137 commits

Author	SHA1	Message	Date
senke	2ed2bb9dcf	v0.9.4	2026-03-05 23:03:43 +01:00
senke	b6c004319c	v0.9.2	2026-03-05 19:27:34 +01:00
senke	2df921abd5	v0.9.1	2026-03-05 19:22:31 +01:00
senke	ecf8d73e55	fix(release): v1.0.2 — Conformité complète V1_SIGNOFF (21 critères) ... - Couverture Go: script coverage_report.sh, 39% mesuré - Vitest thresholds frontend 50% - Load test WebSocket: CHAT_ORIGIN→backend, WS_URL=/api/v1/ws - Tests: chat_service (WSUrl), password_service (hash/expired) - V1_SIGNOFF: 14 PASS, 7 N/A documentés - PERFORMANCE_BASELINE, RGPD, PWA tables v1.0.2 - Runbooks, Grafana, Secrets validés	2026-03-03 21:18:53 +01:00
senke	1318a53a64	chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline)	2026-03-02 12:35:49 +01:00
senke	72d40990c5	feat(v0.923): API contract tests, OpenAPI generation, CI type sync check	2026-02-27 20:23:10 +01:00
senke	4720bb20b2	feat(auth): v0.911 Keystone - OAuth and auth integration tests ... - Add access token blacklist on logout (VEZA-SEC-006) - Extend OAuthService for mock provider injection in tests - Add oauth_google_test.go: full OAuth Google flow with mocked provider - Add oauth_github_test.go: OAuth GitHub flow with PKCE verification - Add token_refresh_test.go: E2E refresh via httpOnly cookies - Add logout_blacklist_test.go: E2E logout + token blacklist - Fix testutils import path in resume_upload_test, track_quota_test - Fix CreatorID -> UserID in track_quota_test - Add test:integration script to package.json Release: v0.911 Keystone	2026-02-27 09:58:53 +01:00
senke	f9120c322b	release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 ... - ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus	2026-02-27 09:43:25 +01:00
senke	6823e5a30d	release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET ... - PKCE (S256) in OAuth flow: code_verifier in oauth_states, code_challenge in auth URL - CryptoService: AES-256-GCM encryption for OAuth provider tokens at rest - OAuth redirect URL validated against OAUTH_ALLOWED_REDIRECT_DOMAINS - CHAT_JWT_SECRET must differ from JWT_SECRET in production - Migration script: cmd/tools/encrypt_oauth_tokens for existing tokens - Fixes: VEZA-SEC-003, VEZA-SEC-004, VEZA-SEC-009, VEZA-SEC-010	2026-02-26 19:49:15 +01:00
senke	51984e9a1f	feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities ... - OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)	2026-02-26 19:34:45 +01:00
senke	c782bcb5b3	feat(admin): feature flags CRUD with DB persistence	2026-02-25 19:56:24 +01:00
senke	99b7cd8d97	feat(admin): global announcements CRUD and public banner endpoint	2026-02-25 19:55:21 +01:00
senke	911fc525a2	feat(admin): moderation queue with reports CRUD	2026-02-25 19:53:04 +01:00
senke	7692c4b8b9	feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive ... - Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView - Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab - MSW: cloud versions/share, gear documents/repairs, tags suggest - Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants - gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair - cloudService: listVersions, restoreVersion, shareFile, getSharedFile - gear_warranty_notifier: 24h ticker, notifications for expiring warranty - tag_handler_test: unit tests - docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802 - SCOPE_CONTROL, .cursorrules: scope v0.803 - archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802	2026-02-25 14:00:58 +01:00
senke	596233aaaf	feat(upload): tags auto-suggest endpoint and additional audio formats	2026-02-25 13:39:59 +01:00
senke	8162d1b419	feat(cloud): GDPR data export and automatic backup cron	2026-02-25 13:35:16 +01:00
senke	dced768c01	feat(cloud): file versioning, restore, and sharing	2026-02-25 13:33:08 +01:00
senke	63867f1d09	feat(v0.703): Go Live & Streaming Complet ... - Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms - LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room - LiveViewPlayer: real-time viewer count via polling (5s) - Media Session: seekbackward/seekforward handlers (10s step) - GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible - Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703 - SCOPE_CONTROL, .cursorrules: update to v0.801 - Archive V0_703_RELEASE_SCOPE.md	2026-02-25 09:35:22 +01:00
senke	038f6d4991	test(live): add live stream service unit tests ... Use serializer:json for LiveStream.Tags to support SQLite in-memory tests.	2026-02-24 09:56:08 +01:00
senke	083fe2e50d	feat(live): stream key generation, ListByUser, RegenerateStreamKey	2026-02-24 09:52:04 +01:00
