Files

Ho Ngoc Hai 25f68781ad fix(security): fix 5 P0 security blockers — SEC-C-01 through SEC-C-05

SEC-C-01: Replace Neon PostgreSQL credentials (npg_Ssfy6HKO0cXI) with local
dev connection strings in all 19 appsettings.json files. Production credentials
must be injected via ConnectionStrings__DefaultConnection env var. Add
appsettings.Production.json and appsettings.Staging.json to .gitignore.

SEC-C-02: Add services/goodgo-mcp-server/.env to root .gitignore. Create
.env.example with safe placeholder values documenting required variables.

SEC-C-03: Wrap AddDeveloperSigningCredential() in env check — development only.
Non-development environments must provide X.509 certificate via
IdentityServer:SigningCertificatePath and IdentityServer:SigningCertificatePassword.

SEC-C-04: Remove 4 unauthenticated debug endpoints from StaffController:
GET debug/all, POST debug/seed, POST debug/update-userid, POST debug/update-merchant.
These endpoints allowed privilege escalation and data exfiltration without auth.

SEC-C-05: Removed endpoints containing SQL injection via string interpolation
(lines 307, 367 in StaffController). Also removed [AllowAnonymous] from
GET lookup endpoint — inherits class-level [Authorize].

BREAKING: debug/* endpoints are permanently removed. BFF lookup endpoint now
requires authentication.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-23 09:47:07 +07:00

docs

docs: Add service-level READMEs, update Wallet Service documentation with multi-currency and admin APIs, refine Chat Service architecture, and remove a test Mermaid file.

2026-01-18 23:51:39 +07:00

src

fix(security): fix 5 P0 security blockers — SEC-C-01 through SEC-C-05

2026-03-23 09:47:07 +07:00

tests

test: replace mission and commerce sample functional suites

2026-02-23 12:56:57 +00:00

.env.example

feat(storage-service): Add Social Service to Docker Compose and enhance IAM service integration

2026-01-13 00:28:41 +07:00

.gitignore

feat(storage-service): Add Social Service to Docker Compose and enhance IAM service integration

2026-01-13 00:28:41 +07:00

ChatService.slnx

feat(storage-service): Add Social Service to Docker Compose and enhance IAM service integration

2026-01-13 00:28:41 +07:00

Directory.Build.props

feat(storage-service): Add Social Service to Docker Compose and enhance IAM service integration

2026-01-13 00:28:41 +07:00

Dockerfile

chore: Remove the web-client application, add a local database initialization script, and update service Dockerfiles.

2026-02-28 00:41:17 +07:00

global.json

feat(storage-service): Add Social Service to Docker Compose and enhance IAM service integration

2026-01-13 00:28:41 +07:00

README.md

docs: Add service-level READMEs, update Wallet Service documentation with multi-currency and admin APIs, refine Chat Service architecture, and remove a test Mermaid file.

2026-01-18 23:51:39 +07:00

SERVICE_DOCS.md

docs: add SERVICE_DOCS.md for all 24 microservices from per-service code audit

2026-03-13 17:54:53 +07:00

README.md

Chat Service

Real-time chat service with End-to-End Encryption (E2EE) for GoodGo platform.

Documentation / Tài Liệu

EN: English Documentation
VI: Tài liệu Tiếng Việt

Quick Links

English	Vietnamese
Architecture	Kiến trúc
Quick Start	Bắt Đầu Nhanh
API Reference	API Reference

Tech Stack

.NET 10 - Core framework
ASP.NET Core SignalR - Real-time communication
PostgreSQL 16+ - Message persistence
Redis 7+ - Backplane & caching
E2EE with X3DH - End-to-end encryption

Key Features

🔒 End-to-End Encryption - X3DH key exchange, AES-256-GCM
💬 Real-time Chat - SignalR with WebSocket/SSE/Long Polling
🤖 AI Integration - Smart chatbot with streaming responses
📱 Multi-device - User mapping across devices
🚀 High Performance - MessagePack protocol

Development

# Restore dependencies
dotnet restore

# Build
dotnet build

# Run
dotnet run --project src/ChatService.API

Docker

docker build -t chatservice:latest .
docker run -p 5000:8080 --env-file .env chatservice:latest

License

Proprietary - GoodGo Platform