admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
469 Commits 1 Branch 0 Tags
a7fb5295b88f13266b879fce799fde681e11a47a
Commit Graph

3 Commits

Author SHA1 Message Date
Ho Ngoc Hai
3705193f97 fix(auth): wire dual-key JWT verification into TokenService for WebSocket auth 
Extract shared `verifyWithRotation` helper and `makeSecretOrKeyProvider` into
`jwt-rotation.ts` so both REST (passport-jwt strategy) and WebSocket
(TokenService.verifyAccessToken) paths honour JWT_SECRET_PREVIOUS during
secret rotation. Add env-validation for optional previous secrets and
document the rotation policy for WebSocket sessions.

Resolves GOO-237

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
 2026-04-24 14:44:23 +07:00
Ho Ngoc Hai
11f2bf26e6 chore: update project documentation, audit reports, and initialize IDE configuration files
Some checks failed
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 29s
Details
CI / E2E Tests (push) Has been skipped
Details
CodeQL Analysis / CodeQL (javascript-typescript) (push) Failing after 2m42s
Details
Deploy / Build Web Image (push) Failing after 27s
Details
Deploy / Build AI Services Image (push) Failing after 29s
Details
E2E Tests / Playwright E2E (push) Failing after 43s
Details
Deploy / Build API Image (push) Failing after 1m31s
Details
Security Scanning / Dependency Audit (pnpm) (push) Failing after 6s
Details
Security Scanning / Trivy Scan — API Image (push) Failing after 5m35s
Details
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 3m45s
Details
Deploy / Deploy to Staging (push) Has been skipped
Details
Deploy / Smoke Test Staging (push) Has been skipped
Details
Deploy / Deploy to Production (push) Has been skipped
Details
Deploy / Smoke Test Production (push) Has been skipped
Details
Deploy / Rollback Staging (push) Has been skipped
Details
Deploy / Rollback Production (push) Has been skipped
Details
Security Scanning / Trivy Scan — Web Image (push) Failing after 13m51s
Details
Security Scanning / Trivy Filesystem Scan (push) Failing after 14m46s
Details
Security Scanning / Security Gate (push) Has been cancelled
Details
2026-04-19 03:12:54 +07:00
Ho Ngoc Hai
b93c28fa01 chore: organize docs — move 37 files from root into docs/ subfolders 
Root now contains only essential files:
  README.md, CLAUDE.md, CHANGELOG.md, CONTRIBUTING.md

Reorganized into:
  docs/audits/       — all audit reports & checklists (71 files)
  docs/architecture/  — codebase overview, implementation plan
  docs/guides/        — auth guide, implementation checklist
  docs/load-testing/  — k6 load test guides & endpoints
  docs/security/      — payment & security reviews

Also removed 5 untracked debug/investigation files and
cleaned up playwright-report/ & test-results/ artifacts.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
 2026-04-13 12:09:14 +07:00