senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2064 commits 37 branches 94 tags 1.5 GiB
Commit graph

180 commits

Author SHA1 Message Date
senke
2ed2bb9dcf v0.9.4 2026-03-05 23:03:43 +01:00
senke
b6c004319c v0.9.2
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
2026-03-05 19:27:34 +01:00
senke
2df921abd5 v0.9.1 2026-03-05 19:22:31 +01:00
senke
354c747cce feat(security): add global and per-IP DDoS rate limiting (1000/s, 100/s) 
SEC1-04: Redis sliding window 1s, excluded paths (health, swagger, auth)
 2026-03-03 09:25:08 +01:00
senke
d577f8c9be chore(release): v0.971 — Phantom (gamification removal, WebRTC Beta, limits doc)
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details
2026-03-02 19:25:37 +01:00
senke
7e015f8e73 chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes)
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Stream Server CI / test (push) Failing after 0s
Details
2026-03-02 19:04:30 +01:00
senke
7cb4ef56e1 feat(v0.912): Cashflow - payment E2E integration tests
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
- Add MarketplaceServiceOverride and AuthMiddlewareOverride to config for tests
- Wire overrides in routes_webhooks and routes_marketplace (authForMarketplaceInterface)
- payment_flow_test: cart -> checkout -> webhook -> order completed, license, transfer
- webhook_idempotency_test: 3 identical webhooks -> 1 order, 1 license
- webhook_security_test: empty secret 500, invalid sig 401, valid sig 200
- refund_flow_test: completed order -> refund -> order refunded, license revoked
- Shared computeWebhookSignature helper in webhook_test_helpers.go
- SetMaxOpenConns(1) for sqlite :memory: in idempotency test to avoid flakiness

Ref: docs/ROADMAP_V09XX_TO_V1.md v0.912 Cashflow
 2026-02-27 20:00:51 +01:00
senke
f9120c322b release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details
Stream Server CI / test (push) Failing after 0s
Details 
- ORDER BY dynamiques : whitelist explicite, fallback created_at DESC
- Login/register soumis au rate limiter global
- VERSION sync + check CI
- Nettoyage références veza-chat-server
- Go 1.24 partout (Dockerfile, workflows)
- TODO/FIXME/HACK convertis en issues ou résolus
 2026-02-27 09:43:25 +01:00
senke
6823e5a30d release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
- PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL
- CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest
- OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS
- CHAT_JWT_SECRET must differ from JWT_SECRET in production
- Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens
- Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010
 2026-02-26 19:49:15 +01:00
senke
51984e9a1f feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
- OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001)
- Remove PasswordService.GenerateJWT (VEZA-SEC-002)
- Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005)
- Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006)
- Waveform: ValidateExecPath before exec (VEZA-SEC-007)
 2026-02-26 19:34:45 +01:00
senke
c782bcb5b3 feat(admin): feature flags CRUD with DB persistence 2026-02-25 19:56:24 +01:00
senke
99b7cd8d97 feat(admin): global announcements CRUD and public banner endpoint 2026-02-25 19:55:21 +01:00
senke
f30a9562a9 feat(admin): maintenance mode middleware with 503 responses 2026-02-25 19:54:22 +01:00
senke
911fc525a2 feat(admin): moderation queue with reports CRUD 2026-02-25 19:53:04 +01:00
senke
9636613eaa feat(users): account deletion hardening with anonymization, S3 cleanup, session revocation 2026-02-25 19:51:21 +01:00
senke
3f56e49791 feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint 2026-02-25 19:49:25 +01:00
senke
470162ade8 feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE 2026-02-25 19:48:03 +01:00
senke
7692c4b8b9 feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive 
- Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView
- Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab
- MSW: cloud versions/share, gear documents/repairs, tags suggest
- Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants
- gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair
- cloudService: listVersions, restoreVersion, shareFile, getSharedFile
- gear_warranty_notifier: 24h ticker, notifications for expiring warranty
- tag_handler_test: unit tests
- docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802
- SCOPE_CONTROL, .cursorrules: scope v0.803
- archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802
 2026-02-25 14:00:58 +01:00
senke
596233aaaf feat(upload): tags auto-suggest endpoint and additional audio formats 2026-02-25 13:39:59 +01:00
senke
8162d1b419 feat(cloud): GDPR data export and automatic backup cron 2026-02-25 13:35:16 +01:00
senke
dced768c01 feat(cloud): file versioning, restore, and sharing 2026-02-25 13:33:08 +01:00
senke
