Prep for the upcoming E2E Playwright CI workflow. The full seed (1200
users, 5000 tracks, 100k play events, 10k messages, etc.) takes ~60s
and produces a lot of fixture data the suite never reads. A CI run
just needs the 5 test accounts the auth fixture logs in as
(admin/artist/user/mod/new) plus a small content set so player /
playlist tests have something to render.
New flag:
go run ./cmd/tools/seed --ci
CIConfig (cmd/tools/seed/config.go):
- TotalUsers = 5 (== len(testAccounts), so SeedUsers' "remaining"
branch is a no-op — only the 5 hardcoded accounts get inserted).
- Tracks = 10, Playlists = 3 (covers player + playlist suites).
- Albums = 0, all social/chat/live/marketplace/analytics/etc. = 0.
main.go gates the heavy seeders (Social / Chat / Live / Marketplace /
Analytics / Content / Moderation / Notifications / Misc) behind
`if !cfg.CIMode`, prints a one-line "skipping ..." banner so the run
log makes the choice obvious. The Users / Tracks / Playlists path is
unchanged — same code, same validation pass at the end.
Time: ~5s in CI mode (bcrypt cost 12 × 5 + a handful of bulk inserts)
vs the ~60s minimal mode and ~5min full mode, measured locally
against a tmpfs Postgres.
Validate() and the SUMMARY printout work unchanged — empty tables
just show "0 rows", and the orphan-FK checks remain useful (and pass
trivially when the heavy seeders are skipped).
modeName() returns "CI" so the boot banner reflects the choice.
go build ./... clean. Help output:
-ci Bare-minimum seed for E2E CI (...)
-minimal Use reduced volumes (50 users, 200 tracks) for fast dev
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
backend-ci.yml's `test -z "$(gofmt -l .)"` strict gate (added in
13c21ac11) failed on a backlog of unformatted files. None of the
85 files in this commit had been edited since the gate was added
because no push touched veza-backend-api/** in between, so the
gate never fired until today's CI fixes triggered it.
The diff is exclusively whitespace alignment in struct literals
and trailing-space comments. `go build ./...` and the full test
suite (with VEZA_SKIP_INTEGRATION=1 -short) pass identically.
Extract monolithic seed main.go into separate files per domain:
users, tracks, playlists, chat, analytics, marketplace, social,
content, live, moderation, notifications, and misc. Add config,
fake data helpers, and utility modules. Update Makefile targets.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update RabbitMQ config and eventbus. Improve secret filter logging.
Refine presence, cloud, and social services. Update announcement and
feature flag handlers. Add track_likes updated_at migration. Rebuild
seed binary.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL
- CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest
- OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS
- CHAT_JWT_SECRET must differ from JWT_SECRET in production
- Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens
- Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010
