511 commits

Author	SHA1	Message	Date
senke	9024fa92a0	v0.9.8 beta	2026-03-07 00:54:35 +01:00
senke	2a4de3ce21	v0.9.8	2026-03-06 19:13:16 +01:00
senke	41d55e107d	v0.9.7 beta	2026-03-06 18:58:37 +01:00
senke	05467c1c2f	v0.9.7	2026-03-06 18:52:08 +01:00
senke	257077ad49	v0.9.6	2026-03-06 10:29:30 +01:00
senke	2ed2bb9dcf	v0.9.4	2026-03-05 23:03:43 +01:00
senke	b6c004319c	v0.9.2	2026-03-05 19:27:34 +01:00
senke	2df921abd5	v0.9.1	2026-03-05 19:22:31 +01:00
senke	ecf8d73e55	fix(release): v1.0.2 — Conformité complète V1_SIGNOFF (21 critères) ... - Couverture Go: script coverage_report.sh, 39% mesuré - Vitest thresholds frontend 50% - Load test WebSocket: CHAT_ORIGIN→backend, WS_URL=/api/v1/ws - Tests: chat_service (WSUrl), password_service (hash/expired) - V1_SIGNOFF: 14 PASS, 7 N/A documentés - PERFORMANCE_BASELINE, RGPD, PWA tables v1.0.2 - Runbooks, Grafana, Secrets validés	2026-03-03 21:18:53 +01:00
senke	7cfd48a82a	fix(release): v1.0.1 — Conformité complète ROADMAP checklist ... - Sécurité: npm 0 CRITICAL, cargo audit 0 vulnérabilités - OpenAPI: @Param id corrigé pour /tracks/quota/{id} - Tests: Payment E2E passe, OAuth DATABASE_URL fallback - Migrations: 000_mark_consolidated.sql - veza-stream-server: prometheus 0.14, validator 0.19 - docs: SECURITY_SCAN_RC1, V1_SIGNOFF, PROJECT_STATE	2026-03-03 20:17:54 +01:00
senke	354c747cce	feat(security): add global and per-IP DDoS rate limiting (1000/s, 100/s) ... SEC1-04: Redis sliding window 1s, excluded paths (health, swagger, auth)	2026-03-03 09:25:08 +01:00
senke	d577f8c9be	chore(release): v0.971 — Phantom (gamification removal, WebRTC Beta, limits doc)	2026-03-02 19:25:37 +01:00
senke	d92b7fd975	chore(release): v0.943 — Refactor (split track batch ops to track_batch_service)	2026-03-02 19:07:49 +01:00
senke	7e015f8e73	chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes)	2026-03-02 19:04:30 +01:00
senke	1318a53a64	chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline)	2026-03-02 12:35:49 +01:00
senke	2a0a6a1ec9	chore(release): v0.922 — Greenlight (handler tests: dashboard, presence)	2026-03-02 12:30:51 +01:00
senke	72d40990c5	feat(v0.923): API contract tests, OpenAPI generation, CI type sync check	2026-02-27 20:23:10 +01:00
senke	7cb4ef56e1	feat(v0.912): Cashflow - payment E2E integration tests ... - Add MarketplaceServiceOverride and AuthMiddlewareOverride to config for tests - Wire overrides in routes_webhooks and routes_marketplace (authForMarketplaceInterface) - payment_flow_test: cart -> checkout -> webhook -> order completed, license, transfer - webhook_idempotency_test: 3 identical webhooks -> 1 order, 1 license - webhook_security_test: empty secret 500, invalid sig 401, valid sig 200 - refund_flow_test: completed order -> refund -> order refunded, license revoked - Shared computeWebhookSignature helper in webhook_test_helpers.go - SetMaxOpenConns(1) for sqlite :memory: in idempotency test to avoid flakiness Ref: docs/ROADMAP_V09XX_TO_V1.md v0.912 Cashflow	2026-02-27 20:00:51 +01:00
senke	4720bb20b2	feat(auth): v0.911 Keystone - OAuth and auth integration tests ... - Add access token blacklist on logout (VEZA-SEC-006) - Extend OAuthService for mock provider injection in tests - Add oauth_google_test.go: full OAuth Google flow with mocked provider - Add oauth_github_test.go: OAuth GitHub flow with PKCE verification - Add token_refresh_test.go: E2E refresh via httpOnly cookies - Add logout_blacklist_test.go: E2E logout + token blacklist - Fix testutils import path in resume_upload_test, track_quota_test - Fix CreatorID -> UserID in track_quota_test - Add test:integration script to package.json Release: v0.911 Keystone	2026-02-27 09:58:53 +01:00
senke	f9120c322b	release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 ... - ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus	2026-02-27 09:43:25 +01:00
senke	6823e5a30d	release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET ... - PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL - CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest - OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS - CHAT_JWT_SECRET must differ from JWT_SECRET in production - Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens - Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010	2026-02-26 19:49:15 +01:00
