Add WebhookRateLimiter service with IP-based rate limiting for webhook
endpoints to prevent rate limit exhaustion attacks against legitimate
payment webhooks.
Changes:
- Add WebhookRateLimiter service with per-IP tracking
- Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs
- Support CIDR ranges for IP allowlisting
- Configure via commerce.webhooks.rate_limits and trusted_ips
- Update BTCPayWebhookController and StripeWebhookController
- Return proper 429 responses with Retry-After headers
- Replace global throttle:120,1 middleware with granular controls
- Add comprehensive tests for rate limiting behaviour
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
P1-040: Verified rate limiting already integrated in checkout flow
P1-041: Integrated FraudService into checkout and webhook handlers
P1-042: Added coupon code sanitisation in CouponService
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Updates all references from Core\Mod\Tenant to Core\Tenant following
the monorepo separation. The Tenant module now lives in its own package
with the simplified namespace.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Align commerce module with the monorepo module structure by updating
all namespaces to use the Core\Mod\Commerce convention. This change
supports the recent monorepo separation and ensures consistency with
other modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
