a7a753bf38
EOD Reports & Daily Close (order-service + Blazor UI): - GetEodReportQuery: Dapper query for revenue, orders, payment breakdown, top items, hourly chart - CloseDayCommand: check pending orders, generate final report - EodReport.razor: 6 KPI cards, donut/bar charts, top 10 table, close-day dialog - FluentValidation for both query and command - BFF proxy endpoints for reports Security Audit — Rate Limiting: - Tighten auth-ratelimit from 100 to 10 req/min (brute force protection) - Add payment-ratelimit (30/min), api-ratelimit (100/min), hub-ratelimit (500/min) - Apply rate limits to ALL Traefik routers (previously many had none) Security Audit — Input Sanitization (44 missing validators created): - iam-service: 14 validators (auth, user, role commands) - merchant-service: 11 validators (admin, attendance commands) - wallet-service: 7 validators (wallet, points commands) - fnb-engine: 7 validators (session, table, ticket, reservation) - catalog-service: 6 validators (product, category CRUD) - storage-service: 6 validators (upload, share, quota) - order-service: 2 validators (complete order/payment) Critical Path Unit Tests (30 new tests): - inventory-service: 12 tests (deduction, partial stock, idempotency) - wallet-service: 14 tests (create payment, process callback, domain events) - fnb-engine: 8 tests (kitchen-served event handler, inventory client integration) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Traefik Configuration
Traefik reverse proxy and load balancer configuration.
Files
traefik.yml- Static configurationdynamic/routes.yml- HTTP routing rulesdynamic/middlewares.yml- Middleware definitions (CORS, rate limiting, security headers)
Usage
Traefik will automatically discover services via Docker labels or file-based configuration.
Routes
/api/v1/auth/*-> Auth Service/api/v1/users/*-> Auth Service
Middlewares
secure-headers- Security headerscors- CORS configurationauth-ratelimit- Rate limiting for auth endpointscompress- Response compression