| .claude/output-styles | ||
| docker | ||
| Hostinger | ||
| LittleShop | ||
| LittleShop.Client | ||
| LittleShop.Client.Example | ||
| LittleShop.Tests | ||
| publish | ||
| TeleBot | ||
| VapidKeyGenerator | ||
| .dockerignore | ||
| .env.example | ||
| .env.hostinger | ||
| .env.hostinger.template | ||
| .env.production.template | ||
| .env.template | ||
| .gitignore | ||
| .spec.MD | ||
| bot-ui-test-results.md | ||
| BTCPAY_DEPLOYMENT_FIX.md | ||
| BTCPAY_EXTERNAL_NODES_STATUS.md | ||
| BTCPAY_SETUP.md | ||
| btcpay-minimal-compose.yml | ||
| btcpay-minimal-working.yml | ||
| btcpay-server-compose.yml | ||
| btcpay-simple-compose.yml | ||
| btcpay-simple-testnet.yml | ||
| btcpay-working-compose.yml | ||
| btcpay.env | ||
| CLAUDE.md | ||
| commit_changes.bat | ||
| COMPLETE_PROJECT_SUMMARY.md | ||
| cookies-btc.txt | ||
| cookies-new.txt | ||
| cookies.txt | ||
| create_icons.html | ||
| create_pwa_icons.ps1 | ||
| CRYPTOCURRENCY_SETUP.md | ||
| DEPLOY_BTCPAY_SERVER.md | ||
| deploy-hostinger-final.sh | ||
| deploy-hostinger-vps.sh | ||
| deploy-production.sh | ||
| deploy-to-hostinger.sh | ||
| deploy-with-password.sh | ||
| deploy.sh | ||
| DEPLOYMENT_FINAL_STATUS.md | ||
| DEPLOYMENT_LESSONS_LEARNED.md | ||
| DEPLOYMENT_SLAB01.md | ||
| DEPLOYMENT_SUCCESS.md | ||
| DEPLOYMENT-CHECKLIST.md | ||
| deployment-export.txt | ||
| DEPLOYMENT.md | ||
| DEVELOPMENT_LESSONS.md | ||
| docker-compose.hostinger.yml | ||
| docker-compose.monitoring.yml | ||
| docker-compose.prod.yml | ||
| docker-compose.yml | ||
| docker-compose.yml.deploy | ||
| Dockerfile | ||
| Dockerfile.deploy | ||
| env.hostinger | ||
| frontend_link_crawler.py | ||
| full-cookies.txt | ||
| HOSTINGER_DEPLOYMENT.md | ||
| HOSTINGER-DEPLOYMENT.md | ||
| hostinger-deployment.tar.gz | ||
| hostinger-docker-compose.yml | ||
| INFRASTRUCTURE_RECOVERY_FINAL.md | ||
| littleshop-antiforgery-fix.tar.gz | ||
| littleshop-btcpay-fix.tar.gz | ||
| littleshop-complete.tar.gz | ||
| littleshop-deploy.tar.gz | ||
| littleshop-fix.tar.gz | ||
| littleshop-full.tar.gz | ||
| littleshop-hotfix.tar.gz | ||
| littleshop-platform-info.tar.gz | ||
| littleshop-release.tar.gz | ||
| littleshop-src.tar.gz | ||
| littleshop-ui-fixes.tar.gz | ||
| littleshop-update.tar.gz | ||
| littleshop-wizard-fixed.tar.gz | ||
| littleshop-wizard.tar.gz | ||
| LittleShop.sln | ||
| login_page.html | ||
| MANUAL_DEPLOYMENT_INSTRUCTIONS.md | ||
| MCP_ENHANCEMENT_OPPORTUNITY.md | ||
| nginx.conf | ||
| NOTIFICATION_IMPLEMENTATION.md | ||
| NOTIFICATION_TESTING_PLAN.md | ||
| nul | ||
| PERFORMANCE_PLAN.md | ||
| PORTAINER-DEPLOYMENT.md | ||
| PORTAINER-STEPS.md | ||
| prepare-deployment.sh | ||
| PRODUCTION.md | ||
| products_page.html | ||
| PROJECT_README.md | ||
| README.md | ||
| ROADMAP.md | ||
| SESSION_LESSONS_LEARNED.md | ||
| setup-monitoring.sh | ||
| telebot-deploy.tar.gz | ||
| telebot-fixes-v2.tar.gz | ||
| telebot-fixes.tar.gz | ||
| telebot-release.tar.gz | ||
| telebot-safe-src.tar.gz | ||
| test_bot_flow.py | ||
| test_navigation_links.sh | ||
| test-bot-functionality.sh | ||
| test-cookies2.txt | ||
| test-cookies.txt | ||
| test-image.txt | ||
| test-navigation-cookies.txt | ||
| test-upload.png | ||
| TestBTCPayConnection.cs | ||
| TestPaymentFlow.cs | ||
| token.txt | ||
| wizard-cookies.txt | ||
LittleShop API
A basic online sales system backend built with ASP.NET Core 9.0, featuring multi-cryptocurrency payment support via BTCPay Server.
