34 Commits

Author	SHA1	Message	Date
Tetardtek	e04666865d	fix: CallbackPage handles verification_pending and merge_pending states	2026-03-23 01:14:50 +01:00
Tetardtek	8309400466	feat(landing): repositionner plateforme vidéo — supprimer pitch B2B SaaS ... Landing reécrite : vidéos, playlists, créateurs. Supprimé : pricing, white-label, mentions SuperOAuth, PricingCard component. CTA principal → /app (explorer les vidéos).	2026-03-22 16:15:02 +01:00
Tetardtek	d68041e2f1	feat(auth): PKCE client refinements + backend refresh token support ... - oauth.ts: provider param, TokenResponse typing, exchangeCode returns full response - LoginPage: fully async handleOAuth with buildAuthUrl - CallbackPage: dual-mode PKCE (code) + legacy (token), refresh token forwarding - LoginButton: provider prop support - auth.routes: POST /auth/session accepts refreshToken, sets od_refresh cookie	2026-03-22 16:14:55 +01:00
Tetardtek	7932659a73	feat(auth): PKCE flow preparation + CallbackPage dual-mode ... - Add oauth.ts — PKCE helpers (code verifier/challenge, token exchange) - Add LoginButton — "Se connecter avec SuperOAuth" component - Update CallbackPage — handles both PKCE (?code) and legacy (?token) flows - Update .env.example — VITE_OAUTH_URL + VITE_OAUTH_CLIENT_ID PKCE flow ready for when SuperOAuth exposes /oauth/authorize endpoint. Legacy flow (redirect + token query param) remains active in production.	2026-03-22 12:50:07 +01:00
Tetardtek	32b9af7b02	fix(auth): UserMenu sessionStorage → AuthContext — unification auth state	2026-03-17 07:43:48 +01:00
Tetardtek	d25bfb7d87	feat(sprint3-step1-2): vision B2B + Tailwind tokens + LandingPage + Pricing B2B	2026-03-17 06:36:52 +01:00
Tetardtek	379a9a115b	fix(security): isActive defense-in-depth, MIME magic bytes upload, tenantId=origins OAuth	2026-03-15 17:34:19 +01:00
Tetardtek	ef4c23d6a2	fix: OAuth — window.location.href direct, no cross-origin fetch (CORS)	2026-03-15 03:30:49 +01:00
Tetardtek	94b607c4d0	fix: OAuth buttons — fetch authUrl then redirect (SuperOAuth JSON flow)	2026-03-15 03:27:00 +01:00
Tetardtek	40938be067	fix: OAuth login path — /api/v1/oauth/:provider (pas auth/oauth)	2026-03-15 03:23:24 +01:00
Tetardtek	3eb791d4a1	feat: VideoPage — ajouter à une playlist (owned + edit-permitted)	2026-03-15 02:53:34 +01:00
Tetardtek	8e78ce50b5	feat: profile avatar, callback setUser fix, admin description/thumbnail, pagination limit=100	2026-03-15 02:45:50 +01:00
Tetardtek	61d8a5257d	feat: admin/superadmin — fix response shape, ban/unban, stats tab, role restriction	2026-03-15 02:30:11 +01:00
Tetardtek	d69281a2e0	feat: B3 — search vidéos (filtre client-side + param ?q= backend)	2026-03-15 02:22:04 +01:00
Tetardtek	426cd4bbbd	feat: B2 — 401 interceptor + auto-refresh token (fix SuperOAuth path + response shape)	2026-03-15 02:19:40 +01:00
Tetardtek	6877db3227	fix: login — setUser après auth pour maj header immédiate	2026-03-15 01:57:41 +01:00
Tetardtek	2c3d9d95c6	feat(frontend): playlist B1 — edit, delete, share, invitations ... - PlaylistPage: bouton Éditer (formulaire inline titre/visibilité), Supprimer (confirm → DELETE → redirect), Partager (modal userId/permission → POST share), Retirer vidéo (✕ → DELETE) - PlaylistsPage: section invitations reçues avec Accept / Refuser (PATCH share/:shareId) - tsc --noEmit : 0 erreur, 0 console.log	2026-03-15 01:00:26 +01:00
Tetardtek	df8e594d57	fix(frontend): Error Boundary, HomePage error state, HLS catch — quick wins pre-Bloc-B	2026-03-15 00:53:46 +01:00
Tetardtek	01d347bce3	fix: ApiError typée + error handling pages video/playlists/admin ... - api.ts : ApiError class (status: number) — remplace Error générique - VideoPage/PlaylistPage : instanceof ApiError au lieu de message.includes() - PlaylistsPage : fetchError + createError — silent catch supprimé - AdminPage : guard roles.some() aligné Header (super_admin inclus)	2026-03-14 22:37:36 +01:00
