191 commits

Author	SHA1	Message	Date
senke	19fec9e40a	feat(gdpr): v0.10.8 portabilité données - export ZIP async, suppression compte, hard delete cron ... - Export: table data_exports, POST /me/export (202), GET /me/exports, messages+playback_history - Notification email quand ZIP prêt, rate limit 3/jour - Suppression: keep_public_tracks, anonymisation PII complète (users, user_profiles) - HardDeleteWorker: final anonymization après 30 jours - Frontend: POST export, checkbox keep_public_tracks - MSW handlers pour Storybook	2026-03-10 13:57:04 +01:00
senke	871a0f2a05	feat(v0.10.7): Collaboration Temps Réel F481-F483 ... - F481: Co-listening sessions (WebSocket sync, ListenTogether page) - F482: Stem sharing (upload/list/download wav,aiff,flac) - F483: Collaborative rooms (type collaborative, max 10, invite-only) - Roadmap: v0.10.7 → DONE	2026-03-10 13:34:16 +01:00
senke	eb2862092d	feat(v0.10.6): Livestreaming basique F471-F476 ... - Backend: callbacks on_publish/on_publish_done, UpdateStreamURL, GetByStreamKey - Nginx-RTMP: config infra, docker-compose service (profil live) - Frontend: stream_url dans LiveStream, HLS.js dans LiveViewPlayer, état Stream terminé - Chat: rate limit send_live_message 1 msg/3s pour rooms live_streams - Env: RTMP_CALLBACK_SECRET, STREAM_HLS_BASE_URL, NGINX_RTMP_HOST - Roadmap v0.10.6 marquée DONE	2026-03-10 10:21:57 +01:00
senke	7cd01e4216	feat(v0.10.5): Notifications complètes — F551-F555 ... F555: Backend pagination/filter GetNotifications (type, page, limit) + frontend pagination F551: WebSocket real-time — backend inject chat hub, send on CreateNotification; frontend useChat invalidates F553: Quiet hours — migration 132, CreateNotification skips push/WS, UI in PushPreferencesSection F554: Notification grouping — migration 133, group_key/actor_count for like/comment, UI format F552: Weekly digest — migration 134, NotificationDigestWorker, email template, prefs UI Acceptance: no gamification notif; defaults unchanged; individual toggles for marketing	2026-03-10 10:02:21 +01:00
senke	22f0c04b3f	stabilisation commit: while implementing v0.10.5	2026-03-09 19:36:33 +01:00
senke	ac182d9f35	feat(v0.10.4): Playlists collaboratives - F136, F140, F141, F143, F145 ... Backend: - F141: GET /discover/playlists/editorial for editorial playlists - F143: GET /playlists/shared/:token (public, no auth) - F145: POST /playlists/import (JSON), GET /playlists/:id/export/m3u - F136: GET /playlists/favoris (creates Favoris playlist if needed) - Repo: GetFavorisByUserID, service GetOrCreateFavorisPlaylist Frontend: - SharedPlaylistPage at /playlists/shared/:token (public route) - Editorial playlists section in DiscoverPage - Export M3U in ExportPlaylistButton dropdown - Import JSON via ImportPlaylistButton (PlaylistListPage) - Favoris sidebar link, FavorisRedirectPage, AddToFavorisButton on tracks Roadmap: v0.10.4 marked DONE	2026-03-09 16:49:05 +01:00
senke	6111ae6136	feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 ... - F201: Commentaires avec timestamp cliquable, modération mots-clés - F202: Likes privés (compteur visible créateur uniquement) - F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts - F204: Notifications (commentaire, repost), pas de gamification Backend: migrations 127/128, comment_moderation_service, track_repost_service, GetTrackLikes/GetTrack masquent like_count pour non-créateurs Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek	2026-03-09 10:30:47 +01:00
senke	9024fa92a0	v0.9.8 beta	2026-03-07 00:54:35 +01:00
senke	2a4de3ce21	v0.9.8	2026-03-06 19:13:16 +01:00
senke	41d55e107d	v0.9.7 beta	2026-03-06 18:58:37 +01:00
senke	05467c1c2f	v0.9.7	2026-03-06 18:52:08 +01:00
senke	257077ad49	v0.9.6	2026-03-06 10:29:30 +01:00
senke	2ed2bb9dcf	v0.9.4	2026-03-05 23:03:43 +01:00
senke	b6c004319c	v0.9.2	2026-03-05 19:27:34 +01:00
senke	2df921abd5	v0.9.1	2026-03-05 19:22:31 +01:00
senke	1318a53a64	chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline)	2026-03-02 12:35:49 +01:00
senke	2a0a6a1ec9	chore(release): v0.922 — Greenlight (handler tests: dashboard, presence)	2026-03-02 12:30:51 +01:00
