0e7097ed1b
First-attempt commit3a5c6e184only captured the .gitignore change; the pre-commit hook silently dropped the 343 staged moves/deletes during lint-staged's "no matching task" path. This commit re-applies the intended J1 content on top ofbec75f143(which was pushed in parallel). Uses --no-verify because: - J1 only touches .md/.json/.log/.png/binaries — zero code that would benefit from lint-staged, typecheck, or vitest - The hook demonstrated it corrupts pure-rename commits in this repo - Explicitly authorized by user for this one commit Changes (343 total: 169 deletions + 174 renames): Binaries purged (~167 MB): - veza-backend-api/{server,modern-server,encrypt_oauth_tokens,seed,seed-v2} Generated reports purged: - 9 apps/web/lint_report*.json (~32 MB) - 8 apps/web/tsc_*.{log,txt} + ts_*.log (TS error snapshots) - 3 apps/web/storybook_*.json (1375+ stored errors) - apps/web/{build_errors*,build_output,final_errors}.txt - 70 veza-backend-api/coverage*.out + coverage_groups/ (~4 MB) - 3 veza-backend-api/internal/handlers/*.bak Root cleanup: - 54 audit-*.png (visual regression baselines, ~11 MB) - 9 stale MVP-era scripts (Jan 27, hardcoded v0.101): start_{iteration,mvp,recovery}.sh, test_{mvp_endpoints,protected_endpoints,user_journey}.sh, validate_v0101.sh, verify_logs_setup.sh, gen_hash.py Session docs archived (not deleted — preserved under docs/archive/): - 78 apps/web/*.md → docs/archive/frontend-sessions-2026/ - 43 veza-backend-api/*.md → docs/archive/backend-sessions-2026/ - 53 docs/{RETROSPECTIVE_V,SMOKE_TEST_V,PLAN_V0_,V0_*_RELEASE_SCOPE, AUDIT_,PLAN_ACTION_AUDIT,REMEDIATION_PROGRESS}*.md → docs/archive/v0-history/ README.md and CONTRIBUTING.md preserved in apps/web/ and veza-backend-api/. Note: The .gitignore rules preventing recurrence were already pushed in3a5c6e184and remain in place — this commit does not modify .gitignore. Refs: AUDIT_REPORT.md §11
6.4 KiB
6.4 KiB
Smoke Test v0.903 — Stabilisation v1.0 & Launch Readiness
Prérequis
veza-backend-apicompilé et démarré- PostgreSQL avec migrations appliquées jusqu'à 134+
- Extensions PostgreSQL :
pg_trgm,fuzzystrmatch - Redis configuré
.envcomplet (DATABASE_URL, JWT_SECRET, HCAPTCHA_SECRET, etc.)- Utilisateur standard + admin avec tokens JWT
- Données suffisantes : tracks, plays, playlists, users, orders
1. Recherche & Recommandations (ST1)
1.1 Recherche phonétique
curl -s "http://localhost:8080/api/v1/search?q=hiphop" \
-H "Authorization: Bearer {TOKEN}" | jq '.data.results | length'
# Attendu: trouve des résultats pour "hip hop", "hip-hop", "hiphop"
1.2 "Did you mean"
curl -s "http://localhost:8080/api/v1/search?q=electrnoic" \
-H "Authorization: Bearer {TOKEN}" | jq '.data.did_you_mean'
# Attendu: "electronic"
1.3 Saved searches
curl -s -X POST http://localhost:8080/api/v1/search/saved \
-H "Authorization: Bearer {TOKEN}" \
-H "Content-Type: application/json" \
-d '{"query": "chill beats", "filters": {"genre": "lofi"}}' | jq .
# Attendu: 201, saved search created
curl -s http://localhost:8080/api/v1/search/saved \
-H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des recherches sauvegardées
1.4 Recommendations
curl -s http://localhost:8080/api/v1/tracks/recommendations \
-H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: >= 10 tracks recommandées (collaborative filtering ou fallback genre/BPM)
1.5 Auto playlists
# Frontend: naviguer vers Library
# Vérifier: section "Made for You" avec "Discover Weekly" (30 tracks) et "Your Top Tracks" (20 tracks)
# Vérifier: badge "Auto" sur ces playlists
# Vérifier: playlists en lecture seule
2. Player & Playlists (ST2)
2.1 Smart playlist
curl -s -X POST http://localhost:8080/api/v1/playlists/smart \
-H "Authorization: Bearer {TOKEN}" \
-H "Content-Type: application/json" \
-d '{"name": "Fast Hip Hop", "rules": [{"field":"genre","op":"eq","value":"hip-hop"},{"field":"bpm","op":"gt","value":"120"}], "logic": "AND", "limit": 50}' | jq .
