senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1921 commits 37 branches 94 tags 1.5 GiB
Commit graph

410 commits

Author SHA1 Message Date
senke
73533bea77 feat(v0.501): Sprint 2 -- HLS production-ready 
- S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k)
- S1-02: Update master.m3u8 endpoint with 3-tier quality system
- S1-03: Integrate hls.js with ABR + useHLSPlayer hook
- S1-04: Add Cache-Control headers on HLS segments and manifests
- S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform)
- S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache
- S1-07: Create WaveformDisplay component with story
- S1-08: Add 4 Prometheus metrics for streaming monitoring
 2026-02-22 18:16:37 +01:00
senke
89cc015e54 feat(v0.501): Sprint 1 -- infrastructure foundations 
- Add MinIO S3-compatible storage to docker-compose (dev, staging, prod)
- Create migrations 103-108 (waveform_url, user_folders, user_files,
  user_storage_quotas, gear_items.is_public, gear_images)
- Add Go models: UserFile, UserFolder, StorageQuota, GearImage
- Add WaveformURL to Track model, IsPublic + GearImages to GearItem model
 2026-02-22 18:10:25 +01:00
senke
80492a4644 refactor(websocket): replace gorilla/websocket with coder/websocket 
INT-06: Migrated playback_websocket_handler.go from deprecated
gorilla/websocket to coder/websocket v1.8.14. Uses context-based
reads/writes and websocket.Accept instead of Upgrader.
 2026-02-22 17:53:10 +01:00
senke
a6cf20e614 fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others 
INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests).
Added INT-04 comments explaining skip reasons for tests requiring
PostgreSQL, real file headers, or external services.
 2026-02-22 17:53:00 +01:00
senke
0907446958 test: add 5 cross-service E2E integration tests 
INT-03: Tests for health endpoint, auth flow, track upload auth,
webhook HTTPS-only, and rate limit headers. Build-tagged
'integration' to avoid running in regular test suite.
 2026-02-22 17:52:50 +01:00
senke
ee32aec970 feat(streaming): trigger HLS transcoding after track upload 
INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing
after successful file copy. Wires the stream server integration into
all track route registrations.
 2026-02-22 17:52:39 +01:00
senke
872e42d81c refactor(backend): replace 40 fmt.Printf calls with zap structured logging 
CLN-03: router.go, track/service.go, upload_validator.go, cors.go,
playlist_handler.go, and mfa.go now use zap.L() or local logger
for structured logging instead of fmt.Printf.
 2026-02-22 17:44:38 +01:00
senke
834fa1f979 refactor: remove dead code (api_manager.go, unused templates) 
CLN-01: Deleted archived api_manager.go (~789 LOC, build-tag ignore)
and dev-environment/templates/ (~806 LOC, never used by generator).
 2026-02-22 17:44:19 +01:00
senke
763aea15cb fix(security): hash password reset tokens before database storage
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
INF-10: Reset tokens are now SHA-256 hashed before INSERT. Validation
hashes the received token and compares against stored hash. Plain
tokens never persisted.
 2026-02-22 17:36:10 +01:00
senke
c29edd099b feat(security): implement Redis-backed rate limiter with in-memory fallback 
INF-01: RedisRateLimiter uses atomic Lua script (INCR+EXPIRE) for
distributed rate limiting. Falls back to in-memory SimpleRateLimiter
when Redis is unavailable. Same X-RateLimit-* headers and 429 format.
 2026-02-22 17:35:21 +01:00
senke
d3245b2e4b fix(build): unify Go version to 1.24 across Dockerfile and CI 
SEC-09: go.mod declares Go 1.24.0 but Dockerfile.production used 1.23
and backend-ci.yml used 1.23. Aligned both to 1.24.
 2026-02-22 17:32:17 +01:00
senke
368c78c102 fix(security): require Hyperswitch webhook secret in production when payments enabled 
SEC-08: If HYPERSWITCH_ENABLED=true in production, startup now fails
unless HYPERSWITCH_WEBHOOK_SECRET is set. This prevents webhook
signature verification from being silently bypassed.
 2026-02-22 17:31:52 +01:00
senke
f14574322c fix(security): add SSRF protection for webhook URL registration 
SEC-07: Strengthened ValidateWebhookURL to require HTTPS only (was
allowing HTTP). Private IP ranges, localhost, and cloud metadata
endpoints remain blocked.
 2026-02-22 17:31:10 +01:00
senke
da3bad1b0e fix(security): add ownership check to GetUploadStatus handler (IDOR fix) 
SEC-06: GetUploadStatus now verifies that the authenticated user owns the
upload before returning status. Returns 404 for non-owners to prevent
information disclosure.
 2026-02-22 17:30:30 +01:00
senke
5e4291ecba feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication 
SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies.
New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with
both stream server (Claims struct) and chat server (JwtClaims struct).
Frontend hlsService and websocket updated to use fetchStreamToken() fallback.
 2026-02-22 17:28:00 +01:00
senke
bab3f38c4a feat(marketplace): add license revoked_at migration 2026-02-22 16:18:01 +01:00
senke
51373b653f feat(hyperswitch): add CreateRefund to client 2026-02-22 16:17:54 +01:00
senke
166acc6069 chore(backend): add PDF library for invoices 
feat(marketplace): add invoice generation service and download endpoint
 2026-02-22 16:11:42 +01:00
senke
c6611c3d8f feat(marketplace): add avg_rating and review_count to Product 2026-02-22 16:07:06 +01:00
senke
85daf595a8 feat(marketplace): add create and list reviews endpoints 2026-02-22 16:06:18 +01:00
senke
d6d49dbfc3 feat(marketplace): add ProductReview model and service 2026-02-22 16:05:16 +01:00
senke
4ac1bf7c25 feat(marketplace): add product_reviews migration 2026-02-22 16:04:14 +01:00
senke
5ac4c3988a fix(checkout): handle cancelled status in Hyperswitch webhook 2026-02-22 14:42:57 +01:00
senke
5233a5b7f2 feat(checkout): add order_id to Hyperswitch return URL 2026-02-22 14:40:13 +01:00
senke
0adc212719 feat(seller): add GET /sell/stats/evolution, top-products, sales, SalesEvolutionChart, real commerceService 2026-02-22 14:21:21 +01:00
senke
1fef428ce0 feat(marketplace): add migration 098 product_licenses, ProductLicense model, GET /licenses/mine 2026-02-22 14:16:24 +01:00
senke
31a27e4724 feat(marketplace): add playable preview and image gallery to ProductDetailView 2026-02-22 14:14:38 +01:00
senke
a8549add70 feat(marketplace): add rich text description with sanitization 2026-02-22 14:14:27 +01:00
senke
d292270d4e feat(marketplace): add bpm, musical_key, category filters to ListProducts 2026-02-22 14:08:41 +01:00
senke
aec22b596c feat(marketplace): add product images management endpoint 2026-02-22 14:08:13 +01:00
senke
c6f094a3d5 feat(marketplace): add POST /products/:id/preview for audio preview upload 2026-02-22 14:07:30 +01:00
senke
f6c02afbf8 feat(marketplace): accept bpm, musical_key, category in CreateProduct and UpdateProduct 2026-02-22 14:06:20 +01:00
senke
8de3dcdc27 feat(marketplace): add ProductPreview, ProductImage models and Product enrichment fields 2026-02-22 14:05:37 +01:00
senke
e8ad5b5f4b feat(marketplace): add migrations 095-097 for products enrichment, previews, images 2026-02-22 14:05:19 +01:00
senke
49bb633fc6 feat(presence): P2.1 rich presence, P2.2 invisible mode 
Backend:
- UserPresence: track_id, track_title, invisible
- UpdatePresenceFull, GetPresenceForViewer (invisible hides for others)
- PUT /users/me/presence
- Migration 094 rich presence columns