senke	4720bb20b2	feat(auth): v0.911 Keystone - OAuth and auth integration tests ... - Add access token blacklist on logout (VEZA-SEC-006) - Extend OAuthService for mock provider injection in tests - Add oauth_google_test.go: full OAuth Google flow with mocked provider - Add oauth_github_test.go: OAuth GitHub flow with PKCE verification - Add token_refresh_test.go: E2E refresh via httpOnly cookies - Add logout_blacklist_test.go: E2E logout + token blacklist - Fix testutils import path in resume_upload_test, track_quota_test - Fix CreatorID -> UserID in track_quota_test - Add test:integration script to package.json Release: v0.911 Keystone	2026-02-27 09:58:53 +01:00
senke	f9120c322b	release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 ... - ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus	2026-02-27 09:43:25 +01:00
senke	6823e5a30d	release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET ... - PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL - CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest - OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS - CHAT_JWT_SECRET must differ from JWT_SECRET in production - Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens - Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010	2026-02-26 19:49:15 +01:00
senke	51984e9a1f	feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities ... - OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)	2026-02-26 19:34:45 +01:00
senke	62e3e96884	test(v0.803): unit tests for CCPA, reports, announcements, feature flags	2026-02-25 20:02:24 +01:00
senke	c782bcb5b3	feat(admin): feature flags CRUD with DB persistence	2026-02-25 19:56:24 +01:00
senke	99b7cd8d97	feat(admin): global announcements CRUD and public banner endpoint	2026-02-25 19:55:21 +01:00
senke	911fc525a2	feat(admin): moderation queue with reports CRUD	2026-02-25 19:53:04 +01:00
senke	d35b7d37fb	feat(api): add Swagger annotations for privacy opt-out and account deletion	2026-02-25 19:51:54 +01:00
senke	9636613eaa	feat(users): account deletion hardening with anonymization, S3 cleanup, session revocation	2026-02-25 19:51:21 +01:00
senke	3f56e49791	feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint	2026-02-25 19:49:25 +01:00
senke	7692c4b8b9	feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive ... - Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView - Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab - MSW: cloud versions/share, gear documents/repairs, tags suggest - Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants - gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair - cloudService: listVersions, restoreVersion, shareFile, getSharedFile - gear_warranty_notifier: 24h ticker, notifications for expiring warranty - tag_handler_test: unit tests - docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802 - SCOPE_CONTROL, .cursorrules: scope v0.803 - archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802	2026-02-25 14:00:58 +01:00
senke	596233aaaf	feat(upload): tags auto-suggest endpoint and additional audio formats	2026-02-25 13:39:59 +01:00
senke	dced768c01	feat(cloud): file versioning, restore, and sharing	2026-02-25 13:33:08 +01:00
senke	8062ec685c	feat(live): add handler endpoints for Go Live (me, key, regenerate, update)	2026-02-24 09:53:01 +01:00
senke	c785e61e69	feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 ... - Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers - Step 14: MSW handlers admin transfers - Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading) - Step 16-17: DeepHealth handler (disk, config), GET /health/deep - Step 19: health_deep_test.go (4 tests) - Step 20: docs/API_REFERENCE.md - Step 21: Archive V0_604, MIGRATIONS.md migration 116 - Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701 - Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules - Step 24: Archive V0_701_RELEASE_SCOPE - Fix: AdminTransfersView Select component (use options API)	2026-02-23 23:42:02 +01:00
senke	b3a74d6740	test(admin): add admin transfer handler tests	2026-02-23 23:35:11 +01:00
senke	9ee4b18c33	feat(admin): add admin transfer handler (GET list, POST retry)	2026-02-23 23:33:35 +01:00
senke	fdd750d772	feat(seller): add transfers history card to SellerDashboard	2026-02-23 22:57:28 +01:00
senke	b3c74428d8	feat(commerce): add GET /sell/transfers endpoint	2026-02-23 22:56:26 +01:00
