
428bdb088d docs(scope): update SCOPE_CONTROL for v0.401 
- Référence active V0_401_RELEASE_SCOPE
- Règle d'or, checklist, historique versions alignés
 2026-02-22 14:02:31 +01:00
senke
e5f44941b7 docs(v0.401): add V0_401_RELEASE_SCOPE and PLAN_V0_401_IMPLEMENTATION 
- V0_401_RELEASE_SCOPE: Phase 4 Commerce (M1 produits, M2 licences, M3 seller)
- PLAN_V0_401_IMPLEMENTATION: phases 0-4, diagramme Mermaid, commits suggérés
 2026-02-22 14:02:24 +01:00
senke
88ef467820 chore(docs): remove V0_302_IMPLEMENTATION, update V0_302_RELEASE_SCOPE 2026-02-22 03:46:50 +01:00
senke
b517258ef5 feat(chat): add call signaling types 2026-02-22 03:46:10 +01:00
senke
08bc158ae0 feat(chat-server): add C2.1 WebRTC call signaling (CallOffer, CallAnswer, ICECandidate, CallHangup, CallReject) 2026-02-22 03:42:47 +01:00
senke
5987c846b2 docs(scope): update SCOPE_CONTROL for v0.303 2026-02-22 03:38:49 +01:00
senke
eea7262d93 docs(v0.303): add full V0_303_RELEASE_SCOPE with C2 detail 2026-02-22 03:38:43 +01:00
senke
0bf60726d3 docs: prepare v0.302 documentation - scope, implementation guide, SCOPE_CONTROL 2026-02-22 03:35:45 +01:00