senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
66 commits 37 branches 94 tags 1.5 GiB
Commit graph

6 commits

Author SHA1 Message Date
senke
6887a97a3f [INT-001] integration: Fix API response format inconsistencies 
- Fixed nested response structures in profile_handler.go (3 occurrences)
- Fixed nested response structures in playlist_handler.go (4 occurrences)
- Changed gin.H{"profile": profile} to profile directly
- Changed gin.H{"playlist": playlist} to playlist directly
- Changed gin.H{"collaborator": collaborator} to collaborator directly
- All responses now use consistent { success: true, data: {...} } format
- Frontend interceptor already handles unwrapping correctly

Phase: PHASE-1
Priority: P0
Progress: 6/267 (2.2%)
 2025-12-23 01:42:53 +01:00
senke
f6ab2c6eeb [BE-API-002] api: Implement playlist collaborators endpoints 
- Added routes in router.go: POST, GET, PUT, DELETE /playlists/:id/collaborators
- Applied RequireOwnershipOrAdmin middleware to POST, PUT, DELETE routes
- GET route accessible to collaborators (service layer checks permissions)
- Fixed UpdateCollaboratorPermission handler to use RespondWithAppError
- All handlers already existed in playlist_handler.go
- All endpoints properly authenticated and ownership checks enforced

Phase: PHASE-1
Priority: P0
Progress: 5/267 (1.9%)
 2025-12-23 01:41:43 +01:00
senke
5e25825726 [BE-API-001] api: Implement 2FA endpoints (setup, verify, disable) 
- Created TwoFactorHandler with SetupTwoFactor, VerifyTwoFactor, DisableTwoFactor, GetTwoFactorStatus
- Added routes: POST /auth/2fa/setup, POST /auth/2fa/verify, POST /auth/2fa/disable, GET /auth/2fa/status
- Updated LoginResponse DTO to include requires_2fa flag
- Updated Login handler to check 2FA status and return requires_2fa flag when enabled
- Reused existing TwoFactorService (already had QR generation and TOTP verification)
- Added VerifyTOTPCode helper method to TwoFactorService
- All endpoints properly authenticated with RequireAuth middleware

Phase: PHASE-1
Priority: P0
Progress: 4/267 (1.5%)
 2025-12-23 01:40:28 +01:00
senke
246e3d9630 [BE-SEC-003] security: Fix ownership verification for playlist updates/deletes 
- Added RequireOwnershipOrAdmin middleware to PUT/DELETE /playlists/:id routes
- Created playlistOwnerResolver that loads playlist from DB and returns owner user_id
- Service already handles ownership checks and collaborator permissions
- All existing integration tests pass (TestUpdatePlaylist_AsOwner, TestUpdatePlaylist_NotOwner, TestDeletePlaylist_AsOwner, TestDeletePlaylist_NotOwner)

Phase: PHASE-1
Priority: P0
Progress: 3/267 (1.1%)
 2025-12-23 01:37:56 +01:00
senke
b76925c493 [BE-SEC-002] security: Fix ownership verification for track updates/deletes 
- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT/DELETE /tracks/:id
- Verified trackOwnerResolver correctly loads track from DB and returns user_id
- Added comprehensive integration tests for ownership verification
- Test: user cannot update another user's track (403 Forbidden)
- Test: user cannot delete another user's track (403 Forbidden)
- Test: admin can update any track (200 OK)
- Test: admin can delete any track (200 OK)
- Test: user can update own track (200 OK)
- Test: user can delete own track (200 OK)
- All tests pass

Phase: PHASE-1
Priority: P0
Progress: 2/267 (0.7%)
 2025-12-23 01:37:10 +01:00
senke
b9821db707 [BE-SEC-001] security: Fix ownership verification for user profile updates 
- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT /users/:id
- Added integration tests for ownership verification
- Test: user cannot update another user's profile (403 Forbidden)
- Test: admin can update any profile (200 OK)
- Test: user can update own profile (200 OK)
- All tests pass

Phase: PHASE-1
Priority: P0
Progress: 1/267 (0.4%)
 2025-12-23 01:36:04 +01:00