d161a3739d feat(users): add user_preferences migration with appearance fields 2026-02-25 09:45:03 +01:00
senke
63867f1d09 feat(v0.703): Go Live & Streaming Complet
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details 
- Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms
- LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room
- LiveViewPlayer: real-time viewer count via polling (5s)
- Media Session: seekbackward/seekforward handlers (10s step)
- GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible
- Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703
- SCOPE_CONTROL, .cursorrules: update to v0.801
- Archive V0_703_RELEASE_SCOPE.md
 2026-02-25 09:35:22 +01:00
senke
8062ec685c feat(live): add handler endpoints for Go Live (me, key, regenerate, update) 2026-02-24 09:53:01 +01:00
senke
c785e61e69 feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details 
- Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers
- Step 14: MSW handlers admin transfers
- Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading)
- Step 16-17: DeepHealth handler (disk, config), GET /health/deep
- Step 19: health_deep_test.go (4 tests)
- Step 20: docs/API_REFERENCE.md
- Step 21: Archive V0_604, MIGRATIONS.md migration 116
- Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701
- Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules
- Step 24: Archive V0_701_RELEASE_SCOPE
- Fix: AdminTransfersView Select component (use options API)
 2026-02-23 23:42:02 +01:00
senke
7d530f9612 feat(routes): wire admin transfer endpoints in /admin group 2026-02-23 23:33:54 +01:00
senke
b3c74428d8 feat(commerce): add GET /sell/transfers endpoint 2026-02-23 22:56:26 +01:00
senke
6d1d861a52 feat(commerce): wire TransferService in marketplace and webhook routes 2026-02-23 22:55:39 +01:00
senke
83ed4f315b chore(release): v0.602 — Payout, Dette Technique & Tests E2E
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details 
- Stripe Connect: onboarding, balance, SellerDashboardView
- Interceptors: auth.ts, error.ts extracted, facade
- Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce)
- E2E commerce: product->order->review->invoice
- SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL
- Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603
- Fix sanitizer regex (Go no backreferences)
- Marketplace test schema: product_licenses, product_images, orders, licenses
 2026-02-23 22:32:01 +01:00
senke
cc9fbf4f24 feat(commerce): Hyperswitch LIVE_MODE configuration
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
- config: HyperswitchLiveMode (HYPERSWITCH_LIVE_MODE)
- routes_marketplace: warn when production + LiveMode=false
- docker-compose.prod: HYPERSWITCH_LIVE_MODE env var
 2026-02-23 19:56:52 +01:00
senke
218b4b33d6 feat(streaming): wire HLS pipeline end-to-end with serving routes 
- Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env)
- Register HLS serving routes (master.m3u8, quality playlist, segments)
  behind HLSEnabled feature flag on existing track routes
- Add GetHLSStatus and TriggerHLSTranscode methods to StreamService
  for stream server communication
- Update docker-compose (dev, staging, prod) with HLS env vars and
  shared hls-data volume between backend and stream-server
- Stream callback already correctly updates stream_manifest_url
 2026-02-22 21:20:35 +01:00
senke
1ed7fe2ebb feat(chat): Redis rate limiter, persistent presence, PostgreSQL full-text search 
- Rewrite chat rate limiter with Redis sliding window (sorted sets) and
  automatic in-memory fallback when Redis is unavailable
- Add ChatPresenceService with Redis-backed online/offline/heartbeat
  tracking (2min TTL), integrated into Hub register/unregister
- Add migration 113: tsvector column with GIN index and auto-update
  trigger on messages table for full-text search
- Update Search repository method to use ts_rank ordering instead of ILIKE
- Wire Redis client into chat WebSocket setup in router.go
- Add comprehensive tests: rate limiter, presence, 100-user concurrent benchmark
 2026-02-22 21:17:51 +01:00
senke
c7fb240dc3 feat(chat): Sprint 3 -- message handlers, real-time features, permissions 
- Implement full MessageHandler dispatch with all 18 incoming message types
- Add handler_messages.go: SendMessage, EditMessage, DeleteMessage with ownership checks
- Add handler_rooms.go: JoinConversation, LeaveConversation
- Add handler_history.go: FetchHistory (cursor-based), SearchMessages (ILIKE), SyncMessages
- Add handler_realtime.go: Typing, MarkAsRead, Delivered, AddReaction, RemoveReaction
- Add handler_calls.go: WebRTC signaling relay (CallOffer/Answer/ICE/Hangup/Reject)
- Add PermissionService: CanRead/CanSend/CanJoin/CanModerate based on room_members
- Add RateLimiter: per-user per-action sliding window (in-memory)
- Wire all dependencies in router.go setupChatWebSocket
 2026-02-22 20:43:44 +01:00
senke
