senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1865 commits 37 branches 94 tags 1.5 GiB
Commit graph

1865 commits

This branch
This branch
All branches
Author SHA1 Message Date
senke
436123f510 ci(backend): run Go tests without -short, add test DB service 2026-02-14 20:20:54 +01:00
senke
724064bdbf fix(api): add rate limiting on POST /api/v1/logs/frontend 2026-02-14 20:19:56 +01:00
senke
eca1a23a21 fix(web): disable ghost feature routes (Education, Gamification, Studio) 2026-02-14 20:19:23 +01:00
senke
9a43e62915 docs(audit): add progress tracking section, mark 1.1 and 1.2 as done 2026-02-14 20:18:38 +01:00
senke
ecadc2119c refactor(frontend): split MarketplaceHome skeleton into separate component 2026-02-14 18:33:52 +01:00
senke
654b9f6971 perf(db): add missing indexes for file_id and cover_art_file_id 2026-02-14 18:32:05 +01:00
senke
74fa1b4fc9 perf(analytics): optimize GetTrackStats to single query 2026-02-14 18:31:29 +01:00
senke
55ec0a54a6 fix(auth): add Redis lock for concurrent refresh token requests 2026-02-14 18:29:37 +01:00
senke
20073c47ab feat(chat): make timeouts configurable via environment variables 2026-02-14 18:26:02 +01:00
senke
15c3919311 security(webhooks): extract SSRF validation to internal/validators/url_validator 2026-02-14 18:24:39 +01:00
senke
9ed14ffc23 feat(cd): add cosign image signing and SBOM generation 2026-02-14 18:22:46 +01:00
senke
4ef3a0bc71 chore: add go.work and optional monorepo orchestrator 2026-02-14 18:21:39 +01:00
senke
2e2e74c88e feat(stream): implement real encoding pipeline in create_pipeline 2026-02-14 18:15:30 +01:00
senke
cf9c91e26f fix(tests): resolve playlistService skipped tests, document requestDeduplication flag 2026-02-14 18:13:01 +01:00
senke
e49dba240d refactor(backend): add track, notification, webhook repositories 2026-02-14 18:07:04 +01:00
senke
6677dc38d3 feat(migrations): add down migration scripts for rollback 2026-02-14 18:05:11 +01:00
senke
037692887f refactor(api): extract route setup functions into dedicated files 2026-02-14 18:04:37 +01:00
senke
04c25aa24f Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
e4e5b00b36 fix(web): stabilize Vitest suite (auth integration: wrap with QueryClientProvider) 2026-02-14 14:21:17 +01:00
senke
8f63a9dccb fix(stream-server): fix partial move in buffer get_next_chunk (fix compilation) 2026-02-14 14:09:07 +01:00
senke
48b5a2e6c9 fix(backend): avoid nil user in GetProfile (userToProfile panic in profile handler test) 2026-02-14 14:07:03 +01:00
senke
a8b083932a chore(e2e): run 2FA test when E2E_2FA_CODE (and optional creds) are set, document in README 2026-02-14 14:06:46 +01:00
senke
5f692ae919 feat(e2e): add play flow test (library/search -> track page or player) 2026-02-14 14:04:36 +01:00
senke
5747eedf2f fix(backend): serialize backup_codes as JSON in two_factor_service (fix TestLogin_Requires2FA) 2026-02-14 14:03:43 +01:00
senke
955b503d09 feat(web): add validate:storybook script (build, serve 6007, audit) 2026-02-14 14:02:57 +01:00
senke
a746026c56 fix(e2e): stabilize auth, smoke, search, playlists specs 
- Global setup no longer throws when API is unavailable; writes empty
  auth state so Playwright can start; specs that need auth use their
  own login or storageState override.
- Ensure e2e/.auth dir exists before writing empty state.
 2026-02-14 14:02:13 +01:00
senke
670282989b chore(refactor/sumi-migration): commit pending changes — tests, stream server, dist_verification 
- apps/web: test updates (Vitest/setup), playbackAnalyticsService, TrackGrid, serviceErrorHandler
- veza-common: logging, metrics, traits, validation, random
- veza-stream-server: audio pipeline, codecs, cache, monitoring, routes
- apps/web/dist_verification: refresh build assets (content-hashed filenames)

