core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
12 commits 2 branches 0 tags 463 KiB
Commit graph

4 commits

Author SHA1 Message Date
Snider
c19e467735 security: add webhook idempotency and payment amount verification 
Idempotency (replay attack protection):
- Add WebhookEvent model for tracking processed events
- Add webhook_events migration with unique constraint
- Add isAlreadyProcessed() to BTCPay and Stripe controllers
- Reject duplicate events with 200 response

Payment amount verification (BTCPay):
- Add verifyPaymentAmount() method
- Reject underpayments (mark order failed, create audit record)
- Reject currency mismatches
- Log overpayments for manual review
- Add 0.01 tolerance for floating point precision

Add comprehensive tests for both features.
Update TODO.md to mark P1 issues as fixed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:32:25 +00:00
Snider
9113cede8a fix: remove FK to non-existent invoice_items, shorten index names 
- Remove FK constraint to invoice_items table (not yet created)
- Shorten index names to avoid MariaDB 64-char limit

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 19:46:15 +00:00
Snider
eca97466b8 fix: remove FK constraints to non-existent orders/refunds tables 
Credit notes can exist independently of orders. Foreign keys will be
added when orders and refunds modules are implemented.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 17:23:48 +00:00
Snider
a74a02f406 monorepo sepration 2026-01-27 00:24:22 +00:00