74a9ca98ad
♻️ Refactor OpenID: Phase 2: Security Hardening - PKCE Implementation
...
- Added GenerateCodeVerifier() and GenerateCodeChallenge() methods to base OidcService
- Implemented PKCE (Proof Key for Code Exchange) for Google OAuth flow:
* Generate cryptographically secure code verifier (256-bit random)
* Create SHA-256 code challenge for authorization request
* Cache code verifier with 15-minute expiration for token exchange
* Validate and remove code verifier during callback to prevent replay attacks
- Enhances security by protecting against authorization code interception attacks
- Uses S256 (SHA-256) code challenge method as per RFC 7636
2025-11-02 15:05:19 +08:00
4bd59f107b
♻️ Refactor OpenID: Phase 1: Code Consolidation optimizations
...
- Add BuildAuthorizationParameters() method to reduce authorization URL duplication
- Update GoogleOidcService to use common parameter building method
- Add missing using statements for AppDatabase and AuthService namespaces
- Improve code reusability and eliminate 20+ lines of repeated authorization logic per provider
2025-11-02 15:05:04 +08:00
08f924f647
💄 Optimize oidc provider
2025-11-02 14:35:02 +08:00
5445df3b61
♻️ Optimized auth service
2025-11-02 14:26:07 +08:00
a377ca2072
👔 Change magic spell generate logic
2025-11-02 13:07:59 +08:00
623e7a5771
🐛 Fix magic spell use wrong url
2025-11-02 13:02:30 +08:00
322dee4453
✨ Publisher rewarding
2025-11-02 11:59:02 +08:00
5e5f4528b9
✨ Social credit validation and recalculation
2025-11-02 02:11:34 +08:00
8f5f1efa24
🐛 Fix expired activities also be renewed
2025-11-02 00:43:35 +08:00
0f15510ac6
🗃️ Update the activity presense migration
2025-11-01 22:35:43 +08:00
3ce457e9f9
♻️ Optimized presense activity API
2025-11-01 22:34:45 +08:00
a9168dcdc5
🐛 Fix presence activity controller
2025-11-01 18:37:31 +08:00
4ad63577ba
✨ Refreshed account presences system
2025-11-01 17:35:28 +08:00
b46a010e73
⬇️ Downgrade the SkiaSharp in order to fix version issue between native lib and SkiaSharp
...
⬆️ Upgrade quartz, ffmpeg etc
2025-11-01 12:46:26 +08:00
ccd9dbcdbf
🐛 Fix dozens of issue in PaymentServiceGrpc
2025-11-01 12:37:39 +08:00
29c5971554
✨ Add grpc reflection
2025-10-26 11:38:18 +08:00
f65a7360e2
🌐 Add missing gift claimed localization
2025-10-26 03:13:16 +08:00
3a0dee11a6
🚨 Fix warnings in the codebase
2025-10-26 02:20:10 +08:00
43be47d526
⬆️ Upgrade dependencies
2025-10-26 02:11:50 +08:00
48067af034
⬆️ Upgrade dependencies
2025-10-26 01:56:35 +08:00
609b130b4e
✨ Thinking
2025-10-25 23:32:51 +08:00
bbcaa27ac5
✨ Thinking of the LangChain ver
2025-10-25 16:40:00 +08:00
19d833a522
✨ Add the DysonNetwork.Insight project
2025-10-25 02:28:08 +08:00
a94102e136
👔 Change lottery rewards
2025-10-25 00:29:56 +08:00
fc693793fe
🐛 Fixes of lotteries and enrich features
2025-10-25 00:17:56 +08:00
8cfdabbae4
♻️ Check in algorithm v2
2025-10-24 21:51:14 +08:00
a79ea4ac49
🐛 Fix lottery
2025-10-24 21:40:40 +08:00
7385caff9a
✨ Lotteries
2025-10-24 01:34:18 +08:00
266b9e36e2
🗃️ Update schema to clean up unused code
2025-10-23 01:01:19 +08:00
e6aa61b03b
🐛 Bug fixes in the Sphere still referencing the old realm db
2025-10-22 23:31:42 +08:00
0c09ef25ec
⬆️ Upgrade dependencies in order to prevent CVE-2025-55315
2025-10-22 22:58:52 +08:00
dd5929c691
💥 Moved the /id to /pass and bug fixes of moved realms
2025-10-22 22:52:09 +08:00
cf87fdfb49
🗑️ Remove per service rate-limiting due to gateway covered it
2025-10-22 22:10:37 +08:00
ff03584518
🐛 Fix some issues in moving realm service
2025-10-22 21:56:50 +08:00
d6c37784e1
♻️ Move the realm service from sphere to the pass
2025-10-21 23:45:36 +08:00
7f8521bb40
👔 Optimize subscriptions logic
2025-10-16 13:13:08 +08:00
0e9caf67ff
🐛 username color hotfix
2025-10-13 01:16:35 +08:00
37ea882ef7
✨ Full featured auto complete
2025-10-12 16:55:32 +08:00
b9bb180113
✨ Username color
2025-10-08 13:11:30 +08:00
0f835845bf
♻️ Merge the ServiceDefault and Shared project
2025-10-07 19:44:52 +08:00
c64adace24
💄 Using remote site instead of embed frontend (removed) to handle oidc redirect
2025-10-06 13:05:50 +08:00
8ac0b28c66
🚚 Move callback to under api
2025-10-06 13:01:15 +08:00
8f71d7f9e5
🐛 Fix some bugs
2025-10-06 12:46:25 +08:00
c435e63917
✨ Able to update the custom apps order's status
2025-10-05 22:20:32 +08:00
243159e4cc
✨ Custom apps create payment orders
2025-10-05 21:59:07 +08:00
42dad7095a
💄 Optimize the transfer
2025-10-05 16:17:57 +08:00
d1efcdede8
✨ Transfer fee and pin validate
2025-10-05 15:52:54 +08:00
29c4dcd71c
✨ Wallet stats
2025-10-05 00:05:31 +08:00
e7aa887715
🐛 Fix wrong signing algo
2025-10-04 19:55:27 +08:00
0f05633996
🐛 Fix oidc didn't provides with authorized party
2025-10-04 19:03:57 +08:00
