php-commerce

core/php-commerce

Fork 0

Commit graph

Author	SHA1	Message	Date
Snider	c169f4161f	security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) Add WebhookRateLimiter service with IP-based rate limiting for webhook endpoints to prevent rate limit exhaustion attacks against legitimate payment webhooks. Changes: - Add WebhookRateLimiter service with per-IP tracking - Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs - Support CIDR ranges for IP allowlisting - Configure via commerce.webhooks.rate_limits and trusted_ips - Update BTCPayWebhookController and StripeWebhookController - Return proper 429 responses with Retry-After headers - Replace global throttle:120,1 middleware with granular controls - Add comprehensive tests for rate limiting behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 18:11:02 +00:00
Snider	2e5cd499b9	security: complete rate limiting and fraud service implementation (P1-040) Add missing files from P1-040/P1-041 implementation: - CheckoutRateLimitException for 429 responses when rate limit exceeded - FraudAssessment data object for fraud scoring results - FraudService for velocity checks and Stripe Radar integration - Register services in Boot.php - Add fraud detection configuration in config.php - Add CouponServiceTest for input sanitisation The CheckoutRateLimiter (already tracked) is now properly integrated with the exception handling, and the FraudService provides defence-in-depth with velocity-based and geo-anomaly detection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 16:09:29 +00:00
Snider	a74a02f406	monorepo sepration	2026-01-27 00:24:22 +00:00

Author

SHA1

Message

Date

Snider

c169f4161f

security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075)

Add WebhookRateLimiter service with IP-based rate limiting for webhook
endpoints to prevent rate limit exhaustion attacks against legitimate
payment webhooks.

Changes:
- Add WebhookRateLimiter service with per-IP tracking
- Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs
- Support CIDR ranges for IP allowlisting
- Configure via commerce.webhooks.rate_limits and trusted_ips
- Update BTCPayWebhookController and StripeWebhookController
- Return proper 429 responses with Retry-After headers
- Replace global throttle:120,1 middleware with granular controls
- Add comprehensive tests for rate limiting behaviour

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-29 18:11:02 +00:00

Snider

2e5cd499b9

security: complete rate limiting and fraud service implementation (P1-040)

Add missing files from P1-040/P1-041 implementation:
- CheckoutRateLimitException for 429 responses when rate limit exceeded
- FraudAssessment data object for fraud scoring results
- FraudService for velocity checks and Stripe Radar integration
- Register services in Boot.php
- Add fraud detection configuration in config.php
- Add CouponServiceTest for input sanitisation

The CheckoutRateLimiter (already tracked) is now properly integrated with
the exception handling, and the FraudService provides defence-in-depth
with velocity-based and geo-anomaly detection.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-29 16:09:29 +00:00

Snider

a74a02f406

monorepo sepration

2026-01-27 00:24:22 +00:00

3 commits