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-13 19:39:18 +01:00
senke
0a29c544af fix(web): resolve all 568 TypeScript errors — tsc --noEmit now passes with zero errors 
Major categories fixed:
- TS6133 (188): Remove unused imports (React, icons, types) and variables
- TS2322 (222): Fix type mismatches in stories (satisfies Meta -> const meta: Meta),
  add nullish coalescing for optional values, fix component prop types
- TS2345 (43): Fix argument type mismatches with proper null checks and type narrowing
- TS2741 (21): Add missing required properties to mock/story data
- TS2339 (19): Fix property access on incorrect types, add type guards
- TS2353 (13): Remove extra properties from object literals or extend interfaces
- TS2352 (11): Fix type conversion chains
- TS2307 (9): Fix import paths and module references
- Other (42): Fix implicit any, possibly undefined, export declarations

Vite build and tsc --noEmit both pass cleanly.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-13 00:32:08 +01:00
senke
d889324c66 chore(stream): remove orphan modules and artifacts 
- Remove src/eventbus/ directory (orphan — event_bus.rs is the active module)
- Remove src/prometheus_metrics.rs (orphan duplicate — monitoring/prometheus_metrics.rs is active)
- Remove src/core/sync.rs_test_snippet (leftover artifact)

Stream server compiles with zero errors.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:33:37 +01:00
senke
b5881bc165 fix(chat): resolve compilation errors and clean all warnings 
- Replace ChatError::AuthError (nonexistent variant) with InvalidToken
  and ServiceUnavailable in jwt_manager.rs
- Remove unused imports: ExchangeDeclareOptions, ExchangeKind (event_bus),
  StatusCode (request_id), warn (typing_indicator), AsyncCommands (rate_limiter)
- Fix unnecessary mut: delivered_status.rs, read_receipts.rs
- Prefix unused struct fields: _config, _connection (event_bus), _secret (csrf)
- Prefix unused variables: _metadata, parent_message_id: _ (handler.rs),
  user_id: _ (permission.rs)
- Allow dead_code on GetMessagesQuery and exchange_kind_from_str

Chat server now compiles with zero errors and zero warnings.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:33:02 +01:00
senke
caa23312fe chore: enable noUncheckedIndexedAccess, isolate ghost MSW handlers, document go-clamd tech debt 
- Enable TypeScript noUncheckedIndexedAccess and fix 133 resulting errors
  across 46 files with proper null guards, optional chaining, and fallbacks
- Extract education/gamification ghost feature MSW handlers into handlers-ghost.ts
- Add Storybook test plugin documentation in vitest.config.ts
- Document abandoned go-clamd dependency (2017) as tech debt in upload_validator.go

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:12:35 +01:00
senke
76210ab7aa refactor(ui): remove unused design-system package and create STORYBOOK_CONTRACT 
- Remove packages/design-system/ directory (superseded by SUMI tokens
  in apps/web/src/index.css, confirmed no imports exist)
- Update package.json keywords from kodo-design-system to sumi-design-system
- Create docs/STORYBOOK_CONTRACT.md defining mandatory story structure:
  Default, Loading, Error, Empty states for feature components
- Typography audit: SUMI utility classes defined in index.css, codebase
  correctly uses Tailwind classes with SUMI tokens via @theme — no
  migration needed

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 23:00:26 +01:00
senke
b97c2757ca fix(tests): add missing component tests and fix failing tests 
- Fix setTimeout memory leak in ChatRoom.tsx by storing timeout in
  useRef and cleaning up on unmount
- Add tests for Accordion, Collapsible, FloatingInput, AnimatedNumber,
  and FAB components (5 new test files, all passing)
- Fix socialService methods (deleteComment, markRead, markAllRead) to
  return values matching test expectations
- Fix MSW handlers for chat/token and notification endpoints to use
  proper { success: true, data: ... } envelope format
- Fix invalid CSS selector in TrackList.test.tsx that caused JSDOM crash
- Document excluded test files with TODO tickets in vitest.config.ts