Tetardtek	4e8c1aa849	feat: sprint 3 — profil utilisateur, badge plan, dropdown Header ... - AuthContext.User : plan? { slug, name, level } | null - UserBadge : nickname + badge plan.slug (fallback free) - Header : dropdown click (Profil / Déconnexion) + click-outside - ProfilePage : infos compte, badge plan, edit nickname (PATCH /users/me + re-fetch /auth/me → setUser) - App : route /profile protégée - useAuth : réexporte depuis AuthContext, fin de la dérive	2026-03-14 22:33:47 +01:00
Tetardtek	c25d9ad843	feat: admin page — guard isAdmin, error handling, upload local, role assignment ... - AuthContext: roles: string[] ajouté au type User - Header: lien /admin masqué si !roles.includes('admin') - AdminPage: redirect / si non-admin (Navigate) - AdminPage: fetchError sur les 3 tabs (load silencieux → message visible) - AdminPage: actionError sur toutes les mutations (toggle/delete/assign) - AdminPage: loading UsersTab → skeleton list 3 cartes (aligné Videos/Plans) - AdminPage: upload local — file input mp4/webm, multipart POST /admin/videos/upload, storageKey auto-rempli, Créer bloqué pendant upload - AdminPage: assignation rôle — PATCH /admin/users/:id/roles, rafraîchit la liste	2026-03-14 15:25:11 +01:00
Tetardtek	aa15dc0f54	feat: AuthContext, protected routes, admin page, fix VideoPlayer URL	2026-03-14 14:31:08 +01:00
Tetardtek	324efcaa3d	feat: login email/password + proxy POST /api/auth/login → SuperOAuth ... - auth.routes : POST /api/auth/login proxie vers SuperOAuth, pose httpOnly cookie - Factorisation upsertUser() partagé avec /session - LoginPage : form email/password + séparateur + boutons OAuth provider	2026-03-14 10:26:25 +01:00
Tetardtek	7e3ee29b13	fix: login page avec sélection provider → /api/v1/auth/oauth/:provider?redirectUrl ... SuperOAuth root page ignore ?redirectUrl, les boutons de sa UI pointent vers ses propres URIs hardcodées. Fix : notre page /login construit les URLs API directement avec redirectUrl=origins.tetardtek.com/callback. Aussi : CORS_ORIGINS SuperOAuth mis à jour (origins.tetardtek.com ajouté).	2026-03-14 10:11:30 +01:00
Tetardtek	34bab532be	fix: login → SuperOAuth root page (redirectUrl), drop LoginPage interne	2026-03-14 10:04:20 +01:00
Tetardtek	4265d21c8b	feat: login provider selection, logout, playlists pages ... - LoginPage : sélection Discord/GitHub/Google/Twitch via SuperOAuth - Header : bouton Connexion → /login, logout ↩ quand connecté, nav Playlists conditionnelle - useAuth : expose setUser pour logout côté Layout - PlaylistsPage : liste owned/shared, création inline - PlaylistPage : détail playlist + liste vidéos ordonnées - Fix : Video.id number → string (UUID) - Routes : /login, /playlists, /playlists/:id	2026-03-14 09:32:45 +01:00
Tetardtek	9598cd8715	perf(frontend): drop react-player — YouTube iframe natif, HLS.js lazy seulement si .m3u8	2026-03-14 08:39:01 +01:00
Tetardtek	5eb0a43d7f	feat: lazy ReactPlayer, seed 11 vidéos YouTube (niveaux 0/1/2)	2026-03-14 08:25:41 +01:00
Tetardtek	87d076313c	feat(frontend): VideoPage react-player v3, fix data.videos, route /video/:id	2026-03-14 08:12:08 +01:00
Tetardtek	0591cd4528	feat(frontend): useAuth /auth/me, videos list + locked flag, VITE_API_URL	2026-03-14 08:06:51 +01:00
Tetardtek	75aad8968f	fix(frontend): SuperOAuth flow — VITE_SUPEROAUTH_URL, redirect par provider, pas de client_id	2026-03-14 07:39:51 +01:00
Tetardtek	25733ee3db	feat(frontend): scaffold Tailwind design system + routing + auth callback ... - Tailwind v3 + PostCSS + autoprefixer - BrowserRouter with Layout shell (Header, theme toggle dark/light) - Pages: HomePage, CallbackPage (SuperOAuth callback handler) - hooks/useAuth.ts + lib/api.ts (API client base) - styles/index.css (Tailwind directives) - Theme persisted in localStorage (od-theme)	2026-03-14 07:15:19 +01:00
Tetardtek	b771f4d1c3	fix: add package-lock.json — required for npm ci in Docker build	2026-03-14 04:43:26 +01:00
Tetardtek	4a3be2a323	feat: initial project structure — Express/TS/TypeORM + React/TS + Docker + Gitea CI	2026-03-14 04:13:58 +01:00