senke	51984e9a1f	feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities ... - OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)	2026-02-26 19:34:45 +01:00
senke	62e3e96884	test(v0.803): unit tests for CCPA, reports, announcements, feature flags	2026-02-25 20:02:24 +01:00
senke	c782bcb5b3	feat(admin): feature flags CRUD with DB persistence	2026-02-25 19:56:24 +01:00
senke	99b7cd8d97	feat(admin): global announcements CRUD and public banner endpoint	2026-02-25 19:55:21 +01:00
senke	f30a9562a9	feat(admin): maintenance mode middleware with 503 responses	2026-02-25 19:54:22 +01:00
senke	911fc525a2	feat(admin): moderation queue with reports CRUD	2026-02-25 19:53:04 +01:00
senke	d35b7d37fb	feat(api): add Swagger annotations for privacy opt-out and account deletion	2026-02-25 19:51:54 +01:00
senke	9636613eaa	feat(users): account deletion hardening with anonymization, S3 cleanup, session revocation	2026-02-25 19:51:21 +01:00
senke	3f56e49791	feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint	2026-02-25 19:49:25 +01:00
senke	470162ade8	feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE	2026-02-25 19:48:03 +01:00
senke	7692c4b8b9	feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive ... - Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView - Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab - MSW: cloud versions/share, gear documents/repairs, tags suggest - Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants - gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair - cloudService: listVersions, restoreVersion, shareFile, getSharedFile - gear_warranty_notifier: 24h ticker, notifications for expiring warranty - tag_handler_test: unit tests - docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802 - SCOPE_CONTROL, .cursorrules: scope v0.803 - archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802	2026-02-25 14:00:58 +01:00
senke	596233aaaf	feat(upload): tags auto-suggest endpoint and additional audio formats	2026-02-25 13:39:59 +01:00
senke	8162d1b419	feat(cloud): GDPR data export and automatic backup cron	2026-02-25 13:35:16 +01:00
senke	dced768c01	feat(cloud): file versioning, restore, and sharing	2026-02-25 13:33:08 +01:00
senke	d161a3739d	feat(users): add user_preferences migration with appearance fields	2026-02-25 09:45:03 +01:00
senke	63867f1d09	feat(v0.703): Go Live & Streaming Complet ... - Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms - LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room - LiveViewPlayer: real-time viewer count via polling (5s) - Media Session: seekbackward/seekforward handlers (10s step) - GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible - Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703 - SCOPE_CONTROL, .cursorrules: update to v0.801 - Archive V0_703_RELEASE_SCOPE.md	2026-02-25 09:35:22 +01:00
senke	038f6d4991	test(live): add live stream service unit tests ... Use serializer:json for LiveStream.Tags to support SQLite in-memory tests.	2026-02-24 09:56:08 +01:00
senke	b49045073e	feat(monitoring): add live stream Prometheus metrics	2026-02-24 09:53:29 +01:00
senke	8062ec685c	feat(live): add handler endpoints for Go Live (me, key, regenerate, update)	2026-02-24 09:53:01 +01:00
senke	083fe2e50d	feat(live): stream key generation, ListByUser, RegenerateStreamKey	2026-02-24 09:52:04 +01:00
senke	076a132c0f	feat(live): add migration 117 and model fields for Go Live	2026-02-24 09:51:21 +01:00
senke	7895e7ed50	test(marketplace): add refund order unit tests	2026-02-24 00:19:42 +01:00
senke	c22866fe8c	test(marketplace): add invoice generation unit tests	2026-02-24 00:19:10 +01:00
senke	a40c27bcc9	test(marketplace): add product review unit tests	2026-02-24 00:18:45 +01:00
