Skip to content

Booking integrity, bilingual i18n, SEO, and security/DB hardening#68

Merged
kashkoool merged 23 commits into
mainfrom
feat/ui-redesign
Jul 5, 2026
Merged

Booking integrity, bilingual i18n, SEO, and security/DB hardening#68
kashkoool merged 23 commits into
mainfrom
feat/ui-redesign

Conversation

@kashkoool

Copy link
Copy Markdown
Owner

Large hardening + feature release on top of the UI redesign branch. All changes verified locally: backend build 0 errors, 87 unit + 69 integration tests passing, frontend build clean, both new migrations apply to a fresh DB via the compose migrator, and the Playwright E2E golden flow (login → search → seat → book → pay → ticket) passes against the full stack.

Backend

  • Money/integrity: tiered cancellation refunds (full/half/none by time-to-departure), trip-cancel refunds to paid customers, webhook amount/currency verification + seat-collision/trip-status compensation, refund reconciliation worker, promo redemption inside the booking transaction, seat-shrink guard, ghost-confirm status re-read, desk-cancel departure gate, graceful 409 on concurrent cancel.
  • Lifecycle: no-show, seat-change, trip reschedule + manifest, admin refunds, GDPR self-delete.
  • Auth/session: per-request lockout check (deleted/suspended → immediate 401), token revocation on suspend + delete, refresh_token → user FK cascade, JWT algorithm pinned to HS256.
  • Database: refund indexes, Booking.ContactPhone + cancellation reason, trip actual timestamps, fleet/company compliance fields, data-retention worker; two additive migrations (no data loss).
  • SEO API: /api/seo routes, cities, sitemap.xml.
  • Validation: new change-seat/reschedule validators; tightened promo + trip bounds.

Frontend

  • i18n: complete English/Arabic rollout across every screen (436 keys, full parity, RTL).
  • SEO: static prerendering (SSG) served by the existing nginx; /routes, /bus/:route, /city/:city landing pages with metadata, canonical, OG, and JSON-LD in the raw HTML; robots.txt; sitemap proxy; noindex on private pages; SSR-safe theme/i18n services.
  • Optional contact-phone on booking; login open-redirect fix.

Tests / CI

  • Tiered-refund + SEO integration tests, Playwright E2E, k6 load script.
  • Actions pinned to SHAs, least-privilege workflow permissions, SECURITY.md, dormant staging (E2E/ZAP/k6) workflow gated on a STAGING_URL secret.

Follow-ups (need a deploy target / decision)

  • Set Seo:PublicBaseUrl + the SPA siteBaseUrl + robots Sitemap: line to the real production origin at deploy (canonicals/OG depend on it).
  • Arabic SEO copy + hreflang (needs per-locale URLs); localized emails (needs a User.Language column).
  • Tier 3/4 CI activates once STAGING_URL is set.

kashkoool added 16 commits June 8, 2026 07:50
…look)

Phase 1 of the full UI redesign:
- Design system in styles.css: teal brand + amber accent tokens, Plus Jakarta Sans, soft shadows,
  and reusable component classes (btn/btn-*, input, label, card, badge, navlink).
- Branded sticky header (logo chip + wordmark, pill nav, account chip) and a real footer.
- Landing: gradient hero, a floating search card with a 'More filters' disclosure, popular-route
  chips, a value-props strip, loading skeletons, a friendly empty state, and richer trip cards
  (route, seats-left badge, per-seat price).
ng build + ng lint clean.
Fresh design language, not a reskin of the old layout:
- New system: ink/midnight base, indigo-violet brand, amber pop; Space Grotesk display over Inter
  body; pill buttons, rounded-3xl cards, soft/glow shadows; a full-bleed helper.
- New landing: full-bleed dark immersive hero with gradient orbs, a glass pill search bar,
  gradient popular-route cards, a feature trio, skeletons, empty state, and redesigned trip cards.
This is phase 1; remaining screens (auth, booking journey, vendor, admin) will be rebuilt in the
same language next.
…resh toast

