senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
179 commits 37 branches 94 tags 1.5 GiB
Commit graph

16 commits

Author SHA1 Message Date
senke
5f886b58d5 [FE-PAGE-001] fe-page: Complete Dashboard page implementation 
- Created dashboardService.ts to fetch real stats and activity from API
- Created useDashboard hook for managing dashboard data
- Updated DashboardPage to use real data instead of hardcoded values
- Added loading states and skeletons for better UX
- Made quick actions functional with navigation
- Added activity timeline with real timestamps
- Formatted numbers with K/M suffixes for readability
- Added relative time formatting using date-fns
 2025-12-24 12:35:38 +01:00
senke
bddde37f73 [BE-SEC-011] be-sec: Implement security headers 
- Enhanced security headers middleware with additional headers
- Added X-Permitted-Cross-Domain-Policies: none
- Added Cross-Origin-Embedder-Policy: require-corp
- Added Cross-Origin-Opener-Policy: same-origin
- Added Cross-Origin-Resource-Policy: same-origin
- Enhanced Permissions-Policy with additional restrictions
- Enhanced CSP with frame-ancestors directive
- HSTS now only set in production (not in development)
- Updated tests to verify all new headers
 2025-12-24 12:24:54 +01:00
senke
fb2caa6706 [BE-SEC-008] be-sec: Implement session timeout and refresh 
- Added automatic session refresh mechanism in auth middleware
- Sessions are refreshed when they reach 25% of lifetime remaining
- Refresh happens asynchronously to avoid blocking requests
- Applied to both RequireAuth and OptionalAuth middlewares
- Session timeout enforced through ValidateSession checks
 2025-12-24 12:12:29 +01:00
senke
8722344aba [BE-SEC-005] security: Implement rate limiting for authentication endpoints 
- Applied RegisterRateLimit to POST /auth/register (3 attempts/hour)
- Applied PasswordResetRateLimit to password reset endpoints (3 attempts/hour)
- Added VerifyEmailRateLimit for POST /auth/verify-email (5 attempts/hour)
- Added ResendVerificationRateLimit for POST /auth/resend-verification (3 attempts/hour)
- Login endpoint already had rate limiting (5 attempts/15min)
- All rate limits are IP-based and use Redis for persistence
- Rate limiting disabled in test/e2e environments

Phase: PHASE-4
Priority: P1
Progress: 7/267 (2.6%)
 2025-12-24 12:05:35 +01:00
senke
f52fb0b289 fix(MVP-014): Add CORS credentials configuration validation 2025-12-22 23:17:24 +01:00
senke
4d8c019abf fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 22:56:37 +01:00
senke
d50832ca42 stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
senke
c65563863a stabilizing apps/web: SECOND BATCH - FIXING Playwright 2025-12-17 12:20:42 -05:00
senke
83e4463b4b stabilizing veza-backend-api: P0 2025-12-16 11:59:56 -05:00
senke
d0fe8c8ad7 stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
senke
d33c351ac6 refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
okinrev
8d6ce72bb2 report generation and future tasks selection 2025-12-08 19:57:54 +01:00
okinrev
8caa2fd7ca STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
okinrev
a47464509a fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
okinrev
5ffcd50e0a P0: stabilisation backend/chat/stream + nouvelle base migrations v1 
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.

Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.

Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).

Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.

Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
 2025-12-06 11:14:38 +01:00
okinrev
2425c15b09 adding initial backend API (Go) 2025-12-03 20:29:37 +01:00