fix: trustProxy for webhook IP validation, filter expired payments, remove dead code

2026-05-20 19:40:23 +05:00
parent 3177413acd
commit ae6f86041a
2 changed files with 7 additions and 2 deletions
@@ -39,6 +39,7 @@ const origin = (process.env.CORS_ORIGIN ?? '')
 const fastify = Fastify({
  logger: true,
  bodyLimit: getMaxUploadBodyBytes(),
+  trustProxy: true,
 })

 await fastify.register(cors, {
@@ -36,7 +36,11 @@ export async function registerUserPaymentRoutes(fastify) {
    }

    const existingPayment = await prisma.payment.findFirst({
-      where: { orderId: id, status: { in: ['pending', 'waiting_for_capture'] } },
+      where: {
+        orderId: id,
+        status: { in: ['pending', 'waiting_for_capture'] },
+        OR: [{ expiresAt: null }, { expiresAt: { gt: new Date() } }],
+      },
      orderBy: { createdAt: 'desc' },
    })

@@ -56,7 +60,7 @@ export async function registerUserPaymentRoutes(fastify) {
    const receipt = buildReceipt({
      orderItems: order.items,
      deliveryFeeCents: order.deliveryFeeCents,
-      userEmail: userEmail || 'noemail@example.com',
+        userEmail: userEmail,
    })

    let result