senke	c785e61e69	feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 ... - Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers - Step 14: MSW handlers admin transfers - Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading) - Step 16-17: DeepHealth handler (disk, config), GET /health/deep - Step 19: health_deep_test.go (4 tests) - Step 20: docs/API_REFERENCE.md - Step 21: Archive V0_604, MIGRATIONS.md migration 116 - Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701 - Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules - Step 24: Archive V0_701_RELEASE_SCOPE - Fix: AdminTransfersView Select component (use options API)	2026-02-23 23:42:02 +01:00
senke	b3a74d6740	test(admin): add admin transfer handler tests	2026-02-23 23:35:11 +01:00
senke	7d530f9612	feat(routes): wire admin transfer endpoints in /admin group	2026-02-23 23:33:54 +01:00
senke	9ee4b18c33	feat(admin): add admin transfer handler (GET list, POST retry)	2026-02-23 23:33:35 +01:00
senke	06db7d6936	test(marketplace): add transfer retry worker tests	2026-02-23 23:32:59 +01:00
senke	8272f4770a	feat(marketplace): add TransferRetryWorker background goroutine	2026-02-23 23:32:03 +01:00
senke	2a9e6084fc	feat(monitoring): add transfer retry Prometheus metrics	2026-02-23 23:31:35 +01:00
senke	42764110f0	feat(config): add transfer retry configuration (v0.701)	2026-02-23 23:31:09 +01:00
senke	706a97b824	feat(marketplace): add retry fields to SellerTransfer model	2026-02-23 23:30:51 +01:00
senke	5e7e506fe3	test(commerce): add transfer tests — success, multi-seller, transfer-fails	2026-02-23 22:58:16 +01:00
senke	fdd750d772	feat(seller): add transfers history card to SellerDashboard	2026-02-23 22:57:28 +01:00
senke	b3c74428d8	feat(commerce): add GET /sell/transfers endpoint	2026-02-23 22:56:26 +01:00
senke	22ce89f3da	feat(commerce): trigger seller transfers on payment succeeded	2026-02-23 22:56:01 +01:00
senke	6d1d861a52	feat(commerce): wire TransferService in marketplace and webhook routes	2026-02-23 22:55:39 +01:00
senke	31833c01f1	feat(commerce): add TransferService interface and WithTransferService option	2026-02-23 22:55:18 +01:00
senke	6a468e5ffb	feat(commerce): add SellerTransfer model	2026-02-23 22:55:08 +01:00
senke	535e76adfe	feat(commerce): add PLATFORM_FEE_RATE config (default 10%)	2026-02-23 22:54:50 +01:00
senke	83ed4f315b	chore(release): v0.602 — Payout, Dette Technique & Tests E2E ... - Stripe Connect: onboarding, balance, SellerDashboardView - Interceptors: auth.ts, error.ts extracted, facade - Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce) - E2E commerce: product->order->review->invoice - SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL - Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603 - Fix sanitizer regex (Go no backreferences) - Marketplace test schema: product_licenses, product_images, orders, licenses	2026-02-23 22:32:01 +01:00
senke	941f6e6f3e	feat(seller): add seller_stripe_accounts migration and model	2026-02-23 22:11:11 +01:00
senke	ae81e171c7	feat(seller): add Stripe Connect config	2026-02-23 22:09:23 +01:00
senke	cc9fbf4f24	feat(commerce): Hyperswitch LIVE_MODE configuration ... - config: HyperswitchLiveMode (HYPERSWITCH_LIVE_MODE) - routes_marketplace: warn when production + LiveMode=false - docker-compose.prod: HYPERSWITCH_LIVE_MODE env var	2026-02-23 19:56:52 +01:00
senke	218b4b33d6	feat(streaming): wire HLS pipeline end-to-end with serving routes ... - Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env) - Register HLS serving routes (master.m3u8, quality playlist, segments) behind HLSEnabled feature flag on existing track routes - Add GetHLSStatus and TriggerHLSTranscode methods to StreamService for stream server communication - Update docker-compose (dev, staging, prod) with HLS env vars and shared hls-data volume between backend and stream-server - Stream callback already correctly updates stream_manifest_url	2026-02-22 21:20:35 +01:00
senke	1ed7fe2ebb	feat(chat): Redis rate limiter, persistent presence, PostgreSQL full-text search ... - Rewrite chat rate limiter with Redis sliding window (sorted sets) and automatic in-memory fallback when Redis is unavailable - Add ChatPresenceService with Redis-backed online/offline/heartbeat tracking (2min TTL), integrated into Hub register/unregister - Add migration 113: tsvector column with GIN index and auto-update trigger on messages table for full-text search - Update Search repository method to use ts_rank ordering instead of ILIKE - Wire Redis client into chat WebSocket setup in router.go - Add comprehensive tests: rate limiter, presence, 100-user concurrent benchmark	2026-02-22 21:17:51 +01:00
