soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): real SMS OTP via Kavenegar (replaces the mock 1234 code)
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 50s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m11s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Successful in 34s
Details

Browse Source 
- OtpService: generates a 5-digit code, stores it (in-memory, 120s TTL, max 5
  tries, single-use), and sends it via Kavenegar verify/lookup
  (template "hokmotp", %token = code). Normalizes +98/98 → 09xxxxxxxxx.
- /api/auth/otp/request + /verify now use it. No SMS_API_KEY ⇒ dev mode
  (accepts a fixed code, returns devCode for local testing).
- Config: Sms section (appsettings) + Sms__* compose mapping + SMS_* in the
  ENV_FILE template.

Security: sanitized deploy/ENV_FILE.example back to placeholders (it had picked
up real secrets) and added /deploy/ENV_FILE.local to .gitignore as the real
master copy (never committed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-12 23:50:33 +03:30
parent 83d9c1c7d0
commit fdf4235fbd
6 changed files with 161 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+4
View File
@@ -1,5 +1,9 @@
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
# local secrets master copy (real ENV_FILE values — NEVER commit)
/deploy/ENV_FILE.local
*.env.local
# dependencies
/node_modules
/.pnp