xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 增强钱包 API URL 验证与配置

Browse Source 
- 在 AdminIntegrationSiteStoreRequest 和 AdminIntegrationSiteUpdateRequest 中引入 WalletApiUrlRule,确保 wallet_api_url 字段符合 HTTPS 公开域名要求。
- 更新 HttpMainSiteWalletBalanceClient 和 HttpMainSiteWalletGateway,使用 WalletApiUrlSanitizer 进行 URL 规范化与验证,防止 SSRF 攻击。
- 新增测试用例,验证 wallet_api_url 的有效性,确保系统安全性与稳定性。
- 更新 .env.example 文件,添加 LOTTERY_RISK_POOL_USE_REDIS_LUA 配置项以支持 Redis Lua 原子扣减功能。
- 修改 package-lock.json 中的项目名称,确保一致性。
- 在 API 路由中新增 integration/runtime-origins 路由,提供运行时白名单功能。
This commit is contained in:
kang
2026-05-28 10:10:26 +08:00
parent a60ce8caad
commit fe0594beaa
15 changed files with 412 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/Feature/WalletBalanceTest.php
View File

@@ -59,13 +59,13 @@ test('wallet balance rejects illegal currency query', function () {
test('wallet balance returns main_balance when main site wallet api is configured', function () {
config([
'lottery.main_site.wallet_api_url' => 'http://fake-main.test',
'lottery.main_site.wallet_api_url' => 'https://fake-main.test',
'lottery.main_site.wallet_balance_path' => '/wallet/balance',
]);
Http::preventStrayRequests();
Http::fake([
'http://fake-main.test/wallet/balance*' => Http::response([
'https://fake-main.test/wallet/balance*' => Http::response([
'success' => true,
'data' => [
'main_balance' => 499_900,