senke	02605b0405	test(chat): Sprint 5 -- unit tests, E2E tests, feature parity validation ... - Add hub_test.go: register/unregister, join/leave room, broadcast, exclude sender, send to user, multiple clients same user (6 tests) - Add handler_messages_test.go: send message, missing fields, edit ownership check, soft delete (4 tests) - Add handler_realtime_test.go: typing broadcast, read receipts, reactions add/remove, delivered status (5 tests) - Add e2e_chat_ws_test.go: auth valid, missing token, invalid token, ping/pong - Add e2e_chat_messages_test.go: 2-client message flow, typing indicator - Create CHAT_FEATURE_PARITY.md: 25-feature checklist (all OK or IMPROVED)	2026-02-22 20:49:32 +01:00
senke	c7fb240dc3	feat(chat): Sprint 3 -- message handlers, real-time features, permissions ... - Implement full MessageHandler dispatch with all 18 incoming message types - Add handler_messages.go: SendMessage, EditMessage, DeleteMessage with ownership checks - Add handler_rooms.go: JoinConversation, LeaveConversation - Add handler_history.go: FetchHistory (cursor-based), SearchMessages (ILIKE), SyncMessages - Add handler_realtime.go: Typing, MarkAsRead, Delivered, AddReaction, RemoveReaction - Add handler_calls.go: WebRTC signaling relay (CallOffer/Answer/ICE/Hangup/Reject) - Add PermissionService: CanRead/CanSend/CanJoin/CanModerate based on room_members - Add RateLimiter: per-user per-action sliding window (in-memory) - Wire all dependencies in router.go setupChatWebSocket	2026-02-22 20:43:44 +01:00
senke	e8d97741e4	feat(chat): Sprint 2 -- WebSocket hub, client, message types, route ... - Create Hub with register/unregister/broadcast, room/user index - Create Client with readPump/writePump goroutines, 30s ping keepalive - Define all 18 incoming + 18 outgoing message types matching Rust protocol - Add ValidateChatToken to ChatService for JWT validation - Update WSUrl from /ws to /api/v1/ws - Register GET /api/v1/ws endpoint in router - Create ChatWebSocketHandler for WebSocket upgrade and auth	2026-02-22 20:41:39 +01:00
senke	4d4d07836c	feat(chat): Sprint 1 -- migrations, models, repositories for chat rewrite ... - Add migrations 109-112: read_receipts, delivered_status, message_reactions, messages extra columns - Create ReadReceipt, DeliveredStatus, MessageReaction GORM models - Update Message model with EditedAt, Status, IsPinned, Metadata fields - Enrich ChatMessageRepository with cursor pagination, search, soft delete - Create ReadReceiptRepository, DeliveredStatusRepository, ReactionRepository - Create ChatPubSubService with Redis PubSub and in-memory fallback	2026-02-22 20:38:20 +01:00
senke	43309327e6	feat(v0.501): Sprint 5 -- integration, tests, and cleanup ... - INT-01: Add E2E streaming tests (upload -> HLS auth) - INT-02: Add E2E cloud tests (CRUD auth, public gear) - INT-03: Split track/handler.go into 4 focused sub-handlers - INT-04: Create migration squash script + MIGRATIONS.md - INT-05: Add Trivy container image scanning CI workflow - INT-06: Replace production console.log with structured logger	2026-02-22 18:40:07 +01:00
senke	edde637c8e	feat(v0.501): Sprint 4 -- Cloud frontend + Gear advanced ... - C1-09: Create CloudPage with folder tree, file list, and /cloud route - C1-10: Create CloudUploadModal with drag-and-drop and progress - C1-11: Create CloudFilePreview mini player inline - C1-12: Add Cloud stories (loading, empty, populated, quota full) - G1-01: Add is_public toggle, public gear endpoint, GearShowcase - G1-02: Add gear image upload endpoints, GearImageGallery component - G1-03: Add gear search with ILIKE + SearchBar in toolbar - G1-04: Add stories for GearShowcase and GearImageGallery	2026-02-22 18:30:49 +01:00
