admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): prevent payment gateway credentials leakage via OrderResource

Browse Source
This commit is contained in:
xboard
2026-04-23 10:25:32 +08:00
parent df77cbfb47
commit 2efef9e8ee
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/V2/Admin/PaymentController.php
+1 -1
View File
@@ -25,7 +25,7 @@ class PaymentController extends Controller
public function fetch()
{
$payments = Payment::orderBy('sort', 'ASC')->get();
$payments = Payment::orderBy('sort', 'ASC')->get()->makeVisible('config');
foreach ($payments as $k => $v) {
$notifyUrl = url("/api/v1/guest/payment/notify/{$v->payment}/{$v->uuid}");
if ($v->notify_domain) {
app/Http/Resources/OrderResource.php
+6
View File
@@ -23,6 +23,12 @@ class OrderResource extends JsonResource
...parent::toArray($request),
'period' => PlanService::getLegacyPeriod((string)$this->period),
'plan' => $this->whenLoaded('plan', fn() => PlanResource::make($this->plan)),
'payment' => $this->whenLoaded('payment', fn() => $this->payment ? [
'id' => $this->payment->id,
'name' => $this->payment->name,
'payment' => $this->payment->payment,
'icon' => $this->payment->icon,
] : null),
];
}
}