littleshop

SilverLABS/littleshop

Fork 0

Commit Graph

Author	SHA1	Message	Date
SysAdmin	622bdcf111	🔒 SECURITY: Emergency fixes and hardening EMERGENCY FIXES: ✅ DELETE MockSilverPayService.cs - removed fake payment system ✅ REMOVE mock service registration - no fake payments possible ✅ GENERATE new JWT secret - replaced hardcoded key ✅ FIX HttpClient disposal - proper resource management SECURITY HARDENING: ✅ ADD production guards - prevent mock services in production ✅ CREATE environment configs - separate dev/prod settings ✅ ADD config validation - fail fast on misconfiguration IMPACT: - Mock payment system completely eliminated - JWT authentication now uses secure keys - Production deployment now validated on startup - Resource leaks fixed in TeleBot currency API 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-22 05:45:49 +01:00
SysAdmin	8b0e3e0611	Implement comprehensive notification system for LittleShop - Add admin PWA push notifications for order management - Integrate TeleBot customer messaging service - Add push notification endpoints and VAPID key support - Implement order status notifications throughout workflow - Add notification UI components in admin panel - Create TeleBotMessagingService for customer updates - Add WebPush configuration to appsettings - Fix compilation issues (BotStatus, BotContacts DbSet) - Add comprehensive testing documentation Features: - Real-time admin notifications for new orders and status changes - Customer order progress updates via TeleBot - Graceful failure handling for notification services - Test endpoints for notification system validation 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-19 16:17:24 +01:00
SysAdmin	d343037bbd	Security: Fix critical vulnerabilities and implement security hardening CRITICAL SECURITY FIXES: - Fixed certificate validation bypass vulnerability in BTCPayServerService * Removed unsafe ServerCertificateCustomValidationCallback * Added environment-specific SSL configuration * Production now enforces proper SSL validation - Fixed overly permissive CORS policy * Replaced AllowAnyOrigin() with specific trusted origins * Created separate CORS policies for Development/Production/API * Configured from appsettings for environment-specific control - Implemented CSRF protection across admin panel * Added [ValidateAntiForgeryToken] to all POST/PUT/DELETE actions * Protected 10 admin controllers with anti-forgery tokens * Prevents Cross-Site Request Forgery attacks CONFIGURATION IMPROVEMENTS: - Created appsettings.Development.json for dev-specific settings - Added Security:AllowInsecureSSL flag (Development only) - Added CORS:AllowedOrigins configuration arrays - Created comprehensive security roadmap (ROADMAP.md) ALSO FIXED: - TeleBot syntax errors (Program.cs, MessageFormatter.cs) - Added enterprise-full-stack-developer output style Impact: All Phase 1 critical security vulnerabilities resolved Status: Ready for security review and deployment preparation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-19 11:56:12 +01:00

Author

SHA1

Message

Date

SysAdmin

622bdcf111

🔒 SECURITY: Emergency fixes and hardening

EMERGENCY FIXES:
✅ DELETE MockSilverPayService.cs - removed fake payment system
✅ REMOVE mock service registration - no fake payments possible
✅ GENERATE new JWT secret - replaced hardcoded key
✅ FIX HttpClient disposal - proper resource management

SECURITY HARDENING:
✅ ADD production guards - prevent mock services in production
✅ CREATE environment configs - separate dev/prod settings
✅ ADD config validation - fail fast on misconfiguration

IMPACT:
- Mock payment system completely eliminated
- JWT authentication now uses secure keys
- Production deployment now validated on startup
- Resource leaks fixed in TeleBot currency API

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-22 05:45:49 +01:00

SysAdmin

8b0e3e0611

Implement comprehensive notification system for LittleShop

- Add admin PWA push notifications for order management
- Integrate TeleBot customer messaging service
- Add push notification endpoints and VAPID key support
- Implement order status notifications throughout workflow
- Add notification UI components in admin panel
- Create TeleBotMessagingService for customer updates
- Add WebPush configuration to appsettings
- Fix compilation issues (BotStatus, BotContacts DbSet)
- Add comprehensive testing documentation

Features:
- Real-time admin notifications for new orders and status changes
- Customer order progress updates via TeleBot
- Graceful failure handling for notification services
- Test endpoints for notification system validation

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-19 16:17:24 +01:00

SysAdmin

d343037bbd

Security: Fix critical vulnerabilities and implement security hardening

CRITICAL SECURITY FIXES:
- Fixed certificate validation bypass vulnerability in BTCPayServerService
  * Removed unsafe ServerCertificateCustomValidationCallback
  * Added environment-specific SSL configuration
  * Production now enforces proper SSL validation

- Fixed overly permissive CORS policy
  * Replaced AllowAnyOrigin() with specific trusted origins
  * Created separate CORS policies for Development/Production/API
  * Configured from appsettings for environment-specific control

- Implemented CSRF protection across admin panel
  * Added [ValidateAntiForgeryToken] to all POST/PUT/DELETE actions
  * Protected 10 admin controllers with anti-forgery tokens
  * Prevents Cross-Site Request Forgery attacks

CONFIGURATION IMPROVEMENTS:
- Created appsettings.Development.json for dev-specific settings
- Added Security:AllowInsecureSSL flag (Development only)
- Added CORS:AllowedOrigins configuration arrays
- Created comprehensive security roadmap (ROADMAP.md)

ALSO FIXED:
- TeleBot syntax errors (Program.cs, MessageFormatter.cs)
- Added enterprise-full-stack-developer output style

Impact: All Phase 1 critical security vulnerabilities resolved
Status: Ready for security review and deployment preparation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-19 11:56:12 +01:00

3 Commits