## CI/CD Improvements
**Database Reset on Every Deployment:**
- CT109 Pre-Production: Automatically deletes database volume before deployment
- Production VPS: Same fresh database logic for consistent deployments
- Creates timestamped backup before deletion for safety
- Ensures 100% fresh state (only admin user, no sample data)
**Security Fix:**
- Moved hardcoded Telegram bot token to Gitea secret
- Now uses ${{ secrets.CT109_TELEGRAM_BOT_TOKEN }} in workflow
- Prevents token exposure in repository
## Documentation Created
**DEPLOYMENT.md (Rewritten):**
- Fixed incorrect deployment path (/opt/littleshop → ~/littleshop for CT109)
- Added comprehensive CI/CD-based deployment guide
- Documented automatic fresh database on every deployment
- Included network architecture diagrams
- Added troubleshooting for common networking issues
- Removed incorrect docker-compose manual instructions
**SILVERPAY_SETUP.md (New):**
- Complete SilverPay integration configuration guide
- Installation instructions for CT109
- API key generation and webhook security
- Payment workflow documentation
- Troubleshooting common integration issues
- Alternative BTCPay Server reference
**BOT_REGISTRATION.md (New):**
- TeleBot first-time setup and registration guide
- Automatic vs manual registration workflows
- Bot token security best practices
- API endpoints for bot management
- Comprehensive troubleshooting section
- Database schema documentation
## Gitea Secrets Required
To complete deployment, add this secret in Gitea repository settings:
**Name:** CT109_TELEGRAM_BOT_TOKEN
**Value:** 8254383681:AAE_j4cUIP9ABVE4Pqrmtgjfmqq1yc4Ow5A
## Breaking Changes
⚠️ **Database will be deleted on every deployment**
- All products, orders, customers, and payments will be reset
- Only admin user and bot registrations preserved
- Backups created automatically before deletion
This is intentional for testing environments - ensures consistent, repeatable deployments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added complete docker-compose.yml for both LittleShop and TeleBot
- Proper network configuration (littleshop-network + silverpay-network)
- Correct port mappings (5100:5000 for host access, 5000 internal)
- Health checks with service dependencies
- Volume management for data, uploads, and logs
- Enhanced DEPLOYMENT.md with comprehensive guide
- Quick deploy using docker-compose
- Manual deployment alternative
- Network architecture diagram
- Troubleshooting common networking issues
- Database management commands
- Environment configuration details
- Production deployment checklist
This prevents recurring network and port configuration issues by
providing declarative infrastructure-as-code deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Sample data (products, categories, orders) now only seeds in Development
- Production environment will start with empty database (admin user only)
- Ensures clean state for testing without pre-populated data
This allows production deployments to start with a truly empty database
for testing purposes, while development still gets sample data for
local testing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added VariantCollectionId and VariantsJson columns to Products table
- Migration was previously empty causing schema mismatch on startup
- Fixes "SQLite Error 1: 'no such column: p.VariantCollectionId'"
The migration file was scaffolded but never implemented, causing production
deployments to fail with database schema errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added @Html.AntiForgeryToken() to Customer.cshtml reply form
- Fixes HTTP 400 error when replying to customer messages
- Required for CSRF protection with [ValidateAntiForgeryToken]
The form was missing the CSRF token which caused ASP.NET Core to reject
all POST requests to /Admin/Messages/Reply with HTTP 400 status.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Modified OrdersController to include Processing (legacy) status in pending tab
- Updated badge count to include Processing orders in PendingPaymentCount
- Added database reset script that preserves bot tokens and integrations
Processing status (OrderStatus=20) is a legacy unpaid status that should be visible
in the Pending Payment workflow to allow staff to retry failed payment creation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed BotService to prevent duplicate bot registrations by checking for existing bot with same name/type
- Updated existing bot record instead of creating duplicates on re-registration
- Configured SilverPay integration with production API key
- Updated TeleBot configuration for local development (localhost API URL, Tor disabled)
This ensures single bot instances and proper payment gateway integration for testing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Issue:
- Docker buildx creates containerized builder requiring elevated capabilities
- Gitea Actions runner doesn't have permission to apply Linux capabilities
- Error: "unable to apply caps: operation not permitted"
Solution:
- Removed docker/setup-buildx-action from both build jobs
- Using standard docker build (already configured via DOCKER_BUILDKIT=1)
- BuildKit features still enabled via environment variable
Impact:
- CI/CD builds will now succeed without capability errors
- No functionality lost (workflow uses 'docker build', not 'docker buildx build')