e8d97741e4 feat(chat): Sprint 2 -- WebSocket hub, client, message types, route 
- Create Hub with register/unregister/broadcast, room/user index
- Create Client with readPump/writePump goroutines, 30s ping keepalive
- Define all 18 incoming + 18 outgoing message types matching Rust protocol
- Add ValidateChatToken to ChatService for JWT validation
- Update WSUrl from /ws to /api/v1/ws
- Register GET /api/v1/ws endpoint in router
- Create ChatWebSocketHandler for WebSocket upgrade and auth
 2026-02-22 20:41:39 +01:00
senke
43309327e6 feat(v0.501): Sprint 5 -- integration, tests, and cleanup 
- INT-01: Add E2E streaming tests (upload -> HLS auth)
- INT-02: Add E2E cloud tests (CRUD auth, public gear)
- INT-03: Split track/handler.go into 4 focused sub-handlers
- INT-04: Create migration squash script + MIGRATIONS.md
- INT-05: Add Trivy container image scanning CI workflow
- INT-06: Replace production console.log with structured logger
 2026-02-22 18:40:07 +01:00
senke
edde637c8e feat(v0.501): Sprint 4 -- Cloud frontend + Gear advanced 
- C1-09: Create CloudPage with folder tree, file list, and /cloud route
- C1-10: Create CloudUploadModal with drag-and-drop and progress
- C1-11: Create CloudFilePreview mini player inline
- C1-12: Add Cloud stories (loading, empty, populated, quota full)
- G1-01: Add is_public toggle, public gear endpoint, GearShowcase
- G1-02: Add gear image upload endpoints, GearImageGallery component
- G1-03: Add gear search with ILIKE + SearchBar in toolbar
- G1-04: Add stories for GearShowcase and GearImageGallery
 2026-02-22 18:30:49 +01:00
senke
ec4564fb37 feat(v0.501): Sprint 3 -- Cloud Storage MVP backend 
- C1-01: Create CloudService with CRUD folders/files, quota, ownership
- C1-02: Create CloudHandler with 11 REST endpoints
- C1-03: Register cloud routes in Go router
- C1-04: Implement file streaming with HTTP Range support
- C1-05: Add publish cloud file as track endpoint
- C1-06: Add MSW mock handlers for cloud API
- C1-07: Auto-init 5GB storage quota on user registration
- C1-08: Add 12 unit tests for CloudService
 2026-02-22 18:23:58 +01:00
senke
73533bea77 feat(v0.501): Sprint 2 -- HLS production-ready 
- S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k)
- S1-02: Update master.m3u8 endpoint with 3-tier quality system
- S1-03: Integrate hls.js with ABR + useHLSPlayer hook
- S1-04: Add Cache-Control headers on HLS segments and manifests
- S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform)
- S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache
- S1-07: Create WaveformDisplay component with story
- S1-08: Add 4 Prometheus metrics for streaming monitoring
 2026-02-22 18:16:37 +01:00
senke
ee32aec970 feat(streaming): trigger HLS transcoding after track upload 
INT-02: TrackService.copyFileAsync now calls StreamService.StartProcessing
after successful file copy. Wires the stream server integration into
all track route registrations.
 2026-02-22 17:52:39 +01:00
senke
872e42d81c refactor(backend): replace 40 fmt.Printf calls with zap structured logging 
CLN-03: router.go, track/service.go, upload_validator.go, cors.go,
playlist_handler.go, and mfa.go now use zap.L() or local logger
for structured logging instead of fmt.Printf.
 2026-02-22 17:44:38 +01:00
senke
834fa1f979 refactor: remove dead code (api_manager.go, unused templates) 
CLN-01: Deleted archived api_manager.go (~789 LOC, build-tag ignore)
and dev-environment/templates/ (~806 LOC, never used by generator).
 2026-02-22 17:44:19 +01:00
senke
5e4291ecba feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication 
SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies.
New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with
both stream server (Claims struct) and chat server (JwtClaims struct).
Frontend hlsService and websocket updated to use fetchStreamToken() fallback.
 2026-02-22 17:28:00 +01:00
senke
bab3f38c4a feat(marketplace): add license revoked_at migration 2026-02-22 16:18:01 +01:00
senke
166acc6069 chore(backend): add PDF library for invoices 
feat(marketplace): add invoice generation service and download endpoint
 2026-02-22 16:11:42 +01:00
senke
85daf595a8 feat(marketplace): add create and list reviews endpoints 2026-02-22 16:06:18 +01:00
senke
0adc212719 feat(seller): add GET /sell/stats/evolution, top-products, sales, SalesEvolutionChart, real commerceService 2026-02-22 14:21:21 +01:00
senke
1fef428ce0 feat(marketplace): add migration 098 product_licenses, ProductLicense model, GET /licenses/mine 2026-02-22 14:16:24 +01:00
senke
31a27e4724 feat(marketplace): add playable preview and image gallery to ProductDetailView 2026-02-22 14:14:38 +01:00
senke
aec22b596c feat(marketplace): add product images management endpoint 2026-02-22 14:08:13 +01:00
senke
c6f094a3d5 feat(marketplace): add POST /products/:id/preview for audio preview upload 2026-02-22 14:07:30 +01:00