senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2314 commits 37 branches 94 tags 1.5 GiB
Commit graph

6 commits

Author SHA1 Message Date
senke
d3245b2e4b fix(build): unify Go version to 1.24 across Dockerfile and CI 
SEC-09: go.mod declares Go 1.24.0 but Dockerfile.production used 1.23
and backend-ci.yml used 1.23. Aligned both to 1.24.
 2026-02-22 17:32:17 +01:00
senke
1f72854192 chore(infra): add ClamAV to docker-compose for v0.101 2026-02-18 12:03:14 +01:00
senke
b103a09a25 chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
 2026-02-17 16:43:21 +01:00
senke
2d664f9177 fix(security): add SSRF protection, real track access validation, and pagination bounds 
- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:44:03 +01:00
senke
2dfde29f7d refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
okinrev
2425c15b09 adding initial backend API (Go) 2025-12-03 20:29:37 +01:00