HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/ai.naniguide.com/vendor/acelle/cashier/routes.php
<?php

/*
|--------------------------------------------------------------------------
| Cashier routes
|--------------------------------------------------------------------------
|
| All gateways use the unified PaymentIntent flow ({intent_uid}).
|
| Security model: intent_uid is a capability token (UUIDv4 = 122 bits entropy).
| Pay endpoints are throttled to limit abuse if a uid leaks.
|
*/

Route::group(['middleware' => ['web', 'not_installed'], 'namespace' => 'App\Cashier\Controllers'], function () {
    // Offline (manual payment, admin approves later)
    Route::get('/cashier/offline/checkout/{intent_uid}', 'OfflineController@checkout');
    Route::post('/cashier/offline/claim/{intent_uid}', 'OfflineController@claim')
        ->middleware('throttle:10,1');

    // Stripe (one-off, intent-based)
    Route::get('/cashier/stripe/checkout/{intent_uid}', 'StripeController@checkout');
    Route::post('/cashier/stripe/pay/{intent_uid}', 'StripeController@pay')
        ->middleware('throttle:10,1');
    Route::get('/cashier/stripe/{intent_uid}/payment-auth', 'StripeController@paymentAuth');

    // Stripe Subscription (Category B, intent-based)
    Route::get('/cashier/stripe-subscription/checkout/{intent_uid}', 'StripeSubscriptionController@checkout');
    Route::post('/cashier/stripe-subscription/pay/{intent_uid}', 'StripeSubscriptionController@pay')
        ->middleware('throttle:10,1');
});

// Webhooks (no CSRF, no throttle — Stripe sends bursts)
Route::group(['namespace' => 'App\Cashier\Controllers'], function () {
    Route::post('/cashier/webhooks/stripe-subscription', 'RemoteSubscriptionWebhookController@stripeSubscription');
});