🔒 SECURITY: Emergency fixes and hardening

EMERGENCY FIXES: ✅ DELETE MockSilverPayService.cs - removed fake payment system ✅ REMOVE mock service registration - no fake payments possible ✅ GENERATE new JWT secret - replaced hardcoded key ✅ FIX HttpClient disposal - proper resource management SECURITY HARDENING: ✅ ADD production guards - prevent mock services in production ✅ CREATE environment configs - separate dev/prod settings ✅ ADD config validation - fail fast on misconfiguration IMPACT: - Mock payment system completely eliminated - JWT authentication now uses secure keys - Production deployment now validated on startup - Resource leaks fixed in TeleBot currency API 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-22 05:45:49 +01:00
parent 5138242a99
commit 622bdcf111
41 changed files with 6797 additions and 341 deletions
--- a/LittleShop.Client/Services/CatalogService.cs
+++ b/LittleShop.Client/Services/CatalogService.cs
@@ -116,14 +116,14 @@ public class CatalogService : ICatalogService
        try
        {
            var response = await _httpClient.GetAsync($"api/catalog/products/{id}");
-            
+
            if (response.IsSuccessStatusCode)
            {
                var product = await response.Content.ReadFromJsonAsync<Product>();
                if (product != null)
                    return ApiResponse<Product>.Success(product);
            }
-            
+
            var error = await response.Content.ReadAsStringAsync();
            return ApiResponse<Product>.Failure(error, response.StatusCode);
        }
@@ -131,7 +131,31 @@ public class CatalogService : ICatalogService
        {
            _logger.LogError(ex, "Failed to get product {ProductId}", id);
            return ApiResponse<Product>.Failure(
-                ex.Message, 
+                ex.Message,
+                System.Net.HttpStatusCode.InternalServerError);
+        }
+    }
+
+    public async Task<ApiResponse<List<string>>> GetAvailableCurrenciesAsync()
+    {
+        try
+        {
+            var response = await _httpClient.GetAsync("api/currency/available");
+
+            if (response.IsSuccessStatusCode)
+            {
+                var currencies = await response.Content.ReadFromJsonAsync<List<string>>();
+                return ApiResponse<List<string>>.Success(currencies ?? new List<string>());
+            }
+
+            var error = await response.Content.ReadAsStringAsync();
+            return ApiResponse<List<string>>.Failure(error, response.StatusCode);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Failed to get available currencies");
+            return ApiResponse<List<string>>.Failure(
+                ex.Message,
                System.Net.HttpStatusCode.InternalServerError);
        }
    }