senke	ec4564fb37	feat(v0.501): Sprint 3 -- Cloud Storage MVP backend ... - C1-01: Create CloudService with CRUD folders/files, quota, ownership - C1-02: Create CloudHandler with 11 REST endpoints - C1-03: Register cloud routes in Go router - C1-04: Implement file streaming with HTTP Range support - C1-05: Add publish cloud file as track endpoint - C1-06: Add MSW mock handlers for cloud API - C1-07: Auto-init 5GB storage quota on user registration - C1-08: Add 12 unit tests for CloudService	2026-02-22 18:23:58 +01:00
senke	73533bea77	feat(v0.501): Sprint 2 -- HLS production-ready ... - S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k) - S1-02: Update master.m3u8 endpoint with 3-tier quality system - S1-03: Integrate hls.js with ABR + useHLSPlayer hook - S1-04: Add Cache-Control headers on HLS segments and manifests - S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform) - S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache - S1-07: Create WaveformDisplay component with story - S1-08: Add 4 Prometheus metrics for streaming monitoring	2026-02-22 18:16:37 +01:00
senke	89cc015e54	feat(v0.501): Sprint 1 -- infrastructure foundations ... - Add MinIO S3-compatible storage to docker-compose (dev, staging, prod) - Create migrations 103-108 (waveform_url, user_folders, user_files, user_storage_quotas, gear_items.is_public, gear_images) - Add Go models: UserFile, UserFolder, StorageQuota, GearImage - Add WaveformURL to Track model, IsPublic + GearImages to GearItem model	2026-02-22 18:10:25 +01:00
senke	80492a4644	refactor(websocket): replace gorilla/websocket with coder/websocket ... INT-06: Migrated playback_websocket_handler.go from deprecated gorilla/websocket to coder/websocket v1.8.14. Uses context-based reads/writes and websocket.Accept instead of Upgrader.	2026-02-22 17:53:10 +01:00
senke	a6cf20e614	fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others ... INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests). Added INT-04 comments explaining skip reasons for tests requiring PostgreSQL, real file headers, or external services.	2026-02-22 17:53:00 +01:00
senke	0907446958	test: add 5 cross-service E2E integration tests ... INT-03: Tests for health endpoint, auth flow, track upload auth, webhook HTTPS-only, and rate limit headers. Build-tagged 'integration' to avoid running in regular test suite.	2026-02-22 17:52:50 +01:00
senke	ee32aec970	feat(streaming): trigger HLS transcoding after track upload ... INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing after successful file copy. Wires the stream server integration into all track route registrations.	2026-02-22 17:52:39 +01:00
senke	872e42d81c	refactor(backend): replace 40 fmt.Printf calls with zap structured logging ... CLN-03: router.go, track/service.go, upload_validator.go, cors.go, playlist_handler.go, and mfa.go now use zap.L() or local logger for structured logging instead of fmt.Printf.	2026-02-22 17:44:38 +01:00
senke	834fa1f979	refactor: remove dead code (api_manager.go, unused templates) ... CLN-01: Deleted archived api_manager.go (~789 LOC, build-tag ignore) and dev-environment/templates/ (~806 LOC, never used by generator).	2026-02-22 17:44:19 +01:00
senke	763aea15cb	fix(security): hash password reset tokens before database storage ... INF-10: Reset tokens are now SHA-256 hashed before INSERT. Validation hashes the received token and compares against stored hash. Plain tokens never persisted.	2026-02-22 17:36:10 +01:00
senke	c29edd099b	feat(security): implement Redis-backed rate limiter with in-memory fallback ... INF-01: RedisRateLimiter uses atomic Lua script (INCR+EXPIRE) for distributed rate limiting. Falls back to in-memory SimpleRateLimiter when Redis is unavailable. Same X-RateLimit-* headers and 429 format.	2026-02-22 17:35:21 +01:00
senke	368c78c102	fix(security): require Hyperswitch webhook secret in production when payments enabled ... SEC-08: If HYPERSWITCH_ENABLED=true in production, startup now fails unless HYPERSWITCH_WEBHOOK_SECRET is set. This prevents webhook signature verification from being silently bypassed.	2026-02-22 17:31:52 +01:00
senke	f14574322c	fix(security): add SSRF protection for webhook URL registration ... SEC-07: Strengthened ValidateWebhookURL to require HTTPS only (was allowing HTTP). Private IP ranges, localhost, and cloud metadata endpoints remain blocked.	2026-02-22 17:31:10 +01:00
