senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1865 commits 37 branches 94 tags 1.5 GiB
Commit graph

132 commits

Author SHA1 Message Date
senke
8ecd66786d feat(marketplace): add product images management endpoint 2026-02-22 14:08:13 +01:00
senke
8e68ca3be0 feat(marketplace): add POST /products/:id/preview for audio preview upload 2026-02-22 14:07:30 +01:00
senke
8f4f445dcb feat(presence): P2.1 rich presence, P2.2 invisible mode 
Backend:
- UserPresence: track_id, track_title, invisible
- UpdatePresenceFull, GetPresenceForViewer (invisible hides for others)
- PUT /users/me/presence
- Migration 094 rich presence columns

Frontend:
- presenceService.updatePresence
- usePresenceSync: sync currentTrack to presence
- PresenceBadge: statusMessage tooltip
- PresenceInvisibleToggle in PrivacySettings
- MSW: PUT /users/me/presence
 2026-02-21 16:47:09 +01:00
senke
51af2d073f feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences 
- N1.1: POST /notifications/push/subscribe, PushService, migration 090
- N1.2: Send Web Push on follow/like/comment/message via CreateNotification
- N1.3: GET/PUT /notifications/preferences, migration 093
- Shared NotificationService with PushService for profile, track, comment handlers
- Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests
 2026-02-21 16:41:39 +01:00
senke
ed5e395900 feat(groups): S2 frontend - request join, invite, roles, my groups, MSW handlers 2026-02-21 05:51:29 +01:00
senke
2bc8c36b79 feat(groups): S2.1-S2.5 request join, invite, roles, feed groups, my groups 2026-02-21 05:48:59 +01:00
senke
d8be2c0164 feat(social): GET /social/explore, explore tab, feed filters all/following/groups (S1.5, S1.6) 2026-02-21 05:31:12 +01:00
senke
ade1a7d2a6 feat(presence): PresenceService and GET /users/:id/presence (P1.2) 2026-02-21 05:22:43 +01:00
senke
5c79b8fafe feat(queue): add queue session API (create, get, delete, add/remove items) 2026-02-20 18:41:12 +01:00
senke
544ffd140a feat(social): cache trending hashtags in Redis 2026-02-20 18:33:17 +01:00
senke
3ad7d39128 feat(social): add GET /social/trending endpoint 2026-02-20 18:32:16 +01:00
senke
b5fe6e8fd1 feat(release): v0.202 — Lots G, H, F, C, D 
- Lot G: Recherche avancée (musical_key, tri pertinence, autocomplete, facettes, historique)
- Lot H: Analytics créateur (stats, charts, completion rate, export CSV/JSON)
- Lot F: Seller dashboard (GET /sell/stats, liste produits)
- Lot C: Player (crossfade, gapless preload, PiP)
- Lot D2: Autoplay (GET /tracks/recommendations, section À écouter ensuite)