- body overflow-x-hidden so the full-bleed hero (100vw) no longer shows a horizontal scrollbar
- landing now served at / (root); /search redirects to it; homeRoute + nav point at /
- error interceptor skips the startup /auth/refresh 400 (no more 'Something went wrong' on cold load)
…ws marquee, CTA, footer)

- Navbar merges seamlessly into the hero on the landing (dark sticky header, no white gap/split);
  solid white header elsewhere. Nav link colours inherit so they read on both.
- Landing filled out: 'Most booked' trending routes (with a Hot badge), 'Why TPX' trio, an
  auto-scrolling reviews carousel (CSS marquee, pauses on hover, reduced-motion safe), and a
  full-bleed CTA band.
- Real multi-column dark footer (brand + tagline, Explore/Why/Operators, bottom bar, star motif).
- add ThemeService (localStorage + system fallback) toggling a `.dark`
  class on <html>; theme toggle in the nav
- apply dual-mode styling across auth, vendor, admin, account, tickets,
  booking and payment pages plus the shared component classes in styles.css
- landing hero: static golden-hour image (hero.jpg) with the search over it
- pin Microsoft.OpenApi 2.9.0 (security) in Directory.Packages.props
… indexes

Money/integrity: tiered cancellation refunds, trip-cancel refunds to paid
customers, webhook amount/currency verification + seat-collision/trip-status
compensation, refund reconciliation worker, promo redemption inside the booking
transaction, seat-count shrink guard, ghost-confirm status re-read, desk-cancel
departure gate. Concurrent-cancel now returns a graceful 409, not a 500.

Lifecycle features: no-show, seat-change, trip reschedule + manifest, admin
refunds list/retry, GDPR self-delete.

Auth/session: per-request lockout check (deleted/suspended -> immediate 401),
token revocation on suspend and delete, refresh_token->user FK cascade,
pinned JWT alg to HS256.

Database: refund BookingId + pending-poll indexes, Booking.ContactPhone +
CancellationReason, Trip actual departure/arrival, fleet/company compliance
fields, data-retention worker for outbox + refresh tokens; two additive
migrations (no data loss).

SEO data API: /api/seo routes, route detail, cities, sitemap.xml + slug helper.

Validation: added change-seat and reschedule validators; tightened promo
fixed-amount cap and trip arrival-after-departure bounds.
…ing pages

i18n: complete English/Arabic rollout for booking, payment, ticket, my-bookings,
account, and every vendor + admin screen (436 keys, full parity), split into
per-area dictionaries; widened translate pipe to accept piped values.

SEO: static prerendering (SSG) via @angular/ssr, served by the existing nginx.
New /routes, /bus/:route (city-pair landing), /city/:city pages with unique
titles, canonical, OG/Twitter, BreadcrumbList/Product/FAQ JSON-LD and a search
CTA. SeoService applies metadata to every route (noindex on private/auth/vendor/
admin pages); robots.txt; home "popular routes" internal links; nginx serves the
prerendered page at the no-trailing-slash canonical URL and proxies /sitemap.xml.
Made theme + translation services SSR-safe (DOCUMENT injection, platform guards).

Booking: optional contact-phone input wired to create-booking.
Auth: shared safe-return-path guard on the login redirect (open-redirect fix).
Integration: rewrote booking-cancellation tests for the tiered refund policy
(full/half/none by time-to-departure), added seat-change and SEO API tests.
E2E: Playwright golden flow (login -> search -> seat -> book -> pay -> ticket)
against the full compose stack, with a self-resetting global setup.
Load: k6 baseline (smoke + soak) script.
…w, hooks

Pinned every GitHub Actions reference to a full commit SHA and tightened
workflow token permissions (least privilege) to satisfy Scorecard. Added a
dormant staging/dynamic workflow (E2E + ZAP + k6, gated on a STAGING_URL secret)
and Semgrep SAST + Trivy image scan to CI. Added SECURITY.md, a commit-msg hook
that strips AI attribution trailers, and gitignore entries for e2e artifacts and
local compose overrides.
@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Important

Review skipped

Too many files!

