fix: prevent pakasir provider_ref overflow on long QR payload

app/app/Http/Controllers/Billing/PakasirController.php

@@ -77,10 +77,10 @@ class PakasirController extends Controller
         ];
 
         $endpoint = $apiBase.'/api/transactioncreate/qris';
-        $res = Http::timeout($timeout)->post($endpoint, $payload);
+        // Pakasir expects form payloads; keep JSON as fallback for provider-side variations.
+        $res = Http::asForm()->timeout($timeout)->post($endpoint, $payload);
         if (!$res->successful()) {
-            // Fallback for gateways expecting x-www-form-urlencoded payloads.
-            $res = Http::asForm()->timeout($timeout)->post($endpoint, $payload);
+            $res = Http::timeout($timeout)->post($endpoint, $payload);
         }
 
         if (!$res->successful()) {
@@ -124,7 +124,8 @@ class PakasirController extends Controller
             'currency' => 'IDR',
             'amount' => $amountIdr,
             'status' => 'pending',
-            'provider_ref' => $paymentNumber !== '' ? $paymentNumber : $orderRef,
+            // Keep provider_ref short (column is varchar(100)); QR payload can be much longer.
+            'provider_ref' => $this->safeProviderRef($paymentNumber, $orderRef),
             'raw_payload' => $body,
         ]);
 
@@ -179,6 +180,16 @@ class PakasirController extends Controller
         return [$paymentNumber, $status, $expiredAt, $totalPayment];
     }
 
+    private function safeProviderRef(string $paymentNumber, string $orderRef): string
+    {
+        $candidate = trim($paymentNumber);
+        if ($candidate !== '' && mb_strlen($candidate) <= 100) {
+            return $candidate;
+        }
+
+        return $orderRef;
+    }
+
     public function cancelPending(Request $request): JsonResponse
     {
         $user = $request->user();