senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1852 commits 37 branches 94 tags 1.5 GiB
Commit graph

104 commits

Author SHA1 Message Date
senke
8f4f445dcb feat(presence): P2.1 rich presence, P2.2 invisible mode 
Backend:
- UserPresence: track_id, track_title, invisible
- UpdatePresenceFull, GetPresenceForViewer (invisible hides for others)
- PUT /users/me/presence
- Migration 094 rich presence columns

Frontend:
- presenceService.updatePresence
- usePresenceSync: sync currentTrack to presence
- PresenceBadge: statusMessage tooltip
- PresenceInvisibleToggle in PrivacySettings
- MSW: PUT /users/me/presence
 2026-02-21 16:47:09 +01:00
senke
51af2d073f feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences 
- N1.1: POST /notifications/push/subscribe, PushService, migration 090
- N1.2: Send Web Push on follow/like/comment/message via CreateNotification
- N1.3: GET/PUT /notifications/preferences, migration 093
- Shared NotificationService with PushService for profile, track, comment handlers
- Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests
 2026-02-21 16:41:39 +01:00
senke
4a2ba9f404 feat(presence): migration 088 user_presence (P1.1) 2026-02-21 05:22:33 +01:00
senke
5c79b8fafe feat(queue): add queue session API (create, get, delete, add/remove items) 2026-02-20 18:41:12 +01:00
senke
d54945d84e feat(search): add boolean operators AND, OR, NOT, exact phrase 2026-02-20 18:38:34 +01:00
senke
b209a8dc96 feat(search): add phonetic/fuzzy search via pg_trgm 2026-02-20 18:36:07 +01:00
senke
ef320888f6 feat(search): add autocomplete suggestions endpoint and UI (G3) 2026-02-20 16:54:17 +01:00
senke
7eb1e0d945 feat(search): add relevance sort option (G2) 2026-02-20 16:50:49 +01:00
senke
458e88472b feat(search): add musical_key filter and wire tags filter (G1) 2026-02-20 16:50:30 +01:00
senke
265f9fa86c feat(tracks): add BPM field to model and CRUD (E1) 
- Backend: BPM and MusicalKey in Track model, UpdateTrack handler
- track_search_service: enable BPM filter (min_bpm, max_bpm)
- Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo
- TrackMetadataEditModal: BPM input, edit flow for track creator
- MSW: bpm, musical_key in mock track, correct response envelope
 2026-02-20 15:34:00 +01:00
senke
efd09e0c11 feat(profile): add profile privacy toggle (B3) 
- Backend: is_public in Profile, UpdateProfile; strip SocialLinks for private
- Settings: ProfileVisibilityCard toggle in Privacy tab
- UserProfilePage: show 'Profil privé' when viewing private profile
 2026-02-20 15:10:02 +01:00
senke
ef00e165e9 feat(profile): add profile banner (B1) 2026-02-20 14:56:25 +01:00
senke
99f60ebbaa feat(auth): enrich sessions page with history and revoke (A4) 2026-02-20 14:52:20 +01:00
senke
6a1686aad8 feat(auth): add OAuth Spotify provider (A1) 2026-02-20 14:48:08 +01:00
senke
134b8979c0 chore(v0.102): consolidate remaining changes — docs, frontend, backend 
- docs: SCOPE_CONTROL, CONTRIBUTING, README, .github templates
- frontend: DeveloperDashboardView, Player components, MSW handlers, auth, reactQuerySync
- backend: playback_analytics, playlist_service, testutils, integration README

Excluded (artifacts): .auth, playwright-report, test-results, storybook_audit_detailed.json
 2026-02-20 13:02:12 +01:00
senke
bdea490c21 feat(developer): add API keys backend (Lot C) 
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
 2026-02-20 00:18:36 +01:00
senke
331905c05a feat(queue): add backend queue API with CRUD operations 2026-02-19 23:44:44 +01:00
senke
b9a929607b fix(tests): parse RespondSuccess envelope in GetUploadStats test 2026-02-19 14:04:47 +01:00
senke
2d6b872051 fix(tests): correct UpdateProfile assertion in user_service_test 2026-02-19 14:03:28 +01:00
senke
a4220bf110 chore(infra): add ClamAV to docker-compose for v0.101 2026-02-18 12:03:14 +01:00
senke
e11984898d chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
 2026-02-17 16:43:21 +01:00
senke
ea1b60466a fix(backend): remediation plan — tests, playback_analytics, job queue, gamification 
Phase 1 - Backend tests:
- Add PlaybackAnalytics to AutoMigrate in setupTestTrackHandler
- Create migration 081_create_playback_analytics.sql for production
- PlaybackAnalyticsService: return ErrTrackNotFound for missing track
- RecordPlay handler: return 404 when track not found
- CreateShare: use RespondSuccess, fix services.ErrTrackNotFound/ErrForbidden
- GetTrackLikes, UnlikeTrack: use RespondSuccess for consistent response
- GetUserLikedTracks test: fix route /users/:id/likes and params
- GetSharedTrack_InvalidToken: set share service in test