This PR contains 169 files, which is 19 over the limit of 150.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

Upgrade to a paid plan to raise the limit.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0d1a5ef7-8a8c-449a-b2c4-f66f49f4e334

📥 Commits

Reviewing files that changed from the base of the PR and between b2c88ea and 6aeda7c.

⛔ Files ignored due to path filters (10)
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260704222127_AuthDbHardening.Designer.cs is excluded by !**/Migrations/*.Designer.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260704232322_BookingSystemFields.Designer.cs is excluded by !**/Migrations/*.Designer.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260705012346_UserLanguage.Designer.cs is excluded by !**/Migrations/*.Designer.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/ApplicationDbContextModelSnapshot.cs is excluded by !**/Migrations/*ModelSnapshot.cs
  • src/TransportPlatform.Infrastructure/Reports/Fonts/Amiri-Bold.ttf is excluded by !**/*.ttf
  • src/TransportPlatform.Infrastructure/Reports/Fonts/Amiri-Regular.ttf is excluded by !**/*.ttf
  • tests/e2e/package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
  • web/customer/package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json
  • web/customer/public/assets/hero.jpg is excluded by !**/*.jpg
  • web/customer/public/og-default.png is excluded by !**/*.png
📒 Files selected for processing (169)
  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/deploy.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/staging.yml
  • .gitignore
  • DEPLOYMENT.md
  • Directory.Packages.props
  • SECURITY.md
  • docs/audit/DOMAIN-LIFECYCLE-AND-RACE-ANALYSIS.md
  • docs/audit/SCALABILITY-READINESS.md
  • docs/audit/SYSTEM-COMPLETENESS-AUDIT.md
  • docs/design-backups/01-fonts-and-5-colours.html
  • docs/design-backups/02-mediterranean-light-dark.html
  • docs/design-backups/03-five-ui-styles.html
  • docs/design-backups/04-five-cinematic-heroes.html
  • docs/design-backups/README.md
  • scripts/git-hooks/commit-msg
  • src/TransportPlatform.Api/Endpoints/AdminEndpoints.cs
  • src/TransportPlatform.Api/Endpoints/AuthEndpoints.cs
  • src/TransportPlatform.Api/Endpoints/BookingEndpoints.cs
  • src/TransportPlatform.Api/Endpoints/SeoEndpoints.cs
  • src/TransportPlatform.Api/Endpoints/VendorEndpoints.cs
  • src/TransportPlatform.Api/Program.cs
  • src/TransportPlatform.Api/Workers/DataRetentionWorker.cs
  • src/TransportPlatform.Api/Workers/OutboxPublisher.cs
  • src/TransportPlatform.Api/Workers/RefundReconciliationWorker.cs
  • src/TransportPlatform.Api/appsettings.json
  • src/TransportPlatform.Application/Abstractions/IAuthEmailService.cs
  • src/TransportPlatform.Application/Abstractions/IIdentityService.cs
  • src/TransportPlatform.Application/Abstractions/IPaymentGateway.cs
  • src/TransportPlatform.Application/Admin/AdminRefunds.cs
  • src/TransportPlatform.Application/Admin/ManageCustomers.cs
  • src/TransportPlatform.Application/Booking/CancelBooking.cs
  • src/TransportPlatform.Application/Booking/CancelCompanyBooking.cs
  • src/TransportPlatform.Application/Booking/ChangeSeat.cs
  • src/TransportPlatform.Application/Booking/CreateBooking.cs
  • src/TransportPlatform.Application/Booking/MarkNoShow.cs
  • src/TransportPlatform.Application/Booking/RefundProcessing.cs
  • src/TransportPlatform.Application/Companies/CreateCompany.cs
  • src/TransportPlatform.Application/Companies/ManageCompany.cs
