senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1921 commits 37 branches 94 tags 1.5 GiB
Commit graph

111 commits

Author SHA1 Message Date
senke
73533bea77 feat(v0.501): Sprint 2 -- HLS production-ready 
- S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k)
- S1-02: Update master.m3u8 endpoint with 3-tier quality system
- S1-03: Integrate hls.js with ABR + useHLSPlayer hook
- S1-04: Add Cache-Control headers on HLS segments and manifests
- S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform)
- S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache
- S1-07: Create WaveformDisplay component with story
- S1-08: Add 4 Prometheus metrics for streaming monitoring
 2026-02-22 18:16:37 +01:00
senke
a6cf20e614 fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others 
INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests).
Added INT-04 comments explaining skip reasons for tests requiring
PostgreSQL, real file headers, or external services.
 2026-02-22 17:53:00 +01:00
senke
872e42d81c refactor(backend): replace 40 fmt.Printf calls with zap structured logging 
CLN-03: router.go, track/service.go, upload_validator.go, cors.go,
playlist_handler.go, and mfa.go now use zap.L() or local logger
for structured logging instead of fmt.Printf.
 2026-02-22 17:44:38 +01:00
senke
763aea15cb fix(security): hash password reset tokens before database storage
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
INF-10: Reset tokens are now SHA-256 hashed before INSERT. Validation
hashes the received token and compares against stored hash. Plain
tokens never persisted.
 2026-02-22 17:36:10 +01:00
senke
da3bad1b0e fix(security): add ownership check to GetUploadStatus handler (IDOR fix) 
SEC-06: GetUploadStatus now verifies that the authenticated user owns the
upload before returning status. Returns 404 for non-owners to prevent
information disclosure.
 2026-02-22 17:30:30 +01:00
senke
5e4291ecba feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication 
SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies.
New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with
both stream server (Claims struct) and chat server (JwtClaims struct).
Frontend hlsService and websocket updated to use fetchStreamToken() fallback.
 2026-02-22 17:28:00 +01:00
senke
51373b653f feat(hyperswitch): add CreateRefund to client 2026-02-22 16:17:54 +01:00
senke
49bb633fc6 feat(presence): P2.1 rich presence, P2.2 invisible mode 
Backend:
- UserPresence: track_id, track_title, invisible
- UpdatePresenceFull, GetPresenceForViewer (invisible hides for others)
- PUT /users/me/presence
- Migration 094 rich presence columns