Frontend:
- presenceService.updatePresence
- usePresenceSync: sync currentTrack to presence
- PresenceBadge: statusMessage tooltip
- PresenceInvisibleToggle in PrivacySettings
- MSW: PUT /users/me/presence
 2026-02-21 16:47:09 +01:00
senke
49e3122e78 feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences 
- N1.1: POST /notifications/push/subscribe, PushService, migration 090
- N1.2: Send Web Push on follow/like/comment/message via CreateNotification
- N1.3: GET/PUT /notifications/preferences, migration 093
- Shared NotificationService with PushService for profile, track, comment handlers
- Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests
 2026-02-21 16:41:39 +01:00
senke
d2a55b405e feat(groups): S2 frontend - request join, invite, roles, my groups, MSW handlers 2026-02-21 05:51:29 +01:00
senke
7ca8d14283 feat(groups): S2.1-S2.5 request join, invite, roles, feed groups, my groups 2026-02-21 05:48:59 +01:00
senke
6cd69f1e62 chore(migrations): add 069, 089, 090, 091 for v0.302 2026-02-21 05:47:14 +01:00
senke
28e6642fa6 feat(social): GET /social/explore, explore tab, feed filters all/following/groups (S1.5, S1.6) 2026-02-21 05:31:12 +01:00
senke
b572863847 feat(social): feed pagination with cursor (S1.4) 2026-02-21 05:28:19 +01:00
senke
79feb220f4 feat(social): connect feed to social API, enrich with actor/track, FeedItem supports posts (S1.1-S1.3) 2026-02-21 05:26:52 +01:00
senke
182b28011f feat(presence): PresenceService and GET /users/:id/presence (P1.2) 2026-02-21 05:22:43 +01:00
senke
4d37311b79 feat(presence): migration 088 user_presence (P1.1) 2026-02-21 05:22:33 +01:00
senke
ba24507b1f feat(queue): add queue session API (create, get, delete, add/remove items) 2026-02-20 18:41:12 +01:00
senke
8884efdb75 feat(queue): add queue_sessions and shared_queue_items models 2026-02-20 18:39:33 +01:00
senke
802a54245e feat(search): add boolean operators AND, OR, NOT, exact phrase 2026-02-20 18:38:34 +01:00
senke
d4f1d08518 feat(search): add phonetic/fuzzy search via pg_trgm 2026-02-20 18:36:07 +01:00
senke
eb2f7e0d8c feat(search): add pg_trgm extension for fuzzy search 2026-02-20 18:34:50 +01:00
senke
7e171f1c1e feat(social): cache trending hashtags in Redis 2026-02-20 18:33:17 +01:00