senke	83ed4f315b	chore(release): v0.602 — Payout, Dette Technique & Tests E2E ... - Stripe Connect: onboarding, balance, SellerDashboardView - Interceptors: auth.ts, error.ts extracted, facade - Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce) - E2E commerce: product->order->review->invoice - SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL - Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603 - Fix sanitizer regex (Go no backreferences) - Marketplace test schema: product_licenses, product_images, orders, licenses	2026-02-23 22:32:01 +01:00
senke	218b4b33d6	feat(streaming): wire HLS pipeline end-to-end with serving routes ... - Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env) - Register HLS serving routes (master.m3u8, quality playlist, segments) behind HLSEnabled feature flag on existing track routes - Add GetHLSStatus and TriggerHLSTranscode methods to StreamService for stream server communication - Update docker-compose (dev, staging, prod) with HLS env vars and shared hls-data volume between backend and stream-server - Stream callback already correctly updates stream_manifest_url	2026-02-22 21:20:35 +01:00
senke	e8d97741e4	feat(chat): Sprint 2 -- WebSocket hub, client, message types, route ... - Create Hub with register/unregister/broadcast, room/user index - Create Client with readPump/writePump goroutines, 30s ping keepalive - Define all 18 incoming + 18 outgoing message types matching Rust protocol - Add ValidateChatToken to ChatService for JWT validation - Update WSUrl from /ws to /api/v1/ws - Register GET /api/v1/ws endpoint in router - Create ChatWebSocketHandler for WebSocket upgrade and auth	2026-02-22 20:41:39 +01:00
senke	4d4d07836c	feat(chat): Sprint 1 -- migrations, models, repositories for chat rewrite ... - Add migrations 109-112: read_receipts, delivered_status, message_reactions, messages extra columns - Create ReadReceipt, DeliveredStatus, MessageReaction GORM models - Update Message model with EditedAt, Status, IsPinned, Metadata fields - Enrich ChatMessageRepository with cursor pagination, search, soft delete - Create ReadReceiptRepository, DeliveredStatusRepository, ReactionRepository - Create ChatPubSubService with Redis PubSub and in-memory fallback	2026-02-22 20:38:20 +01:00
senke	edde637c8e	feat(v0.501): Sprint 4 -- Cloud frontend + Gear advanced ... - C1-09: Create CloudPage with folder tree, file list, and /cloud route - C1-10: Create CloudUploadModal with drag-and-drop and progress - C1-11: Create CloudFilePreview mini player inline - C1-12: Add Cloud stories (loading, empty, populated, quota full) - G1-01: Add is_public toggle, public gear endpoint, GearShowcase - G1-02: Add gear image upload endpoints, GearImageGallery component - G1-03: Add gear search with ILIKE + SearchBar in toolbar - G1-04: Add stories for GearShowcase and GearImageGallery	2026-02-22 18:30:49 +01:00
senke	ec4564fb37	feat(v0.501): Sprint 3 -- Cloud Storage MVP backend ... - C1-01: Create CloudService with CRUD folders/files, quota, ownership - C1-02: Create CloudHandler with 11 REST endpoints - C1-03: Register cloud routes in Go router - C1-04: Implement file streaming with HTTP Range support - C1-05: Add publish cloud file as track endpoint - C1-06: Add MSW mock handlers for cloud API - C1-07: Auto-init 5GB storage quota on user registration - C1-08: Add 12 unit tests for CloudService	2026-02-22 18:23:58 +01:00
senke	73533bea77	feat(v0.501): Sprint 2 -- HLS production-ready ... - S1-01: Add multi-bitrate streaming profiles (128k, 256k, 320k) - S1-02: Update master.m3u8 endpoint with 3-tier quality system - S1-03: Integrate hls.js with ABR + useHLSPlayer hook - S1-04: Add Cache-Control headers on HLS segments and manifests - S1-05: Create WaveformService with async generation (FFmpeg + audiowaveform) - S1-06: Add GET /tracks/:id/waveform endpoint with Redis cache - S1-07: Create WaveformDisplay component with story - S1-08: Add 4 Prometheus metrics for streaming monitoring	2026-02-22 18:16:37 +01:00
senke	a6cf20e614	fix(tests): fix 2 skipped tests, add clear skip reasons to 11 others ... INT-04: Fixed nil UserID panic in AuditService (re-enabled 2 tests). Added INT-04 comments explaining skip reasons for tests requiring PostgreSQL, real file headers, or external services.	2026-02-22 17:53:00 +01:00
senke	872e42d81c	refactor(backend): replace 40 fmt.Printf calls with zap structured logging ... CLN-03: router.go, track/service.go, upload_validator.go, cors.go, playlist_handler.go, and mfa.go now use zap.L() or local logger for structured logging instead of fmt.Printf.	2026-02-22 17:44:38 +01:00