Phase 4 - Job queue transcoding:
- Add EnqueueTranscodingJob to JobEnqueuer interface
- Add TypeTranscoding and processTranscodingJob (stub) in JobWorker
- MockJobEnqueuer: implement EnqueueTranscodingJob

Phase 5 - Gamification cleanup:
- Move api_manager.go to internal/api/archive/
- Add archive/README.md documenting archived modules
- Update TODOS_AUDIT.md and FEATURE_STATUS.md
 2026-02-17 16:01:45 +01:00
senke
563a1c9001 fix(security): verify track access before download (A04) 
- Add TrackDownloadLicenseChecker to verify paid track download rights
- Check marketplace license when track is sold as product and user is not owner
- Return 403 with 'purchase required' message when license missing
 2026-02-16 10:23:41 +01:00
senke
d86b27efdc fix(audit-1.8,1.9): implement OAuth user lookup, add cargo audit to CI 
- 1.8: Implement GetUserByOAuthID in database.go via federated_identities join
- 1.8: Use OAuth ID lookup first in oauth_service getOrCreateUser
- 1.9: Add cargo audit step to chat-ci.yml and stream-ci.yml

Refs: AUDIT_TECHNIQUE_INTEGRAL_2026_02_15.md items 1.8, 1.9
 2026-02-15 14:22:27 +01:00
senke
a08d9f109f feat(api): add PostgreSQL read replica support (3.7) 
- Add DATABASE_READ_URL config and InitReadReplica in database package
- Add ForRead() helper for read-only handler routing
- Update TrackService and TrackSearchService to use read replica for reads
- Document setup in DEPLOYMENT_GUIDE.md and .env.template
 2026-02-14 22:50:23 +01:00
senke
7f7b6547bc chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.) 2026-02-14 21:45:15 +01:00
senke
74fa1b4fc9 perf(analytics): optimize GetTrackStats to single query 2026-02-14 18:31:29 +01:00
senke
55ec0a54a6 fix(auth): add Redis lock for concurrent refresh token requests 2026-02-14 18:29:37 +01:00
senke
15c3919311 security(webhooks): extract SSRF validation to internal/validators/url_validator 2026-02-14 18:24:39 +01:00
senke
4ef3a0bc71 chore: add go.work and optional monorepo orchestrator 2026-02-14 18:21:39 +01:00
senke
e49dba240d refactor(backend): add track, notification, webhook repositories 2026-02-14 18:07:04 +01:00
senke
04c25aa24f Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
48b5a2e6c9 fix(backend): avoid nil user in GetProfile (userToProfile panic in profile handler test) 2026-02-14 14:07:03 +01:00
senke
5747eedf2f fix(backend): serialize backup_codes as JSON in two_factor_service (fix TestLogin_Requires2FA) 2026-02-14 14:03:43 +01:00
senke
caa23312fe chore: enable noUncheckedIndexedAccess, isolate ghost MSW handlers, document go-clamd tech debt 
- Enable TypeScript noUncheckedIndexedAccess and fix 133 resulting errors
  across 46 files with proper null guards, optional chaining, and fallbacks
- Extract education/gamification ghost feature MSW handlers into handlers-ghost.ts
- Add Storybook test plugin documentation in vitest.config.ts
- Document abandoned go-clamd dependency (2017) as tech debt in upload_validator.go

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:12:35 +01:00
senke
78db1fa684 fix(security): add SSRF protection, real track access validation, and pagination bounds 
- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:44:03 +01:00
senke
916bff002f chore(backend): config, router, auth, stream service, sanitizer, tests 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:09 +01:00
senke
80b7c93c9e fix(security): validate exec.Command paths in Go services 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:32:38 +01:00
senke
875df12d8b small fixes : cors + login loop 2026-02-07 20:36:48 +01:00
senke
206f6f7a05 security: reduce access token expiry to 5 minutes 
- Changed default AccessTokenTTL from 15 minutes to 5 minutes in jwt_service.go
- Updated test mock in mocks_test.go to match new default
- All references to AccessTokenTTL automatically use new value
- Tests pass successfully
- No breaking changes - frontend already handles token refresh
- Action 5.1.1.4 complete
 2026-01-15 20:15:45 +01:00
senke
39f7967e1e incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
senke
0eca0729b5 feat: Visual masterpiece - true light mode & premium UI 
🎨 **True Light/Dark Mode**
- Implemented proper light mode with inverted color scheme
- Smooth theme transitions (0.3s ease)
- Light mode colors: white backgrounds, dark text, vibrant accents
- System theme detection with proper class application

🌈 **Enhanced Theme System**
- 4 color themes work in both light and dark modes
- Cyber (cyan/magenta), Ocean (blue/teal), Forest (green/lime), Sunset (orange/purple)
- Theme-specific glassmorphism effects
- Proper contrast in light mode

