Backend
- services/search_service.go : new SearchFilters struct (Genre,
MusicalKey, BPMMin, BPMMax, YearFrom, YearTo) + appendTrackFacets
helper that composes additional AND clauses onto the existing FTS
WHERE condition. Filters apply ONLY to the track query — users +
playlists ignore them silently (no relevant columns).
- handlers/search_handlers.go : new parseSearchFilters reads + bounds-
checks query params (BPM in [1,999], year in [1900,2100], min<=max).
Search() now passes filters into the service ; OTel span attribute
search.filtered surfaces whether facets were applied.
- elasticsearch/search_service.go : signature updated to match the
interface ; ES path doesn't translate facets yet (different filter
DSL needed) — logs a warning when facets arrive on this path.
- handlers/search_handlers_test.go : MockSearchService.Search updated
+ 4 mock.On call sites pass mock.Anything for the new filters arg.
Frontend
- services/api/search.ts : new SearchFacets shape ; searchApi.search
accepts an opts.facets bag. When non-empty, bypasses orval's typed
getSearch (its GetSearchParams pre-dates the new query params) and
uses apiClient.get directly with snake_case keys matching the
backend's parseSearchFilters().
- features/search/components/FacetSidebar.tsx (new) : sidebar with
genre + musical_key inputs (datalist suggestions), BPM min/max
pair, year from/to pair. Stateless ; SearchPage owns state.
data-testids on every control for E2E.
- features/search/components/search-page/useSearchPage.ts : facets
state stored in URL (genre, musical_key, bpm_min, bpm_max,
year_from, year_to) so deep links reproduce the result set.
300 ms debounce on facet changes.
- features/search/components/search-page/SearchPage.tsx : layout
switches to a 2-column grid (sidebar + results) when query is
non-empty ; discovery view keeps the full width when empty.
Collateral cleanup
- internal/api/routes_users.go : removed unused strconv + time
imports that were blocking the build (pre-existing dead imports
surfaced by the SearchServiceInterface signature change).
E2E
- tests/e2e/32-faceted-search.spec.ts : 4 tests. (36) backend rejects
bpm_min > bpm_max with 400. (37) out-of-range BPM rejected. (38)
valid range returns 200 with a tracks array. (39) UI — typing in
the sidebar updates URL query params within the 300 ms debounce.
Acceptance (Day 18) : promtool not relevant ; backend test suite
green for handlers + services + api ; TS strict pass ; E2E spec
covers the gates the roadmap acceptance asked for. The 'rock + BPM
120-130 = restricted results' assertion needs seed data with measurable
BPM (none today) — flagged in the spec as a follow-up to un-skip
once seed BPM data lands.
W4 progress : Day 16 done · Day 17 done · Day 18 done · Day 19
(HAProxy sticky WS) pending · Day 20 (k6 nightly) pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
First item of the v1.0.6 backlog surfaced by the v1.0.5 smoke test: a
brand-new account could register, verify email, and log in — but
attempting to upload hit a 403 because `role='user'` doesn't pass the
`RequireContentCreatorRole` middleware. The only way to get past that
gate was an admin DB update.
This commit wires the self-service path decided in the v1.0.6
specification:
* One-way flip from `role='user'` to `role='creator'`, gated strictly
on `is_verified=true` (the verification-email flow we restored in
Fix 2 of the hardening sprint).
* No KYC, no cooldown, no admin validation. The conscious click
already requires ownership of the email address.
* Downgrade is out of scope — a creator who wants back to `user`
opens a support ticket. Avoids the "my uploads orphaned" edge case.
Backend
* Migration `977_users_promoted_to_creator_at.sql`: nullable
`TIMESTAMPTZ` column, partial index for non-null values. NULL
preserves the semantic for users who never self-promoted
(out-of-band admin assignments stay distinguishable from organic
creators for audit/analytics).
* `models.User`: new `PromotedToCreatorAt *time.Time` field.
* `handlers.UpgradeToCreator(db, auditService, logger)`:
- 401 if no `user_id` in context (belt-and-braces — middleware
should catch this first)
- 404 if the user row is missing
- 403 `EMAIL_NOT_VERIFIED` when `is_verified=false`
- 200 idempotent with `already_elevated=true` when the caller is
already creator / premium / moderator / admin / artist /
producer / label (same set accepted by
`RequireContentCreatorRole`)
- 200 with the new role + `promoted_to_creator_at` on the happy
path. The UPDATE is scoped `WHERE role='user'` so a concurrent
admin assignment can't be silently overwritten; the zero-rows
case reloads and returns `already_elevated=true`.
- audit logs a `user.upgrade_creator` action with IP, UA, and
the role transition metadata. Non-fatal on failure — the
upgrade itself already committed.
* Route: `POST /api/v1/users/me/upgrade-creator` under the existing
protected users group (RequireAuth + CSRF).
Frontend
* `AccountSettingsCreatorCard`: new card in the Account tab of
`/settings`. Completely hidden for users already on a creator-tier
role (no "you're already a creator" clutter). Unverified users see
a disabled-but-explanatory state with a "Resend verification"
CTA to `/verify-email/resend`. Verified users see the "Become an
artist" button, which POSTs to `/users/me/upgrade-creator` and
refetches the user on success.
* `upgradeToCreator()` service in `features/settings/services/`.
* Copy is deliberately explicit that the change is one-way.
Tests
* 6 Go unit tests covering: happy path (role + timestamp), unverified
refused, already-creator idempotent (timestamp preserved),
admin-assigned idempotent (no timestamp overwrite), user-not-found,
no-auth-context.
* 7 Vitest tests covering: verified button visible, unverified state
shown, card hidden for creator, card hidden for admin, success +
refetch, idempotent message, server error via toast.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add PUT /users/me/password inline handler in routes_users.go
(the existing handler in internal/api/user/ was never registered)
- Create migration 975 adding two_factor_enabled, two_factor_secret,
and backup_codes columns to users table (fixes 500 on 2FA endpoints)
Fixes: Settings bugs #1 (password 404), #2/#4 (2FA 500)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Export: table data_exports, POST /me/export (202), GET /me/exports, messages+playback_history
- Notification email quand ZIP prêt, rate limit 3/jour
- Suppression: keep_public_tracks, anonymisation PII complète (users, user_profiles)
- HardDeleteWorker: final anonymization après 30 jours
- Frontend: POST export, checkbox keep_public_tracks
- MSW handlers pour Storybook
INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing
after successful file copy. Wires the stream server integration into
all track route registrations.
- Add DATABASE_READ_URL config and InitReadReplica in database package
- Add ForRead() helper for read-only handler routing
- Update TrackService and TrackSearchService to use read replica for reads
- Document setup in DEPLOYMENT_GUIDE.md and .env.template