senke	763aea15cb	fix(security): hash password reset tokens before database storage ... INF-10: Reset tokens are now SHA-256 hashed before INSERT. Validation hashes the received token and compares against stored hash. Plain tokens never persisted.	2026-02-22 17:36:10 +01:00
senke	da3bad1b0e	fix(security): add ownership check to GetUploadStatus handler (IDOR fix) ... SEC-06: GetUploadStatus now verifies that the authenticated user owns the upload before returning status. Returns 404 for non-owners to prevent information disclosure.	2026-02-22 17:30:30 +01:00
senke	5e4291ecba	feat(auth): add ephemeral stream-token endpoint for HLS and WebSocket authentication ... SEC-03: TokenStorage.getAccessToken() returns null with httpOnly cookies. New POST /api/v1/auth/stream-token returns a 5-min JWT compatible with both stream server (Claims struct) and chat server (JwtClaims struct). Frontend hlsService and websocket updated to use fetchStreamToken() fallback.	2026-02-22 17:28:00 +01:00
senke	51373b653f	feat(hyperswitch): add CreateRefund to client	2026-02-22 16:17:54 +01:00
senke	49bb633fc6	feat(presence): P2.1 rich presence, P2.2 invisible mode ... Backend: - UserPresence: track_id, track_title, invisible - UpdatePresenceFull, GetPresenceForViewer (invisible hides for others) - PUT /users/me/presence - Migration 094 rich presence columns Frontend: - presenceService.updatePresence - usePresenceSync: sync currentTrack to presence - PresenceBadge: statusMessage tooltip - PresenceInvisibleToggle in PrivacySettings - MSW: PUT /users/me/presence	2026-02-21 16:47:09 +01:00
senke	49e3122e78	feat(notifications): N1.1-N1.3 Web Push subscription, send on events, preferences ... - N1.1: POST /notifications/push/subscribe, PushService, migration 090 - N1.2: Send Web Push on follow/like/comment/message via CreateNotification - N1.3: GET/PUT /notifications/preferences, migration 093 - Shared NotificationService with PushService for profile, track, comment handlers - Fix MockSocialService GetGlobalFeed, GetTrendingHashtags for tests	2026-02-21 16:41:39 +01:00
senke	4d37311b79	feat(presence): migration 088 user_presence (P1.1)	2026-02-21 05:22:33 +01:00
senke	ba24507b1f	feat(queue): add queue session API (create, get, delete, add/remove items)	2026-02-20 18:41:12 +01:00
senke	802a54245e	feat(search): add boolean operators AND, OR, NOT, exact phrase	2026-02-20 18:38:34 +01:00
senke	d4f1d08518	feat(search): add phonetic/fuzzy search via pg_trgm	2026-02-20 18:36:07 +01:00
senke	aeb941d41a	feat(search): add autocomplete suggestions endpoint and UI (G3)	2026-02-20 16:54:17 +01:00
senke	124f0006f1	feat(search): add relevance sort option (G2)	2026-02-20 16:50:49 +01:00
senke	b042da9575	feat(search): add musical_key filter and wire tags filter (G1)	2026-02-20 16:50:30 +01:00
senke	1620819afd	feat(tracks): add BPM field to model and CRUD (E1) ... - Backend: BPM and MusicalKey in Track model, UpdateTrack handler - track_search_service: enable BPM filter (min_bpm, max_bpm) - Frontend: Track type, UpdateTrackParams, display in TrackDetailPageInfo - TrackMetadataEditModal: BPM input, edit flow for track creator - MSW: bpm, musical_key in mock track, correct response envelope	2026-02-20 15:34:00 +01:00
senke	b33c9d3cca	feat(profile): add profile privacy toggle (B3) ... - Backend: is_public in Profile, UpdateProfile; strip SocialLinks for private - Settings: ProfileVisibilityCard toggle in Privacy tab - UserProfilePage: show 'Profil privé' when viewing private profile	2026-02-20 15:10:02 +01:00
senke	9be0e6e14f	feat(profile): add profile banner (B1)	2026-02-20 14:56:25 +01:00
senke	d626e9c533	feat(auth): enrich sessions page with history and revoke (A4)	2026-02-20 14:52:20 +01:00
senke	6bac68b679	feat(auth): add OAuth Spotify provider (A1)	2026-02-20 14:48:08 +01:00
senke	286be8ba1d	chore(v0.102): consolidate remaining changes — docs, frontend, backend ... - docs: SCOPE_CONTROL, CONTRIBUTING, README, .github templates - frontend: DeveloperDashboardView, Player components, MSW handlers, auth, reactQuerySync - backend: playback_analytics, playlist_service, testutils, integration README Excluded (artifacts): .auth, playwright-report, test-results, storybook_audit_detailed.json	2026-02-20 13:02:12 +01:00
senke	32348bebce	feat(developer): add API keys backend (Lot C) ... - Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at) - APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey) - APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys - AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT - CSRF: skip for API key auth (stateless) - Key format: vza_ prefix, SHA-256 hashed storage	2026-02-20 00:18:36 +01:00
senke	6a53daab59	feat(queue): add backend queue API with CRUD operations	2026-02-19 23:44:44 +01:00