25f68781ad
SEC-C-01: Replace Neon PostgreSQL credentials (npg_Ssfy6HKO0cXI) with local dev connection strings in all 19 appsettings.json files. Production credentials must be injected via ConnectionStrings__DefaultConnection env var. Add appsettings.Production.json and appsettings.Staging.json to .gitignore. SEC-C-02: Add services/goodgo-mcp-server/.env to root .gitignore. Create .env.example with safe placeholder values documenting required variables. SEC-C-03: Wrap AddDeveloperSigningCredential() in env check — development only. Non-development environments must provide X.509 certificate via IdentityServer:SigningCertificatePath and IdentityServer:SigningCertificatePassword. SEC-C-04: Remove 4 unauthenticated debug endpoints from StaffController: GET debug/all, POST debug/seed, POST debug/update-userid, POST debug/update-merchant. These endpoints allowed privilege escalation and data exfiltration without auth. SEC-C-05: Removed endpoints containing SQL injection via string interpolation (lines 307, 367 in StaffController). Also removed [AllowAnonymous] from GET lookup endpoint — inherits class-level [Authorize]. BREAKING: debug/* endpoints are permanently removed. BFF lookup endpoint now requires authentication. Co-Authored-By: Paperclip <noreply@paperclip.ing>
Mining Service .NET
Quick Links
Overview
Mining Service provides a gamified loyalty point mining system inspired by Pi Network, allowing users to accumulate Mining Points (MP) through daily engagement, social referrals, and community building activities.
Tech Stack
- .NET 10
- PostgreSQL + EF Core
- Redis (HybridCache)
- RabbitMQ (MassTransit)
- SignalR
Development
cd services/mining-service-net
dotnet build
dotnet run --project src/MiningService.API
Documentation
See detailed documentation in docs/en/ or docs/vi/.
License
Proprietary - GoodGo Platform