- Faster build start (no buildx container creation overhead)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Test Infrastructure Improvements:
- Added missing service registrations to TestWebApplicationFactory
- ICryptoPaymentService
- IDataSeederService
- Fixed JWT configuration validation to skip in Testing environment
- Allow test environment to use default test JWT key
Impact:
- Test pass rate improved from 56/110 (51%) to 86/110 (78%)
- Fixed 30 integration and security test failures
- All catalog and most order controller tests now passing
Remaining Failures (24 tests):
- OrdersWithVariants tests (5) - Requires variant test data seeding
- OrdersController tests (5) - Requires product/category test data
- AuthenticationEnforcement tests (2) - Auth configuration issues
- UI/AdminPanel tests (12) - Playwright server configuration needed
Next Steps:
- Add test data seeding for product variants and multi-buy
- Configure Playwright tests to use TestWebApplicationFactory server
- Review authentication test expectations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major Feature Additions:
- Customer management: Full CRUD with data export and privacy compliance
- Payment management: Centralized payment tracking and administration
- Push notification subscriptions: Manage and track web push subscriptions
Security Enhancements:
- IP whitelist middleware for administrative endpoints
- Data retention service with configurable policies
- Enhanced push notification security documentation
- Security fixes progress tracking (2025-11-14)
UI/UX Improvements:
- Enhanced navigation with improved mobile responsiveness
- Updated admin dashboard with order status counts
- Improved product CRUD forms
- New customer and payment management interfaces
Backend Improvements:
- Extended customer service with data export capabilities
- Enhanced order service with status count queries
- Improved crypto payment service with better error handling
- Updated validators and configuration
Documentation:
- DEPLOYMENT_NGINX_GUIDE.md: Nginx deployment instructions
- IP_STORAGE_ANALYSIS.md: IP storage security analysis
- PUSH_NOTIFICATION_SECURITY.md: Push notification security guide
- UI_UX_IMPROVEMENT_PLAN.md: Planned UI/UX enhancements
- UI_UX_IMPROVEMENTS_COMPLETED.md: Completed improvements
Cleanup:
- Removed temporary database WAL files
- Removed stale commit message file
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Documenting critical issues with the variant collection spreadsheet editor:
- Column names not displaying in the UI
- Data not persisting to database (complete data loss)
Previous fixes applied but issue persists. Marked as DEFERRED for now.
Users can use JSON textarea workaround until proper fix is implemented.
Status: NOT PRODUCTION READY
Problem: Variant editor was skipping ALL columns with headers starting with 'Property '
(e.g., 'Property 1'), which caused complete data loss during serialization.
When users entered data but didn't rename the default column header, serializeToJSON()
would skip the column entirely, returning an empty array [] to the database.
Fix: Only skip columns with truly empty names, not default 'Property X' names.
Users can now save data even if they haven't renamed column headers.
Files changed:
- wwwroot/js/variant-editor.js: Removed propertyName.startsWith('Property ') check
- Areas/Admin/Views/VariantCollections/Create.cshtml: Updated cache-busting to v=20251113d
- Areas/Admin/Views/VariantCollections/Edit.cshtml: Updated cache-busting to v=20251113d
Major UX improvements based on user feedback:
- Replaced auto-populated columns with preset shortcut buttons
- Quick Add buttons for Size, Color, Material, Storage
- Custom button for user-defined property names
- Double-click column headers to rename
- Rename column option in context menu
- Starts with single empty column instead of defaults
- Improved usage instructions in UI
- Cache-busting version updated to force reload
This design is more flexible and less confusing than auto-generating columns.
Added comprehensive mobile card layout for Products/Index, completing Phase 2 responsive design.
**Products Mobile View Features:**
- Horizontal layout with 80x80px product image on left
- Product name, category badge, price, and status on right
- Full description (100 chars) below header
- 2-column grid for Stock and Weight info
- Conditional badges for multi-buys and variants
- Full-width "View Details & Edit" button
**Mobile UX Highlights:**
- Larger product images (80px vs 50px desktop thumbnail)
- Price prominently displayed in green (fs-5)
- Stock status color-coded (success/warning)
- Variations clearly shown with icon badges
- Touch-friendly full-width action button
**Technical Implementation:**
- d-flex for image + info horizontal layout
- flex-grow-1 for responsive info section
- row g-2 for 2-column grid with gutters
- Conditional rendering for variations badges
- ARIA labels for accessibility
**Phase 2 Now Complete:**
✅ Categories - Simple cards with description
✅ Users - Minimal cards with user info
✅ ShippingRates - 2x2 grid for rate details
✅ VariantCollections - Cards with JSON preview
✅ Products - Rich cards with images and variations
✅ Orders - Mobile cards (already implemented)
All main Index views now mobile-optimized!
🚀 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented responsive mobile card layouts for all main Index views, providing superior mobile UX while maintaining desktop table views.
