senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1572 commits 37 branches 94 tags 1.5 GiB
Commit graph

22 commits

Author SHA1 Message Date
senke
db47f203f6 fix(security): implement JWT auth on stream-server WebSocket 
- Validate JWT token via AuthManager before accepting WebSocket connections
- Extract user_id from validated token claims instead of trusting query params
- Reject unauthenticated connections with 401 Unauthorized
- Add `authenticated` field to WebSocketConnection struct
- Update websocket_handler_wrapper to handle auth error responses

Previously, the WebSocket handler accepted all connections without
validating the token (comment: "pour l'instant, on accepte la connexion").
Now requires a valid JWT token via ?token= query param or Authorization header.

Addresses audit finding: A01 (Broken Access Control) — CRITICAL.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:41:35 +01:00
senke
a83a76e942 chore(rust): chat server env, veza-common auth, stream server routes/websocket 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:17 +01:00
senke
55fbeb9e48 feat(stream): add JWT revocation persistante Redis (P3.1) 
- Add SessionRevocationStore trait with InMemoryRevocationStore and RedisRevocationStore
- Wire Redis store when REDIS_URL in config.cache, fallback in-memory
- Session revocation by session_id persists across restarts when using Redis

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:10:07 +01:00
senke
f52858f14b fix(security): validate OAuth redirect URL against allowlist, require auth for internal transcode endpoint 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:28:26 +01:00
senke
7f63bc6641 fix(security): remove hardcoded credentials from stream server auth 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:50:17 +01:00
senke
44ddd3b858 chore(incus): add env template, document setup 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:49:01 +01:00
senke
d7bb127920 fix(security): stop tracking veza-stream-server/.env and config/incus env files 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:48:51 +01:00
senke
ad60247f33 feat: global update including storybook setup and backend fixes 
- Web: Setup Storybook, added addons, configured Tailwind, added stories for UI components.
- Backend: Updated API router, database, workers, and auth in common.
- Stream Server: Removed SQLx queries and updated auth.
- Docs & Scripts: Updated documentation and recovery scripts.
 2026-02-02 19:34:14 +01:00
senke
f74b020d4b api-contracts: install openapi-generator-cli and create type generation script 
- Completed Action 1.1.2.1: Installed @openapitools/openapi-generator-cli
- Completed Action 1.1.2.2: Created generate-types.sh script
- Added swagger annotations to cmd/modern-server/main.go
- Regenerated swagger.yaml with proper info section
- Successfully generated TypeScript types to src/types/generated/

The script generates types from veza-backend-api/openapi.yaml using
typescript-axios generator and creates barrel exports.
 2026-01-11 16:30:43 +01:00
senke
228d6a166a fix(backend): re-enable audio streaming dependencies 
- Uncommented m3u8-rs in stream-server configuration
- This unblocks the audio streaming capability for the MVP
 2026-01-11 03:19:18 +01:00
senke
718265ad01 docs: finalize walkthrough with dashboard screenshot and verification results 2026-01-04 01:44:23 +01:00
senke
634d0db22f fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
senke
0e7b6fede1 [T0-002] fix(rust): Corriger erreurs compilation Rust 
- Conflit SQLx résolu (alignement sur version 0.7)
- build.rs configurés pour protoc dans chat/stream servers
- API Prometheus migrée vers HistogramOpts
- Traits Display/Debug corrigés (String au lieu de &dyn Display)
- API TOTP corrigée (totp-rs 5.4 avec Secret::Encoded)
- Layers tracing-subscriber corrigés (types conditionnels)
- VezaError/VezaResult exportés dans lib.rs
- TransactionProvider simplifié (retour void au lieu de Box<dyn>)
- VezaConfig contraint Serialize pour to_json()

Files: veza-common/Cargo.toml, veza-common/src/*.rs, veza-chat-server/Cargo.toml, veza-chat-server/build.rs, veza-stream-server/Cargo.toml, veza-stream-server/build.rs, VEZA_ROADMAP.json
Hours: 8 estimated, 3 actual
 2026-01-04 01:44:20 +01:00
senke
cdf7da36d1 [FIX] PROD-003: Corriger imports use-toast → useToast 2026-01-04 01:44:17 +01:00
senke
bd7f184dce [LOGGING] Fix #24: Standardisation LOG_LEVEL pour tous les services - Support LOG_LEVEL dans Rust et frontend avec fallback 2026-01-04 01:44:16 +01:00
senke
9cd76a512f [LOGGING] Fix #10: Erreurs silencieuses - Ajout de logs avec contexte pour toutes les erreurs dans core/auth et core/track 2026-01-04 01:44:15 +01:00
senke
2dfde29f7d refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
okinrev
87c6461900 report generation and future tasks selection 2025-12-08 19:57:54 +01:00
okinrev
cfe6ed0119 STABILISATION: phase 1 & phase 2 2025-12-06 14:45:07 +01:00
okinrev
201a3adcff fix(stream-processor): replace unsafe abort with graceful join to drain events 2025-12-06 11:52:34 +01:00
okinrev
b7955a680c P0: stabilisation backend/chat/stream + nouvelle base migrations v1 
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.

Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.

Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).

Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.

Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
 2025-12-06 11:14:38 +01:00
okinrev
a01d7a25ac adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00