- Added APIKey field to Webhook model with unique index
- Implemented GenerateAPIKey() method using crypto/rand for secure key generation
- Implemented ValidateAPIKey() method to authenticate webhook requests
- Implemented RegenerateAPIKey() method to rotate API keys
- Created WebhookAPIKeyMiddleware for validating API keys in requests
- Middleware supports X-API-Key header and Authorization: Bearer format
- Added endpoint POST /api/v1/webhooks/:id/regenerate-key
- API keys are prefixed with 'whk_' for identification
- Comprehensive unit tests for all API key functionality
- Inactive webhooks cannot authenticate with their API keys
Phase: PHASE-4
Priority: P2
Progress: 119/267 (44.57%)
- Created DataExportService for comprehensive user data export (GDPR compliance)
- Exports all user data: profile, settings, tracks, playlists, comments, likes, analytics, federated identities, roles
- Added ExportUserData method to retrieve all user data from database
- Added ExportUserDataAsJSON method to export as downloadable JSON file
- Added endpoint GET /api/v1/users/me/export that returns JSON file download
- Comprehensive unit tests for export service
- Proper error handling and logging
Phase: PHASE-6
Priority: P2
Progress: 118/267 (44.19%)
- Created monitoring and alerting service with Prometheus integration
- Support for alert rules with thresholds and severities
- Alert firing and resolution tracking
- Notification callbacks for alert events
- Continuous monitoring with configurable intervals
- Default alert rules for common scenarios
- Prometheus query evaluation and threshold checking
- Comprehensive unit tests for core functionality
- Created CDN service with support for multiple providers
- Support for CloudFront, Cloudflare, and generic CDN
- URL generation for assets, audio, HLS streams, and images
- Cache invalidation with batch support
- Signed URL generation for private content
- Cache headers configuration
- Provider abstraction for easy switching
- Comprehensive unit tests for all functionality
- Enhanced HLS streaming service with additional features
- Stream validation and health checks
- URL generation for master and quality playlists
- Stream cleanup and management
- Statistics and monitoring
- Stream listing with filtering and pagination
- Status updates and existence checks
- Comprehensive unit tests for core functionality
- Created AudioTranscodeService with FFmpeg support
- Support for multiple audio formats (MP3, AAC, FLAC, OGG, WAV, M4A)
- Configurable bitrates and quality presets (low, medium, high, lossless)
- Sample rate and channel configuration
- Timeout handling and error management
- Transcode and TranscodeMultiple methods
- FFmpeg availability checking
- Audio metadata extraction using ffprobe
- Format validation and codec selection
- Comprehensive unit tests for core functionality
- Enhanced image processing service with multiple features
- Support for multiple image sizes (thumbnail, small, medium, large)
- Multiple output formats (JPEG, PNG, WebP)
- Configurable quality settings and processing options
- ProcessImage with customizable options
- ProcessAvatar for optimized avatar processing
- ProcessImageMultipleSizes for batch processing
- OptimizeImage for target file size optimization
- Image format conversion and validation
- Comprehensive unit tests for core functions
- Created Notification model for GORM with proper relationships
- Enhanced NotificationService with GORM-based implementation
- Features: pagination, filtering by type/read status, batch creation
- Mark as read (single and all), deletion (single and all read)
- Unread count and notification types listing
- Comprehensive unit tests for all operations
- Better error handling and logging
- Created AnalyticsAggregationService for analytics_events table
- Aggregation by event type and time period (hour, day, week, month)
- Support for filtering by event names and user ID
- Features: event counts, unique users, average per user, payload summary
- Top events ranking and user activity counts
- Uses PostgreSQL date_trunc and to_char for period grouping
- Added unit tests for service validation and helper functions
- Created TrackRecommendationService with ML-based algorithms
- Collaborative filtering (40%) using similar users' preferences
- Content-based filtering (30%) using track metadata (genre, artist, year)
- Popularity scoring (20%) based on play_count and like_count
- Recency scoring (10%) for recently uploaded tracks
- Support for seed tracks, genre filtering, and track exclusion
- Added unit tests for scoring algorithms
- Combines multiple algorithms for personalized recommendations
- Created FullTextSearchService using PostgreSQL tsvector/tsquery
- Supports full-text search for tracks, users, and playlists
- Uses GIN indexes from migration 048_search_indexes.sql
- Features relevance scoring with ts_rank_cd
- Weighted search (title/name weighted higher than description)
- Pagination and minimum relevance score filtering
- Unified search across all types and individual search methods
- Added unit tests for service validation and query preparation
- Added AWS SDK v2 dependency for S3 support
- Created S3StorageService implementing S3Service interface
- Support for AWS S3 and MinIO (S3-compatible storage)
- Added S3 configuration in config.go with environment variables
- Implemented upload, delete, presigned URL, and public URL methods
- Added unit tests for service validation and URL generation
- Service integrates with existing TrackStorageService
- Created AccountLockoutService to track failed login attempts
- Accounts are locked after 5 failed attempts within 15 minutes
- Lockout duration: 30 minutes (auto-unlock)
- Service uses Redis for persistence (fail-open if Redis unavailable)
- Integrated into AuthService Login method:
* Check account lockout status before login
* Record failed attempts (even for non-existent users to prevent enumeration)
* Reset failed attempts counter on successful login
* Auto-unlock expired accounts
- Added SetAccountLockoutService method to AuthService
- Service initialized in router when Redis is available
Phase: PHASE-4
Priority: P1
Progress: 9/267 (3.4%)
- Enhanced PasswordValidator with additional security checks:
* Maximum length validation (128 characters)
* Common password detection (password, 123456, qwerty, etc.)
