From 0e4f3c3599624c0bbcda0c55089746bdbdb44bdf Mon Sep 17 00:00:00 2001 From: Dwindi Ramadhana Date: Sun, 15 Feb 2026 00:32:26 +0700 Subject: [PATCH] fix: prevent pakasir provider_ref overflow on long QR payload --- .../Controllers/Billing/PakasirController.php | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/app/app/Http/Controllers/Billing/PakasirController.php b/app/app/Http/Controllers/Billing/PakasirController.php index 820921a..26c5e8a 100644 --- a/app/app/Http/Controllers/Billing/PakasirController.php +++ b/app/app/Http/Controllers/Billing/PakasirController.php @@ -77,10 +77,10 @@ class PakasirController extends Controller ]; $endpoint = $apiBase.'/api/transactioncreate/qris'; - $res = Http::timeout($timeout)->post($endpoint, $payload); + // Pakasir expects form payloads; keep JSON as fallback for provider-side variations. + $res = Http::asForm()->timeout($timeout)->post($endpoint, $payload); if (!$res->successful()) { - // Fallback for gateways expecting x-www-form-urlencoded payloads. - $res = Http::asForm()->timeout($timeout)->post($endpoint, $payload); + $res = Http::timeout($timeout)->post($endpoint, $payload); } if (!$res->successful()) { @@ -124,7 +124,8 @@ class PakasirController extends Controller 'currency' => 'IDR', 'amount' => $amountIdr, 'status' => 'pending', - 'provider_ref' => $paymentNumber !== '' ? $paymentNumber : $orderRef, + // Keep provider_ref short (column is varchar(100)); QR payload can be much longer. + 'provider_ref' => $this->safeProviderRef($paymentNumber, $orderRef), 'raw_payload' => $body, ]); @@ -179,6 +180,16 @@ class PakasirController extends Controller return [$paymentNumber, $status, $expiredAt, $totalPayment]; } + private function safeProviderRef(string $paymentNumber, string $orderRef): string + { + $candidate = trim($paymentNumber); + if ($candidate !== '' && mb_strlen($candidate) <= 100) { + return $candidate; + } + + return $orderRef; + } + public function cancelPending(Request $request): JsonResponse { $user = $request->user();