senke	da3bad1b0e	fix(security): add ownership check to GetUploadStatus handler (IDOR fix) ... SEC-06: GetUploadStatus now verifies that the authenticated user owns the upload before returning status. Returns 404 for non-owners to prevent information disclosure.	2026-02-22 17:30:30 +01:00
senke	5e4291ecba	feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication ... SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies. New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with both stream server (Claims struct) and chat server (JwtClaims struct). Frontend hlsService and websocket updated to use fetchStreamToken() fallback.	2026-02-22 17:28:00 +01:00
senke	bab3f38c4a	feat(marketplace): add license revoked_at migration	2026-02-22 16:18:01 +01:00
senke	51373b653f	feat(hyperswitch): add CreateRefund to client	2026-02-22 16:17:54 +01:00
senke	166acc6069	chore(backend): add PDF library for invoices ... feat(marketplace): add invoice generation service and download endpoint	2026-02-22 16:11:42 +01:00
senke	c6611c3d8f	feat(marketplace): add avg_rating and review_count to Product	2026-02-22 16:07:06 +01:00
senke	85daf595a8	feat(marketplace): add create and list reviews endpoints	2026-02-22 16:06:18 +01:00
senke	d6d49dbfc3	feat(marketplace): add ProductReview model and service	2026-02-22 16:05:16 +01:00
senke	5ac4c3988a	fix(checkout): handle cancelled status in Hyperswitch webhook	2026-02-22 14:42:57 +01:00
senke	5233a5b7f2	feat(checkout): add order_id to Hyperswitch return URL	2026-02-22 14:40:13 +01:00
senke	0adc212719	feat(seller): add GET /sell/stats/evolution, top-products, sales, SalesEvolutionChart, real commerceService	2026-02-22 14:21:21 +01:00
senke	1fef428ce0	feat(marketplace): add migration 098 product_licenses, ProductLicense model, GET /licenses/mine	2026-02-22 14:16:24 +01:00
senke	31a27e4724	feat(marketplace): add playable preview and image gallery to ProductDetailView	2026-02-22 14:14:38 +01:00
senke	a8549add70	feat(marketplace): add rich text description with sanitization	2026-02-22 14:14:27 +01:00
senke	d292270d4e	feat(marketplace): add bpm, musical_key, category filters to ListProducts	2026-02-22 14:08:41 +01:00
senke	aec22b596c	feat(marketplace): add product images management endpoint	2026-02-22 14:08:13 +01:00
senke	c6f094a3d5	feat(marketplace): add POST /products/:id/preview for audio preview upload	2026-02-22 14:07:30 +01:00
senke	f6c02afbf8	feat(marketplace): accept bpm, musical_key, category in CreateProduct and UpdateProduct	2026-02-22 14:06:20 +01:00
senke	8de3dcdc27	feat(marketplace): add ProductPreview, ProductImage models and Product enrichment fields	2026-02-22 14:05:37 +01:00
senke	49bb633fc6	feat(presence): P2.1 rich presence, P2.2 invisible mode ... Backend: - UserPresence: track_id, track_title, invisible - UpdatePresenceFull, GetPresenceForViewer (invisible hides for others) - PUT /users/me/presence - Migration 094 rich presence columns Frontend: - presenceService.updatePresence - usePresenceSync: sync currentTrack to presence - PresenceBadge: statusMessage tooltip - PresenceInvisibleToggle in PrivacySettings - MSW: PUT /users/me/presence	2026-02-21 16:47:09 +01:00
senke	49e3122e78	feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences ... - N1.1: POST /notifications/push/subscribe, PushService, migration 090 - N1.2: Send Web Push on follow/like/comment/message via CreateNotification - N1.3: GET/PUT /notifications/preferences, migration 093 - Shared NotificationService with PushService for profile, track, comment handlers - Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests	2026-02-21 16:41:39 +01:00
senke	d2a55b405e	feat(groups): S2 frontend - request join, invite, roles, my groups, MSW handlers	2026-02-21 05:51:29 +01:00
senke	7ca8d14283	feat(groups): S2.1-S2.5 request join, invite, roles, feed groups, my groups	2026-02-21 05:48:59 +01:00
senke	28e6642fa6	feat(social): GET /social/explore, explore tab, feed filters all/following/groups (S1.5, S1.6)	2026-02-21 05:31:12 +01:00
