erio
c738cfec93
fix(payment): critical audit fixes for security, idempotency and correctness
Backend fixes:
- #1: doSub subscription idempotency via audit log check
- #2: markFailed only when status=RECHARGING (prevents overwriting COMPLETED)
- #3: ExpireTimedOutOrders checks upstream payment before expiring
- #4: Public verify endpoint for payment result page (no auth required)
- #5: EasyPay QueryOrder returns amount, confirmPayment handles zero amount
- #6: WxPay notifyUrl priority: request-first, config-fallback
- #7: EasyPay remove double URL decode in VerifyNotification
- #8: checkPaid/cancelUpstreamPayment use order's provider instance
- #9: Amount NaN/Inf/negative validation in order creation and refund
- #10: Refund amount comparison uses tolerance instead of float64 ==
- #11: Skip balance deduction on retry when previous rollback failed
- #12: checkPaid logs fulfillment errors instead of silently ignoring
- #13: WxPay certSerial added to required config fields
Frontend fixes:
- Payment result page no longer requires authentication
- Public verify API fallback for expired sessions
2026-04-14 09:19:33 +08:00
..
2026-02-14 11:56:08 +08:00
2026-04-12 18:06:40 +08:00
2026-04-11 13:16:35 +08:00
2026-04-13 22:03:02 +08:00
2026-04-10 17:55:37 +08:00
2026-04-12 16:35:34 +08:00
2026-04-11 13:16:35 +08:00
2026-04-11 19:02:25 +08:00
2025-12-29 19:38:33 +08:00
2026-04-11 19:02:25 +08:00
2026-04-11 18:25:06 +08:00
2026-04-14 09:19:33 +08:00
2026-03-18 14:02:00 +08:00
2026-02-28 15:01:20 +08:00
2026-04-13 19:24:33 +08:00
2025-12-18 14:26:55 +08:00