senke
b6bdf82d2b
[BE-SEC-001] security: Fix ownership verification for user profile updates
...
- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT /users/:id
- Added integration tests for ownership verification
- Test: user cannot update another user's profile (403 Forbidden)
- Test: admin can update any profile (200 OK)
- Test: user can update own profile (200 OK)
- All tests pass
Phase: PHASE-1
Priority: P0
Progress: 1/267 (0.4%)
2025-12-23 01:36:04 +01:00
senke
a3d7f3a3cc
fix(MVP-015): Standardize remember_me field name to snake_case
2025-12-22 23:27:51 +01:00
senke
f52fb0b289
fix(MVP-014): Add CORS credentials configuration validation
2025-12-22 23:17:24 +01:00
senke
f808d0323c
fix(MVP-013): Add error correlation with request IDs in logs
2025-12-22 23:13:49 +01:00
senke
3b09d15e93
fix(MVP-012): Add retry logic with exponential backoff for 502/503 errors
2025-12-22 23:10:52 +01:00
senke
9b3363a6a6
fix(MVP-011): Simplify token refresh response handling to single format
2025-12-22 23:06:52 +01:00
senke
013413246e
fix(MVP-010): Fix error code type in Zod schemas (string → number)
2025-12-22 23:05:08 +01:00
senke
b3643af83c
fix(MVP-009): Fix GetMe endpoint to return full user object from database
2025-12-22 23:03:46 +01:00
senke
e37f0af1e4
fix(MVP-008): Add feature flags to disable non-MVP features with missing endpoints
2025-12-22 23:01:36 +01:00
senke
81696374fd
fix(MVP-007): Fix profile endpoint paths to match backend routes
2025-12-22 22:58:18 +01:00
senke
4d8c019abf
fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL)
2025-12-22 22:56:37 +01:00
senke
6d036133ca
batch 1
2025-12-22 22:00:50 +01:00
senke
463109c4e0
fix(INT-000002): Multiple Auth Storage Mechanisms
...
- Unified token storage to use TokenStorage service
- Removed deprecated token-manager.ts
- Removed fallback storage logic in API client
- Updated tests and feature components to use TokenStorage
Resolves: INT-000002
Severity: P0
2025-12-22 09:53:47 -05:00
senke
cb2888e357
fix(INT-000001): CORS Configuration Will Break Production
...
- Updated docker-compose.production.yml to set APP_ENV=production
- Added CORS_ALLOWED_ORIGINS configuration to backend-api service
- Created integration tracking documents
Resolves: INT-000001
Severity: P0
2025-12-22 09:39:48 -05:00
senke
fd6eca0eea
reviewing and documenting frontend x backend inbtegration status
2025-12-21 19:41:45 -05:00
senke
d50832ca42
stabilizing apps/web: THIRD BATCH - FIXED Playwright
2025-12-21 18:55:51 -05:00
senke
c65563863a
stabilizing apps/web: SECOND BATCH - FIXING Playwright
2025-12-17 12:20:42 -05:00
senke
76c7cc52d8
fix(frontend): STATUS OVERVIEW
2025-12-17 09:20:58 -05:00
senke
a2b8d1dc47
fix(frontend): stabilize architecture (router, lazy loading, build, auth)
2025-12-17 09:15:45 -05:00
senke
ae1c9c2795
stabilizing apps/web: FIRST BATCH
2025-12-17 08:07:35 -05:00
senke
3f7bf2e2d3
stabilizing apps/web: SITUATION AWARENESS
2025-12-16 14:40:16 -05:00
senke
980858b17e
stabilizing veza-backend-api: LAST REMEDIATION
2025-12-16 14:07:36 -05:00
senke
67af0567a5
stabilizing veza-backend-api: P3 - FINAL
2025-12-16 13:37:36 -05:00
senke
a7d463b8fd
stabilizing veza-backend-api: P1 & P2
2025-12-16 13:34:08 -05:00
senke
83e4463b4b
stabilizing veza-backend-api: P0
2025-12-16 11:59:56 -05:00
senke
d0fe8c8ad7
stabilizing veza-backend-api: phase 1
2025-12-16 11:23:49 -05:00
senke
d33c351ac6
refonte: backend-api go first; phase 1
2025-12-12 21:34:34 -05:00
okinrev
8d6ce72bb2
report generation and future tasks selection
2025-12-08 19:57:54 +01:00
okinrev
5c9bcdda2b
fix(redis,rabbitmq): clean dev/lab behavior
2025-12-07 14:28:55 +01:00
okinrev
8300682582
chore(dev): add lab migration and run scripts
2025-12-07 14:27:51 +01:00
okinrev
f67395c4dd
fix(health): make readiness check reflect real dependency state
2025-12-07 14:27:07 +01:00
okinrev
0a37028da6
fix(db): align automatic migrations with SQL files
2025-12-07 14:26:48 +01:00
okinrev
1db312244a
Merge pull request #2 from okinrev/remediation/full_audit_fix
...
Remediation/full audit fix
2025-12-06 17:53:06 +01:00
okinrev
fc1807ea15
refactor(marketplace): enforce unified api response envelope
2025-12-06 17:39:04 +01:00
okinrev
f13d04917c
refactor(track): enforce unified api response envelope
2025-12-06 17:37:00 +01:00
okinrev
c14c647581
feat(api): remediate missing openapi spec and annotate handlers
2025-12-06 17:34:18 +01:00
okinrev
8caa2fd7ca
STABILISATION: phase 3–5 – API contract, tests & chat-server hardening
2025-12-06 17:21:59 +01:00
okinrev
25e82d1e3d
STABILISATION: phase 1 & phase 2
2025-12-06 14:45:07 +01:00
okinrev
54a16ac2e0
feat(backend-worker): persist job queue in postgres
2025-12-06 13:32:32 +01:00
okinrev
5817132793
docs(remediation): add audit report, remediation plan and changelog skeleton
2025-12-06 13:25:54 +01:00
okinrev
7127a11318
fix(chat-server): finalize HTTP auth and startup wiring
2025-12-06 13:25:25 +01:00
okinrev
bef82fb388
chore(backend-tests): remove obsolete metrics and profile/system_metrics tests
2025-12-06 13:25:10 +01:00
okinrev
99f960140a
security(chat-server): implement auth middleware and permission checks for HTTP API
2025-12-06 13:18:12 +01:00
okinrev
a47464509a
fix(backend-tests): enable room_handler_test and resolve metric collisions
2025-12-06 12:53:15 +01:00
okinrev
baf5898534
feat(chat-server): implement graceful shutdown with OS signal handling
2025-12-06 12:02:46 +01:00
okinrev
251f803248
feat(chat-server): implement 60s inactivity heartbeat timeout
2025-12-06 12:00:20 +01:00
okinrev
0849493a01
fix(stream-processor): replace unsafe abort with graceful join to drain events
2025-12-06 11:52:34 +01:00
okinrev
4f6ced6494
chore(backend): remove legacy migrations and main file
2025-12-06 11:50:22 +01:00
okinrev
ad46483da0
fix(backend-worker): replace blocking sleep with non-blocking scheduler
2025-12-06 11:49:54 +01:00
okinrev
1c55956be6
Merge pull request #1 from okinrev/fix/p0-backend-chat-stream-stabilization
...
Fix/p0 backend chat stream stabilization
2025-12-06 11:27:31 +01:00
