php-commerce

core/php-commerce

Fork 0

Commit graph

Author	SHA1	Message	Date
Snider	df167eb423	fix(dx): add declare(strict_types=1) and fix PSR-12 compliance Some checks failed CI / PHP 8.3 (pull_request) Failing after 3s Details CI / PHP 8.4 (pull_request) Failing after 3s Details Added missing strict_types declarations to 65 PHP files and ran Laravel Pint to fix PSR-12 violations (ordered imports, unary operator spacing, brace positioning, fully qualified strict types). Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 09:08:03 +00:00
Claude	082be5ad90	chore: fix pint code style and add test config Some checks failed CI / tests (push) Failing after 1m25s Details Add phpunit.xml and tests/Pest.php for standalone test execution. Apply Laravel Pint formatting fixes across all source files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 03:50:05 +00:00
Snider	c169f4161f	security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) Add WebhookRateLimiter service with IP-based rate limiting for webhook endpoints to prevent rate limit exhaustion attacks against legitimate payment webhooks. Changes: - Add WebhookRateLimiter service with per-IP tracking - Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs - Support CIDR ranges for IP allowlisting - Configure via commerce.webhooks.rate_limits and trusted_ips - Update BTCPayWebhookController and StripeWebhookController - Return proper 429 responses with Retry-After headers - Replace global throttle:120,1 middleware with granular controls - Add comprehensive tests for rate limiting behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 18:11:02 +00:00

Author

SHA1

Message

Date

Snider

df167eb423

fix(dx): add declare(strict_types=1) and fix PSR-12 compliance

CI / PHP 8.3 (pull_request) Failing after 3s

Details

CI / PHP 8.4 (pull_request) Failing after 3s

Details

Added missing strict_types declarations to 65 PHP files and ran
Laravel Pint to fix PSR-12 violations (ordered imports, unary
operator spacing, brace positioning, fully qualified strict types).

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-17 09:08:03 +00:00

Claude

082be5ad90

chore: fix pint code style and add test config

CI / tests (push) Failing after 1m25s

Details

Add phpunit.xml and tests/Pest.php for standalone test execution.
Apply Laravel Pint formatting fixes across all source files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-23 03:50:05 +00:00

Snider

c169f4161f

security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075)

Add WebhookRateLimiter service with IP-based rate limiting for webhook
endpoints to prevent rate limit exhaustion attacks against legitimate
payment webhooks.

Changes:
- Add WebhookRateLimiter service with per-IP tracking
- Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs
- Support CIDR ranges for IP allowlisting
- Configure via commerce.webhooks.rate_limits and trusted_ips
- Update BTCPayWebhookController and StripeWebhookController
- Return proper 429 responses with Retry-After headers
- Replace global throttle:120,1 middleware with granular controls
- Add comprehensive tests for rate limiting behaviour

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-29 18:11:02 +00:00

3 commits