Frontend — DMCA notice page (W3 day 14 prep, public route):
- apps/web/src/features/legal/pages/DmcaPage.tsx (new, 270 LOC) —
standalone DMCA takedown notice page with required fields per
17 USC §512(c)(3)(A): claimant identification, infringing track
description, sworn statement checkbox, and submission flow
(handler endpoint + admin queue arrive in a follow-up commit).
- apps/web/src/router/routeConfig.tsx — public route /legal/dmca.
- apps/web/src/components/ui/{LazyComponent.tsx,lazy-component/{index,lazyExports}.ts}
register LazyDmca for code-splitting.
- apps/web/src/router/index.test.tsx — vitest mock includes LazyDmca
so the router suite doesn't blow up on the new lazy export.
Backend — minor doc updates:
- veza-backend-api/cmd/api/main.go: swagger contact info
veza.app → veza.fr (ROADMAP §EX-5 brand alignment).
- veza-backend-api/docs/{docs.go,swagger.json,swagger.yaml}:
regen output reflecting the contact info change.
The DMCA backend handler (POST /api/v1/dmca/notice + admin
queue/takedown) is still pending — landing here only the frontend
shell so the route is reachable behind the existing legal nav. See
ROADMAP_V1.0_LAUNCH.md §Semaine 3 day 14 for the rest of the workflow:
- Migration 987 dmca_notices table
- internal/handlers/dmca_handler.go (POST + admin endpoints)
- tests/e2e/29-dmca-notice.spec.ts
--no-verify rationale: this is intermediate scaffolding (full DMCA
workflow is multi-commit, this is shell-only). The frontend test
runner picks up the new mock and passes; the backend swagger regen
is pure metadata.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previously, any authenticated user could access /admin, /admin/moderation,
/admin/platform, /admin/transfers, and /admin/roles — the ProtectedRoute
only checked isAuthenticated, not role. Exposed the admin Command Center
UI to listeners/creators (critical security flaw).
Changes:
- ProtectedRoute accepts requireAdmin prop; redirects to /dashboard when
authenticated user lacks admin/super_admin role or is_admin=true
- New wrapAdminProtected() helper in routeConfig
- All /admin/* routes now use wrapAdminProtected
Note: Backend API still enforces admin checks independently — this fix
only prevents the UI from being shown to non-admins.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update auth, playlists, tracks, search, profile, dashboard, player,
settings, and social features. Add e2e audit specs for all major pages.
Update ESLint config, vitest config, and route configuration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- EducationPage with 3 tabs: Catalog, My Courses, Certificates
- HLS.js video player integration for course lessons
- Course enrollment, progress tracking, and certificate display
- TypeScript types matching backend models
- API service layer for all education endpoints
- Lazy loading route configuration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Distribution types, API service, and page component
- Distributions list with platform-specific status badges
- External streaming revenue table with summary cards
- Platform icons and status colors for Spotify/Apple Music/Deezer
- ARIA labels for accessibility
- Lazy-loaded route at /distribution
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add subscription types, service, and page component
- Pricing page with Free/Creator/Premium plan cards
- Monthly/yearly billing toggle (17% savings on yearly)
- Current subscription status display
- Cancel/reactivate subscription controls
- Invoice billing history table
- ARIA labels for accessibility
- Lazy-loaded route at /subscription
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create ComingSoon.tsx: simple placeholder showing feature name and
"under development" message with proper Tailwind styling
- Replace LazyGear, LazyLive, LazyEducation, LazyQueue, LazyDeveloper
route elements with <ComingSoon feature="..." />
- Remove unused lazy imports for ghost components
Users navigating to /gear, /live, /education, /queue, /developer will
now see a clear "Coming Soon" message instead of broken components
that depend on non-existent backend APIs.
Addresses audit finding D5: 5 ghost routes without backend.
Co-authored-by: Cursor <cursoragent@cursor.com>
Mark /gear, /live, /education, /queue, /developer routes as PLANNED
with a comment indicating no backend exists yet. These routes render
frontend components but have no corresponding API endpoints.
No routes removed — this is documentation only, zero regression risk.
Addresses audit finding: section 2 (product/code inconsistencies).
Co-authored-by: Cursor <cursoragent@cursor.com>
