🔒 SECURITY: Emergency fixes and hardening

EMERGENCY FIXES: ✅ DELETE MockSilverPayService.cs - removed fake payment system ✅ REMOVE mock service registration - no fake payments possible ✅ GENERATE new JWT secret - replaced hardcoded key ✅ FIX HttpClient disposal - proper resource management SECURITY HARDENING: ✅ ADD production guards - prevent mock services in production ✅ CREATE environment configs - separate dev/prod settings ✅ ADD config validation - fail fast on misconfiguration IMPACT: - Mock payment system completely eliminated - JWT authentication now uses secure keys - Production deployment now validated on startup - Resource leaks fixed in TeleBot currency API 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-22 05:45:49 +01:00
parent 5138242a99
commit 622bdcf111
41 changed files with 6797 additions and 341 deletions
--- a/LittleShop/Services/SilverPayService.cs
+++ b/LittleShop/Services/SilverPayService.cs
@@ -215,6 +215,35 @@ public class SilverPayService : ISilverPayService
        }
    }

+    public async Task<List<string>> GetSupportedCurrenciesAsync()
+    {
+        try
+        {
+            var response = await _httpClient.GetAsync("/api/v1/currencies");
+
+            if (!response.IsSuccessStatusCode)
+            {
+                _logger.LogWarning("Failed to get supported currencies from SilverPAY. Status: {Status}", response.StatusCode);
+                // Return a default list of commonly supported currencies
+                return new List<string> { "BTC", "ETH", "USDT", "LTC" };
+            }
+
+            var json = await response.Content.ReadAsStringAsync();
+            var currencies = JsonSerializer.Deserialize<List<string>>(json, new JsonSerializerOptions
+            {
+                PropertyNameCaseInsensitive = true
+            });
+
+            return currencies ?? new List<string> { "BTC" };
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Error getting supported currencies from SilverPAY");
+            // Return a safe default
+            return new List<string> { "BTC" };
+        }
+    }
+
    private static string GetSilverPayCurrency(CryptoCurrency currency)
    {
        return currency switch