core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
9 commits 2 branches 0 tags 463 KiB
Commit graph

5 commits

Author SHA1 Message Date
Snider
c19e467735 security: add webhook idempotency and payment amount verification 
Idempotency (replay attack protection):
- Add WebhookEvent model for tracking processed events
- Add webhook_events migration with unique constraint
- Add isAlreadyProcessed() to BTCPay and Stripe controllers
- Reject duplicate events with 200 response

Payment amount verification (BTCPay):
- Add verifyPaymentAmount() method
- Reject underpayments (mark order failed, create audit record)
- Reject currency mismatches
- Log overpayments for manual review
- Add 0.01 tolerance for floating point precision

Add comprehensive tests for both features.
Update TODO.md to mark P1 issues as fixed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:32:25 +00:00
Snider
8f27fe85c3 refactor: update Tenant module imports after namespace migration 
Updates all references from Core\Mod\Tenant to Core\Tenant following
the monorepo separation. The Tenant module now lives in its own package
with the simplified namespace.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 17:39:12 +00:00
Snider
a774f4e285 refactor: migrate namespace from Core\Commerce to Core\Mod\Commerce 
Align commerce module with the monorepo module structure by updating
all namespaces to use the Core\Mod\Commerce convention. This change
supports the recent monorepo separation and ensures consistency with
other modules.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:23:12 +00:00
Snider
a74a02f406 monorepo sepration 2026-01-27 00:24:22 +00:00
Snider
aa53f48850
Initial commit 2026-01-26 23:18:22 +00:00