senke	b572863847	feat(social): feed pagination with cursor (S1.4)	2026-02-21 05:28:19 +01:00
senke	79feb220f4	feat(social): connect feed to social API, enrich with actor/track, FeedItem supports posts (S1.1-S1.3)	2026-02-21 05:26:52 +01:00
senke	182b28011f	feat(presence): PresenceService and GET /users/:id/presence (P1.2)	2026-02-21 05:22:43 +01:00
senke	4d37311b79	feat(presence): migration 088 user_presence (P1.1)	2026-02-21 05:22:33 +01:00
senke	ba24507b1f	feat(queue): add queue session API (create, get, delete, add/remove items)	2026-02-20 18:41:12 +01:00
senke	8884efdb75	feat(queue): add queue_sessions and shared_queue_items models	2026-02-20 18:39:33 +01:00
senke	802a54245e	feat(search): add boolean operators AND, OR, NOT, exact phrase	2026-02-20 18:38:34 +01:00
senke	d4f1d08518	feat(search): add phonetic/fuzzy search via pg_trgm	2026-02-20 18:36:07 +01:00
senke	7e171f1c1e	feat(social): cache trending hashtags in Redis	2026-02-20 18:33:17 +01:00
senke	ae50f6956a	feat(social): add GET /social/trending endpoint	2026-02-20 18:32:16 +01:00
senke	ede3546f4b	feat(release): v0.202 — Lots G, H, F, C, D ... - Lot G: Recherche avancée (musical_key, tri pertinence, autocomplete, facettes, historique) - Lot H: Analytics créateur (stats, charts, completion rate, export CSV/JSON) - Lot F: Seller dashboard (GET /sell/stats, liste produits) - Lot C: Player (crossfade, gapless preload, PiP) - Lot D2: Autoplay (GET /tracks/recommendations, section À écouter ensuite) Backend: GetRecommendations handler, route /tracks/recommendations Frontend: PlayerQueue recommendations, fix TS errors (GlobalPlayer, AnalyticsViewKpiGrid, etc.) Docs: FEATURE_STATUS, PROJECT_STATE, CHANGELOG, SCOPE_CONTROL	2026-02-20 18:16:17 +01:00
senke	590cede6c2	feat(seller): connect products list to marketplace API (F2)	2026-02-20 17:02:54 +01:00
senke	7caf082078	feat(seller): add GET /sell/stats and connect dashboard (F1)	2026-02-20 17:02:13 +01:00
senke	363b092f3e	feat(analytics): add creator export CSV/JSON (H4)	2026-02-20 17:00:36 +01:00
senke	d81695c27c	feat(analytics): add creator charts endpoint and UI (H2)	2026-02-20 16:59:25 +01:00
senke	ecbc2389d8	feat(analytics): add creator stats endpoint and UI (H1)	2026-02-20 16:57:58 +01:00
senke	aeb941d41a	feat(search): add autocomplete suggestions endpoint and UI (G3)	2026-02-20 16:54:17 +01:00
senke	124f0006f1	feat(search): add relevance sort option (G2)	2026-02-20 16:50:49 +01:00
senke	b042da9575	feat(search): add musical_key filter and wire tags filter (G1)	2026-02-20 16:50:30 +01:00
senke	1977183718	feat(tracks): add suggested tags endpoint and UI (E4) ... - Migration 085: tracks.tags TEXT[] - Track model: Tags pq.StringArray - GET /tracks/suggested-tags?genre=X&bpm=Y (static suggestions by genre) - UpdateTrack: support tags - TrackMetadataEditModal: tags chips + suggestions dropdown - TrackDetailPageInfo: display tags - getSuggestedTags, UpdateTrackParams.tags - MSW: suggested-tags handler, tags in mock track	2026-02-20 15:38:51 +01:00
senke	6b80089706	feat(tracks): add lyrics model and endpoints (E3) ... - Migration 084: track_lyrics table - TrackLyrics model, GetLyrics, CreateOrUpdateLyrics in TrackService - GET /tracks/:id/lyrics, PUT /tracks/:id/lyrics (owner only) - Frontend: TrackLyricsSection with show/hide toggle, Lyrics tab - trackService: getLyrics, updateLyrics - MSW: handlers for lyrics	2026-02-20 15:36:28 +01:00
senke	1620819afd	feat(tracks): add BPM field to model and CRUD (E1) ... - Backend: BPM and MusicalKey in Track model, UpdateTrack handler - track_search_service: enable BPM filter (min_bpm, max_bpm) - Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo - TrackMetadataEditModal: BPM input, edit flow for track creator - MSW: bpm, musical_key in mock track, correct response envelope	2026-02-20 15:34:00 +01:00
senke	b33c9d3cca	feat(profile): add profile privacy toggle (B3) ... - Backend: is_public in Profile, UpdateProfile; strip SocialLinks for private - Settings: ProfileVisibilityCard toggle in Privacy tab - UserProfilePage: show 'Profil privé' when viewing private profile	2026-02-20 15:10:02 +01:00
senke	9be0e6e14f	feat(profile): add profile banner (B1)	2026-02-20 14:56:25 +01:00