senke	83ed4f315b	chore(release): v0.602 — Payout, Dette Technique & Tests E2E ... - Stripe Connect: onboarding, balance, SellerDashboardView - Interceptors: auth.ts, error.ts extracted, facade - Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce) - E2E commerce: product->order->review->invoice - SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL - Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603 - Fix sanitizer regex (Go no backreferences) - Marketplace test schema: product_licenses, product_images, orders, licenses	2026-02-23 22:32:01 +01:00
senke	e8d97741e4	feat(chat): Sprint 2 -- WebSocket hub, client, message types, route ... - Create Hub with register/unregister/broadcast, room/user index - Create Client with readPump/writePump goroutines, 30s ping keepalive - Define all 18 incoming + 18 outgoing message types matching Rust protocol - Add ValidateChatToken to ChatService for JWT validation - Update WSUrl from /ws to /api/v1/ws - Register GET /api/v1/ws endpoint in router - Create ChatWebSocketHandler for WebSocket upgrade and auth	2026-02-22 20:41:39 +01:00
senke	43309327e6	feat(v0.501): Sprint 5 -- integration, tests, and cleanup ... - INT-01: Add E2E streaming tests (upload -> HLS auth) - INT-02: Add E2E cloud tests (CRUD auth, public gear) - INT-03: Split track/handler.go into 4 focused sub-handlers - INT-04: Create migration squash script + MIGRATIONS.md - INT-05: Add Trivy container image scanning CI workflow - INT-06: Replace production console.log with structured logger	2026-02-22 18:40:07 +01:00
senke	edde637c8e	feat(v0.501): Sprint 4 -- Cloud frontend + Gear advanced ... - C1-09: Create CloudPage with folder tree, file list, and /cloud route - C1-10: Create CloudUploadModal with drag-and-drop and progress - C1-11: Create CloudFilePreview mini player inline - C1-12: Add Cloud stories (loading, empty, populated, quota full) - G1-01: Add is_public toggle, public gear endpoint, GearShowcase - G1-02: Add gear image upload endpoints, GearImageGallery component - G1-03: Add gear search with ILIKE + SearchBar in toolbar - G1-04: Add stories for GearShowcase and GearImageGallery	2026-02-22 18:30:49 +01:00
senke	ec4564fb37	feat(v0.501): Sprint 3 -- Cloud Storage MVP backend ... - C1-01: Create CloudService with CRUD folders/files, quota, ownership - C1-02: Create CloudHandler with 11 REST endpoints - C1-03: Register cloud routes in Go router - C1-04: Implement file streaming with HTTP Range support - C1-05: Add publish cloud file as track endpoint - C1-06: Add MSW mock handlers for cloud API - C1-07: Auto-init 5GB storage quota on user registration - C1-08: Add 12 unit tests for CloudService	2026-02-22 18:23:58 +01:00
senke	80492a4644	refactor(websocket): replace gorilla/websocket with coder/websocket ... INT-06: Migrated playback_websocket_handler.go from deprecated gorilla/websocket to coder/websocket v1.8.14. Uses context-based reads/writes and websocket.Accept instead of Upgrader.	2026-02-22 17:53:10 +01:00
senke	a6cf20e614	fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others ... INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests). Added INT-04 comments explaining skip reasons for tests requiring PostgreSQL, real file headers, or external services.	2026-02-22 17:53:00 +01:00
senke	872e42d81c	refactor(backend): replace 40 fmt.Printf calls with zap structured logging ... CLN-03: router.go, track/service.go, upload_validator.go, cors.go, playlist_handler.go, and mfa.go now use zap.L() or local logger for structured logging instead of fmt.Printf.	2026-02-22 17:44:38 +01:00
senke	da3bad1b0e	fix(security): add ownership check to GetUploadStatus handler (IDOR fix) ... SEC-06: GetUploadStatus now verifies that the authenticated user owns the upload before returning status. Returns 404 for non-owners to prevent information disclosure.	2026-02-22 17:30:30 +01:00
senke	5e4291ecba	feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication ... SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies. New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with both stream server (Claims struct) and chat server (JwtClaims struct). Frontend hlsService and websocket updated to use fetchStreamToken() fallback.	2026-02-22 17:28:00 +01:00
senke	bab3f38c4a	feat(marketplace): add license revoked_at migration	2026-02-22 16:18:01 +01:00
senke	166acc6069	chore(backend): add PDF library for invoices ... feat(marketplace): add invoice generation service and download endpoint	2026-02-22 16:11:42 +01:00
senke	85daf595a8	feat(marketplace): add create and list reviews endpoints	2026-02-22 16:06:18 +01:00