Дмитрий
3b142f9375
Webhook (PaymentWebhookController): строгий матч gatewayPaymentId===paymentId (confused-deputy), проверка валюты RUB (WebhookVerifyResult.currency), IP-allowlist services.yookassa.webhook_ip_allowlist (fail-open при пустом). web.php: убраны устаревшие «MVP без auth» комментарии — saas-admin зона fail-closed (nginx-basic + M-1 REMOTE_USER allowlist, проверено на проде). +3 теста, 11/11 зелёные. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
90 lines
3.8 KiB
PHP
90 lines
3.8 KiB
PHP
<?php
|
|
|
|
return [
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Third Party Services
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| This file is for storing the credentials for third party services such
|
|
| as Mailgun, Postmark, AWS and more. This file provides the de facto
|
|
| location for this type of information, allowing packages to have
|
|
| a conventional file to locate the various service credentials.
|
|
|
|
|
*/
|
|
|
|
'postmark' => [
|
|
'key' => env('POSTMARK_API_KEY'),
|
|
],
|
|
|
|
'resend' => [
|
|
'key' => env('RESEND_API_KEY'),
|
|
],
|
|
|
|
'ses' => [
|
|
'key' => env('AWS_ACCESS_KEY_ID'),
|
|
'secret' => env('AWS_SECRET_ACCESS_KEY'),
|
|
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
|
|
],
|
|
|
|
'slack' => [
|
|
'notifications' => [
|
|
'bot_user_oauth_token' => env('SLACK_BOT_USER_OAUTH_TOKEN'),
|
|
'channel' => env('SLACK_BOT_USER_DEFAULT_CHANNEL'),
|
|
],
|
|
],
|
|
|
|
// Капча самозаписи (G1/SP1). driver=null → NullCaptchaVerifier (dev/test).
|
|
// Реальный Yandex SmartCaptcha подключается позже (SP3/ops).
|
|
'captcha' => [
|
|
'driver' => env('CAPTCHA_DRIVER', 'null'),
|
|
'fake_passes' => filter_var(env('CAPTCHA_FAKE_PASSES', true), FILTER_VALIDATE_BOOL),
|
|
'yandex_server_key' => env('YANDEX_SMARTCAPTCHA_SERVER_KEY'),
|
|
'yandex_validate_url' => env('YANDEX_SMARTCAPTCHA_VALIDATE_URL', 'https://smartcaptcha.cloud.yandex.ru/validate'),
|
|
],
|
|
|
|
'supplier' => [
|
|
'login' => env('SUPPLIER_LOGIN'),
|
|
'password' => env('SUPPLIER_PASSWORD'),
|
|
'portal_url' => env('SUPPLIER_PORTAL_URL', 'https://crm.bp-gr.ru'),
|
|
'alert_email' => env('SUPPLIER_ALERT_EMAIL', 'ops@liderra.ru'),
|
|
],
|
|
|
|
// DaData phone cleaner — резолв региона лида по телефону (lead region resolution).
|
|
// Ключи → YC Lockbox на проде; на dev/staging — .env. enabled=false до раскатки.
|
|
'dadata' => [
|
|
'api_key' => env('DADATA_API_KEY'),
|
|
'secret' => env('DADATA_SECRET'),
|
|
'timeout_ms' => (int) env('DADATA_TIMEOUT_MS', 2000),
|
|
'retries' => (int) env('DADATA_RETRIES', 1),
|
|
'daily_cap_rub' => (int) env('DADATA_DAILY_CAP_RUB', 10000),
|
|
'call_cost_kopecks' => (int) env('DADATA_CALL_COST_KOPECKS', 60), // ≈0.60 ₽/вызов, откалибровать по тарифу
|
|
'enabled' => filter_var(env('LEAD_REGION_RESOLVER_ENABLED', false), FILTER_VALIDATE_BOOL),
|
|
'cache_ttl_days' => (int) env('PHONE_REGION_CACHE_TTL_DAYS', 30),
|
|
// G1/SP2: подтяжка организации по ИНН (suggestions findById/party). Тот же api_key
|
|
// (Token), secret не нужен. Default false → NullPartyLookup (dev/тесты не ходят в сеть).
|
|
'party_enabled' => filter_var(env('DADATA_PARTY_ENABLED', false), FILTER_VALIDATE_BOOL),
|
|
],
|
|
|
|
// G7-A: клиентская «Помощь».
|
|
'support' => [
|
|
'email' => env('SUPPORT_EMAIL', 'support@liderra.ru'),
|
|
],
|
|
'jivosite' => [
|
|
'widget_id' => env('JIVO_WIDGET_ID'),
|
|
],
|
|
|
|
// Платёжный шлюз ЮKassa. webhook_ip_allowlist — CSV IP/CIDR из env (defense-in-depth
|
|
// на /api/webhook/payment). Пусто → fail-open (поток не ломается). На проде заполнить
|
|
// опубликованными ЮKassa подсетями: 185.71.76.0/27,185.71.77.0/27,77.75.153.0/25,
|
|
// 77.75.154.128/25,77.75.156.11,77.75.156.35,2a02:5180::/32.
|
|
'yookassa' => [
|
|
'webhook_ip_allowlist' => array_values(array_filter(array_map(
|
|
'trim',
|
|
explode(',', (string) env('YOOKASSA_WEBHOOK_IPS', '')),
|
|
))),
|
|
],
|
|
|
|
];
|