admin/Xboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): prevent payment gateway credentials leakage via OrderResource

Browse Source
This commit is contained in:
xboard
2026-04-23 10:25:32 +08:00
parent df77cbfb47
commit 2efef9e8ee
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/V2/Admin/PaymentController.php
+1 -1
View File
@@ -25,7 +25,7 @@ class PaymentController extends Controller
public function fetch() public function fetch()
{ {
$payments = Payment::orderBy('sort', 'ASC')->get(); $payments = Payment::orderBy('sort', 'ASC')->get()->makeVisible('config');
foreach ($payments as $k => $v) { foreach ($payments as $k => $v) {
$notifyUrl = url("/api/v1/guest/payment/notify/{$v->payment}/{$v->uuid}"); $notifyUrl = url("/api/v1/guest/payment/notify/{$v->payment}/{$v->uuid}");
if ($v->notify_domain) { if ($v->notify_domain) {
app/Http/Resources/OrderResource.php
+6
View File
@@ -23,6 +23,12 @@ class OrderResource extends JsonResource
...parent::toArray($request), ...parent::toArray($request),
'period' => PlanService::getLegacyPeriod((string)$this->period), 'period' => PlanService::getLegacyPeriod((string)$this->period),
'plan' => $this->whenLoaded('plan', fn() => PlanResource::make($this->plan)), 'plan' => $this->whenLoaded('plan', fn() => PlanResource::make($this->plan)),
'payment' => $this->whenLoaded('payment', fn() => $this->payment ? [
'id' => $this->payment->id,
'name' => $this->payment->name,
'payment' => $this->payment->payment,
'icon' => $this->payment->icon,
] : null),
]; ];
} }
} }
app/Models/Payment.php
+4
View File
@@ -15,4 +15,8 @@ class Payment extends Model
'config' => 'array', 'config' => 'array',
'enable' => 'boolean' 'enable' => 'boolean'
]; ];
protected $hidden = [
'config',
];
} }
app/Services/PaymentService.php
+2 -2
View File
@@ -29,14 +29,14 @@ class PaymentService
if (!$paymentModel) { if (!$paymentModel) {
throw new ApiException('payment not found'); throw new ApiException('payment not found');
} }
$payment = $paymentModel->toArray(); $payment = $paymentModel->makeVisible('config')->toArray();
} }
if ($uuid) { if ($uuid) {
$paymentModel = Payment::where('uuid', $uuid)->first(); $paymentModel = Payment::where('uuid', $uuid)->first();
if (!$paymentModel) { if (!$paymentModel) {
throw new ApiException('payment not found'); throw new ApiException('payment not found');
} }
$payment = $paymentModel->toArray(); $payment = $paymentModel->makeVisible('config')->toArray();
} }
$this->config = []; $this->config = [];