* Repetitive pattern detection (aaaa, 1111, etc.)
* Sequential pattern detection (1234, abcd, qwerty, etc.)
- Added ValidatePasswordChange method to ensure new password is
sufficiently different from old password (similarity check)
- Updated PasswordService to use enhanced validator consistently
- Replaced utils.ValidatePasswordStrength with validators.PasswordValidator
- All password operations now use the same comprehensive validation rules
Phase: PHASE-4
Priority: P1
Progress: 8/267 (3.0%)
- Added additional filters: resource_id, ip_address, user_agent
- Added page-based pagination support in addition to offset-based
- Added CountLogs method to get total count for pagination
- Standardized SearchLogs handler to use RespondSuccess/RespondWithAppError
- Replaced c.Get with GetUserIDUUID helper
- Improved validation for query parameters
- Response includes total count, page, total_pages, and offset metadata
Phase: PHASE-2
Priority: P2
Progress: 41/267 (15.4%)
- Added GetStreamInfo method to HLSService
- Added GetStreamInfo handler in HLSHandler
- Standardized GetStreamStatus handler to use RespondSuccess/RespondWithAppError
- Added routes: GET /tracks/:id/hls/info and GET /tracks/:id/hls/status
- GetStreamInfo returns general stream information
- GetStreamStatus returns status with processing info if applicable
- Handlers use standard API response format
Phase: PHASE-2
Priority: P1
Progress: 29/267 (10.9%)
- Added BlockUser and UnblockUser methods to SocialService
- Added BlockUser and UnblockUser handlers in ProfileHandler
- Added routes: POST /users/:id/block and DELETE /users/:id/block
- Handlers use existing SocialService methods
- Includes validation to prevent users from blocking themselves
- Added IsBlocked helper method to check block status
- Handlers use standard API response format
Phase: PHASE-2
Priority: P2
Progress: 27/267 (10.1%)
- Added UpdateRoom method to RoomService with ownership check
- Only room creator can update the room
- Added UpdateRoomRequest type
- Added UpdateRoom to RoomServiceInterface and RoomHandler
- Added PUT /conversations/:id route
- Handler uses standard API response format
- Service updates name and/or description fields
Phase: PHASE-2
Priority: P1
Progress: 21/267 (7.9%)
- Added RemoveMember method to RoomService and RoomServiceInterface
- Corrected RemoveMember in RoomRepository to use uuid.UUID
- Added AddParticipant and RemoveParticipant handlers
- Added POST /conversations/:id/participants route
- Added DELETE /conversations/:id/participants/:userId route
- Handlers use standard API response format
- Handlers reuse AddMember/RemoveMember service methods
Phase: PHASE-2
Priority: P1
Progress: 20/267 (7.5%)
- Added DeleteRoom method to RoomService with ownership check
- Only room creator can delete the room
- Added DeleteRoom to RoomServiceInterface and RoomHandler
- Added DELETE /conversations/:id route
- Handler uses standard API response format
- Service performs soft delete via GORM
Phase: PHASE-2
Priority: P1
Progress: 19/267 (7.1%)
- Added GET /tracks/search route in setupTrackRoutes
- Initialized TrackSearchService and set it in TrackHandler
- Handler SearchTracks and TrackSearchService already existed
- Supports query params: q, genre, artist, page, limit
- Service handles pagination, filtering, and returns tracks with pagination metadata
Phase: PHASE-2
Priority: P1
Progress: 18/267 (6.7%)
- Created SearchUsers method in UserService with pagination support
- SearchUsers searches by username, email, first_name, and last_name using ILIKE
- Added SearchUsers handler in ProfileHandler with query params (q, page, limit)
- Added GET /users/search route in setupUserRoutes
- Returns paginated results with total count
- Password hashes are excluded from results
Phase: PHASE-2
Priority: P1
Progress: 17/267 (6.4%)
- Added GetStats method to ChatService with database access
- Returns active_users (distinct users who sent messages in last 24h)
- Returns total_messages (non-deleted messages count)
- Returns rooms_active (rooms with messages in last 24h)
- Added GetStats handler and GET /chat/stats route
- Updated ChatService to use NewChatServiceWithDB for database access
Phase: PHASE-2
Priority: P1
Progress: 15/267 (5.6%)
- Added routes in router.go: POST, GET, PUT, DELETE /playlists/:id/collaborators
- Applied RequireOwnershipOrAdmin middleware to POST, PUT, DELETE routes
- GET route accessible to collaborators (service layer checks permissions)
- Fixed UpdateCollaboratorPermission handler to use RespondWithAppError
- All handlers already existed in playlist_handler.go
- All endpoints properly authenticated and ownership checks enforced
Phase: PHASE-1
Priority: P0
Progress: 5/267 (1.9%)
- Created TwoFactorHandler with SetupTwoFactor, VerifyTwoFactor, DisableTwoFactor, GetTwoFactorStatus
- Added routes: POST /auth/2fa/setup, POST /auth/2fa/verify, POST /auth/2fa/disable, GET /auth/2fa/status
- Updated LoginResponse DTO to include requires_2fa flag
- Updated Login handler to check 2FA status and return requires_2fa flag when enabled
- Reused existing TwoFactorService (already had QR generation and TOTP verification)
- Added VerifyTOTPCode helper method to TwoFactorService
- All endpoints properly authenticated with RequireAuth middleware
Phase: PHASE-1
Priority: P0
Progress: 4/267 (1.5%)
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
