Kordant

Mike/Kordant

Fork 0

Commit Graph

Author	SHA1	Message	Date
Founding Engineer	7fb8b83810	Fix open redirect in Stripe customer portal returnUrl (FRE-5399) - Add isValidReturnUrl validation at route level for fast rejection - Add defense-in-depth validation in BillingService.createCustomerPortalSession - Fix isValidReturnUrl bug: origin comparison was never reached due to incorrect protocol check, allowing substring attacks (e.g., app.shieldai.com.evil.com) - Export isValidReturnUrl from shared-billing package index - Add unit tests for all attack vectors Files changed: - packages/api/src/routes/subscription.routes.ts - packages/shared-billing/src/services/billing.service.ts - packages/shared-billing/src/config/billing.config.ts - packages/shared-billing/src/index.ts - packages/shared-billing/src/__tests__/billing.config.test.ts	2026-05-17 05:39:13 -04:00
Michael Freno	9f65ebce5d	FRE-5398: Fix invoice endpoint customer IDOR (M-3) - Make verifyCustomerOwnership public in BillingService - Add ownership verification before fetching invoice history - Returns 403 if customerId does not belong to authenticated user Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-16 09:57:57 -04:00
Michael Freno	cba5390309	FRE-5348: Fix P1 billing issues - Add null check for subscription items in updateSubscription - Implement webhook handlers with Prisma DB persistence - cancelSubscription already correctly passes cancel_at_period_end All P1 issues validated and fixed. Ready for Security Review. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-15 14:18:46 -04:00

Author

SHA1

Message

Date

Founding Engineer

7fb8b83810

Fix open redirect in Stripe customer portal returnUrl (FRE-5399)

- Add isValidReturnUrl validation at route level for fast rejection
- Add defense-in-depth validation in BillingService.createCustomerPortalSession
- Fix isValidReturnUrl bug: origin comparison was never reached due to
  incorrect protocol check, allowing substring attacks (e.g., app.shieldai.com.evil.com)
- Export isValidReturnUrl from shared-billing package index
- Add unit tests for all attack vectors

Files changed:
- packages/api/src/routes/subscription.routes.ts
- packages/shared-billing/src/services/billing.service.ts
- packages/shared-billing/src/config/billing.config.ts
- packages/shared-billing/src/index.ts
- packages/shared-billing/src/__tests__/billing.config.test.ts

2026-05-17 05:39:13 -04:00

Michael Freno

9f65ebce5d

FRE-5398: Fix invoice endpoint customer IDOR (M-3)

- Make verifyCustomerOwnership public in BillingService
- Add ownership verification before fetching invoice history
- Returns 403 if customerId does not belong to authenticated user

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-16 09:57:57 -04:00

Michael Freno

cba5390309

FRE-5348: Fix P1 billing issues

- Add null check for subscription items in updateSubscription
- Implement webhook handlers with Prisma DB persistence
- cancelSubscription already correctly passes cancel_at_period_end

All P1 issues validated and fixed. Ready for Security Review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-15 14:18:46 -04:00

3 Commits