core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
php-commerce/Services/PaymentGateway
History
Exact
Snider c169f4161f security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) 
Add WebhookRateLimiter service with IP-based rate limiting for webhook
endpoints to prevent rate limit exhaustion attacks against legitimate
payment webhooks.

Changes:
- Add WebhookRateLimiter service with per-IP tracking
- Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs
- Support CIDR ranges for IP allowlisting
- Configure via commerce.webhooks.rate_limits and trusted_ips
- Update BTCPayWebhookController and StripeWebhookController
- Return proper 429 responses with Retry-After headers
- Replace global throttle:120,1 middleware with granular controls
- Add comprehensive tests for rate limiting behaviour

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 18:11:02 +00:00
..
BTCPayGateway.php security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) 2026-01-29 18:11:02 +00:00
PaymentGatewayContract.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
StripeGateway.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00