senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2211 commits 37 branches 94 tags 1.5 GiB
Commit graph

49 commits

Author SHA1 Message Date
senke
e282bdf703 feat: backend — config, handlers, services, logging, migration 
Update RabbitMQ config and eventbus. Improve secret filter logging.
Refine presence, cloud, and social services. Update announcement and
feature flag handlers. Add track_likes updated_at migration. Rebuild
seed binary.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 15:46:57 +01:00
senke
1ccaa03737 feat(v0.13.5): polish marketplace & compliance — KYC, support, payout E2E 
- Seller KYC via Stripe Identity (start verification, status check, webhook)
- Support ticket system (backend handler + frontend form page)
- E2E payout flow integration test (sale → payment → balance → payout)
- Migrations: seller_kyc columns, support_tickets table
- Frontend: SupportPage with SUMI design, lazy loading, routing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 14:57:19 +01:00
senke
95682e3029 feat(v0.13.3): complete - Polish Sécurité Avancée 
TASK-SECADV-001: WebAuthn/Passkeys (F022)
- WebAuthn credential model, service, handler
- Registration/authentication ceremony endpoints
- CRUD operations (list, rename, delete passkeys)
- Routes: GET/POST/PUT/DELETE /auth/passkeys/*

TASK-SECADV-002: Configurable password policy (F015)
- PasswordPolicyConfig with MinLength, MaxLength, RequireUpper/Lower/Number/Special
- NewPasswordValidatorWithPolicy constructor
- PasswordPolicyFromEnv() reads env vars (PASSWORD_MIN_LENGTH, etc.)
- All character class checks now respect policy configuration

TASK-SECADV-003: Géolocalisation connexions (F025)
- GeoIPResolver interface + GeoIPService implementation
- Country/city columns added to login_history table
- LoginHistoryService.Record() performs GeoIP lookup
- GetUserHistory returns geolocation data
- GET /auth/login-history endpoint

TASK-SECADV-004: Password expiration (F016)
- password_changed_at column on users table
- CheckPasswordExpiration() method on PasswordService
- All password change/reset methods now set password_changed_at
- NewPasswordServiceWithPolicy() supports expiration days config

Migration: 971_security_advanced_v0133.sql

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 10:09:01 +01:00
senke
6e8f3f26cb feat(v0.12.6.3): remove ghost modules — gamification, A/B testing, GraphQL stubs
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
Deleted 8 dead code modules identified by audit diagnostic:
- api/contest/, sound_design_contest/, production_challenge/, voting_system/
  (gamification stubs — violate CLAUDE.md Rule 3: no XP/streaks/leaderboards/badges)
- models/contest.go (314 lines: ContestBadge with rarity, ContestPrize, ContestVote)
- models/user.go: removed orphan JuryMember struct (contest reference)
- services/playback_abtest_service.go + test (476+579 lines: A/B testing on playback
  metrics — violates ORIGIN_UI_UX_SYSTEM.md §13 anti-dark-patterns)
- api/graphql/ (REST-only per ORIGIN spec)

Kept: listing/, offer/ (marketplace stubs, ORIGIN-approved), grpc/ (ORIGIN §9 approved).
Verified: go build passes, grep confirms 0 forbidden terms remaining.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 07:29:56 +01:00
senke
71c15c2590 fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 
Security fixes implemented:

CRITICAL:
- CRIT-001: IDOR on chat rooms — added IsRoomMember check before
  returning room data or message history (returns 404, not 403)
- CRIT-002: play_count/like_count exposed publicly — changed JSON
  tags to "-" so they are never serialized in API responses

HIGH:
- HIGH-001: TOCTOU race on marketplace downloads — transaction +
  SELECT FOR UPDATE on GetDownloadURL
- HIGH-002: HS256 in production docker-compose — replaced JWT_SECRET
  with JWT_PRIVATE_KEY_PATH / JWT_PUBLIC_KEY_PATH (RS256)
- HIGH-003: context.Background() bypass in user repository — full
  context propagation from handlers → services → repository (29 files)
- HIGH-004: Race condition on promo codes — SELECT FOR UPDATE
- HIGH-005: Race condition on exclusive licenses — SELECT FOR UPDATE
- HIGH-006: Rate limiter IP spoofing — SetTrustedProxies(nil) default
- HIGH-007: RGPD hard delete incomplete — added cleanup for sessions,
  settings, follows, notifications, audit_logs anonymization
- HIGH-008: RTMP callback auth weak — fail-closed when unconfigured,
  header-only (no query param), constant-time compare
- HIGH-009: Co-listening host hijack — UpdateHostState now takes *Conn
  and verifies IsHost before processing
- HIGH-010: Moderator self-strike — added issuedBy != userID check

