core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
php-commerce/Controllers
History
Snider c19e467735 security: add webhook idempotency and payment amount verification 
Idempotency (replay attack protection):
- Add WebhookEvent model for tracking processed events
- Add webhook_events migration with unique constraint
- Add isAlreadyProcessed() to BTCPay and Stripe controllers
- Reject duplicate events with 200 response

Payment amount verification (BTCPay):
- Add verifyPaymentAmount() method
- Reject underpayments (mark order failed, create audit record)
- Reject currency mismatches
- Log overpayments for manual review
- Add 0.01 tolerance for floating point precision

Add comprehensive tests for both features.
Update TODO.md to mark P1 issues as fixed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 12:32:25 +00:00
..
Api refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
Webhooks security: add webhook idempotency and payment amount verification 2026-01-29 12:32:25 +00:00
InvoiceController.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
MatrixTrainingController.php refactor: migrate namespace from Core\Commerce to Core\Mod\Commerce 2026-01-27 16:23:12 +00:00