🔒 SECURITY: Emergency fixes and hardening

EMERGENCY FIXES: ✅ DELETE MockSilverPayService.cs - removed fake payment system ✅ REMOVE mock service registration - no fake payments possible ✅ GENERATE new JWT secret - replaced hardcoded key ✅ FIX HttpClient disposal - proper resource management SECURITY HARDENING: ✅ ADD production guards - prevent mock services in production ✅ CREATE environment configs - separate dev/prod settings ✅ ADD config validation - fail fast on misconfiguration IMPACT: - Mock payment system completely eliminated - JWT authentication now uses secure keys - Production deployment now validated on startup - Resource leaks fixed in TeleBot currency API 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-22 05:45:49 +01:00
parent 5138242a99
commit 622bdcf111
41 changed files with 6797 additions and 341 deletions
--- a/LittleShop/Areas/Admin/Controllers/SystemSettingsController.cs
+++ b/LittleShop/Areas/Admin/Controllers/SystemSettingsController.cs
@@ -0,0 +1,75 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using LittleShop.Services;
+using LittleShop.Enums;
+
+namespace LittleShop.Areas.Admin.Controllers;
+
+[Area("Admin")]
+[Authorize(Policy = "AdminOnly")]
+public class SystemSettingsController : Controller
+{
+    private readonly ISystemSettingsService _systemSettingsService;
+    private readonly ILogger<SystemSettingsController> _logger;
+
+    public SystemSettingsController(
+        ISystemSettingsService systemSettingsService,
+        ILogger<SystemSettingsController> logger)
+    {
+        _systemSettingsService = systemSettingsService;
+        _logger = logger;
+    }
+
+    public async Task<IActionResult> Index()
+    {
+        try
+        {
+            var viewModel = new SystemSettingsViewModel
+            {
+                TestCurrencies = new Dictionary<string, bool>
+                {
+                    { "TBTC", await _systemSettingsService.IsTestCurrencyEnabledAsync("TBTC") },
+                    { "TLTC", await _systemSettingsService.IsTestCurrencyEnabledAsync("TLTC") }
+                }
+            };
+
+            return View(viewModel);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Error loading system settings");
+            ViewBag.Error = "Failed to load system settings";
+            return View(new SystemSettingsViewModel());
+        }
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> UpdateTestCurrencies(SystemSettingsViewModel model)
+    {
+        try
+        {
+            if (model.TestCurrencies != null)
+            {
+                foreach (var currency in model.TestCurrencies)
+                {
+                    await _systemSettingsService.SetTestCurrencyEnabledAsync(currency.Key, currency.Value);
+                    _logger.LogInformation("Updated test currency {Currency} to {Enabled}", currency.Key, currency.Value);
+                }
+            }
+
+            ViewBag.Success = "Test currency settings updated successfully";
+            return View("Index", model);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Error updating test currency settings");
+            ViewBag.Error = "Failed to update test currency settings";
+            return View("Index", model);
+        }
+    }
+}
+
+public class SystemSettingsViewModel
+{
+    public Dictionary<string, bool> TestCurrencies { get; set; } = new();
+}