Features
Admin Panel
- Authentication: JWT-based authentication for admin users
- Categories: Full CRUD operations for product categories
- Products: Complete product management with image upload support
- Users: Staff user management (username/password only)
- Orders: Order management with status tracking
- Accounting: Dashboard and financial overview
Public API
- Catalog: Public product and category browsing
- Orders: Order creation and management by client identity reference
- Payments: Multi-cryptocurrency payment processing
- Tracking: Order status and tracking
Cryptocurrency Support
- BTC (Bitcoin) + Lightning Network
- XMR (Monero) - Privacy coin
- USDT (Tether) - Stablecoin
- LTC (Litecoin)
- ETH (Ethereum)
- ZEC (Zcash) - Privacy coin
- DASH (Dash)
- DOGE (Dogecoin)
Getting Started
Prerequisites
- .NET 9.0 SDK
- SQLite (included)
- BTCPay Server instance (for production)
Configuration
Update appsettings.json with your settings:
{
"ConnectionStrings": {
"DefaultConnection": "Data Source=littleshop.db"
},
"Jwt": {
"Key": "YourSuperSecretKeyThatIsAtLeast32CharactersLong!",
"Issuer": "LittleShop",
"Audience": "LittleShop",
"ExpiryInHours": 24
},
"BTCPayServer": {
"BaseUrl": "https://your-btcpay-server.com",
"ApiKey": "your-api-key",
"StoreId": "your-store-id",
"WebhookSecret": "your-webhook-secret"
}
}
Running the Application
-
Clone and build:
dotnet restore dotnet build -
Run:
dotnet run -
Access:
- API:
https://localhost:5001 - Swagger UI:
https://localhost:5001/swagger
- API:
Default Admin User
- Username:
admin - Password:
admin
API Endpoints
Authentication
POST /api/auth/login- Login (get JWT token)GET /api/auth/users- List users (admin)POST /api/auth/users- Create user (admin)
Categories
GET /api/categories- List categoriesPOST /api/categories- Create category (admin)PUT /api/categories/{id}- Update category (admin)DELETE /api/categories/{id}- Delete category (admin)
Products
GET /api/products- List productsGET /api/products?categoryId={id}- Products by categoryPOST /api/products- Create product (admin)POST /api/products/{id}/photos- Upload product photo (admin)
Public Catalog
GET /api/catalog/categories- Public category listGET /api/catalog/products- Public product list
Orders
POST /api/orders- Create orderGET /api/orders/by-identity/{identity}- Get orders by identityPOST /api/orders/{id}/payments- Create crypto paymentGET /api/orders/{id}/payments- Get order paymentsPOST /api/orders/{id}/cancel- Cancel order
Admin Order Management
GET /api/orders- List all orders (admin)PUT /api/orders/{id}/status- Update order status (admin)
Product Weight Units
Unit(0) - Generic unitMicrograms(1)Grams(2)Ounces(3)Pounds(4)Millilitres(5)Litres(6)
Order Statuses
PendingPayment(0) - Awaiting paymentPaymentReceived(1) - Payment confirmedProcessing(2) - Being processedPickingAndPacking(3) - Preparing for shipmentShipped(4) - Shipped with trackingDelivered(5) - DeliveredCancelled(6) - CancelledRefunded(7) - Refunded
Payment Workflow
- Customer creates order via API
- Order receives unique ID and pending status
- Customer requests payment in preferred cryptocurrency
- System generates unique wallet address and amount
- Customer sends payment to provided address
- BTCPay Server detects payment and triggers webhook
- Order status updates to PaymentReceived
- Admin processes order through picking & packing
- Shipping label generated via Royal Mail API
- Customer receives tracking information
Security Features
- JWT authentication for admin endpoints
- Password hashing with PBKDF2
- No customer personal data stored (identity reference only)
- Self-hosted payment processing (no third-party data sharing)
- CORS configuration for web clients
Logging
- Structured logging with Serilog
- Console and file output
- Request/response logging
- Payment processing audit trail
Development
The API is built with:
- ASP.NET Core 9.0 - Web framework
- Entity Framework Core - Database ORM
- SQLite - Database
- JWT - Authentication
- AutoMapper - Object mapping
- FluentValidation - Input validation
- Serilog - Logging
- Swagger - API documentation
- BTCPay Server Client - Crypto payments
Privacy & Compliance
- No KYC requirements
- No customer personal data retention
- Privacy-focused cryptocurrencies supported (XMR, ZEC)
- Self-hosted payment processing
- GDPR-friendly design (minimal data collection)
Development Roadmap
See ROADMAP.md for detailed development plans, including:
- 🚨 Critical security fixes (immediate priority)
- 📋 Production readiness improvements
- 🚀 Feature enhancements (shipping, notifications, analytics)
- 🏗️ Long-term scalability and optimization plans
Recent Updates
- Security vulnerabilities identified and documented (Sep 19, 2025)
- BTCPay Server integration fixed with production credentials (Sep 19, 2025)
- Product variations and mobile workflow implemented (Sep 18, 2025)