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:59:09 +01:00
senke
ecac9c3b03 feat(backend): add social groups, wishlist, cart, and playlist export endpoints 
- Add Group and GroupMember models with CRUD service methods
- Implement social group endpoints: create, list, get, join, leave
- Add WishlistItem model with get/add/remove service methods
- Add CartItem model with get/add/remove/checkout service methods
- Create handlers for marketplace wishlist and cart operations
- Register playlist export (JSON/CSV) and duplicate routes
- Enable PLAYLIST_SHARE and NOTIFICATIONS feature flags

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:48:50 +01:00
senke
f9d731c77a fix(ci): correct Rust service paths and reactivate CD pipeline 
- Fix chat-ci.yml and stream-ci.yml to reference veza-chat-server/
  and veza-stream-server/ instead of non-existent apps/ paths
- Add veza-common/ to CI triggers so shared library changes are tested
- Reactivate CD pipeline with Docker registry push and Kubernetes
  deployment steps (gated on secrets availability)
- Standardize Redis dependency to v0.32 across both Rust services

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:44:56 +01:00
senke
78db1fa684 fix(security): add SSRF protection, real track access validation, and pagination bounds 
- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:44:03 +01:00
senke
a7ccd06042 refactor: LoadingState delegates all spinner rendering to LoadingSpinner 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:23:16 +01:00
senke
4b68b2704f fix: resolve ts-ignore directives and unsafe type casts 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:21:55 +01:00
senke
c74ed8ae8a test: add tests for ErrorDisplay, LoadingState, ComingSoon 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:19:54 +01:00
senke
5251c5984d a11y: enhance global prefers-reduced-motion support 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:18:36 +01:00
senke
d493050dd3 fix: remove as any casts from application components 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:17:55 +01:00
senke
e0a4fb979c fix: type authService.login, replace remaining console.error with logger 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:15:10 +01:00
senke
06640d7515 perf: improve bundle splitting -- separate framer-motion, axios, dompurify, i18n chunks 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:04:56 +01:00
senke
9898d0438c refactor: unify loading components -- consolidate Spinner into LoadingSpinner 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:04:45 +01:00
senke
d7562ba51f refactor: complete Modal to Dialog migration for 6 modals 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 22:01:05 +01:00
senke
03aad8eefa refactor: replace console.log with logger, fix TrackCard type, memoize DashboardPage 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 21:57:02 +01:00
senke
8dfebb9dd0 a11y: skip link exists in App, ChatInput aria-label, sidebar focus trap, MiniPlayer aria-live 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 21:55:25 +01:00
senke
960e0d255e fix: memory leaks -- add setTimeout cleanup in ChatInput, SocialViewFeedItem, PostCard 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 21:54:06 +01:00
senke
0a6772602c fix: critical bugs -- ChatInput var, authService types, dep placement 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 21:53:39 +01:00
senke
db0489d322 fix(a11y): Sprint 7 — semantic HTML and accessibility deep-dive 
S7.1: Replace div onClick with semantic button in DialogTrigger.tsx
S7.2: Replace role="button" divs with native <button> elements in 12 files
      (PlaylistCard, TrackCard, ConversationItem, NotificationMenuItem,
       AudioPlayerTrackInfo, SearchPageResults, ProjectsManagerAddCard,
       ProjectsManagerCard, GearInventoryGrid, UploadModal, dropdown.tsx,
       LibraryPageGrid)
S7.3: Add focus-visible:ring-2 to 14 form inputs with outline-none across
      9 modal files (CreateGroupModal, DataExportModal, EditPlaylistModal,
      AddToPlaylistModal, BanUserModal, RefundRequestModal, FlashSaleModal,
      TipStreamerModal, CreatePostModal)
S7.4: Add semantic landmarks — <section> in DashboardPage, <article> in
      PostCard and CourseCard

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-12 10:34:39 +01:00