MEDIUM:
- MEDIUM-001: Recovery codes used math/rand — replaced with crypto/rand
- MEDIUM-005: Stream token forgeable — resolved by HIGH-002 (RS256)

Updated REMEDIATION_MATRIX: 14 findings marked  CORRIGÉ.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 05:40:53 +01:00
senke
c50b7049b9 feat(v0.11.0): F381-F385 database migrations and models for creator analytics 
Add daily_track_stats, geographic_play_stats, track_discovery_sources tables.
Add source and country_code columns to track_plays.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 16:21:01 +01:00
senke
f2881ad865 feat(gdpr): v0.10.8 portabilité données - export ZIP async, suppression compte, hard delete cron
Some checks failed
Backend API CI / test-unit (push) Failing after 1s
Details
Frontend CI / test (push) Failing after 3s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 2s
Details
Backend API CI / test-integration (push) Failing after 6s
Details 
- Export: table data_exports, POST /me/export (202), GET /me/exports, messages+playback_history
- Notification email quand ZIP prêt, rate limit 3/jour
- Suppression: keep_public_tracks, anonymisation PII complète (users, user_profiles)
- HardDeleteWorker: final anonymization après 30 jours
- Frontend: POST export, checkbox keep_public_tracks
- MSW handlers pour Storybook
 2026-03-10 13:57:04 +01:00
senke
2292ecd56b feat(v0.10.7): Collaboration Temps Réel F481-F483
Some checks failed
Backend API CI / test-unit (push) Failing after 2s
Details
Frontend CI / test (push) Failing after 3s
Details
Backend API CI / test-integration (push) Failing after 5s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 2s
Details 
- F481: Co-listening sessions (WebSocket sync, ListenTogether page)
- F482: Stem sharing (upload/list/download wav,aiff,flac)
- F483: Collaborative rooms (type collaborative, max 10, invite-only)
- Roadmap: v0.10.7 → DONE
 2026-03-10 13:34:16 +01:00
senke
16a338da62 stabilisation commit: while implementing v0.10.5 2026-03-09 19:36:33 +01:00
senke
ef1ca1a908 feat(v0.10.3): Commentaires & Interactions Sociales - F201-F215 
- F201: Commentaires avec timestamp cliquable, modération mots-clés
- F202: Likes privés (compteur visible créateur uniquement)
- F203: Reposts de tracks sur le profil, bouton Repost, onglet Reposts
- F204: Notifications (commentaire, repost), pas de gamification

