Items are now private to their owner. Add items.user_id (migrated in
place, existing items backfilled to the first admin) and scope every
item, results, and dashboard view to the signed-in user via owner-scoped
queries plus an ownedItem 404 guard. Admins get strict isolation too;
elevation stays limited to settings and user management.
Alert routing follows ownership: deal emails go only to the item owner
and the weekly digest is built per-recipient from their own items. The
scheduler still polls every active item; the Apify/eBay budget stays a
shared pool visible to all.
Add TestItemsArePrivatePerUser and seed owners in db tests.
Opens Veola up to more users (Parodia's Authentik) and makes Apify spend
visible to everyone.
- Auth: Traefik forward-auth (trust X-Authentik-* headers only from
trusted_proxies CIDRs, keyed by email, role synced from admin_group),
keeping local password login as break-glass. New [auth] config,
CaptureDirectIP + ForwardAuth middleware, deploy/authentik-forward-auth.md.
- Budget: count every Apify run (apify_api_usage table) and show
calls + estimated cost to all users on the dashboard, with an optional
monthly-budget bar. New [budget] config + settings.
- Email: Resend client for opt-in deal alerts and a weekly digest
(Mon 09:00). Per-user email + toggles on Settings. New [resend] config.
- Defaults: new items default to a 12-hour poll interval to cut spend.
users table gains email/auth_source/email-pref columns (migrated in place).
go build/vet/test green; boots and migrates cleanly.