senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/core
History
senke 3cee007d8d
Some checks failed
Veza CI / Backend (Go) (push) Failing after 0s
Details
Veza CI / Frontend (Web) (push) Failing after 0s
Details
Veza CI / Rust (Stream Server) (push) Failing after 0s
Details
Security Scan / Secret Scanning (gitleaks) (push) Failing after 0s
Details
Veza CI / Notify on failure (push) Failing after 0s
Details
fix(distribution,audit): propagate ErrSubscriptionNoPayment to handler + P0.12 closure date + E2E regression TODO 
Self-review of the v1.0.6.2 hotfix surfaced that
distribution.checkEligibility silently swallowed
subscription.ErrSubscriptionNoPayment as "ineligible, no extra info",
so a user with a fantôme subscription trying to submit a distribution
got "Distribution requires Creator or Premium plan" — misleading, the
user has a plan but no payment. checkEligibility now propagates the
error so the handler can surface "Your subscription is not linked to
a payment. Complete payment to enable distribution."

Security is unchanged — the gate still refuses. This is a UX clarity
fix for honest-path users who landed in the fantôme state via a
broken payment flow.

Also:
- Closure timestamp added to axis-1 P0.12 ("closed 2026-04-17 in
  v1.0.6.2 (commit d31f5733d)") so future readers know the finding's
  lifecycle without re-grepping the CHANGELOG.
- Item G in v107-plan.md gains an explicit E2E Playwright @critical
  acceptance — the shell probe + Go unit tests validate the fix
  today but don't run on every commit, so a refactor of Subscribe or
  checkEligibility could silently re-open the bypass. The E2E test
  makes regression coverage automatic.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 12:43:21 +02:00
..
admin feat(v0.11.3): F421-F424 admin platform handler and routes 2026-03-10 18:19:45 +01:00
analytics fix(v0.12.6): apply all pentest remediations — 36 findings across 36 files 2026-03-14 00:44:46 +01:00
auth fix(backend,infra): send real verification emails + fail-loud in prod 2026-04-16 14:52:46 +02:00
collaboration adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
discover style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
distribution fix(distribution,audit): propagate ErrSubscriptionNoPayment to handler + P0.12 closure date + E2E regression TODO 2026-04-17 12:43:21 +02:00
education style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
feed feat(v0.10.1): Tags & Genres discover - F351-F355 2026-03-09 01:52:56 +01:00
marketplace feat(backend,marketplace): refund reverse-charge with idempotent webhook 2026-04-17 02:02:57 +02:00
moderation feat(v0.11.2): F411-F420 moderation handler and routes 2026-03-10 17:49:51 +01:00
social fix(v0.12.6): apply all pentest remediations — 36 findings across 36 files 2026-03-14 00:44:46 +01:00
subscription chore(release): v1.0.6.2 — subscription payment-gate bypass hotfix 2026-04-17 12:21:53 +02:00
track feat(backend,web): single source of truth for upload-size limits 2026-04-16 19:37:37 +02:00