php-commerce

Author	SHA1	Message	Date
Snider	301fdb152a	fix(migration): remove FK constraints on non-existent orders/subscriptions tables Some checks are pending CI / PHP 8.2 (push) Waiting to run Details CI / PHP 8.3 (push) Waiting to run Details CI / PHP 8.4 (push) Waiting to run Details CI / Assets (push) Waiting to run Details webhook_events referenced orders and subscriptions tables that don't exist yet (billing module). Switched to plain unsignedBigInteger columns with indexes — FKs can be added when the billing tables are created. Co-Authored-By: Virgil <virgil@lethean.io>	2026-02-08 18:08:20 +00:00
Snider	c19e467735	security: add webhook idempotency and payment amount verification Idempotency (replay attack protection): - Add WebhookEvent model for tracking processed events - Add webhook_events migration with unique constraint - Add isAlreadyProcessed() to BTCPay and Stripe controllers - Reject duplicate events with 200 response Payment amount verification (BTCPay): - Add verifyPaymentAmount() method - Reject underpayments (mark order failed, create audit record) - Reject currency mismatches - Log overpayments for manual review - Add 0.01 tolerance for floating point precision Add comprehensive tests for both features. Update TODO.md to mark P1 issues as fixed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 12:32:25 +00:00
Snider	9113cede8a	fix: remove FK to non-existent invoice_items, shorten index names - Remove FK constraint to invoice_items table (not yet created) - Shorten index names to avoid MariaDB 64-char limit Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 19:46:15 +00:00
Snider	eca97466b8	fix: remove FK constraints to non-existent orders/refunds tables Credit notes can exist independently of orders. Foreign keys will be added when orders and refunds modules are implemented. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 17:23:48 +00:00
Snider	a74a02f406	monorepo sepration	2026-01-27 00:24:22 +00:00

5 commits