d68041e2f1
feat(auth): PKCE client refinements + backend refresh token support
...
- oauth.ts: provider param, TokenResponse typing, exchangeCode returns full response
- LoginPage: fully async handleOAuth with buildAuthUrl
- CallbackPage: dual-mode PKCE (code) + legacy (token), refresh token forwarding
- LoginButton: provider prop support
- auth.routes: POST /auth/session accepts refreshToken, sets od_refresh cookie
2026-03-22 16:14:55 +01:00
e52aa1e79c
perf: requireAdmin — 2 queries → 1 (User + userRoles eager join TypeORM)
2026-03-15 18:00:48 +01:00
379a9a115b
fix(security): isActive defense-in-depth, MIME magic bytes upload, tenantId=origins OAuth
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 54s
2026-03-15 17:34:19 +01:00
61d8a5257d
feat: admin/superadmin — fix response shape, ban/unban, stats tab, role restriction
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 24s
2026-03-15 02:30:11 +01:00
d69281a2e0
feat: B3 — search vidéos (filtre client-side + param ?q= backend)
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 22s
2026-03-15 02:22:04 +01:00
426cd4bbbd
feat: B2 — 401 interceptor + auto-refresh token (fix SuperOAuth path + response shape)
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 27s
2026-03-15 02:19:40 +01:00
f80b8cb81c
fix: instrument bare catch blocks — logger.error sur stream/admin/user
2026-03-15 00:18:37 +01:00
494206b5b3
feat: observability — Winston logging, pagination admin, N+1 playlists
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 27s
2026-03-14 23:21:42 +01:00
31edea9dd9
feat: rate limiting — login 10req/15min, admin 50req/min, trust proxy
2026-03-14 23:20:20 +01:00
9f53193c7c
feat: vitest setup + auth middleware — token invalide et absent → 401
2026-03-14 23:19:45 +01:00
30ef7312b5
feat: sprint 3 — profile endpoints + avatar
...
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 32s
- GET /api/auth/me enrichi : avatar, plan actif, subscriptionDate
- GET /api/users/me/profile : profil complet (local UUID, sub, rôles)
- PATCH /api/users/me : update nickname / avatar (validation URL + longueur)
- User entity : champ avatar VARCHAR(500) nullable
- Migration 1742000000000-AddUserAvatar (appliquée VPS)
2026-03-14 22:25:22 +01:00
24ae8854ce
fix: GET /admin/users — find() x5 → variable locale
2026-03-14 19:35:04 +01:00
2a74be2624
feat: GET /api/auth/me retourne roles[]
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 35s
2026-03-14 15:18:51 +01:00
27e6541425
fix: requireAdmin résout le user local par superOAuthId
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 59s
2026-03-14 15:14:03 +01:00
c7815aac2f
feat: token refresh, video upload, playlist routes complets
...
- auth: cookie od_token 7j, refresh token od_refresh 30j, POST /api/auth/refresh, GET /api/auth/me/optional
- admin: POST /api/admin/videos/upload via multer (mp4/webm, 4Go max, UUID filename)
- playlist: PATCH /:id, DELETE /:id, POST /:id/videos, DELETE /:id/videos/:videoId
- env: UPLOADS_DIR documenté dans .env.example
2026-03-14 14:32:18 +01:00
324efcaa3d
feat: login email/password + proxy POST /api/auth/login → SuperOAuth
...
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 21s
- auth.routes : POST /api/auth/login proxie vers SuperOAuth, pose httpOnly cookie
- Factorisation upsertUser() partagé avec /session
- LoginPage : form email/password + séparateur + boutons OAuth provider
2026-03-14 10:26:25 +01:00
666cf6a435
feat: stream route, admin subscriptions, fix CORS multi-origin
...
