25f68781ad
SEC-C-01: Replace Neon PostgreSQL credentials (npg_Ssfy6HKO0cXI) with local dev connection strings in all 19 appsettings.json files. Production credentials must be injected via ConnectionStrings__DefaultConnection env var. Add appsettings.Production.json and appsettings.Staging.json to .gitignore. SEC-C-02: Add services/goodgo-mcp-server/.env to root .gitignore. Create .env.example with safe placeholder values documenting required variables. SEC-C-03: Wrap AddDeveloperSigningCredential() in env check — development only. Non-development environments must provide X.509 certificate via IdentityServer:SigningCertificatePath and IdentityServer:SigningCertificatePassword. SEC-C-04: Remove 4 unauthenticated debug endpoints from StaffController: GET debug/all, POST debug/seed, POST debug/update-userid, POST debug/update-merchant. These endpoints allowed privilege escalation and data exfiltration without auth. SEC-C-05: Removed endpoints containing SQL injection via string interpolation (lines 307, 367 in StaffController). Also removed [AllowAnonymous] from GET lookup endpoint — inherits class-level [Authorize]. BREAKING: debug/* endpoints are permanently removed. BFF lookup endpoint now requires authentication. Co-Authored-By: Paperclip <noreply@paperclip.ing>
1.1 KiB
1.1 KiB