Frontend:
- presenceService.updatePresence
- usePresenceSync: sync currentTrack to presence
- PresenceBadge: statusMessage tooltip
- PresenceInvisibleToggle in PrivacySettings
- MSW: PUT /users/me/presence
 2026-02-21 16:47:09 +01:00
senke
49e3122e78 feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences 
- N1.1: POST /notifications/push/subscribe, PushService, migration 090
- N1.2: Send Web Push on follow/like/comment/message via CreateNotification
- N1.3: GET/PUT /notifications/preferences, migration 093
- Shared NotificationService with PushService for profile, track, comment handlers
- Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests
 2026-02-21 16:41:39 +01:00
senke
4d37311b79 feat(presence): migration 088 user_presence (P1.1) 2026-02-21 05:22:33 +01:00
senke
ba24507b1f feat(queue): add queue session API (create, get, delete, add/remove items) 2026-02-20 18:41:12 +01:00
senke
802a54245e feat(search): add boolean operators AND, OR, NOT, exact phrase 2026-02-20 18:38:34 +01:00
senke
d4f1d08518 feat(search): add phonetic/fuzzy search via pg_trgm 2026-02-20 18:36:07 +01:00
senke
aeb941d41a feat(search): add autocomplete suggestions endpoint and UI (G3) 2026-02-20 16:54:17 +01:00
senke
124f0006f1 feat(search): add relevance sort option (G2) 2026-02-20 16:50:49 +01:00
senke
b042da9575 feat(search): add musical_key filter and wire tags filter (G1) 2026-02-20 16:50:30 +01:00
senke
1620819afd feat(tracks): add BPM field to model and CRUD (E1) 
- Backend: BPM and MusicalKey in Track model, UpdateTrack handler
- track_search_service: enable BPM filter (min_bpm, max_bpm)
- Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo
- TrackMetadataEditModal: BPM input, edit flow for track creator
- MSW: bpm, musical_key in mock track, correct response envelope
 2026-02-20 15:34:00 +01:00
senke
b33c9d3cca feat(profile): add profile privacy toggle (B3) 
- Backend: is_public in Profile, UpdateProfile; strip SocialLinks for private
- Settings: ProfileVisibilityCard toggle in Privacy tab
- UserProfilePage: show 'Profil privé' when viewing private profile
 2026-02-20 15:10:02 +01:00
senke
9be0e6e14f feat(profile): add profile banner (B1) 2026-02-20 14:56:25 +01:00
senke
d626e9c533 feat(auth): enrich sessions page with history and revoke (A4) 2026-02-20 14:52:20 +01:00
senke
6bac68b679 feat(auth): add OAuth Spotify provider (A1) 2026-02-20 14:48:08 +01:00
senke
286be8ba1d chore(v0.102): consolidate remaining changes — docs, frontend, backend
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details 
- docs: SCOPE_CONTROL, CONTRIBUTING, README, .github templates
- frontend: DeveloperDashboardView, Player components, MSW handlers, auth, reactQuerySync
- backend: playback_analytics, playlist_service, testutils, integration README

Excluded (artifacts): .auth, playwright-report, test-results, storybook_audit_detailed.json
 2026-02-20 13:02:12 +01:00
senke
32348bebce feat(developer): add API keys backend (Lot C) 
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
 2026-02-20 00:18:36 +01:00
senke
6a53daab59 feat(queue): add backend queue API with CRUD operations 2026-02-19 23:44:44 +01:00
senke
cfffedce92 fix(tests): parse RespondSuccess envelope in GetUploadStats test 2026-02-19 14:04:47 +01:00
senke
d23fc1be2a fix(tests): correct UpdateProfile assertion in user_service_test 2026-02-19 14:03:28 +01:00
senke
1f72854192 chore(infra): add ClamAV to docker-compose for v0.101 2026-02-18 12:03:14 +01:00
senke
b103a09a25 chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
 2026-02-17 16:43:21 +01:00
senke
7846bbab28 fix(backend): remediation plan — tests, playback_analytics, job queue, gamification 
Phase 1 - Backend tests:
- Add PlaybackAnalytics to AutoMigrate in setupTestTrackHandler
- Create migration 081_create_playback_analytics.sql for production
- PlaybackAnalyticsService: return ErrTrackNotFound for missing track
- RecordPlay handler: return 404 when track not found
- CreateShare: use RespondSuccess, fix services.ErrTrackNotFound/ErrForbidden
- GetTrackLikes, UnlikeTrack: use RespondSuccess for consistent response
- GetUserLikedTracks test: fix route /users/:id/likes and params
- GetSharedTrack_InvalidToken: set share service in test

Phase 4 - Job queue transcoding:
- Add EnqueueTranscodingJob to JobEnqueuer interface
- Add TypeTranscoding and processTranscodingJob (stub) in JobWorker
- MockJobEnqueuer: implement EnqueueTranscodingJob