  • src/TransportPlatform.Application/DependencyInjection.cs
  • src/TransportPlatform.Application/Fleet/AddBus.cs
  • src/TransportPlatform.Application/Fleet/AddDriver.cs
  • src/TransportPlatform.Application/Fleet/ManageBus.cs
  • src/TransportPlatform.Application/Identity/DeleteMyAccount.cs
  • src/TransportPlatform.Application/Identity/Register.cs
  • src/TransportPlatform.Application/Identity/RequestPasswordReset.cs
  • src/TransportPlatform.Application/Identity/ResendVerification.cs
  • src/TransportPlatform.Application/Payments/ProcessPaymentWebhook.cs
  • src/TransportPlatform.Application/Payments/ProcessPendingRefunds.cs
  • src/TransportPlatform.Application/Promotions/ManagePromoCodes.cs
  • src/TransportPlatform.Application/Seo/BuildSitemap.cs
  • src/TransportPlatform.Application/Seo/GetSeoRouteDetail.cs
  • src/TransportPlatform.Application/Seo/ListSeoCities.cs
  • src/TransportPlatform.Application/Seo/ListSeoRoutes.cs
  • src/TransportPlatform.Application/Seo/Slug.cs
  • src/TransportPlatform.Application/Staff/SetStaffSuspension.cs
  • src/TransportPlatform.Application/Trips/CancelTrip.cs
  • src/TransportPlatform.Application/Trips/ManageTrip.cs
  • src/TransportPlatform.Application/Trips/RescheduleTrip.cs
  • src/TransportPlatform.Application/Trips/ScheduleTrip.cs
  • src/TransportPlatform.Application/Trips/TripManifest.cs
  • src/TransportPlatform.Domain/Booking/Booking.cs
  • src/TransportPlatform.Domain/Booking/BookingStatus.cs
  • src/TransportPlatform.Domain/Booking/Passenger.cs
  • src/TransportPlatform.Domain/Booking/RefundPolicy.cs
  • src/TransportPlatform.Domain/Companies/Company.cs
  • src/TransportPlatform.Domain/Fleet/Bus.cs
  • src/TransportPlatform.Domain/Fleet/Driver.cs
  • src/TransportPlatform.Domain/Payments/Payment.cs
  • src/TransportPlatform.Domain/Payments/Refund.cs
  • src/TransportPlatform.Domain/Trips/Events/TripRescheduledDomainEvent.cs
  • src/TransportPlatform.Domain/Trips/Trip.cs
  • src/TransportPlatform.Infrastructure/DependencyInjection.cs
  • src/TransportPlatform.Infrastructure/Email/AuthEmailService.cs
  • src/TransportPlatform.Infrastructure/Email/EmailTemplates.cs
  • src/TransportPlatform.Infrastructure/Identity/ApplicationUser.cs
  • src/TransportPlatform.Infrastructure/Identity/IdentityService.cs
  • src/TransportPlatform.Infrastructure/Payments/PayPalPaymentGateway.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/ApplicationUserConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/BookingConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/BusConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/CompanyConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/RefreshTokenConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/Configurations/RefundConfiguration.cs
  • src/TransportPlatform.Infrastructure/Persistence/DevDataSeeder.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260704222127_AuthDbHardening.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260704232322_BookingSystemFields.cs
  • src/TransportPlatform.Infrastructure/Persistence/Migrations/20260705012346_UserLanguage.cs
  • src/TransportPlatform.Infrastructure/Persistence/OutboxEventDispatcher.cs
  • src/TransportPlatform.Infrastructure/Persistence/PgLeaderLock.cs
  • src/TransportPlatform.Infrastructure/Reports/ReportExporter.cs
  • src/TransportPlatform.Infrastructure/TransportPlatform.Infrastructure.csproj
  • tests/TransportPlatform.IntegrationTests/BookingCancellationTests.cs
