core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
php-commerce/tests/Feature
History
Snider c169f4161f security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) 
Add WebhookRateLimiter service with IP-based rate limiting for webhook
endpoints to prevent rate limit exhaustion attacks against legitimate
payment webhooks.

Changes:
- Add WebhookRateLimiter service with per-IP tracking
- Default: 60 req/min for unknown IPs, 300 req/min for trusted gateway IPs
- Support CIDR ranges for IP allowlisting
- Configure via commerce.webhooks.rate_limits and trusted_ips
- Update BTCPayWebhookController and StripeWebhookController
- Return proper 429 responses with Retry-After headers
- Replace global throttle:120,1 middleware with granular controls
- Add comprehensive tests for rate limiting behaviour

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 18:11:02 +00:00
..
.gitkeep Initial commit 2026-01-26 23:18:22 +00:00
CheckoutFlowTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
CompoundSkuTest.php refactor: migrate namespace from Core\Commerce to Core\Mod\Commerce 2026-01-27 16:23:12 +00:00
ContentOverrideServiceTest.php refactor: migrate namespace from Core\Commerce to Core\Mod\Commerce 2026-01-27 16:23:12 +00:00
CouponServiceTest.php security: complete rate limiting and fraud service implementation (P1-040) 2026-01-29 16:09:29 +00:00
CurrencyServiceTest.php refactor: migrate namespace from Core\Commerce to Core\Mod\Commerce 2026-01-27 16:23:12 +00:00
DunningServiceTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
ProcessSubscriptionRenewalTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
RefundServiceTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
SubscriptionServiceTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
TaxServiceTest.php refactor: update Tenant module imports after namespace migration 2026-01-27 17:39:12 +00:00
WebhookRateLimitTest.php security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) 2026-01-29 18:11:02 +00:00
WebhookTest.php security(webhooks): add per-IP rate limiting for webhook endpoints (P2-075) 2026-01-29 18:11:02 +00:00