test: add integration tests for Stripe webhook handlers #33

Open

Charon wants to merge 2 commits from feat/test-stripe-webhooks into dev

Author	SHA1	Message	Date
Claude	96f83eca1b	test: add integration tests for Stripe webhook handlers Add comprehensive test coverage for all Stripe webhook event handlers: - invoice.paid (subscription renewal, non-subscription, missing sub) - invoice.payment_failed (past due, notifications, edge cases) - customer.subscription.created/updated/deleted (full lifecycle) - payment_method.attached/detached/updated (card management) - setup_intent.succeeded (hosted setup page) - charge.succeeded & payment_intent.succeeded (Stripe Radar fraud scoring) - Idempotency / duplicate event rejection - Webhook audit trail logging - Stripe status mapping for all subscription states Fixes #11 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 16:35:48 +00:00
Claude	5bce748a0f	security: add CSRF protection to API billing endpoints - Add `verified` middleware to billing route group so only email-verified users can access billing endpoints - Separate read-only GET routes from state-changing POST routes - Add `throttle:6,1` rate limiting to state-changing endpoints (cancel, resume, upgrade/preview, upgrade) — 6 requests per minute - Reorganise route group with clear section comments Fixes #13 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 16:19:30 +00:00

Author

SHA1

Message

Date

Claude

96f83eca1b

test: add integration tests for Stripe webhook handlers

Add comprehensive test coverage for all Stripe webhook event handlers:
- invoice.paid (subscription renewal, non-subscription, missing sub)
- invoice.payment_failed (past due, notifications, edge cases)
- customer.subscription.created/updated/deleted (full lifecycle)
- payment_method.attached/detached/updated (card management)
- setup_intent.succeeded (hosted setup page)
- charge.succeeded & payment_intent.succeeded (Stripe Radar fraud scoring)
- Idempotency / duplicate event rejection
- Webhook audit trail logging
- Stripe status mapping for all subscription states

Fixes #11

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 16:35:48 +00:00

Claude

5bce748a0f

security: add CSRF protection to API billing endpoints

- Add `verified` middleware to billing route group so only
  email-verified users can access billing endpoints
- Separate read-only GET routes from state-changing POST routes
- Add `throttle:6,1` rate limiting to state-changing endpoints
  (cancel, resume, upgrade/preview, upgrade) — 6 requests per minute
- Reorganise route group with clear section comments

Fixes #13

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 16:19:30 +00:00