Backend: migrations 127/128, comment_moderation_service, track_repost_service,
  GetTrackLikes/GetTrack masquent like_count pour non-créateurs
Frontend: LikeButton isCreator, RepostButton, Reposts tab profil, timestamp seek
 2026-03-09 10:30:47 +01:00
senke
6690e334a1 feat(v0.10.1): Tags & Genres discover - F351-F355 
- Tags déclaratifs (max 10, 30 chars) via track_tags + tags
- Genres normalisés (max 3) via track_genres + taxonomy
- GET /api/v1/discover/genre/:genre, tag/:tag (browse chrono)
- POST/DELETE follow genre/tag
- Section feed "Nouvelles sorties dans vos genres"
- Track update: SyncTrackTags, SyncTrackGenres via discover service
- Frontend: discoverService, FeedPage by_genres, DiscoverPage
- Migration 126_tags_genres_discover
- MSW handlers for discover
 2026-03-09 01:52:56 +01:00
senke
7df866cd3f v0.9.7 beta 2026-03-06 18:58:37 +01:00
senke
99136948cb v0.9.7 2026-03-06 18:52:08 +01:00
senke
cd974172cb v0.9.4 2026-03-05 23:03:43 +01:00
senke
3edb10b567 feat(admin): feature flags CRUD with DB persistence 2026-02-25 19:56:24 +01:00
senke
d684c69439 feat(admin): global announcements CRUD and public banner endpoint 2026-02-25 19:55:21 +01:00
senke
0d092466f1 feat(admin): moderation queue with reports CRUD 2026-02-25 19:53:04 +01:00
senke
a3624ce4b3 feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive 
- Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView
- Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab
- MSW: cloud versions/share, gear documents/repairs, tags suggest
- Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants
- gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair
- cloudService: listVersions, restoreVersion, shareFile, getSharedFile
- gear_warranty_notifier: 24h ticker, notifications for expiring warranty
- tag_handler_test: unit tests
- docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802
- SCOPE_CONTROL, .cursorrules: scope v0.803
- archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802
 2026-02-25 14:00:58 +01:00
senke
301db440e5 feat(cloud): file versioning, restore, and sharing 2026-02-25 13:33:08 +01:00
senke
feed95fccd test(live): add live stream service unit tests 
Use serializer:json for LiveStream.Tags to support SQLite in-memory tests.
 2026-02-24 09:56:08 +01:00
senke
4807f64c32 feat(live): add migration 117 and model fields for Go Live 2026-02-24 09:51:21 +01:00
senke
a5d2951ec5 feat(seller): add seller_stripe_accounts migration and model 2026-02-23 22:11:11 +01:00
senke
d3e3ba9b33 feat(chat): Redis rate limiter, persistent presence, PostgreSQL full-text search 
- Rewrite chat rate limiter with Redis sliding window (sorted sets) and
  automatic in-memory fallback when Redis is unavailable
- Add ChatPresenceService with Redis-backed online/offline/heartbeat
  tracking (2min TTL), integrated into Hub register/unregister
- Add migration 113: tsvector column with GIN index and auto-update
  trigger on messages table for full-text search
- Update Search repository method to use ts_rank ordering instead of ILIKE
- Wire Redis client into chat WebSocket setup in router.go
- Add comprehensive tests: rate limiter, presence, 100-user concurrent benchmark
 2026-02-22 21:17:51 +01:00
senke
2ee63b9b11 feat(chat): Sprint 1 -- migrations, models, repositories for chat rewrite 
- Add migrations 109-112: read_receipts, delivered_status, message_reactions, messages extra columns
- Create ReadReceipt, DeliveredStatus, MessageReaction GORM models
- Update Message model with EditedAt, Status, IsPinned, Metadata fields
- Enrich ChatMessageRepository with cursor pagination, search, soft delete
- Create ReadReceiptRepository, DeliveredStatusRepository, ReactionRepository
- Create ChatPubSubService with Redis PubSub and in-memory fallback
 2026-02-22 20:38:20 +01:00
senke
1797e5c32c feat(v0.501): Sprint 1 -- infrastructure foundations 
- Add MinIO S3-compatible storage to docker-compose (dev, staging, prod)
- Create migrations 103-108 (waveform_url, user_folders, user_files,
  user_storage_quotas, gear_items.is_public, gear_images)
- Add Go models: UserFile, UserFolder, StorageQuota, GearImage
- Add WaveformURL to Track model, IsPublic + GearImages to GearItem model
 2026-02-22 18:10:25 +01:00
senke
8f4f445dcb feat(presence): P2.1 rich presence, P2.2 invisible mode 
Backend:
- UserPresence: track_id, track_title, invisible
- UpdatePresenceFull, GetPresenceForViewer (invisible hides for others)
- PUT /users/me/presence
- Migration 094 rich presence columns

Frontend:
- presenceService.updatePresence
- usePresenceSync: sync currentTrack to presence
- PresenceBadge: statusMessage tooltip
- PresenceInvisibleToggle in PrivacySettings
- MSW: PUT /users/me/presence
 2026-02-21 16:47:09 +01:00
senke
4a2ba9f404 feat(presence): migration 088 user_presence (P1.1) 2026-02-21 05:22:33 +01:00
senke
92d25164e9 feat(queue): add queue_sessions and shared_queue_items models 2026-02-20 18:39:33 +01:00
senke
002b8f2ec2 feat(tracks): add suggested tags endpoint and UI (E4) 
- Migration 085: tracks.tags TEXT[]
- Track model: Tags pq.StringArray
- GET /tracks/suggested-tags?genre=X&bpm=Y (static suggestions by genre)
- UpdateTrack: support tags
- TrackMetadataEditModal: tags chips + suggestions dropdown
- TrackDetailPageInfo: display tags
- getSuggestedTags, UpdateTrackParams.tags
- MSW: suggested-tags handler, tags in mock track
 2026-02-20 15:38:51 +01:00
senke
79f552212f feat(tracks): add lyrics model and endpoints (E3) 
- Migration 084: track_lyrics table
- TrackLyrics model, GetLyrics, CreateOrUpdateLyrics in TrackService
- GET /tracks/:id/lyrics, PUT /tracks/:id/lyrics (owner only)
- Frontend: TrackLyricsSection with show/hide toggle, Lyrics tab
- trackService: getLyrics, updateLyrics
- MSW: handlers for lyrics
 2026-02-20 15:36:28 +01:00
senke
265f9fa86c feat(tracks): add BPM field to model and CRUD (E1) 
- Backend: BPM and MusicalKey in Track model, UpdateTrack handler
- track_search_service: enable BPM filter (min_bpm, max_bpm)
- Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo
- TrackMetadataEditModal: BPM input, edit flow for track creator
- MSW: bpm, musical_key in mock track, correct response envelope
 2026-02-20 15:34:00 +01:00
senke
ef00e165e9 feat(profile): add profile banner (B1) 2026-02-20 14:56:25 +01:00
senke
bdea490c21 feat(developer): add API keys backend (Lot C) 
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
 2026-02-20 00:18:36 +01:00
senke
331905c05a feat(queue): add backend queue API with CRUD operations 2026-02-19 23:44:44 +01:00
senke
04c25aa24f Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
39f7967e1e incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
senke
a5b347ec9c stabilisation commit 2026-01-04 01:44:23 +01:00
senke
c7a048caf5 [T0-006] test(backend): Ajout tests service role - Progression couverture 
- Tests complets pour role_service (24 tests, tous passent)
- Tests couvrent NewRoleService, GetRoles, CreateRole, GetRole, UpdateRole, DeleteRole, AssignRoleToUser, RevokeRoleFromUser, GetUserRoles, HasRole, HasPermission
- Tests utilisent SQLite en mémoire avec GORM
- Hook GORM ajouté dans UserRole.BeforeCreate pour remplir automatiquement RoleName depuis RoleID
- Couverture actuelle: 31.1% (objectif: 80%)