**Responsive Design Pattern:**
- Desktop (≥992px): Table layout with all data columns
- Mobile (<992px): Card-based layout optimized for touch interaction
- Breakpoint: Bootstrap's lg breakpoint for optimal viewing experience
**Views Converted:**
1. **Categories/Index.cshtml:**
- Mobile cards with name, description, product count, status
- Full-width action buttons for easy touch interaction
- Clear visual hierarchy with icons and badges
2. **Users/Index.cshtml:**
- Simplified mobile cards showing username, created date, status
- Conditional delete button (protected admin account)
- Clean, minimal design for quick user management
3. **ShippingRates/Index.cshtml:**
- 2x2 grid layout for shipping rate data (country, price, weight, delivery)
- Visual separation with light background boxes
- All critical information displayed in scannable format
4. **VariantCollections/Index.cshtml:**
- Properties JSON displayed in scrollable code block
- Created/Updated dates in compact format
- Clear deactivation action for variant collections
**Mobile UX Enhancements:**
- ✅ 44px minimum touch targets (Bootstrap .btn default)
- ✅ Full-width buttons with .d-grid gap-2 for easy tapping
- ✅ Proper spacing with mb-3 between cards
- ✅ Clear visual hierarchy with card-title and badges
- ✅ Descriptive button text (not just icons) on mobile
- ✅ Responsive icons and status indicators
- ✅ Word-break handling for long JSON strings
**Technical Implementation:**
- Used Bootstrap's d-none d-lg-block for desktop tables
- Used d-lg-none for mobile card views
- No JavaScript required - pure CSS responsive design
- Maintains all functionality from desktop view
- Zero data loss in mobile transformation
**Accessibility Maintained:**
- All ARIA labels preserved from Phase 1
- Semantic HTML structure in both views
- Proper heading hierarchy maintained
- Keyboard navigation fully functional
🚀 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented comprehensive accessibility enhancements to meet WCAG 2.1 AA standards:
**Skip Navigation:**
- Added skip-to-content link for keyboard users
- Link appears on focus and jumps directly to main content area
**Screen Reader Support:**
- Created .sr-only and .sr-only-focusable utility classes
- Added aria-hidden="true" to all decorative icons
- Added descriptive aria-label attributes to all icon-only buttons
**Enhanced Focus Indicators:**
- Implemented 3px visible outlines on all interactive elements
- Added :focus-visible for keyboard-only focus indicators
- Special focus styling for primary actions (orange outline)
- Consistent 2px outline-offset for better visibility
**Table Accessibility:**
- Added scope="col" attributes to all table headers
- Properly grouped button actions with role="group" and aria-label
**Button Improvements:**
- All icon-only buttons now have descriptive ARIA labels
- Added responsive text labels (visible on sm+ screens, hidden on mobile)
- Improved button groups with proper ARIA roles
**Files Modified:**
- _Layout.cshtml: Skip link, accessible menu close button
- Categories/Index.cshtml: ARIA labels, table scopes
- Users/Index.cshtml: ARIA labels, table scopes
- Orders/Index.cshtml: Table scopes
- Products/Index.cshtml: Table scopes
- ShippingRates/Index.cshtml: ARIA labels, table scopes
- VariantCollections/Index.cshtml: ARIA labels, table scopes
- modern-admin.css: Accessibility utilities and enhanced focus styles
**WCAG 2.1 AA Criteria Addressed:**
- 2.4.1 Bypass Blocks (Level A)
- 2.4.7 Focus Visible (Level AA)
- 4.1.2 Name, Role, Value (Level A)
- 1.3.1 Info and Relationships (Level A)
🚀 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Changed JSON naming policy from CamelCase to SnakeCaseLower for SilverPay API compatibility
- Fixed field name from 'fiat_amount' to 'amount' in request body
- Used unique payment ID instead of order ID to avoid duplicate external_id conflicts
- Modified SilverPayApiResponse to handle string amounts from API
- Added [JsonIgnore] attributes to computed properties to prevent JSON serialization conflicts
- Fixed test compilation errors (mock service and enum casting issues)
- Updated SilverPay endpoint to http://10.0.0.52:8001/🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Critical fix for £0 order bug:
- When users select a variant and click 'Add to Basket', the confirmvar: callback triggers HandleConfirmVariant
- This method was passing variantId: null to AddItem(), causing cart items to have no variant and price £0
- Now looks up selected variant by name, extracts its ID, and passes it to cart
- Added logging to track which variant is being used
- Also includes CSV variant conversion utility and sample fixed import file
Previous build at 20:05 used cached layers from 18:06.
This empty commit will trigger pipeline #519 to rebuild fresh.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL BUG FIX: HandleAddToCart was only checking MultiBuys for price,
never ProductVariants. This caused all variant-based products to use the
base price (£0), resulting in £0 orders.
Changes:
- HandleAddToCart now checks variants FIRST for pricing
- Falls back to multi-buy, then base price (correct priority order)
- Uses proper Product-based AddItem() method to pass variant IDs
- Added logging to track which pricing method is used
- HandleQuickBuy already had correct variant detection (no changes)
Result: Orders now correctly calculate total using variant prices (e.g., £90, £160)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Log variant count and prices when fetching products to diagnose
why variants aren't being detected during add-to-cart flow.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added logging to diagnose why orders are created with £0 pricing:
- Log when product has variants and variant selection is shown
- Log WARNING when product has no variants and base price is used
- Helps identify if variants are missing or not being detected
Troubleshooting: Orders showing £0 despite variants having correct prices
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