senke	d626e9c533	feat(auth): enrich sessions page with history and revoke (A4)	2026-02-20 14:52:20 +01:00
senke	6bac68b679	feat(auth): add OAuth Spotify provider (A1)	2026-02-20 14:48:08 +01:00
senke	286be8ba1d	chore(v0.102): consolidate remaining changes — docs, frontend, backend ... - docs: SCOPE_CONTROL, CONTRIBUTING, README, .github templates - frontend: DeveloperDashboardView, Player components, MSW handlers, auth, reactQuerySync - backend: playback_analytics, playlist_service, testutils, integration README Excluded (artifacts): .auth, playwright-report, test-results, storybook_audit_detailed.json	2026-02-20 13:02:12 +01:00
senke	32348bebce	feat(developer): add API keys backend (Lot C) ... - Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at) - APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey) - APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys - AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT - CSRF: skip for API key auth (stateless) - Key format: vza_ prefix, SHA-256 hashed storage	2026-02-20 00:18:36 +01:00
senke	6a53daab59	feat(queue): add backend queue API with CRUD operations	2026-02-19 23:44:44 +01:00
senke	4b0c266b8e	chore(docs): add v0.101 diagnostic baseline ... - Add V0_101_DIAGNOSTIC_BASELINE.md with initial diagnostic results - Fix eslint: remove storybook plugin dep, add dist_verification to ignores - Fix .storybook/preview.tsx: remove unused React, use object shorthand	2026-02-19 16:08:05 +01:00
senke	cfffedce92	fix(tests): parse RespondSuccess envelope in GetUploadStats test	2026-02-19 14:04:47 +01:00
senke	d23fc1be2a	fix(tests): correct UpdateProfile assertion in user_service_test	2026-02-19 14:03:28 +01:00
senke	7b500648fe	fix(backend): resolve failing tests for v0.101 ... - config: isolate TestLoad/TestLoad_DefaultValues from env (APP_DOMAIN, DB_HOST, REDIS_URL) - handlers: fix TestLogin_InvalidCredentials (401 not 403), TestLogout_Success, TestGetMe_Success (inject auth middleware), TestResendVerification_Success (unverify user)	2026-02-19 11:29:30 +01:00
senke	1f72854192	chore(infra): add ClamAV to docker-compose for v0.101	2026-02-18 12:03:14 +01:00
senke	b103a09a25	chore: consolidate CI, E2E, backend and frontend updates ... - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates	2026-02-17 16:43:21 +01:00
senke	06d56dd298	feat(backend): OAuth FRONTEND_URL from config, docs update ... - Add FrontendURL to config (FRONTEND_URL or VITE_FRONTEND_URL) - OAuth handlers use config instead of os.Getenv - Update TODOS_AUDIT: mark UUID migration items as resolved - Add ISSUES_P2_BACKLOG.md for GitHub issues - Add ROUTES_ORPHANES.md for routes without UI - Document FRONTEND_URL in .env.example	2026-02-17 16:42:23 +01:00
senke	7846bbab28	fix(backend): remediation plan — tests, playback_analytics, job queue, gamification ... Phase 1 - Backend tests: - Add PlaybackAnalytics to AutoMigrate in setupTestTrackHandler - Create migration 081_create_playback_analytics.sql for production - PlaybackAnalyticsService: return ErrTrackNotFound for missing track - RecordPlay handler: return 404 when track not found - CreateShare: use RespondSuccess, fix services.ErrTrackNotFound/ErrForbidden - GetTrackLikes, UnlikeTrack: use RespondSuccess for consistent response - GetUserLikedTracks test: fix route /users/:id/likes and params - GetSharedTrack_InvalidToken: set share service in test Phase 4 - Job queue transcoding: - Add EnqueueTranscodingJob to JobEnqueuer interface - Add TypeTranscoding and processTranscodingJob (stub) in JobWorker - MockJobEnqueuer: implement EnqueueTranscodingJob Phase 5 - Gamification cleanup: - Move api_manager.go to internal/api/archive/ - Add archive/README.md documenting archived modules - Update TODOS_AUDIT.md and FEATURE_STATUS.md	2026-02-17 16:01:45 +01:00
senke	c298307f39	fix(backend): remove obsolete UUID migration comment in track handler ... - trackUploadService and GetUploadProgress already use uuid.UUID - Migration complete, no code changes needed	2026-02-17 15:35:25 +01:00
senke	0f1e416679	refactor(backend): split config into domain modules (P2)	2026-02-16 11:12:21 +01:00