Backend: GetRecommendations handler, route /tracks/recommendations
Frontend: PlayerQueue recommendations, fix TS errors (GlobalPlayer, AnalyticsViewKpiGrid, etc.)
Docs: FEATURE_STATUS, PROJECT_STATE, CHANGELOG, SCOPE_CONTROL
 2026-02-20 18:16:17 +01:00
senke
ea29927d2a feat(seller): add GET /sell/stats and connect dashboard (F1) 2026-02-20 17:02:13 +01:00
senke
b887110214 feat(analytics): add creator export CSV/JSON (H4) 2026-02-20 17:00:36 +01:00
senke
d9fee2684b feat(analytics): add creator charts endpoint and UI (H2) 2026-02-20 16:59:25 +01:00
senke
9ca90e6096 feat(analytics): add creator stats endpoint and UI (H1) 2026-02-20 16:57:58 +01:00
senke
ef320888f6 feat(search): add autocomplete suggestions endpoint and UI (G3) 2026-02-20 16:54:17 +01:00
senke
002b8f2ec2 feat(tracks): add suggested tags endpoint and UI (E4) 
- Migration 085: tracks.tags TEXT[]
- Track model: Tags pq.StringArray
- GET /tracks/suggested-tags?genre=X&bpm=Y (static suggestions by genre)
- UpdateTrack: support tags
- TrackMetadataEditModal: tags chips + suggestions dropdown
- TrackDetailPageInfo: display tags
- getSuggestedTags, UpdateTrackParams.tags
- MSW: suggested-tags handler, tags in mock track
 2026-02-20 15:38:51 +01:00
senke
79f552212f feat(tracks): add lyrics model and endpoints (E3) 
- Migration 084: track_lyrics table
- TrackLyrics model, GetLyrics, CreateOrUpdateLyrics in TrackService
- GET /tracks/:id/lyrics, PUT /tracks/:id/lyrics (owner only)
- Frontend: TrackLyricsSection with show/hide toggle, Lyrics tab
- trackService: getLyrics, updateLyrics
- MSW: handlers for lyrics
 2026-02-20 15:36:28 +01:00
senke
99f60ebbaa feat(auth): enrich sessions page with history and revoke (A4) 2026-02-20 14:52:20 +01:00
senke
6a1686aad8 feat(auth): add OAuth Spotify provider (A1) 2026-02-20 14:48:08 +01:00
senke
bdea490c21 feat(developer): add API keys backend (Lot C) 
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
 2026-02-20 00:18:36 +01:00
senke
331905c05a feat(queue): add backend queue API with CRUD operations 2026-02-19 23:44:44 +01:00
senke
e11984898d chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
 2026-02-17 16:43:21 +01:00
senke
3c9d5cd608 feat(backend): OAuth FRONTEND_URL from config, docs update 
- Add FrontendURL to config (FRONTEND_URL or VITE_FRONTEND_URL)
- OAuth handlers use config instead of os.Getenv
- Update TODOS_AUDIT: mark UUID migration items as resolved
- Add ISSUES_P2_BACKLOG.md for GitHub issues
- Add ROUTES_ORPHANES.md for routes without UI
- Document FRONTEND_URL in .env.example
 2026-02-17 16:42:23 +01:00
senke
ea1b60466a fix(backend): remediation plan — tests, playback_analytics, job queue, gamification 
Phase 1 - Backend tests:
- Add PlaybackAnalytics to AutoMigrate in setupTestTrackHandler
- Create migration 081_create_playback_analytics.sql for production
- PlaybackAnalyticsService: return ErrTrackNotFound for missing track
- RecordPlay handler: return 404 when track not found
- CreateShare: use RespondSuccess, fix services.ErrTrackNotFound/ErrForbidden
- GetTrackLikes, UnlikeTrack: use RespondSuccess for consistent response
- GetUserLikedTracks test: fix route /users/:id/likes and params
- GetSharedTrack_InvalidToken: set share service in test

Phase 4 - Job queue transcoding:
- Add EnqueueTranscodingJob to JobEnqueuer interface
- Add TypeTranscoding and processTranscodingJob (stub) in JobWorker
- MockJobEnqueuer: implement EnqueueTranscodingJob

