fix(GRO-1036): secure stats endpoint + restore refund preconditions #385

Merged

groombook-engineer[bot] merged 1 commits from fix/GRO-1036-security-findings into dev

2026-05-04 22:43:42 +00:00

Author	SHA1	Message	Date
Chris Farhood	2c2a69f20b	fix(GRO-1036): secure /api/invoices/stats/summary and refund endpoint - Add requireRole('manager') auth middleware to /stats/summary handler (was completely unauthenticated, exposing revenue/PII stats) - Restore stripePaymentIntentId pre-condition check on refund: return 422 when invoice has no Stripe payment intent (prevents manual_ refund abuse) - Remove groomer from refund role check (CTO ruling: manager-only) - Remove manual refund branch since precondition now guarantees Stripe ID - Move processRefund import to top of file Fixes GRO-1036/GRO-1035 security findings. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 22:37:23 +00:00

Author

SHA1

Message

Date

Chris Farhood

2c2a69f20b

fix(GRO-1036): secure /api/invoices/stats/summary and refund endpoint

- Add requireRole('manager') auth middleware to /stats/summary handler
  (was completely unauthenticated, exposing revenue/PII stats)
- Restore stripePaymentIntentId pre-condition check on refund: return 422
  when invoice has no Stripe payment intent (prevents manual_ refund abuse)
- Remove groomer from refund role check (CTO ruling: manager-only)
- Remove manual refund branch since precondition now guarantees Stripe ID
- Move processRefund import to top of file

Fixes GRO-1036/GRO-1035 security findings.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-04 22:37:23 +00:00

fix(GRO-1036): secure stats endpoint + restore refund preconditions #385

1 Commits