php-commerce

core/php-commerce

Fork 0

Commit graph

Author	SHA1	Message	Date
Snider	c19e467735	security: add webhook idempotency and payment amount verification Idempotency (replay attack protection): - Add WebhookEvent model for tracking processed events - Add webhook_events migration with unique constraint - Add isAlreadyProcessed() to BTCPay and Stripe controllers - Reject duplicate events with 200 response Payment amount verification (BTCPay): - Add verifyPaymentAmount() method - Reject underpayments (mark order failed, create audit record) - Reject currency mismatches - Log overpayments for manual review - Add 0.01 tolerance for floating point precision Add comprehensive tests for both features. Update TODO.md to mark P1 issues as fixed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 12:32:25 +00:00

Author

SHA1

Message

Date

Snider

c19e467735

security: add webhook idempotency and payment amount verification

Idempotency (replay attack protection):
- Add WebhookEvent model for tracking processed events
- Add webhook_events migration with unique constraint
- Add isAlreadyProcessed() to BTCPay and Stripe controllers
- Reject duplicate events with 200 response

Payment amount verification (BTCPay):
- Add verifyPaymentAmount() method
- Reject underpayments (mark order failed, create audit record)
- Reject currency mismatches
- Log overpayments for manual review
- Add 0.01 tolerance for floating point precision

Add comprehensive tests for both features.
Update TODO.md to mark P1 issues as fixed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-29 12:32:25 +00:00

1 commit