pos-system

admin/pos-system

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ho Ngoc Hai	4f8a205af0	docs: CTO_FIX_TRACKER — all 3 waves complete Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 20:34:31 +07:00
Ho Ngoc Hai	52c818ea83	docs: update CTO_FIX_TRACKER — Wave 1+2 complete (P0+P1 resolved) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 20:24:30 +07:00
Ho Ngoc Hai	f8606e0447	fix(P0): security hardening + critical bug fixes across 22 services Wave 1 — 6 parallel agents fixing P0 issues from code audit: Auth (18 services secured): - Added JWT Bearer auth + [Authorize] to all unprotected controllers - Webhook endpoints (Facebook/WhatsApp/Zalo/X) stay [AllowAnonymous] - Health checks remain public for Docker/K8s probes - Services: catalog, order, booking, fnb-engine, inventory, social, ads-manager, ads-serving, ads-billing, ads-tracking, ads-analytics, mkt-facebook, mkt-whatsapp, mkt-x, mkt-zalo, promotion Template artifacts (4 services): - mission-service: myservice_db → mission_service - mkt-facebook: Dockerfile MyService.API → FacebookService.API - mkt-whatsapp: MyServiceContext.cs → WhatsAppServiceContext.cs - promotion: UserSecretsId fixed Critical handler bugs (7 fixes): - ads-tracking: TrackPixelEventHandler now persists to DB - ads-tracking: RecordConversion endpoint exposed via controller - booking: UpdateResource now applies Name + Capacity changes - ads-manager: ListPendingAds uses correct enum (pending_review) - mining: BanMiner calls Ban() not Suspend() - mining: ResetMinerStreak now actually resets streak - mkt-x: 8 missing repository DI registrations added Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 20:18:09 +07:00

Author

SHA1

Message

Date

Ho Ngoc Hai

4f8a205af0

docs: CTO_FIX_TRACKER — all 3 waves complete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 20:34:31 +07:00

Ho Ngoc Hai

52c818ea83

docs: update CTO_FIX_TRACKER — Wave 1+2 complete (P0+P1 resolved)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 20:24:30 +07:00

Ho Ngoc Hai

f8606e0447

fix(P0): security hardening + critical bug fixes across 22 services

Wave 1 — 6 parallel agents fixing P0 issues from code audit:

Auth (18 services secured):
- Added JWT Bearer auth + [Authorize] to all unprotected controllers
- Webhook endpoints (Facebook/WhatsApp/Zalo/X) stay [AllowAnonymous]
- Health checks remain public for Docker/K8s probes
- Services: catalog, order, booking, fnb-engine, inventory, social,
  ads-manager, ads-serving, ads-billing, ads-tracking, ads-analytics,
  mkt-facebook, mkt-whatsapp, mkt-x, mkt-zalo, promotion

Template artifacts (4 services):
- mission-service: myservice_db → mission_service
- mkt-facebook: Dockerfile MyService.API → FacebookService.API
- mkt-whatsapp: MyServiceContext.cs → WhatsAppServiceContext.cs
- promotion: UserSecretsId fixed

Critical handler bugs (7 fixes):
- ads-tracking: TrackPixelEventHandler now persists to DB
- ads-tracking: RecordConversion endpoint exposed via controller
- booking: UpdateResource now applies Name + Capacity changes
- ads-manager: ListPendingAds uses correct enum (pending_review)
- mining: BanMiner calls Ban() not Suspend()
- mining: ResetMinerStreak now actually resets streak
- mkt-x: 8 missing repository DI registrations added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 20:18:09 +07:00

3 Commits