# Attendu: 201, smart playlist created with matching tracks
2.2 Export M3U
curl -s http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/export?format=m3u \
-H "Authorization: Bearer {TOKEN}" -o playlist.m3u
head playlist.m3u
# Attendu: #EXTM3U header, entries with #EXTINF and URLs
2.3 Merge playlists
curl -s -X POST http://localhost:8080/api/v1/playlists/merge \
-H "Authorization: Bearer {TOKEN}" \
-H "Content-Type: application/json" \
-d '{"playlist_ids": ["{ID1}", "{ID2}"], "name": "Merged Playlist"}' | jq .
# Attendu: 201, merged playlist with deduplicated tracks
2.4 Duplicate playlist
curl -s -X POST http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/duplicate \
-H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 201, "Copy of {original name}"
3. Auth & Sécurité (ST3)
3.1 Sessions actives
curl -s http://localhost:8080/api/v1/auth/sessions \
-H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des sessions avec device, IP, last_active_at
# Attendu: session courante marquée is_current=true
3.2 Révoquer une session
curl -s -X DELETE http://localhost:8080/api/v1/auth/sessions/{SESSION_ID} \
-H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, session révoquée
# Vérifier: token de cette session invalide
3.3 Login history
curl -s http://localhost:8080/api/v1/auth/login-history \
-H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: dernières connexions avec IP, device, date, success/failure
3.4 CAPTCHA
# Effectuer 3 tentatives de login échouées
# 4ème tentative: vérifier que le formulaire affiche un CAPTCHA
# Vérifier: login sans CAPTCHA → 400 "CAPTCHA required"
3.5 Password history
# Changer mot de passe vers "NewPassword1!"
# Tenter de rechanger vers l'ancien mot de passe
# Attendu: 400, "Cannot reuse recent passwords"
3.6 Frontend
# Settings → Security → Sessions
# Vérifier: tableau des devices actifs, bouton Revoke
# Settings → Security → Login History
# Vérifier: historique des connexions
4. Performance (ST4)
4.1 k6 load test
cd tests/load && k6 run auth-flow.js --vus 100 --duration 5m
# Attendu: p95 < 200ms, error rate < 1%
4.2 Cache Redis
# Effectuer 2 recherches identiques à 1s d'intervalle
# Vérifier: 2ème réponse significativement plus rapide (cache hit)
4.3 Cache headers assets
curl -sI http://localhost:5173/assets/index-*.js | grep cache-control
# Attendu: cache-control: max-age=31536000, immutable
5. Documentation v1.0 (ST5)
docs/API_REFERENCE.md— tous les endpoints documentésdocs/PRODUCTION_GUIDE.md— guide déploiement production completREADME.md— mis à jour avec architecture v1.0, quick start, featuresdocs/MIGRATION_GUIDE.md— liste migrations complète, procédure upgrade
6. E2E Final (REL)
6.1 Smoke tests précédents
# Exécuter les vérifications critiques de chaque version :
# v0.703: GET /live/streams/me/key → 200
# v0.801: curl -sI | grep content-security-policy → present
# v0.802: GET /cloud/files/:id/versions → 200
# v0.803: GET /swagger/index.html → 200
# v0.901: GET /marketplace/wishlist → 200
# v0.902: GET /social/hashtags/trending → 200
6.2 Security headers
curl -sI http://localhost:8080/api/v1/health | grep -iE "csp|hsts|x-frame|x-content"
# Attendu: tous les headers de sécurité présents
6.3 GDPR
# POST /users/me/export → 202 (export démarré)
# DELETE /users/me → 200 (compte supprimé, données anonymisées)
6.4 Lighthouse
# Chrome DevTools → Lighthouse (Mobile)
# Performance: ≥ 85
# Accessibility: ≥ 90
# PWA: ≥ 90
# Best Practices: ≥ 85
# SEO: ≥ 80
7. Release
CHANGELOG.mdcontient historique complet v0.101 → v1.0docs/PROJECT_STATE.md: Version = v1.0, Phase = Releaseddocs/FEATURE_STATUS.md: modules v1.0 finalisésdocs/RETROSPECTIVE_V0903.mdcrééedocs/RETROSPECTIVE_V1.md— rétrospective globalegit tag v0.903créégit tag v1.0créé