c19e467735
Idempotency (replay attack protection): - Add WebhookEvent model for tracking processed events - Add webhook_events migration with unique constraint - Add isAlreadyProcessed() to BTCPay and Stripe controllers - Reject duplicate events with 200 response Payment amount verification (BTCPay): - Add verifyPaymentAmount() method - Reject underpayments (mark order failed, create audit record) - Reject currency mismatches - Log overpayments for manual review - Add 0.01 tolerance for floating point precision Add comprehensive tests for both features. Update TODO.md to mark P1 issues as fixed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 0001_01_01_000001_create_commerce_tables.php | ||
| 0001_01_01_000002_create_credit_notes_table.php | ||
| 0001_01_01_000003_create_payment_methods_table.php | ||
| 2026_01_26_000000_create_usage_billing_tables.php | ||
| 2026_01_26_000001_create_exchange_rates_table.php | ||
| 2026_01_26_000001_create_referral_tables.php | ||
| 2026_01_29_000001_create_webhook_events_table.php | ||