admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b6a5a2c1f5f47a318b4f922d9e2880f9eeb29ebb
goodgo-platform/apps/api
History
Ho Ngoc Hai 99385d8263 feat(auth): validate KYC image URL hosts match MinIO bucket 
Closes TEC-2725. Backend KYC presign + submit endpoints already landed in
8f8e20f; this adds the remaining acceptance criterion — host validation on
presigned URLs accepted via /auth/kyc/submit.

- Add IMediaStorageService.isTrustedUrl(url) — host+bucket check, supports
  MINIO_TRUSTED_HOSTS for CDN aliases
- SubmitKycHandler rejects imageUrls pointing outside our MinIO bucket
- Update handler specs with mock + new untrusted-host test

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-18 00:32:02 +07:00
..
src
feat(auth): validate KYC image URL hosts match MinIO bucket
2026-04-18 00:32:02 +07:00
docker-entrypoint.sh
feat(devops): improve multi-stage production Dockerfile for NestJS API
2026-04-09 01:23:06 +07:00
Dockerfile
fix: API Dockerfile — include mcp-servers workspace lib in production
2026-04-14 14:57:59 +07:00
nest-cli.json
feat: scaffold monorepo with Turborepo + NestJS + Next.js
2026-04-07 23:52:33 +07:00
package.json
feat(api): add industrial, transfer, and reports backend modules
2026-04-16 09:11:16 +07:00
tsconfig.json
feat: upgrade major dependencies to latest versions
2026-04-08 13:15:36 +07:00
vitest.config.ts
fix(auth): use env-configurable bcrypt rounds to prevent test timeout
2026-04-10 23:26:43 +07:00
vitest.integration.config.ts
feat(auth): implement Auth module with register, login, JWT, guards, and CQRS
2026-04-08 00:24:42 +07:00