Files:
- veza-backend-api/internal/services/role_service_test.go (créé)
- veza-backend-api/internal/models/role.go (modifié - hook BeforeCreate)
- VEZA_ROADMAP.json (mis à jour)

Hours: 16 estimated, 17 actual (travail en cours)
 2026-01-04 01:44:21 +01:00
senke
0bd5079eb2 [FIX] PROD-010: Corriger ENUM PostgreSQL dans modèle User - Tests E2E passent 
- Ajout de type:user_role dans le tag GORM du champ Role
- Amélioration de la détection d'erreurs ENUM dans le service Register
- L'endpoint /auth/register retourne maintenant 201 OK avec tokens
- Score production: 52/70 → 58/70
- PROD-010 marqué comme fixed (P0 blocker résolu)
 2026-01-04 01:44:19 +01:00
senke
71d7170dd6 [AUDIT] Real integration status - 58% pass rate, 2 blocking issues 
- 19 tests executed (11 pass, 6 fail, 3 skip)
- 2 P0 blocking issues: Login email verification, Register empty tokens
- 4 P1 issues: Protected endpoints cannot be tested (depends on auth)
- 1 P2 issue: Sessions endpoint redirect
- Full test results documented with exact HTTP codes and error messages
- User journey analysis: can register but cannot login
- Recommendations: Fix auth workflow first, then retest protected endpoints
 2026-01-04 01:44:13 +01:00
senke
1cca5fa9d3 [INT-008] int: Standardize date/time formats 2025-12-25 15:16:38 +01:00
senke
e8bde438aa [BE-SEC-012] be-sec: Implement API key authentication for webhooks 
- Added APIKey field to Webhook model with unique index
- Implemented GenerateAPIKey() method using crypto/rand for secure key generation
- Implemented ValidateAPIKey() method to authenticate webhook requests
- Implemented RegenerateAPIKey() method to rotate API keys
- Created WebhookAPIKeyMiddleware for validating API keys in requests
- Middleware supports X-API-Key header and Authorization: Bearer format
- Added endpoint POST /api/v1/webhooks/:id/regenerate-key
- API keys are prefixed with 'whk_' for identification
- Comprehensive unit tests for all API key functionality
- Inactive webhooks cannot authenticate with their API keys

Phase: PHASE-4
Priority: P2
Progress: 119/267 (44.57%)
 2025-12-24 18:03:52 +01:00
senke
22169cbbef [BE-SVC-009] be-svc: Implement notification service 
- Created Notification model for GORM with proper relationships
- Enhanced NotificationService with GORM-based implementation
- Features: pagination, filtering by type/read status, batch creation
- Mark as read (single and all), deletion (single and all read)
- Unread count and notification types listing
- Comprehensive unit tests for all operations
- Better error handling and logging
 2025-12-24 16:41:11 +01:00
senke
83996c9ead [BE-DB-004] be-db: Add created_at and updated_at timestamps to all models 2025-12-24 15:08:43 +01:00
senke
d0fe8c8ad7 stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
senke
d33c351ac6 refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
okinrev
8d6ce72bb2 report generation and future tasks selection 2025-12-08 19:57:54 +01:00
okinrev
8caa2fd7ca STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
okinrev
2425c15b09 adding initial backend API (Go) 2025-12-03 20:29:37 +01:00