Commit aa5b679
committed
fix: add authorization and validation to payment gateway return/cancel routes
Prevent payment bypass via None gateway by enforcing invoice ownership,
pending status check, gateway status/paymethod validation, and minimum
amount verification on the return route. Add ownership check to cancel.1 parent 1aa77e3 commit aa5b679
1 file changed
Lines changed: 8 additions & 0 deletions
Lines changed: 8 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
| 46 | + | |
| 47 | + | |
46 | 48 | | |
47 | 49 | | |
48 | 50 | | |
| |||
51 | 53 | | |
52 | 54 | | |
53 | 55 | | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
54 | 59 | | |
55 | 60 | | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
56 | 64 | | |
57 | 65 | | |
58 | 66 | | |
| |||
0 commit comments