fix: resolve 12 critical/high issues from code review across backend, frontend, and infra

Backend (7 fixes): - wallet-service: remove conflicting EF Ignore() calls for mapped backing fields - fnb-engine: remove KitchenTicket short constructor that set productId=orderItemId - fnb-engine: replace fire-and-forget Task.Run with direct await for inventory deduction - TenantMiddleware: implement PostgreSQL RLS SET LOCAL in 4 services (wallet, fnb, inventory, catalog) - order-service: fix SQL injection pattern in TenantMiddleware with Guid.ToString("D") - order-service: add ValidateShopAccess() authorization check in SignalR PosHub - 4 services: register IDbConnection (NpgsqlConnection) in DI for RLS middleware Frontend (3 fixes): - PosDataService: return Success=false (not true) when PayOrder response parsing fails - QrPayment: add _disposed guard to prevent timer race condition after component disposal - BFF OrderController: add [Authorize] attribute to require JWT for all endpoints Infrastructure (3 fixes): - docker-compose: upgrade PostgreSQL 15-alpine to 16-alpine per project spec - init-databases.sh: add 4 missing marketing service databases (mkt_*) - Traefik routes: add wallet, catalog, booking routers and /api/v1/stock path Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 16:22:08 +07:00
parent 7f8709ac9f
commit 653322b26c
21 changed files with 469 additions and 87 deletions
--- a/deployments/local/docker-compose.yml
+++ b/deployments/local/docker-compose.yml
@@ -29,7 +29,7 @@ services:

  # PostgreSQL 16 - Shared Database Server
  postgres:
-    image: postgres:15-alpine
+    image: postgres:16-alpine
    container_name: postgres-local
    environment:
      - POSTGRES_USER=goodgo
--- a/deployments/local/init-databases.sh
+++ b/deployments/local/init-databases.sh
@@ -9,26 +9,30 @@
 set -e

 DATABASES=(
+  "ads_analytics_service"
+  "ads_billing_service"
+  "ads_manager_service"
+  "ads_serving_service"
+  "ads_tracking_service"
+  "booking_service"
+  "catalog_service"
+  "chat_service"
+  "fnb_engine"
  "iam_service"
-  "storage_service"
+  "inventory_service"
  "membership_service"
  "merchant_service"
-  "wallet_service"
-  "chat_service"
-  "social_service"
  "mining_service"
  "mission_service"
-  "promotion_service"
-  "catalog_service"
+  "mkt_facebook_service"
+  "mkt_whatsapp_service"
+  "mkt_x_service"
+  "mkt_zalo_service"
  "order_service"
-  "inventory_service"
-  "fnb_engine"
-  "booking_service"
-  "ads_manager_service"
-  "ads_analytics_service"
-  "ads_serving_service"
-  "ads_billing_service"
-  "ads_tracking_service"
+  "promotion_service"
+  "social_service"
+  "storage_service"
+  "wallet_service"
 )

 echo "=== GoodGo: Creating databases ==="