9f4c2183a2
First item of the v1.0.6 backlog surfaced by the v1.0.5 smoke test: a
brand-new account could register, verify email, and log in — but
attempting to upload hit a 403 because `role='user'` doesn't pass the
`RequireContentCreatorRole` middleware. The only way to get past that
gate was an admin DB update.
This commit wires the self-service path decided in the v1.0.6
specification:
* One-way flip from `role='user'` to `role='creator'`, gated strictly
on `is_verified=true` (the verification-email flow we restored in
Fix 2 of the hardening sprint).
* No KYC, no cooldown, no admin validation. The conscious click
already requires ownership of the email address.
* Downgrade is out of scope — a creator who wants back to `user`
opens a support ticket. Avoids the "my uploads orphaned" edge case.
Backend
* Migration `977_users_promoted_to_creator_at.sql`: nullable
`TIMESTAMPTZ` column, partial index for non-null values. NULL
preserves the semantic for users who never self-promoted
(out-of-band admin assignments stay distinguishable from organic
creators for audit/analytics).
* `models.User`: new `PromotedToCreatorAt *time.Time` field.
* `handlers.UpgradeToCreator(db, auditService, logger)`:
- 401 if no `user_id` in context (belt-and-braces — middleware
should catch this first)
- 404 if the user row is missing
- 403 `EMAIL_NOT_VERIFIED` when `is_verified=false`
- 200 idempotent with `already_elevated=true` when the caller is
already creator / premium / moderator / admin / artist /
producer / label (same set accepted by
`RequireContentCreatorRole`)
- 200 with the new role + `promoted_to_creator_at` on the happy
path. The UPDATE is scoped `WHERE role='user'` so a concurrent
admin assignment can't be silently overwritten; the zero-rows
case reloads and returns `already_elevated=true`.
- audit logs a `user.upgrade_creator` action with IP, UA, and
the role transition metadata. Non-fatal on failure — the
upgrade itself already committed.
* Route: `POST /api/v1/users/me/upgrade-creator` under the existing
protected users group (RequireAuth + CSRF).
Frontend
* `AccountSettingsCreatorCard`: new card in the Account tab of
`/settings`. Completely hidden for users already on a creator-tier
role (no "you're already a creator" clutter). Unverified users see
a disabled-but-explanatory state with a "Resend verification"
CTA to `/verify-email/resend`. Verified users see the "Become an
artist" button, which POSTs to `/users/me/upgrade-creator` and
refetches the user on success.
* `upgradeToCreator()` service in `features/settings/services/`.
* Copy is deliberately explicit that the change is one-way.
Tests
* 6 Go unit tests covering: happy path (role + timestamp), unverified
refused, already-creator idempotent (timestamp preserved),
admin-assigned idempotent (no timestamp overwrite), user-not-found,
no-auth-context.
* 7 Vitest tests covering: verified button visible, unverified state
shown, card hidden for creator, card hidden for admin, success +
refetch, idempotent message, server error via toast.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| .husky | ||
| .storybook | ||
| dev_audit/frontend | ||
| docs | ||
| lighthouse-reports | ||
| public | ||
| scripts | ||
| src | ||
| visual-tests | ||
| .dockerignore | ||
| .env.example | ||
| .env.storybook | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc.json | ||
| all_components.txt | ||
| analyze_lint.py | ||
| covered_components.txt | ||
| Dockerfile | ||
| Dockerfile.dev | ||
| Dockerfile.production | ||
| e2e_test_output.json | ||
| env.remote-r720.example | ||
| eslint.config.js | ||
| full_test_result.txt | ||
| index.html | ||
| jest.config.js | ||
| lint_results.txt | ||
| lint_results_2.txt | ||
| lint_results_3.txt | ||
| lint_results_final.txt | ||
| lint_results_final_v2.txt | ||
| nginx.conf | ||
| nginx.production.conf | ||
| openapitools.json | ||
| package.json | ||
| postcss.config.js | ||
| README.md | ||
| RUNTIME_ISSUES.json | ||
| tailwind.config.ts | ||
| tsconfig.app.json | ||
| tsconfig.json | ||
| tsconfig.node.json | ||
| tsconfig.tsbuildinfo | ||
| vite.config.ts | ||
| vitest.config.ts | ||
| vitest.shims.d.ts | ||
| vitest.storybook.config.ts | ||
Veza Frontend
React + TypeScript frontend application for the Veza audio collaboration platform.
Quick Start
Prerequisites
- Node.js 18+ and npm
- Backend API running (see
veza-backend-api/README.md)
Installation
npm install
Development
npm run dev
The application will be available at http://localhost:5173.