  • tests/TransportPlatform.IntegrationTests/SeoTests.cs
  • tests/TransportPlatform.IntegrationTests/VendorTenancyTests.cs
  • tests/TransportPlatform.UnitTests/Domain/BookingTests.cs
  • tests/TransportPlatform.UnitTests/Domain/PaymentAndRefundTests.cs
  • tests/TransportPlatform.UnitTests/Domain/RefundPolicyTests.cs
  • tests/TransportPlatform.UnitTests/Domain/TripLifecycleTests.cs
  • tests/e2e/global-setup.ts
  • tests/e2e/golden-flow.spec.ts
  • tests/e2e/package.json
  • tests/e2e/playwright.config.ts
  • tests/load/baseline.js
  • web/customer/.claude/launch.json
  • web/customer/angular.json
  • web/customer/nginx.conf
  • web/customer/package.json
  • web/customer/public/robots.txt
  • web/customer/scripts/prep-assets.py
  • web/customer/src/app/app.config.server.ts
  • web/customer/src/app/app.config.ts
  • web/customer/src/app/app.routes.server.ts
  • web/customer/src/app/app.routes.ts
  • web/customer/src/app/app.ts
  • web/customer/src/app/core/api/api.service.ts
  • web/customer/src/app/core/auth/auth.service.ts
  • web/customer/src/app/core/auth/safe-return.ts
  • web/customer/src/app/core/http/error.interceptor.ts
  • web/customer/src/app/core/i18n/dict/admin.ts
  • web/customer/src/app/core/i18n/dict/customer.ts
  • web/customer/src/app/core/i18n/dict/seo.ts
  • web/customer/src/app/core/i18n/dict/vendor.ts
  • web/customer/src/app/core/i18n/dictionaries.ts
  • web/customer/src/app/core/i18n/translate.pipe.ts
  • web/customer/src/app/core/i18n/translation.service.ts
  • web/customer/src/app/core/notifications/notification-bell.ts
  • web/customer/src/app/core/seo/seo-api.service.ts
  • web/customer/src/app/core/seo/seo-seed.ts
  • web/customer/src/app/core/seo/seo.service.ts
  • web/customer/src/app/core/theme/theme.service.ts
  • web/customer/src/app/features/account/profile.ts
  • web/customer/src/app/features/admin/admin-nav.ts
  • web/customer/src/app/features/admin/companies.ts
  • web/customer/src/app/features/admin/reports.ts
  • web/customer/src/app/features/admin/users.ts
  • web/customer/src/app/features/auth/auth-callback.ts
  • web/customer/src/app/features/auth/forgot-password.ts
  • web/customer/src/app/features/auth/login.ts
  • web/customer/src/app/features/auth/register.ts
  • web/customer/src/app/features/auth/reset-password.ts
  • web/customer/src/app/features/auth/verify-email.ts
  • web/customer/src/app/features/booking/booking.ts
  • web/customer/src/app/features/payment/pay.ts
  • web/customer/src/app/features/seo/city-page.ts
  • web/customer/src/app/features/seo/route-page.ts
  • web/customer/src/app/features/seo/routes-index.ts
  • web/customer/src/app/features/tickets/my-bookings.ts
  • web/customer/src/app/features/tickets/ticket.ts
  • web/customer/src/app/features/trips/search.ts
  • web/customer/src/app/features/vendor/buses.ts
  • web/customer/src/app/features/vendor/company.ts
  • web/customer/src/app/features/vendor/desk.ts
  • web/customer/src/app/features/vendor/drivers.ts
  • web/customer/src/app/features/vendor/promo.ts
  • web/customer/src/app/features/vendor/reports.ts
  • web/customer/src/app/features/vendor/staff.ts
  • web/customer/src/app/features/vendor/trips.ts
  • web/customer/src/app/features/vendor/vendor-nav.ts
  • web/customer/src/environments/environment.development.ts
  • web/customer/src/environments/environment.ts
  • web/customer/src/index.html
  • web/customer/src/main.server.ts
  • web/customer/src/server.ts
  • web/customer/src/styles.css
  • web/customer/tsconfig.app.json

