SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 SECURITY: Emergency fixes and hardening

Browse Source 
EMERGENCY FIXES:
 DELETE MockSilverPayService.cs - removed fake payment system
 REMOVE mock service registration - no fake payments possible
 GENERATE new JWT secret - replaced hardcoded key
 FIX HttpClient disposal - proper resource management

SECURITY HARDENING:
 ADD production guards - prevent mock services in production
 CREATE environment configs - separate dev/prod settings
 ADD config validation - fail fast on misconfiguration

IMPACT:
- Mock payment system completely eliminated
- JWT authentication now uses secure keys
- Production deployment now validated on startup
- Resource leaks fixed in TeleBot currency API

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
SysAdmin
2025-09-22 05:45:49 +01:00
parent 5138242a99
commit 622bdcf111
41 changed files with 6797 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
LittleShop/Areas/Admin/Views/SystemSettings/Index.cshtml Normal file
View File

@@ -0,0 +1,104 @@
@model LittleShop.Areas.Admin.Controllers.SystemSettingsViewModel
@{
ViewData["Title"] = "System Settings";
}
<div class="container-fluid">
<div class="row">
<div class="col-12">
<div class="card">
<div class="card-header">
<h3 class="card-title">System Settings</h3>
</div>
<div class="card-body">
@if (!string.IsNullOrEmpty(ViewBag.Success))
{
<div class="alert alert-success alert-dismissible fade show" role="alert">
@ViewBag.Success
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
}
@if (!string.IsNullOrEmpty(ViewBag.Error))
{
<div class="alert alert-danger alert-dismissible fade show" role="alert">
@ViewBag.Error
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
}
<form asp-controller="SystemSettings" asp-action="UpdateTestCurrencies" method="post">
<div class="row">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5 class="card-title">Test Currencies</h5>
<p class="card-subtitle text-muted">
Enable test currencies for development and testing purposes.
These currencies are only available when enabled here.
</p>
</div>
<div class="card-body">
@foreach (var currency in Model.TestCurrencies)
{
<div class="form-check mb-3">
<input class="form-check-input"
type="checkbox"
name="TestCurrencies[@currency.Key]"
value="true"
@(currency.Value ? "checked" : "")
id="currency-@currency.Key">
<input type="hidden" name="TestCurrencies[@currency.Key]" value="false">
<label class="form-check-label" for="currency-@currency.Key">
<strong>@currency.Key</strong>
@{
string description = currency.Key switch
{
"TBTC" => "Test Bitcoin - Bitcoin testnet currency for development",
"TLTC" => "Test Litecoin - Litecoin testnet currency for development",
_ => "Test cryptocurrency"
};
}
<br><small class="text-muted">@description</small>
</label>
</div>
}
<div class="mt-3">
<button type="submit" class="btn btn-primary">
<i class="fas fa-save"></i> Update Test Currencies
</button>
</div>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h5 class="card-title">Production Currencies</h5>
<p class="card-subtitle text-muted">
Production currencies are always available based on SilverPay support.
</p>
</div>
<div class="card-body">
<div class="alert alert-info">
<h6>Always Enabled:</h6>
<ul class="mb-0">
<li><strong>BTC</strong> - Bitcoin (Production)</li>
<li><strong>ETH</strong> - Ethereum (Production)</li>
</ul>
<p class="mt-2 mb-0">
<small>These currencies are automatically available in the TeleBot based on SilverPay API support.</small>
</p>
</div>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>