Building
npm run build
Setup Steps
1. Environment Variables
Copy .env.example to .env and configure:
# API Configuration
VITE_API_URL=http://localhost:8080/api/v1
VITE_WS_URL=ws://localhost:8081
VITE_STREAM_URL=http://localhost:8082
# Optional: Enable MSW mocks for development
VITE_USE_MSW=0
See .env.example for all available environment variables.
2. Type Generation
TypeScript types are generated from the OpenAPI specification. To regenerate types:
npm run generate:types
This script:
- Reads
veza-backend-api/openapi.yaml - Generates TypeScript types to
src/types/generated/ - Creates barrel exports for easy importing
Note: Types are automatically generated in CI/CD before type checking.
3. Validation
Validate types and schemas:
# Type checking
npm run validate:types
# Schema validation
npm run validate:schemas
# Both
npm run validate:all
Available Scripts
Development
npm run dev- Start development servernpm run dev:lab- Start with lab environment (real database)npm run dev:mocks- Start with MSW mocks enabled
Building
npm run build- Build for productionnpm run preview- Preview production build
Testing
npm test- Run unit tests (Vitest)npm run test:ui- Run tests with UInpm run test:e2e- Run E2E tests (Playwright)
Code Quality
npm run lint- Run ESLintnpm run lint:fix- Fix ESLint issuesnpm run lint:ui- Run ESLint onsrc/componentsandsrc/featuresonlynpm run report:arbitrary- Report Tailwind arbitrary values (w-[...], gap-[...], etc.) for migrationnpm run typecheck- Type check without emitting filesnpm run fmt- Format code with Prettier
Type Generation & Validation
npm run generate:types- Generate TypeScript types from OpenAPI specnpm run validate:schemas- Validate Zod schemasnpm run validate:types- Type checknpm run validate:all- Run all validations
Project Structure
apps/web/
├── src/
│ ├── components/ # Reusable UI components
│ ├── features/ # Feature modules (auth, tracks, playlists, etc.)
│ ├── hooks/ # Custom React hooks
│ ├── services/ # API clients and services
│ ├── stores/ # Zustand state management (UI state stores)
│ │ # Note: Feature stores (auth, chat) are in features/*/store/
│ ├── types/ # TypeScript types
│ │ └── generated/ # Auto-generated types from OpenAPI
│ ├── utils/ # Utility functions
│ └── styles/ # Global styles and design tokens
├── e2e/ # End-to-end tests (Playwright)
├── scripts/ # Build and utility scripts
└── public/ # Static assets
Design System
The application uses the Kodo design system. Single source of truth for layout, spacing, shadows, and transitions: docs/DESIGN_TOKENS.md. Shell layout: docs/APP_SHELL.md.
- Colors: Kodo color palette (see
src/styles/COLOR_USAGE.md) - Components: Design system components in
src/components/ui/ - Typography: Type scale and hierarchy (see
docs/DESIGN_TOKENS.md,src/styles/TYPOGRAPHY_GUIDE.md) - Spacing: Spacing scale (see
docs/SPACING_GUIDE.md) — no arbitrary values (e.g.w-[300px],gap-[7px]) without justification.
Visual regression: npm run visual:capture, npm run visual:compare, npm run visual:update (see visual-tests/README.md). Arbitrary values report: npm run report:arbitrary to list Tailwind arbitrary patterns for migration. New full-layout page: see docs/FULL_LAYOUT_PAGE.md.
ESLint Rules
The project enforces:
- Typography: Use type scale classes (text-xs, text-sm, etc.) instead of arbitrary sizes
- Spacing: Use spacing scale (gap-0 through gap-24) instead of arbitrary values
- Colors: Use Kodo design system colors instead of Tailwind defaults
- Components: Use design system Button component instead of native
<button>
See eslint.config.js for full rule configuration.
Contributing
- Follow the existing code style
- Run
npm run validate:allbefore committing - Ensure all tests pass:
npm test - Type generation runs automatically in CI/CD
Documentation
- Architecture Guide:
docs/ARCHITECTURE.md(MUST READ) - Component Usage:
src/components/COMPONENT_USAGE.md - Color Usage:
src/styles/COLOR_USAGE.md - Typography:
src/styles/TYPOGRAPHY_GUIDE.md - Spacing:
src/styles/SPACING_GUIDE.md
Troubleshooting
Type Generation Fails
Ensure veza-backend-api/openapi.yaml exists and is valid:
cd ../../veza-backend-api
swag init # Generate OpenAPI spec
Build Errors
-
Clear node_modules and reinstall:
rm -rf node_modules package-lock.json npm install -
Clear Vite cache:
rm -rf node_modules/.vite
Type Errors
Run type generation and validation:
npm run generate:types
npm run validate:types