aprhodite

Commit Graph

Author	SHA1	Message	Date
3nd3r	be3503b31b	Fix #3 : Remove client-exploitable payment endpoint - Payment endpoint no longer uses @_require_auth (not client-callable) - Identifies user from webhook payload user_id instead of client JWT - Removed hardcoded payment secret from chat.js - Client now shows placeholder message directing to admin - Webhook secret + user_id must come from payment provider server	2026-04-12 12:51:31 -05:00
3nd3r	99859f009f	Fix #1+#8: Extract shared config module, unify JWT secret - Create config.py with shared constants, AES-GCM helpers, and JWT helpers - app.py and routes.py now import from the single source of truth - Eliminates JWT secret mismatch (routes.py had hardcoded default) - Removes all duplicate _issue_jwt, _verify_jwt, _aesgcm_encrypt, _aesgcm_decrypt definitions - start.py also uses shared config loader	2026-04-12 12:49:44 -05:00
ComputerTech	ad510c57e1	Initial commit: SexyChat (Aphrodite) v1.0	2026-04-12 17:55:40 +01:00

Author

SHA1

Message

Date

3nd3r

be3503b31b

Fix #3 : Remove client-exploitable payment endpoint

- Payment endpoint no longer uses @_require_auth (not client-callable)
- Identifies user from webhook payload user_id instead of client JWT
- Removed hardcoded payment secret from chat.js
- Client now shows placeholder message directing to admin
- Webhook secret + user_id must come from payment provider server

2026-04-12 12:51:31 -05:00

3nd3r

99859f009f

Fix #1+#8: Extract shared config module, unify JWT secret

- Create config.py with shared constants, AES-GCM helpers, and JWT helpers
- app.py and routes.py now import from the single source of truth
- Eliminates JWT secret mismatch (routes.py had hardcoded default)
- Removes all duplicate _issue_jwt, _verify_jwt, _aesgcm_encrypt,
  _aesgcm_decrypt definitions
- start.py also uses shared config loader

2026-04-12 12:49:44 -05:00

ComputerTech

ad510c57e1

Initial commit: SexyChat (Aphrodite) v1.0

2026-04-12 17:55:40 +01:00

3 Commits