fix(security): prevent payment gateway credentials leakage via OrderResource

2026-04-23 10:25:32 +08:00
parent df77cbfb47
commit 2efef9e8ee
4 changed files with 13 additions and 3 deletions
@@ -23,6 +23,12 @@ class OrderResource extends JsonResource
            ...parent::toArray($request),
            'period' => PlanService::getLegacyPeriod((string)$this->period),
            'plan' => $this->whenLoaded('plan', fn() => PlanResource::make($this->plan)),
+            'payment' => $this->whenLoaded('payment', fn() => $this->payment ? [
+                'id' => $this->payment->id,
+                'name' => $this->payment->name,
+                'payment' => $this->payment->payment,
+                'icon' => $this->payment->icon,
+            ] : null),
        ];
    }
 }