Implement critical security fixes from code review

2025-09-29 05:26:29 +01:00
parent 8a7c07ead7
commit ec894ba529
4 changed files with 68 additions and 11 deletions
--- a/LittleShop/Services/ConfigurationValidationService.cs
+++ b/LittleShop/Services/ConfigurationValidationService.cs
@@ -29,8 +29,16 @@ public class ConfigurationValidationService
    {
        _logger.LogInformation("🔍 Validating application configuration...");

-        // Temporarily disabled for testing SilverPay settings page
-        // ValidateJwtConfiguration();
+        // JWT validation is critical in production, optional in development/testing
+        if (_environment.IsProduction() || !string.IsNullOrEmpty(_configuration["Jwt:Key"]))
+        {
+            ValidateJwtConfiguration();
+        }
+        else if (_environment.IsDevelopment())
+        {
+            _logger.LogWarning("⚠️ JWT validation skipped in development. Configure Jwt:Key for production readiness.");
+        }
+
        ValidateSilverPayConfiguration();
        ValidateProductionSafeguards();
        ValidateEnvironmentConfiguration();