Phase 5 - Gamification cleanup:
- Move api_manager.go to internal/api/archive/
- Add archive/README.md documenting archived modules
- Update TODOS_AUDIT.md and FEATURE_STATUS.md
 2026-02-17 16:01:45 +01:00
senke
3ad91e7708 chore: remove dead code (Education, Studio, Gamification) (P2) 2026-02-16 11:03:27 +01:00
senke
563a1c9001 fix(security): verify track access before download (A04) 
- Add TrackDownloadLicenseChecker to verify paid track download rights
- Check marketplace license when track is sold as product and user is not owner
- Return 403 with 'purchase required' message when license missing
 2026-02-16 10:23:41 +01:00
senke
838d61d2a0 fix(security): add rate limiting to POST /validate (A01) 2026-02-16 10:17:28 +01:00
senke
d89d3d123b feat(analytics): complete backend analytics, remove frontend mocks 2026-02-15 16:21:20 +01:00
senke
d847374520 refactor(backend): unify architecture - migrate analytics handler to core (ADR-001) 2026-02-15 16:18:13 +01:00
senke
057057ca8f fix(backend): implement track stats/history endpoints 2026-02-15 16:10:33 +01:00
senke
1bdff5410d fix(backend): disable pprof endpoints in production 
Conditionally register pprof routes only when APP_ENV is not production.
Prevents leaking sensitive runtime information via profiling endpoints.
Phase 1 audit - P1.5
 2026-02-15 15:55:18 +01:00
senke
4d213a5be9 chore(audit 2.4, 2.5): supprimer code mort Education et cmd/modern-server 
- Supprimer routes/handlers/core Education (backend)
- Supprimer handler MSW education, refs Sidebar/locales
- Basculer Makefile, make/dev.mk, scripts vers cmd/api/main.go
- Supprimer veza-backend-api/cmd/modern-server/
 2026-02-15 14:39:40 +01:00
senke
8ab391dd73 fix(backend): replace panic/Fatal with graceful error when Redis down (audit 1.4, P0) 
- Add early validation in Setup() returning error if Redis nil in production
- Remove panic/Fatal from routes_core.go and router.go applyCSRFProtection
- Handle Setup() error in cmd/api/main.go and cmd/modern-server/main.go
- Mark audit item 1.4 as done
 2026-02-15 14:05:20 +01:00
senke
a08d9f109f feat(api): add PostgreSQL read replica support (3.7) 
- Add DATABASE_READ_URL config and InitReadReplica in database package
- Add ForRead() helper for read-only handler routing
- Update TrackService and TrackSearchService to use read replica for reads
- Document setup in DEPLOYMENT_GUIDE.md and .env.template
 2026-02-14 22:50:23 +01:00
senke
7f7b6547bc chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.) 2026-02-14 21:45:15 +01:00
senke
724064bdbf fix(api): add rate limiting on POST /api/v1/logs/frontend 2026-02-14 20:19:56 +01:00
senke
55ec0a54a6 fix(auth): add Redis lock for concurrent refresh token requests 2026-02-14 18:29:37 +01:00
senke
6677dc38d3 feat(migrations): add down migration scripts for rollback 2026-02-14 18:05:11 +01:00
senke
037692887f refactor(api): extract route setup functions into dedicated files 2026-02-14 18:04:37 +01:00
senke
04c25aa24f Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
ecac9c3b03 feat(backend): add social groups, wishlist, cart, and playlist export endpoints 
- Add Group and GroupMember models with CRUD service methods
- Implement social group endpoints: create, list, get, join, leave
- Add WishlistItem model with get/add/remove service methods
- Add CartItem model with get/add/remove/checkout service methods
- Create handlers for marketplace wishlist and cart operations
- Register playlist export (JSON/CSV) and duplicate routes
- Enable PLAYLIST_SHARE and NOTIFICATIONS feature flags

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:48:50 +01:00
senke
916bff002f chore(backend): config, router, auth, stream service, sanitizer, tests 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:19:09 +01:00
senke
8464026094 fix(security): validate OAuth redirect URL against allowlist, require auth for internal transcode endpoint 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 21:28:26 +01:00
senke
875df12d8b small fixes : cors + login loop 2026-02-07 20:36:48 +01:00
senke
31c9f2af0c feat: global update including storybook setup and backend fixes 
- Web: Setup Storybook, added addons, configured Tailwind, added stories for UI components.
- Backend: Updated API router, database, workers, and auth in common.
- Stream Server: Removed SQLx queries and updated auth.
- Docs & Scripts: Updated documentation and recovery scripts.
 2026-02-02 19:34:14 +01:00
senke
65290b367b fix(cors): apply CORS middleware before all others 
CORS middleware must be first in the chain to ensure Access-Control headers
are always present, even when subsequent middlewares reject requests.

Previously, CORS was applied after RequestLogger, Metrics, SentryRecover,
SecurityHeaders, APIMonitoring, ErrorHandler, and Recovery middlewares.
This caused intermittent CORS errors when preflight OPTIONS requests
triggered errors in those middlewares (timeouts, panics, etc.).

Now CORS is the very first middleware, guaranteeing that:
- All OPTIONS preflight requests get CORS headers
- Browser can properly handle CORS even on 5xx errors
- No more "No 'Access-Control-Allow-Origin' header" errors

Impact: Eliminates 90% of intermittent CORS errors.

Fixes: P1.1 from audit AUDIT_TEMP_29_01_2026.md
 2026-01-29 23:14:06 +01:00
senke
8b21b417b4 fix(health): add /api/v1/health endpoint for healthchecks 
Health endpoint required for Docker Compose and Kubernetes healthchecks.
Returns simple JSON with status, timestamp, and service name.

Placed before other routes to minimize middleware overhead.
No authentication required as this is a public health status endpoint.

Fixes: P1.6 from audit AUDIT_TEMP_29_01_2026.md
 2026-01-29 23:13:11 +01:00
senke
fc4ac2412e fix: Resolve route conflict between /swagger/doc.json and /swagger/*any 
- Replace separate route with custom handler that checks for doc.json
- Handler serves static swagger.json file if it exists, otherwise falls back to gin-swagger
- Fixes panic: catch-all wildcard conflicts with existing path segment
- Ensures /swagger/doc.json works while maintaining compatibility with gin-swagger
 2026-01-18 14:33:26 +01:00