Phase 5 - Gamification cleanup:
- Move api_manager.go to internal/api/archive/
- Add archive/README.md documenting archived modules
- Update TODOS_AUDIT.md and FEATURE_STATUS.md
 2026-02-17 16:01:45 +01:00
senke
3cf1d14f46 fix(security): verify track access before download (A04) 
- Add TrackDownloadLicenseChecker to verify paid track download rights
- Check marketplace license when track is sold as product and user is not owner
- Return 403 with 'purchase required' message when license missing
 2026-02-16 10:23:41 +01:00
senke
03f626c9e8 fix(audit-1.8,1.9): implement OAuth user lookup, add cargo audit to CI 
- 1.8: Implement GetUserByOAuthID in database.go via federated_identities join
- 1.8: Use OAuth ID lookup first in oauth_service getOrCreateUser
- 1.9: Add cargo audit step to chat-ci.yml and stream-ci.yml

Refs: AUDIT_TECHNIQUE_INTEGRAL_2026_02_15.md items 1.8, 1.9
 2026-02-15 14:22:27 +01:00
senke
b73387af3c feat(api): add PostgreSQL read replica support (3.7) 
- Add DATABASE_READ_URL config and InitReadReplica in database package
- Add ForRead() helper for read-only handler routing
- Update TrackService and TrackSearchService to use read replica for reads
- Document setup in DEPLOYMENT_GUIDE.md and .env.template
 2026-02-14 22:50:23 +01:00
senke
92f432fb9e chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.) 2026-02-14 21:45:15 +01:00
senke
7de106b2dc perf(analytics): optimize GetTrackStats to single query 2026-02-14 18:31:29 +01:00
senke
759154e660 fix(auth): add Redis lock for concurrent refresh token requests 2026-02-14 18:29:37 +01:00
senke
ed7c4b4402 security(webhooks): extract SSRF validation to internal/validators/url_validator 2026-02-14 18:24:39 +01:00
senke
afea976f57 chore: add go.work and optional monorepo orchestrator 2026-02-14 18:21:39 +01:00
senke
f93b194b8c refactor(backend): add track, notification, webhook repositories 2026-02-14 18:07:04 +01:00
senke
ae586f6134 Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
a9009de366 fix(backend): avoid nil user in GetProfile (userToProfile panic in profile handler test) 2026-02-14 14:07:03 +01:00
senke
0d10a5c820 fix(backend): serialize backup_codes as JSON in two_factor_service (fix TestLogin_Requires2FA) 2026-02-14 14:03:43 +01:00
senke
09bb663659 chore: enable noUncheckedIndexedAccess, isolate ghost MSW handlers, document go-clamd tech debt 
- Enable TypeScript noUncheckedIndexedAccess and fix 133 resulting errors
  across 46 files with proper null guards, optional chaining, and fallbacks
- Extract education/gamification ghost feature MSW handlers into handlers-ghost.ts
- Add Storybook test plugin documentation in vitest.config.ts
- Document abandoned go-clamd dependency (2017) as tech debt in upload_validator.go

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:12:35 +01:00
senke
2d664f9177 fix(security): add SSRF protection, real track access validation, and pagination bounds 
- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:44:03 +01:00
senke
30f17dfc2a chore(backend): config, router, auth, stream service, sanitizer, tests 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:09 +01:00
senke
430cc5eef6 fix(security): validate exec.Command paths in Go services 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:32:38 +01:00
senke
b1ed46b142 small fixes : cors + login loop 2026-02-07 20:36:48 +01:00
senke
1b5afbc2c3 security: reduce access token expiry to 5 minutes 
- Changed default AccessTokenTTL from 15 minutes to 5 minutes in jwt_service.go
- Updated test mock in mocks_test.go to match new default
- All references to AccessTokenTTL automatically use new value
- Tests pass successfully
- No breaking changes - frontend already handles token refresh
- Action 5.1.1.4 complete
 2026-01-15 20:15:45 +01:00
senke
76d95ecfb4 incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
senke
cc2ebae4dc feat: Visual masterpiece - true light mode & premium UI 
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application

🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode

 **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements

🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes

🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions

The app is now a visual masterpiece with perfect light/dark mode support!
 2026-01-11 02:32:21 +01:00
senke
8efbb97e6f stabilisation commit A 2026-01-07 19:39:21 +01:00