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/ui-redesign

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:

  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 12 package(s) with unknown licenses.
  • ⚠️ 10 packages with OpenSSF Scorecard issues.

View full job summary

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Comment thread web/customer/nginx.conf Fixed
Comment thread src/TransportPlatform.Application/Payments/ProcessPendingRefunds.cs Dismissed
Comment thread src/TransportPlatform.Application/Seo/Slug.cs Fixed
Comment thread src/TransportPlatform.Application/Trips/CancelTrip.cs Dismissed
Comment thread src/TransportPlatform.Domain/Booking/Booking.cs Fixed
Comment thread src/TransportPlatform.Infrastructure/DependencyInjection.cs Dismissed
Comment thread src/TransportPlatform.Infrastructure/Reports/ReportExporter.cs Dismissed
Comment thread src/TransportPlatform.Infrastructure/Reports/ReportExporter.cs Dismissed
Comment thread src/TransportPlatform.Infrastructure/Reports/ReportExporter.cs Dismissed
kashkoool added 4 commits July 5, 2026 03:02
- trivy-action v0.28.0's transitive setup-trivy@v0.2.1 tag was removed upstream,
  breaking the docker CVE-scan job at action-download; pin v0.36.0 instead.
- Slug.IsValid: use LINQ .All (clears CodeQL missed-select).
- Booking.Cancel: add an XML <summary> (clears CodeQL doc-comment alert).
- nginx sitemap proxy: stop forwarding the client Host (pin an explicit upstream
  Host) so a spoofed Host header can't inject origins into sitemap URLs — the
  absolute <loc> URLs come from Seo:PublicBaseUrl (Semgrep request-host-used).
gsap carried a proprietary "no-charge standard" license that the
dependency-review gate disallows, and it was dead weight — a leftover from the
removed animation experiments with no imports in the source (only a stale CSS
comment, now cleaned). Removing it clears the dependency-review license failure
and trims the install.
The /routes, /bus/:route and /city/:city pages now render their visible body
(H1, intro, FAQ, badges, CTAs, empty/not-found states) through the `t` pipe in
English/Arabic (39 keys, full parity), matching the rest of the app. Prerendered
HTML and all SEO metadata + JSON-LD stay English (server default), so crawler
output is unchanged; Arabic renders on language toggle at runtime.
… pool

The outbox publisher drained without a lock, so running >1 API instance would
dispatch each domain-event side effect (e.g. a booking-confirmation email) once
per instance. Added a Postgres advisory-lock leader guard (PgLeaderLock) so only
one instance drains the outbox per tick; applied the same guard to the refund
reconciliation worker (external gateway calls). The seat-hold sweeper and
data-retention worker stay unguarded on purpose — they are idempotent set-based
deletes, safe on every instance.

Also bounded the per-instance Npgsql pool (Database:MaxPoolSize, default 20) so
MaxPoolSize x instances stays under Postgres max_connections, and documented the
rate limiter's per-instance behaviour + the scale-out moves in a readiness
report (docs/audit/SCALABILITY-READINESS.md).

Verified: 87 unit + 69 integration pass (the integration host runs the real
workers, so the outbox drain is exercised under the new lock).
Comment thread src/TransportPlatform.Infrastructure/Persistence/PgLeaderLock.cs Fixed
kashkoool added 2 commits July 5, 2026 03:50
…uage

Verification, password-reset and booking-confirmation emails now render in the
recipient's stored language (RTL for Arabic), falling back to English when it's
unknown.

- User carries an optional Language ("en"/"ar"), captured at registration from
  the SPA's active language (migration UserLanguage adds a nullable column to
  AspNetUsers).
- EmailTemplates take a lang argument and emit MSA Arabic subject + body with
  dir="rtl"; all HTML-escaping of interpolated values preserved.
- Language is resolved in the application handlers (which have IIdentityService)
  and threaded to the send sites, keeping the singleton email service free of a
  scoped captive dependency; the outbox looks the customer's language up by
  email for booking-confirmation.

Backward-compatible: every new field/param is optional and defaults to English.
Verified: 87 unit + 69 integration pass.
Comment thread src/TransportPlatform.Application/Abstractions/IAuthEmailService.cs Fixed
Comment thread src/TransportPlatform.Application/Abstractions/IAuthEmailService.cs Fixed
@kashkoool kashkoool merged commit 60a2b40 into main Jul 5, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants