49335322b5
Some checks failed
Veza CI / Notify on failure (push) Blocked by required conditions
Veza CI / Rust (Stream Server) (push) Successful in 5m33s
Security Scan / Secret Scanning (gitleaks) (push) Failing after 1m0s
Veza CI / Backend (Go) (push) Failing after 9m37s
Veza CI / Frontend (Web) (push) Has been cancelled
E2E Playwright / e2e (full) (push) Has been cancelled
End-to-end DMCA workflow. Public submission, admin queue, takedown
flips track to is_public=false + dmca_blocked=true, playback paths
return 451 Unavailable For Legal Reasons.
Backend
- migrations/988_dmca_notices.sql + rollback : table dmca_notices
(id, status, claimant_*, work_description, infringing_track_id FK,
sworn_statement_at, takedown_at, counter_notice_at, restored_at,
audit_log JSONB, created_at, updated_at). Adds tracks.dmca_blocked
BOOLEAN. Partial indexes for the pending queue + per-track lookup.
Status enum constrained via CHECK.
- internal/models/dmca_notice.go + DmcaBlocked field on Track.
- internal/services/dmca_service.go : CreateNotice + ListPending +
Takedown + Dismiss. Takedown is a single transaction that flips the
track's flags AND appends an audit_log entry — partial state can't
happen if the track was deleted between fetch and update.
- internal/handlers/dmca_handler.go : POST /api/v1/dmca/notice (public),
GET /api/v1/admin/dmca/notices (paginated), POST /:id/takedown,
POST /:id/dismiss. sworn_statement=false → 400. Conflict → 409.
Track gone after notice → 410.
- internal/api/routes_legal.go : route registration. Admin chain :
RequireAuth + RequireAdmin + RequireMFA (same as moderation routes).
- internal/core/track/track_hls_handler.go : both StreamTrack +
DownloadTrack now early-return 451 when track.DmcaBlocked. Owner
cannot bypass — only an admin restoring the notice clears the gate.
- internal/services/dmca_service_test.go : audit_log append helpers,
malformed-JSON rejection, ordering preservation.
Frontend
- apps/web/src/features/legal/pages/DmcaNoticePage.tsx : public form
at /legal/dmca/notice. Validates sworn-statement checkbox client-side.
Receipt panel shows the notice ID after submission.
- apps/web/src/services/api/dmca.ts : thin client (POST /dmca/notice).
- routeConfig + lazy registry updated for the new route.
- DmcaPage now links to /legal/dmca/notice instead of saying "form
pending".
E2E
- tests/e2e/29-dmca-notice.spec.ts : 3 tests. (1) anonymous submit
yields 201 + pending receipt. (2) sworn_statement=false rejected
with 400. (3) admin takedown gates playback with 451 — gated behind
E2E_DMCA_ADMIN=1 because admin path requires MFA-bearing seed.
Acceptance (Day 14) : public submission produces a pending notice,
admin takedown blocks playback at 451. Lab-side validation pending
admin MFA seed for the e2e admin pathway.
W3 progress : Redis Sentinel ✓ · MinIO distribué ✓ · CDN ✓ · DMCA ✓ ·
embed ⏳ Day 15.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
78 lines
4.7 KiB
Go
78 lines
4.7 KiB
Go
package models
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/lib/pq"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// Track représente une piste audio dans le système
|
|
// MIGRATION UUID: Completée. ID et UserID sont des UUIDs.
|
|
type Track struct {
|
|
ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id" db:"id"`
|
|
UserID uuid.UUID `gorm:"type:uuid;not null;column:creator_id" json:"creator_id" db:"creator_id"`
|
|
FileID *uuid.UUID `gorm:"type:uuid" json:"file_id,omitempty" db:"file_id"` // NULL temporairement avant création fichier
|
|
Title string `gorm:"not null;size:255" json:"title" db:"title"`
|
|
Artist string `gorm:"size:255" json:"artist" db:"artist"`
|
|
Album string `gorm:"size:255" json:"album" db:"album"`
|
|
Duration int `gorm:"not null" json:"duration" db:"duration"` // seconds
|
|
Genre string `gorm:"size:100" json:"genre" db:"genre"`
|
|
Tags pq.StringArray `gorm:"type:text[]" json:"tags,omitempty" db:"tags"`
|
|
Year int `gorm:"default:0" json:"year" db:"year"`
|
|
BPM *int `gorm:"column:bpm" json:"bpm,omitempty" db:"bpm"`
|
|
MusicalKey string `gorm:"size:10" json:"musical_key,omitempty" db:"musical_key"`
|
|
FilePath string `gorm:"not null;size:500" json:"file_path" db:"file_path"`
|
|
FileSize int64 `gorm:"not null" json:"file_size" db:"file_size"` // bytes
|
|
Format string `gorm:"size:10" json:"format" db:"format"` // mp3, flac, wav, etc.
|
|
Bitrate int `gorm:"default:0" json:"bitrate" db:"bitrate"` // kbps
|
|
SampleRate int `gorm:"default:0" json:"sample_rate" db:"sample_rate"` // Hz
|
|
WaveformPath string `gorm:"size:500" json:"waveform_path" db:"waveform_path"`
|
|
WaveformURL *string `gorm:"size:500" json:"waveform_url,omitempty" db:"waveform_url"`
|
|
CoverArtPath string `gorm:"size:500" json:"cover_art_path" db:"cover_art_path"`
|
|
IsPublic bool `gorm:"default:true" json:"is_public" db:"is_public"`
|
|
// v1.0.9 W3 Day 14 — DMCA takedown gate. When TRUE, no playback path
|
|
// serves the track regardless of is_public. Only an admin restoring
|
|
// the corresponding dmca_notices row clears this flag.
|
|
DmcaBlocked bool `gorm:"default:false;not null" json:"-" db:"dmca_blocked"`
|
|
Status TrackStatus `gorm:"default:'uploading'" json:"status" db:"status"`
|
|
StatusMessage string `gorm:"type:text" json:"status_message,omitempty" db:"status_message"`
|
|
StreamStatus string `gorm:"default:'pending'" json:"stream_status" db:"stream_status"` // pending, processing, ready, error
|
|
StreamManifestURL string `gorm:"size:500" json:"stream_manifest_url" db:"stream_manifest_url"`
|
|
// v1.0.8 Phase 0 — multi-backend storage. Schema added in migration 985.
|
|
// Values: "local" (default, file_path is the local FS path) or "s3"
|
|
// (storage_key is the S3/MinIO object key inside config.S3Bucket).
|
|
// Hidden from JSON responses — internal plumbing only.
|
|
StorageBackend string `gorm:"size:16;default:'local';not null" json:"-" db:"storage_backend"`
|
|
StorageKey *string `gorm:"size:512" json:"-" db:"storage_key"`
|
|
// SECURITY(CRIT-002): play_count and like_count are PRIVATE — visible only to the creator
|
|
// in their analytics dashboard. Never exposed in public API responses.
|
|
// Ref: CLAUDE.md rule #4, ORIGIN_UI_UX_SYSTEM.md §13
|
|
PlayCount int64 `gorm:"default:0" json:"-" db:"play_count"`
|
|
LikeCount int64 `gorm:"default:0" json:"-" db:"like_count"`
|
|
CreatedAt time.Time `gorm:"autoCreateTime" json:"created_at" db:"created_at"`
|
|
UpdatedAt time.Time `gorm:"autoUpdateTime" json:"updated_at" db:"updated_at"`
|
|
DeletedAt gorm.DeletedAt `json:"-" db:"deleted_at"`
|
|
|
|
// Relations
|
|
User User `gorm:"foreignKey:UserID;constraint:OnDelete:CASCADE" json:"-"`
|
|
Playlists []Playlist `gorm:"many2many:playlist_tracks;" json:"-"`
|
|
Likes []TrackLike `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
|
|
Shares []TrackShare `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
|
|
Versions []TrackVersion `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
|
|
HLSStreams []HLSStream `gorm:"foreignKey:TrackID;constraint:OnDelete:CASCADE" json:"-"`
|
|
}
|
|
|
|
// TableName définit le nom de la table pour GORM
|
|
func (Track) TableName() string {
|
|
return "tracks"
|
|
}
|
|
|
|
// BeforeCreate hook GORM pour générer UUID si non défini
|
|
func (m *Track) BeforeCreate(tx *gorm.DB) error {
|
|
if m.ID == uuid.Nil {
|
|
m.ID = uuid.New()
|
|
}
|
|
return nil
|
|
}
|