Omnipay Module for LiBilling
  • PHP 86.3%
  • Blade 13.7%
Find a file
Troy Siedsma 1b6072780f Security (CRITICAL): authorize Omnipay gateway admin via payment_gateway_access
Replaces the per-method settings_edit checks with the core payment_gateway_access
category permission, enforced by the core AuthorizesModuleAdmin boot-trait so the
Create/Edit/List components are protected on mount AND every action. The admin
controller authorizes payment_gateway_access directly.

payment_gateway_access is a core category permission shared by any payment
gateway module (first or third-party); system-tier (Super-Admin-only by default)
but grantable per-role, so gateway management can be delegated without granting
all of settings_edit.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-26 21:40:42 +00:00
database/migrations Reconcile confirmed amount against the persisted intent 2026-06-12 23:00:09 +00:00
resources Re-platform onto LiBilling/libilling-omnipay Forgejo origin 2026-05-22 13:14:20 +00:00
routes Re-platform onto LiBilling/libilling-omnipay Forgejo origin 2026-05-22 13:14:20 +00:00
src Security (CRITICAL): authorize Omnipay gateway admin via payment_gateway_access 2026-06-26 21:40:42 +00:00
tests/Feature Security (CRITICAL): authorize Omnipay gateway admin via payment_gateway_access 2026-06-26 21:40:42 +00:00
composer.json Standardize composer.json + README + LICENSE 2026-05-22 15:03:59 +00:00
LICENSE.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:59 +00:00
README.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:59 +00:00

LiBilling Omnipay Payment Gateway Module

A LiBilling payment gateway module that bridges the Omnipay library into LiBilling's payment driver system. Unlike single-gateway modules, this package lets staff configure any number of Omnipay-backed gateways through the admin UI, with each gateway registered as its own distinct checkout option.

Features

  • Multi-Gateway: Configure unlimited Omnipay-backed gateways, each registered independently as omnipay:{slug}
  • Admin UI: Create, edit, toggle, and delete gateways from /admin/payment/omnipay
  • Encrypted Credentials: Per-gateway parameters stored encrypted at rest
  • Per-Gateway Labels: Operator-chosen customer-facing label for each gateway at checkout
  • Defensive Registration: Missing driver packages skip the affected gateway only; others continue to load
  • Audited CRUD: Every admin action is recorded through Spatie Activity Log under log_name = 'internal'
  • Gateway-Aware Routes: Return and cancel URLs scoped per gateway at /omnipay/{gatewayKey}/return and /omnipay/{gatewayKey}/cancel

Installation

This package is loaded as a local Composer path repository. No separate installation is needed when developing within the LiBilling monorepo.

For standalone installation:

composer require libilling/libilling-omnipay

Run migrations to create the omnipay_gateways table:

php artisan migrate

Omnipay driver packages are installed separately, one per gateway you want to offer:

composer require omnipay/braintree
composer require omnipay/authorizenet
composer require omnipay/mollie

A driver must be installed via Composer before it can be selected in the admin form.

Configuration

All configuration is managed through the LiBilling admin panel -- there are no environment variables or published config files.

  1. Log in to the admin panel.
  2. Open System > Omnipay Gateways in the sidebar.
  3. Click Add Gateway and fill in:
    • Key: unique slug (e.g. braintree-live)
    • Label: customer-facing name
    • Gateway Type: Omnipay driver class (e.g. Braintree, AuthorizeNet_AIM)
    • Parameters: key/value editor for driver credentials (stored encrypted)
    • Active: toggle to enable
    • Priority: sort order at checkout
  4. Save. The gateway is now registered and available at checkout.

When editing, blank parameter values preserve the existing stored credential -- only re-enter values you want to change.

Capabilities

Declared via supports() using GatewayCapability constants:

  • charge: One-time charges (direct or redirect-based, depending on driver)
  • refund: Full and partial refunds where supported by the driver
  • checkout: Redirect-based hosted checkout flow

Dependencies

  • league/omnipay: Omnipay core library
  • An Omnipay driver package per configured gateway (e.g. omnipay/braintree)

Testing

php artisan test --filter=Omnipay

License

LiBilling is (C) Lithium Holdings, LLC. All components except for third-party modules and select packages with their own license are licensed under a Commercial License. Contact licensing@lithiumholdings.com for licensing enquiries. Any dissemination of material herein is prohibited without expressed written consent of Lithium Holdings.

This package, libilling-omnipay is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".