 **Premium Animations**
- Float, glow-pulse, slide-in, scale-in, rotate-in animations
- Smooth page transitions
- Hover effects with depth (lift, glow, scale)
- Micro-interactions on all interactive elements

🎯 **Visual Polish**
- Enhanced glassmorphism for light/dark modes
- Custom scrollbar with theme colors
- Beautiful text selection
- Focus indicators for accessibility
- Premium utility classes

🔧 **Technical Improvements**
- Updated UIStore to properly apply light/dark classes
- Added data-theme attribute for CSS targeting
- Smooth scroll behavior
- Optimized transitions

The app is now a visual masterpiece with perfect light/dark mode support!
 2026-01-11 02:32:21 +01:00
senke
7452bd637a stabilisation commit A 2026-01-07 19:39:21 +01:00
senke
a5b347ec9c stabilisation commit 2026-01-04 01:44:23 +01:00
senke
269f0eb2ec fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
senke
0950fa30aa [T0-006] test(backend): Ajout tests pour frontend_log_handler 
- Tests complets pour frontend_log_handler.go (12 tests)
- Tests couvrent NewFrontendLogHandler et ReceiveLog
- Tests pour tous les niveaux de log (DEBUG, INFO, WARN, ERROR)
- Tests pour gestion des erreurs et validation JSON
- Couverture actuelle: 30.6% (objectif: 80%)

Files: veza-backend-api/internal/handlers/frontend_log_handler_test.go
       VEZA_ROADMAP.json
Hours: 16 estimated, 23 actual
 2026-01-04 01:44:22 +01:00
senke
05f719b68f [T0-006] test(backend): Ajout tests pour search_handlers et comment_handler 
- Tests complets pour search_handlers.go (6 tests)
- Tests complets pour comment_handler.go (12 tests)
- Interfaces créées pour permettre le mock (SearchServiceInterface, CommentServiceInterface)
- Couverture actuelle: 30.6% (objectif: 80%)

Files: veza-backend-api/internal/handlers/search_handlers.go
       veza-backend-api/internal/handlers/search_handlers_test.go
       veza-backend-api/internal/handlers/comment_handler.go
       veza-backend-api/internal/handlers/comment_handler_test.go
       VEZA_ROADMAP.json
Hours: 16 estimated, 17 actual
 2026-01-04 01:44:21 +01:00
senke
c7a048caf5 [T0-006] test(backend): Ajout tests service role - Progression couverture 
- Tests complets pour role_service (24 tests, tous passent)
- Tests couvrent NewRoleService, GetRoles, CreateRole, GetRole, UpdateRole, DeleteRole, AssignRoleToUser, RevokeRoleFromUser, GetUserRoles, HasRole, HasPermission
- Tests utilisent SQLite en mémoire avec GORM
- Hook GORM ajouté dans UserRole.BeforeCreate pour remplir automatiquement RoleName depuis RoleID
- Couverture actuelle: 31.1% (objectif: 80%)

Files:
- veza-backend-api/internal/services/role_service_test.go (créé)
- veza-backend-api/internal/models/role.go (modifié - hook BeforeCreate)
- VEZA_ROADMAP.json (mis à jour)

Hours: 16 estimated, 17 actual (travail en cours)
 2026-01-04 01:44:21 +01:00
senke
bb9fecf42a [T0-006] test(backend): Ajout tests service email - Progression couverture 
- Tests complets pour email_service (28 tests, tous passent, 1 skip car nécessite DB réelle)
- Tests couvrent SendVerificationEmail, SendWelcomeEmail, SendNotificationEmail, buildVerificationEmailHTML, buildWelcomeEmailHTML, buildNotificationEmailHTML, generateVerificationToken, sendEmail
- Tests gèrent cas sans SMTP (graceful degradation)
- Tests vérifient différents types de notifications (track_like, new_follower, playlist_update, comment_reply, default)
- Couverture actuelle: 31.1% (objectif: 80%)

Files:
- veza-backend-api/internal/services/email_service_test.go (créé)
- VEZA_ROADMAP.json (mis à jour)

Hours: 16 estimated, 16 actual (travail en cours)
 2026-01-04 01:44:21 +01:00
senke
dc775bb548 [T0-006] test(backend): Ajout tests service account_lockout - Progression couverture 
- Tests complets pour account_lockout_service (18 tests, tous passent)
- Tests couvrent NewAccountLockoutService, RecordFailedAttempt, RecordSuccessfulLogin, IsAccountLocked, LockAccount, UnlockAccount, GetFailedAttemptsCount
- Tests utilisent testcontainers pour Redis (skip si non disponible)
- Tests gèrent cas sans Redis (graceful degradation)
- Couverture actuelle: 31.1% (objectif: 80%)

Files:
- veza-backend-api/internal/services/account_lockout_service_test.go (créé)
- VEZA_ROADMAP.json (mis à jour)

Hours: 16 estimated, 15 actual (travail en cours)
 2026-01-04 01:44:21 +01:00