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 21s
- index.ts : CORS supporte plusieurs origines (FRONTEND_URL séparé par virgule)
- stream.routes.ts : GET /api/stream/:key* — sert fichiers locaux avec auth
optionnelle, contrôle d'accès par level, support Range requests (seekable)
- admin.routes.ts : POST /api/admin/users/:id/subscriptions — assigne un plan,
expire l'abonnement actif précédent
- Fix .env VPS : FRONTEND_URL=origins.tetardtek.com (domaine correct)
2026-03-14 09:58:01 +01:00
df3fe8ebe0
fix(auth): correct SuperOAuth endpoint path — /api/v1/auth not /api/auth
CI/CD — Build & Deploy / Build (push) Failing after 43s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 08:40:32 +01:00
5eb0a43d7f
feat: lazy ReactPlayer, seed 11 vidéos YouTube (niveaux 0/1/2)
CI/CD — Build & Deploy / Build (push) Failing after 41s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 08:25:41 +01:00
11d9432218
fix(routes): resolve superOAuthId → DB userId — critical auth bug
...
CI/CD — Build & Deploy / Build (push) Failing after 35s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
req.user.id = SuperOAuth UUID, pas l'UUID TypeORM en DB.
Sans ce fix : getUserPlanLevel retourne toujours 0, ownerId ne matche jamais.
- video.routes: resolveDbUserId avant getUserPlanLevel
- playlist.routes: resolveDbUserId sur toutes les opérations owner/member
2026-03-14 08:12:11 +01:00
5d4bab7d99
chore: add assign-first-admin.sql — run once after first login
CI/CD — Build & Deploy / Build (push) Failing after 39s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 08:10:16 +01:00
253af8f402
fix(auth): upsert user in DB on session creation — first login creates user record
2026-03-14 08:07:42 +01:00
5afcad487e
docs(backend): add .env.example
CI/CD — Build & Deploy / Build (push) Failing after 44s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 08:01:01 +01:00
7c727aa802
feat(admin): requireAdmin middleware + /api/admin routes
...
- requireAdmin: charge user_roles en DB, accepte admin/super_admin
- GET/POST/PATCH/DELETE /api/admin/videos (publiées + non publiées)
- GET /api/admin/users avec rôles et abonnement actif
- PATCH /api/admin/users/:id/roles (remplacement atomique par slugs)
- GET/POST/PATCH /api/admin/plans
2026-03-14 07:46:35 +01:00
f1de2bb065
fix(backend): resolve migration path relative to __dirname
...
CI/CD — Build & Deploy / Deploy to VPS (push) Has been cancelled
CI/CD — Build & Deploy / Build (push) Has been cancelled
migrations glob "src/migrations/**/*.ts" was CWD-relative — broken when CLI runs
outside the src/ directory. Using __dirname makes it absolute and portable.
2026-03-14 07:32:39 +01:00
f3e392ff1b
feat(backend): mount API routes + cookie-parser + CORS with credentials
...
- index.ts: mount /api/auth, /api/videos, /api/playlists; add cookie-parser; CORS with credentials + FRONTEND_URL env
- auth.middleware: read token from Bearer header OR od_token httpOnly cookie
- routes: auth (session/logout/me), videos (level-gated), playlists (CRUD + share management)
- deps: cookie-parser + @types/cookie-parser
2026-03-14 07:10:47 +01:00
71d90eb133
feat: initial schema migration — 9 tables + seed roles & plans
2026-03-14 07:02:20 +01:00
2f47be1305
feat: TypeORM entities — User, Role, SubscriptionPlan, Video, Playlist + relations
2026-03-14 06:53:02 +01:00
4f3c0e6433
feat: SuperOAuth token introspection middleware + /api/profile route
2026-03-14 06:40:43 +01:00
b771f4d1c3
fix: add package-lock.json — required for npm ci in Docker build
CI/CD — Build & Deploy / Build (push) Failing after 35s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 04:43:26 +01:00
4a3be2a323
feat: initial project structure — Express/TS/TypeORM + React/TS + Docker + Gitea CI
CI/CD — Build & Deploy / Build (push) Failing after 1m47s
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
2026-03-14 04:13:58 +01:00
