admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict CORS origins, require payment env vars, replace raw SQL with Prisma findMany

Browse Source 
- AI service: replace allow_origins=["*"] with env-configured AI_CORS_ORIGINS
- Payment services (VNPay, MoMo, ZaloPay): use requireEnv() instead of empty string defaults for credentials
- Search indexer: replace raw SQL template literals with Prisma findMany + parameterized PostGIS queries

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-08 06:11:59 +07:00
parent 271ad76e6f
commit 811417d77d
6 changed files with 136 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/api/src/modules/payments/infrastructure/services/zalopay.service.ts
View File

@@ -10,21 +10,29 @@ import {
type RefundResult,
} from './payment-gateway.interface';
function requireEnv(key: string): string {
const value = process.env[key];
if (!value) {
throw new Error(`Missing required environment variable: ${key}`);
}
return value;
}
@Injectable()
export class ZalopayService implements IPaymentGateway {
private readonly logger = new Logger(ZalopayService.name);
readonly provider: PaymentProvider = 'ZALOPAY';
private get appId(): string {
return process.env['ZALOPAY_APP_ID'] ?? '';
return requireEnv('ZALOPAY_APP_ID');
}
private get key1(): string {
return process.env['ZALOPAY_KEY1'] ?? '';
return requireEnv('ZALOPAY_KEY1');
}
private get key2(): string {
return process.env['ZALOPAY_KEY2'] ?? '';
return requireEnv('ZALOPAY_KEY2');
}
private get endpoint(): string {